From: xtkoba+ruby@... Date: 2021-03-10T16:38:38+00:00 Subject: [ruby-core:102808] [Ruby master Bug#14716] SecureRandom throwing an error in Ruby 2.5.1 Issue #14716 has been updated by xtkoba (Tee KOBAYASHI). To my understanding, the problem is that when `Random.urandom` failed to use `/dev/urandom` it does not fall back to using an OpenSSL function even if it is available. However, this issue seems no longer to happen on recent Linux systems, as all the 3.x.y kernel series have now gone to EOL. I am not familiar with *BSD, but it seems that this issue does not happen on *BSD systems on which `arc4random_buf` is available. I have no idea for the other *nix systems at all. ---------------------------------------- Bug #14716: SecureRandom throwing an error in Ruby 2.5.1 https://bugs.ruby-lang.org/issues/14716#change-90829 * Author: snehavas (sneha vasanth) * Status: Feedback * Priority: Normal * ruby -v: 2.6.3 * Backport: 2.3: DONTNEED, 2.4: DONTNEED, 2.5: REQUIRED ---------------------------------------- Hi, We recently upgraded from ruby 2.3.6 to 2.5.1. We use SecureRandom.uuid to generate a random number for our session. Post the upgrade we have been getting the following error intermittently ``` app error: failed to get urandom (RuntimeError) E, [2018-04-27T04:55:08.741859 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:99:in `urandom' E, [2018-04-27T04:55:08.741898 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:99:in `gen_random_urandom' E, [2018-04-27T04:55:08.741932 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:129:in `random_bytes' E, [2018-04-27T04:55:08.741965 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:219:in `uuid' E, [2018-04-27T04:55:08.741997 #16550] ERROR -- : /usr/share/nginx/frontend/app/utilities/log.rb:74:in `create_session_info' E, [2018-04-27T04:55:08.742036 #16550] ERROR -- : /usr/share/nginx/frontend/app/utilities/log.rb:11:in `context' ``` We understand that there was a change in ruby 2.5.1 where we now look at OS sources as the first point of contact to generate random numbers as opposed to OpenSSL. Any idea why this could be happening? -- https://bugs.ruby-lang.org/ Unsubscribe: