From 499de0a0f684e4bf766bac09b02806391f62c2f3 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Wed, 8 Jan 2020 23:21:42 +0900
Subject: [PATCH] Fill siphash salt directly with random data

Expanding less random data with MT is not needed when it
succeeded.
---
 random.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/random.c b/random.c
index e96c76a768..d02cd016c0 100644
--- a/random.c
+++ b/random.c
@@ -454,6 +454,7 @@ ruby_fill_random_bytes(void *seed, size_t size, int need_secure)
 
 #define fill_random_bytes ruby_fill_random_bytes
 
+/* cnt must be 4 or more */
 static void
 fill_random_seed(uint32_t *seed, size_t cnt)
 {
@@ -1466,7 +1467,12 @@ rb_memhash(const void *ptr, long len)
 void
 Init_RandomSeedCore(void)
 {
+    if (!fill_random_bytes(&hash_salt, sizeof(hash_salt), FALSE)) return;
+
     /*
+      If failed to fill siphash's salt with random data, expand less random
+      data with MT.
+
       Don't reuse this MT for Random::DEFAULT. Random::DEFAULT::seed shouldn't
       provide a hint that an attacker guess siphash's seed.
     */