Re: Move OpenSSL random under USE_OPENSSL_RANDOM
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Magnus Hagander <magnus@hagander.net>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-11-05T12:12:53Z
Lists: pgsql-hackers
On Thu, Nov 05, 2020 at 10:49:45AM +0100, Daniel Gustafsson wrote:
> This must check for USE_OPENSSL as well as per my original patch, since we'd
> otherwise fail to perform post-fork initialization in case one use OpenSSL with
> anothe PRNG for pg_strong_random. That might be theoretical at this point, but
> if we ever support that and miss updating this it would be problematic.
That's actually the same point I tried to make at the end of my last
email, but worded differently, isn't it? In short we have
USE_OPENSSL, but !USE_OPENSSL_RANDOM and we still need an
initialization. We could just do something like the following:
#ifdef USE_OPENSSL
RAND_poll();
#endif
#if defined(USE_OPENSSL_RANDOM)
/* OpenSSL is done above, because blah.. */
#elif etc..
[...]
#error missing an init, pal.
#endif
Or do you jave something else in mind?
> +#if defined(USE_OPENSSL_RANDOM)
>
> I'm not sure this comment adds any value, we currently have two non-TLS library
> PRNGs in pg_strong_random, so even if we add NSS it will at best be 50%:
I don't mind removing this part, the compilation hint may be enough,
indeed.
--
Michael
Commits
-
Remove ability to independently select random number generator
- 16f96c74d48e 14.0 landed
-
Add pg_strong_random_init function to initialize random number generator
- 5ee180a39470 14.0 landed