Re: PG 10: could not generate random cancel key

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Dean Rasheed <dean.a.rasheed@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2018-07-18T13:01:09Z
Lists: pgsql-hackers

Attachments

On Wed, Jul 18, 2018 at 10:14:56AM +0100, Dean Rasheed wrote:
> OK, I guess that it is possible that an older version of OpenSSL
> requires RAND_poll() to be called multiple times. Here's an updated
> patch doing that (with up to 8 retries, based on the old OpenSSL
> code).

Thanks for the updated version.  This looks safer to me.  It is possible
to simplify the code by removing the external RAND_status() call and
check for RAND_status() first in the loop as per the attached.
--
Michael

Commits

  1. Guard against rare RAND_bytes() failures in pg_strong_random().