Re: Move OpenSSL random under USE_OPENSSL_RANDOM

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Magnus Hagander <magnus@hagander.net>
Cc: Daniel Gustafsson <daniel@yesql.se>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-11-05T03:44:13Z
Lists: pgsql-hackers

Attachments

On Wed, Nov 04, 2020 at 10:05:48AM +0100, Magnus Hagander wrote:
> Yes, we should absolutely do that. We already do this for
> pg_strong_random() itself, and we should definitely repeat the pattern
> in the init function.

This poked at my curiosity, so I looked at it.  The result looks
indeed like an improvement to me, while taking care of the point of
upthread to make the implementation stuff controlled only by
USE_OPENSSL_RANDOM.  Per se the attached.

This could make random number generation predictible when an extension
calls directly RAND_bytes() if USE_OPENSSL_RANDOM is not used while
building with OpenSSL, but perhaps I am just too much of a pessimistic
nature.
--
Michael

Commits

  1. Remove ability to independently select random number generator

  2. Add pg_strong_random_init function to initialize random number generator