On Tue, Jul 17, 2018 at 01:33:11PM +0100, Dean Rasheed wrote: > Looking for precedents elsewhere, I found [2] which does exactly that, > although I'm slightly dubious about the need for the for-loop there. I > also found a thread [3], which recommends simply doing > > if (RAND_status() == 0) > RAND_poll(); > > which seems preferable. Attached is a patch to do this in pg_strong_random().
Checking for the return result of RAND_poll() would also be good thing to do. From what I read in OpenSSL code it could fail as well, and we could combine that with a loop attempted to feed the machinery a decided amount of times, just failing after successive failures. -- Michael
signature.asc
Description: PGP signature
