Issue #4579 has been updated by Motohiro KOSAKI.

File ossl_rand.patch added

Usually openssl read /dev/urandom only once. But RAND_cleanup() lead to read /dev/urandom again. Thus attached patch fixes this issue.

This is better patch than PAND_add(/dev/urandom) because openssl can use other entropy source internally.
----------------------------------------
Bug #4579: SecureRandom + OpenSSL may repeat with fork
http://redmine.ruby-lang.org/issues/4579

Author: Eric Wong
Status: Open
Priority: Normal
Assignee: 
Category: lib
Target version: 1.9.x
ruby -v: ruby 1.9.3dev (2011-04-14 trunk 31267) [x86_64-linux]


This could arguably be a bug in OpenSSL or the openssl extension, but
I think it's easier to fix in Ruby right now.

The PRNG in OpenSSL uses the PID to seed the PRNG.  Since PIDs get
recycled over time on Unix systems, this means independent processes
over a long time span will repeat random byte sequences.  This has
security implications, but fortunately very little software forks
very frequently.  I am not a security expert.

I am using OpenSSL 0.9.8g-15+lenny11 (Debian Lenny)

Attached is a script that reproduces the issue (takes a while to run).
It'll output two identical lines to illustrate the issue.



-- 
http://redmine.ruby-lang.org