Re: Move OpenSSL random under USE_OPENSSL_RANDOM
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Magnus Hagander <magnus@hagander.net>,
Michael Paquier <michael@paquier.xyz>,
Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-11-17T20:24:30Z
Lists: pgsql-hackers
Attachments
- 0001-Remove-ability-to-choose-randomness-source.patch (application/octet-stream) patch 0001
> On 16 Nov 2020, at 16:06, Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Magnus Hagander <magnus@hagander.net> writes: >> I agree with those -- either we remove the ability to choose random source >> independently of the SSL library (and then only use the windows crypto >> provider or /dev/urandom as platform-specific choices when *no* SSL library >> is used), and in that case we should not have separate #ifdef's for them. >> Or we fix the includes. Which is obviously easier, but we should take the >> time to do what we think is right long-term of course. > > FWIW, I'd vote for the former. I think the presumption that OpenSSL's > random-number machinery can be used without any other initialization is > shaky as heck. I tend to agree, randomness is complicated enough without adding a compile time extensibility which few (if anyone) will ever use. Attached is an attempt at this. cheers ./daniel
Commits
-
Remove ability to independently select random number generator
- 16f96c74d48e 14.0 landed
-
Add pg_strong_random_init function to initialize random number generator
- 5ee180a39470 14.0 landed