Re: PG 10: could not generate random cancel key
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Dean Rasheed <dean.a.rasheed@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2018-07-17T13:04:55Z
Lists: pgsql-hackers
On Tue, Jul 17, 2018 at 01:33:11PM +0100, Dean Rasheed wrote: > Looking for precedents elsewhere, I found [2] which does exactly that, > although I'm slightly dubious about the need for the for-loop there. I > also found a thread [3], which recommends simply doing > > if (RAND_status() == 0) > RAND_poll(); > > which seems preferable. Attached is a patch to do this in pg_strong_random(). Checking for the return result of RAND_poll() would also be good thing to do. From what I read in OpenSSL code it could fail as well, and we could combine that with a loop attempted to feed the machinery a decided amount of times, just failing after successive failures. -- Michael
Commits
-
Guard against rare RAND_bytes() failures in pg_strong_random().
- 821200405cc3 10.5 landed
- 1f919e663ee2 11.0 landed
- 8f6ce7fb090a 12.0 landed