Re: PG 10: could not generate random cancel key
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Dean Rasheed <dean.a.rasheed@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2018-07-18T13:01:09Z
Lists: pgsql-hackers
Attachments
- pg_strong_random-v3-michael.patch (text/x-diff) patch v3
On Wed, Jul 18, 2018 at 10:14:56AM +0100, Dean Rasheed wrote: > OK, I guess that it is possible that an older version of OpenSSL > requires RAND_poll() to be called multiple times. Here's an updated > patch doing that (with up to 8 retries, based on the old OpenSSL > code). Thanks for the updated version. This looks safer to me. It is possible to simplify the code by removing the external RAND_status() call and check for RAND_status() first in the loop as per the attached. -- Michael
Commits
-
Guard against rare RAND_bytes() failures in pg_strong_random().
- 821200405cc3 10.5 landed
- 1f919e663ee2 11.0 landed
- 8f6ce7fb090a 12.0 landed