[ruby-cvs:61875] nagachika:r54713 (ruby_2_3): merge revision(s) 54144, 54699: [Backport #12139]

nagachika at ruby-lang.org nagachika at ruby-lang.org
Sat Apr 23 00:30:27 JST 2016


nagachika	2016-04-23 00:30:27 +0900 (Sat, 23 Apr 2016)

  New Revision: 54713

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=54713

  Log:
    merge revision(s) 54144,54699: [Backport #12139]
    
    * lib/securerandom.rb (gen_random): to avoid blocking on Windows.
      On Windows OpenSSL RAND_bytes (underlying implementation is
      RAND_poll in crypto/rand/rand_win.c) may be blocked at
      NetStatisticsGet.
      https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
      Instead of this, use Random.raw_seed directory (whose implementation
      CryptGenRandom is one of the source of
      entropy of RAND_poll on Windows).
      https://wiki.openssl.org/index.php/Random_Numbers
      Note: CryptGenRandom function is PRNG and doesn't check its entropy,
      so it won't block. [Bug #12139]
      https://msdn.microsoft.com/ja-jp/library/windows/desktop/aa379942.aspx
      https://tools.ietf.org/html/rfc4086#section-7.1.3
      https://eprint.iacr.org/2007/419.pdf
      http://www.cs.huji.ac.il/~dolev/pubs/thesis/msc-thesis-leo.pdf
      Instead of this, use Random.raw_seed directly (whose implementation

  Modified directories:
    branches/ruby_2_3/
  Modified files:
    branches/ruby_2_3/ChangeLog
    branches/ruby_2_3/lib/securerandom.rb
    branches/ruby_2_3/version.h


More information about the ruby-cvs mailing list