Re: Move OpenSSL random under USE_OPENSSL_RANDOM

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Magnus Hagander <magnus@hagander.net>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-11-05T12:12:53Z
Lists: pgsql-hackers
On Thu, Nov 05, 2020 at 10:49:45AM +0100, Daniel Gustafsson wrote:
> This must check for USE_OPENSSL as well as per my original patch, since we'd
> otherwise fail to perform post-fork initialization in case one use OpenSSL with
> anothe PRNG for pg_strong_random.  That might be theoretical at this point, but
> if we ever support that and miss updating this it would be problematic.

That's actually the same point I tried to make at the end of my last
email, but worded differently, isn't it?  In short we have
USE_OPENSSL, but !USE_OPENSSL_RANDOM and we still need an
initialization.  We could just do something like the following:
#ifdef USE_OPENSSL
    RAND_poll();
#endif
#if defined(USE_OPENSSL_RANDOM)
    /* OpenSSL is done above, because blah.. */
#elif etc..
[...]
#error missing an init, pal.
#endif

Or do you jave something else in mind?

> +#if defined(USE_OPENSSL_RANDOM)
> 
> I'm not sure this comment adds any value, we currently have two non-TLS library
> PRNGs in pg_strong_random, so even if we add NSS it will at best be 50%:

I don't mind removing this part, the compilation hint may be enough,
indeed.
--
Michael

Commits

  1. Remove ability to independently select random number generator

  2. Add pg_strong_random_init function to initialize random number generator