Issue #14716 has been updated by patbl (Patrick Brinich-Langlois).


I worked around this problem by forcing `SecureRandom` to use the OpenSSL gem:

```
module SecureRandom
  if RUBY_VERSION == "2.5.1"
    class << self
      def gen_random(n)
        begin
          require 'openssl'
        rescue NoMethodError
          raise NotImplementedError, "No random device"
        else
          @rng_chooser.synchronize do
            class << self
              remove_method :gen_random
              alias gen_random gen_random_openssl
            end
          end
          return gen_random(n)
        end
      end
    end
  else
    raise "check whether this monkey patch is still correct"
  end
end
```

----------------------------------------
Bug #14716: SecureRandom throwing an error in Ruby 2.5.1
https://bugs.ruby-lang.org/issues/14716#change-73929

* Author: snehavas (sneha vasanth)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 2.5.1
* Backport: 2.3: DONTNEED, 2.4: DONTNEED, 2.5: REQUIRED
----------------------------------------
Hi,

We recently upgraded from ruby 2.3.6 to 2.5.1.
We use SecureRandom.uuid to generate a random number for our session.
Post the upgrade we have been getting the following error intermittently

```
app error: failed to get urandom (RuntimeError)
E, [2018-04-27T04:55:08.741859 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:99:in `urandom'
E, [2018-04-27T04:55:08.741898 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:99:in `gen_random_urandom'
E, [2018-04-27T04:55:08.741932 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:129:in `random_bytes'
E, [2018-04-27T04:55:08.741965 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:219:in `uuid'
E, [2018-04-27T04:55:08.741997 #16550] ERROR -- : /usr/share/nginx/frontend/app/utilities/log.rb:74:in `create_session_info'
E, [2018-04-27T04:55:08.742036 #16550] ERROR -- : /usr/share/nginx/frontend/app/utilities/log.rb:11:in `context'
```

We understand that there was a change in ruby 2.5.1 where we now look at OS sources as the first point of contact to generate random numbers as opposed to OpenSSL.
Any idea why this could be happening?







-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>