On Sun, Dec 30, 2018 at 04:15:49PM +0900, Michael Paquier wrote: > On Sun, Dec 30, 2018 at 01:45:42AM -0500, Tom Lane wrote: >> Hah, I was just about to work on that myself --- glad I didn't get >> to it quite yet. A couple of thoughts: >> >> 1. Surely there's documentation about --disable-strong-random >> to clean up too? > > Oops, I forgot to grep on this one. Removed from my tree. > >> 2. I wonder whether it's worth adding this to port.h: >> >> extern bool pg_strong_random(void *buf, size_t len); >> +/* pg_backend_random used to be a wrapper for pg_strong_random */ >> +#define pg_backend_random pg_strong_random >> >> to prevent unnecessary breakage in extensions that might be depending >> on pg_backend_random. > > Sure, that makes sense. Added. > >> 3. Didn't look, but the MSVC build code might need a tweak too >> now that pg_strong_random.o is built-always rather than conditional? > > There is nothing needed here as pg_strong_random.c has always been > included into @pgportfiles as we assumed that Windows would always > have a random source.
And attached is an updated patch with all those fixes included. Any thoughts or opinions? -- Michael
diff --git a/configure b/configure
index ea40f5f03d..1e2238e3f5 100755
--- a/configure
+++ b/configure
@@ -761,7 +761,6 @@ GENHTML
LCOV
GCOV
enable_debug
-enable_strong_random
enable_rpath
default_port
WANTED_LANGUAGES
@@ -829,7 +828,6 @@ with_pgport
enable_rpath
enable_spinlocks
enable_atomics
-enable_strong_random
enable_debug
enable_profiling
enable_coverage
@@ -1512,7 +1510,6 @@ Optional Features:
executables
--disable-spinlocks do not use spinlocks
--disable-atomics do not use atomic operations
- --disable-strong-random do not use a strong random number source
--enable-debug build with debugging symbols (-g)
--enable-profiling build with profiling enabled
--enable-coverage build with coverage testing instrumentation
@@ -3272,34 +3269,6 @@ fi
-#
-# Random number generation
-#
-
-
-# Check whether --enable-strong-random was given.
-if test "${enable_strong_random+set}" = set; then :
- enableval=$enable_strong_random;
- case $enableval in
- yes)
- :
- ;;
- no)
- :
- ;;
- *)
- as_fn_error $? "no argument expected for --enable-strong-random option" "$LINENO" 5
- ;;
- esac
-
-else
- enable_strong_random=yes
-
-fi
-
-
-
-
#
# --enable-debug adds -g to compiler flags
#
@@ -17937,7 +17906,7 @@ fi
# in the template or configure command line.
# If not selected manually, try to select a source automatically.
-if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
+if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
if test x"$with_openssl" = x"yes" ; then
USE_OPENSSL_RANDOM=1
elif test "$PORTNAME" = "win32" ; then
@@ -17971,42 +17940,29 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
$as_echo_n "checking which random number source to use... " >&6; }
-if test "$enable_strong_random" = yes ; then
- if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
+if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
$as_echo "#define USE_OPENSSL_RANDOM 1" >>confdefs.h
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
$as_echo "OpenSSL" >&6; }
- elif test x"$USE_WIN32_RANDOM" = x"1" ; then
+elif test x"$USE_WIN32_RANDOM" = x"1" ; then
$as_echo "#define USE_WIN32_RANDOM 1" >>confdefs.h
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
$as_echo "Windows native" >&6; }
- elif test x"$USE_DEV_URANDOM" = x"1" ; then
+elif test x"$USE_DEV_URANDOM" = x"1" ; then
$as_echo "#define USE_DEV_URANDOM 1" >>confdefs.h
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
$as_echo "/dev/urandom" >&6; }
- else
- as_fn_error $? "
+else
+ as_fn_error $? "
no source of strong random numbers was found
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,
-for authentication protocols. You can use --disable-strong-random to use a
-built-in pseudo random number generator, but that may be insecure." "$LINENO" 5
- fi
-
-$as_echo "#define HAVE_STRONG_RANDOM 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: weak builtin PRNG" >&5
-$as_echo "weak builtin PRNG" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
-*** Not using a strong random number source may be insecure." >&5
-$as_echo "$as_me: WARNING:
-*** Not using a strong random number source may be insecure." >&2;}
+for authentication protocols." "$LINENO" 5
fi
# If not set in template file, set bytes to use libc memset()
diff --git a/configure.in b/configure.in
index 89a0fb2470..66ff7fbc07 100644
--- a/configure.in
+++ b/configure.in
@@ -193,13 +193,6 @@ PGAC_ARG_BOOL(enable, spinlocks, yes,
PGAC_ARG_BOOL(enable, atomics, yes,
[do not use atomic operations])
-#
-# Random number generation
-#
-PGAC_ARG_BOOL(enable, strong-random, yes,
- [do not use a strong random number source])
-AC_SUBST(enable_strong_random)
-
#
# --enable-debug adds -g to compiler flags
#
@@ -2151,7 +2144,7 @@ fi
# in the template or configure command line.
# If not selected manually, try to select a source automatically.
-if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
+if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
if test x"$with_openssl" = x"yes" ; then
USE_OPENSSL_RANDOM=1
elif test "$PORTNAME" = "win32" ; then
@@ -2166,28 +2159,20 @@ if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" &&
fi
AC_MSG_CHECKING([which random number source to use])
-if test "$enable_strong_random" = yes ; then
- if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
- AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])
- AC_MSG_RESULT([OpenSSL])
- elif test x"$USE_WIN32_RANDOM" = x"1" ; then
- AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])
- AC_MSG_RESULT([Windows native])
- elif test x"$USE_DEV_URANDOM" = x"1" ; then
- AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])
- AC_MSG_RESULT([/dev/urandom])
- else
- AC_MSG_ERROR([
+if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
+ AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])
+ AC_MSG_RESULT([OpenSSL])
+elif test x"$USE_WIN32_RANDOM" = x"1" ; then
+ AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])
+ AC_MSG_RESULT([Windows native])
+elif test x"$USE_DEV_URANDOM" = x"1" ; then
+ AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])
+ AC_MSG_RESULT([/dev/urandom])
+else
+ AC_MSG_ERROR([
no source of strong random numbers was found
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,
-for authentication protocols. You can use --disable-strong-random to use a
-built-in pseudo random number generator, but that may be insecure.])
- fi
- AC_DEFINE(HAVE_STRONG_RANDOM, 1, [Define to use have a strong random number source])
-else
- AC_MSG_RESULT([weak builtin PRNG])
- AC_MSG_WARN([
-*** Not using a strong random number source may be insecure.])
+for authentication protocols.])
fi
# If not set in template file, set bytes to use libc memset()
diff --git a/contrib/pgcrypto/pgcrypto.c b/contrib/pgcrypto/pgcrypto.c
index de09ececcf..4e8e70ffba 100644
--- a/contrib/pgcrypto/pgcrypto.c
+++ b/contrib/pgcrypto/pgcrypto.c
@@ -34,7 +34,6 @@
#include <ctype.h>
#include "parser/scansup.h"
-#include "utils/backend_random.h"
#include "utils/builtins.h"
#include "utils/uuid.h"
@@ -423,7 +422,6 @@ PG_FUNCTION_INFO_V1(pg_random_bytes);
Datum
pg_random_bytes(PG_FUNCTION_ARGS)
{
-#ifdef HAVE_STRONG_RANDOM
int len = PG_GETARG_INT32(0);
bytea *res;
@@ -440,9 +438,6 @@ pg_random_bytes(PG_FUNCTION_ARGS)
px_THROW_ERROR(PXE_NO_RANDOM);
PG_RETURN_BYTEA_P(res);
-#else
- px_THROW_ERROR(PXE_NO_RANDOM);
-#endif
}
/* SQL function: gen_random_uuid() returns uuid */
@@ -451,11 +446,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid);
Datum
pg_random_uuid(PG_FUNCTION_ARGS)
{
-#ifdef HAVE_STRONG_RANDOM
uint8 *buf = (uint8 *) palloc(UUID_LEN);
/* Generate random bits. */
- if (!pg_backend_random((char *) buf, UUID_LEN))
+ if (!pg_strong_random((char *) buf, UUID_LEN))
px_THROW_ERROR(PXE_NO_RANDOM);
/*
@@ -466,9 +460,6 @@ pg_random_uuid(PG_FUNCTION_ARGS)
buf[8] = (buf[8] & 0x3f) | 0x80; /* "variant" field */
PG_RETURN_UUID_P((pg_uuid_t *) buf);
-#else
- px_THROW_ERROR(PXE_NO_RANDOM);
-#endif
}
static void *
diff --git a/contrib/pgcrypto/pgp-encrypt.c b/contrib/pgcrypto/pgp-encrypt.c
index d510729e5b..c848bb15f7 100644
--- a/contrib/pgcrypto/pgp-encrypt.c
+++ b/contrib/pgcrypto/pgp-encrypt.c
@@ -37,8 +37,6 @@
#include "px.h"
#include "pgp.h"
-#include "utils/backend_random.h"
-
#define MDC_DIGEST_LEN 20
#define STREAM_ID 0xE0
@@ -481,13 +479,12 @@ init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst)
static int
write_prefix(PGP_Context *ctx, PushFilter *dst)
{
-#ifdef HAVE_STRONG_RANDOM
uint8 prefix[PGP_MAX_BLOCK + 2];
int res,
bs;
bs = pgp_get_cipher_block_size(ctx->cipher_algo);
- if (!pg_backend_random((char *) prefix, bs))
+ if (!pg_strong_random((char *) prefix, bs))
return PXE_NO_RANDOM;
prefix[bs + 0] = prefix[bs - 2];
@@ -496,9 +493,6 @@ write_prefix(PGP_Context *ctx, PushFilter *dst)
res = pushf_write(dst, prefix, bs + 2);
px_memset(prefix, 0, bs + 2);
return res < 0 ? res : 0;
-#else
- return PXE_NO_RANDOM;
-#endif
}
/*
@@ -587,13 +581,9 @@ init_sess_key(PGP_Context *ctx)
{
if (ctx->use_sess_key || ctx->pub_key)
{
-#ifdef HAVE_STRONG_RANDOM
ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo);
if (!pg_strong_random((char *) ctx->sess_key, ctx->sess_key_len))
return PXE_NO_RANDOM;
-#else
- return PXE_NO_RANDOM;
-#endif
}
else
{
diff --git a/contrib/pgcrypto/pgp-mpi-internal.c b/contrib/pgcrypto/pgp-mpi-internal.c
index 545009ce19..c49d8b3349 100644
--- a/contrib/pgcrypto/pgp-mpi-internal.c
+++ b/contrib/pgcrypto/pgp-mpi-internal.c
@@ -57,7 +57,6 @@ mp_clear_free(mpz_t *a)
static int
mp_px_rand(uint32 bits, mpz_t *res)
{
-#ifdef HAVE_STRONG_RANDOM
unsigned bytes = (bits + 7) / 8;
int last_bits = bits & 7;
uint8 *buf;
@@ -83,9 +82,6 @@ mp_px_rand(uint32 bits, mpz_t *res)
px_free(buf);
return 0;
-#else
- return PXE_NO_RANDOM;
-#endif
}
static void
diff --git a/contrib/pgcrypto/pgp-pubenc.c b/contrib/pgcrypto/pgp-pubenc.c
index 4439876664..e9f7b0dc97 100644
--- a/contrib/pgcrypto/pgp-pubenc.c
+++ b/contrib/pgcrypto/pgp-pubenc.c
@@ -39,7 +39,6 @@
static int
pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
{
-#ifdef HAVE_STRONG_RANDOM
uint8 *buf,
*p;
int pad_len = res_len - 2 - data_len;
@@ -78,10 +77,6 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
*res_p = buf;
return 0;
-
-#else
- return PXE_NO_RANDOM;
-#endif
}
static int
diff --git a/contrib/pgcrypto/pgp-s2k.c b/contrib/pgcrypto/pgp-s2k.c
index a0fd8969ef..f6bd70d337 100644
--- a/contrib/pgcrypto/pgp-s2k.c
+++ b/contrib/pgcrypto/pgp-s2k.c
@@ -34,7 +34,6 @@
#include "px.h"
#include "pgp.h"
-#include "utils/backend_random.h"
static int
calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
@@ -235,13 +234,13 @@ pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count)
case PGP_S2K_SIMPLE:
break;
case PGP_S2K_SALTED:
- if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT))
+ if (!pg_strong_random((char *) s2k->salt, PGP_S2K_SALT))
return PXE_NO_RANDOM;
break;
case PGP_S2K_ISALTED:
- if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT))
+ if (!pg_strong_random((char *) s2k->salt, PGP_S2K_SALT))
return PXE_NO_RANDOM;
- if (!pg_backend_random((char *) &tmp, 1))
+ if (!pg_strong_random((char *) &tmp, 1))
return PXE_NO_RANDOM;
s2k->iter = decide_s2k_iter(tmp, count);
break;
diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c
index ee40788fe7..51be0b7da1 100644
--- a/contrib/pgcrypto/px-crypt.c
+++ b/contrib/pgcrypto/px-crypt.c
@@ -34,7 +34,6 @@
#include "px.h"
#include "px-crypt.h"
-#include "utils/backend_random.h"
static char *
run_crypt_des(const char *psw, const char *salt,
@@ -153,7 +152,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
return PXE_BAD_SALT_ROUNDS;
}
- if (!pg_backend_random(rbuf, g->input_len))
+ if (!pg_strong_random(rbuf, g->input_len))
return PXE_NO_RANDOM;
p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index aea8e863af..aa113f1404 100644
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -97,17 +97,9 @@ px_THROW_ERROR(int err)
{
if (err == PXE_NO_RANDOM)
{
-#ifdef HAVE_STRONG_RANDOM
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate a random number")));
-#else
- ereport(ERROR,
- (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
- errmsg("generating random data is not supported by this build"),
- errdetail("This functionality requires a source of strong random numbers."),
- errhint("You need to rebuild PostgreSQL using --enable-strong-random.")));
-#endif
}
else
{
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index d3326ce182..86286d11fc 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -1111,24 +1111,6 @@ su - postgres
</listitem>
</varlistentry>
- <varlistentry>
- <term><option>--disable-strong-random</option></term>
- <listitem>
- <para>
- Allow the build to succeed even if <productname>PostgreSQL</productname>
- has no support for strong random numbers on the platform.
- A source of random numbers is needed for some authentication
- protocols, as well as some routines in the
- <xref linkend="pgcrypto"/>
- module. <option>--disable-strong-random</option> disables functionality that
- requires cryptographically strong random numbers, and substitutes
- a weak pseudo-random-number-generator for the generation of
- authentication salt values and query cancel keys. It may make
- authentication less secure.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><option>--disable-thread-safety</option></term>
<listitem>
diff --git a/src/Makefile.global.in b/src/Makefile.global.in
index 956fd274cd..4962d0d20e 100644
--- a/src/Makefile.global.in
+++ b/src/Makefile.global.in
@@ -203,7 +203,6 @@ enable_dtrace = @enable_dtrace@
enable_coverage = @enable_coverage@
enable_tap_tests = @enable_tap_tests@
enable_thread_safety = @enable_thread_safety@
-enable_strong_random = @enable_strong_random@
python_includespec = @python_includespec@
python_libdir = @python_libdir@
diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c
index 5729867879..d7492a6651 100644
--- a/src/backend/access/transam/xlog.c
+++ b/src/backend/access/transam/xlog.c
@@ -65,7 +65,6 @@
#include "storage/reinit.h"
#include "storage/smgr.h"
#include "storage/spin.h"
-#include "utils/backend_random.h"
#include "utils/builtins.h"
#include "utils/guc.h"
#include "utils/memutils.h"
@@ -5132,7 +5131,7 @@ BootStrapXLOG(void)
* a genuine-looking password challenge for the non-existent user, in lieu
* of an actual stored password.
*/
- if (!pg_backend_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
+ if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
ereport(PANIC,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate secret authorization token")));
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index e997c94600..9a969a7029 100644
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -102,7 +102,6 @@
#include "libpq/crypt.h"
#include "libpq/scram.h"
#include "miscadmin.h"
-#include "utils/backend_random.h"
#include "utils/builtins.h"
#include "utils/timestamp.h"
@@ -468,7 +467,7 @@ pg_be_scram_build_verifier(const char *password)
password = (const char *) prep_password;
/* Generate random salt */
- if (!pg_backend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
+ if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate random salt")));
@@ -1123,7 +1122,7 @@ build_server_first_message(scram_state *state)
char raw_nonce[SCRAM_RAW_NONCE_LEN];
int encoded_len;
- if (!pg_backend_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
+ if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate random nonce")));
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index ff0832dba8..26db06cb90 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -36,7 +36,6 @@
#include "port/pg_bswap.h"
#include "replication/walsender.h"
#include "storage/ipc.h"
-#include "utils/backend_random.h"
#include "utils/timestamp.h"
@@ -835,7 +834,7 @@ CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail)
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
/* include the salt to use for computing the response */
- if (!pg_backend_random(md5Salt, 4))
+ if (!pg_strong_random(md5Salt, 4))
{
ereport(LOG,
(errmsg("could not generate random MD5 salt")));
@@ -3036,7 +3035,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por
/* Construct RADIUS packet */
packet->code = RADIUS_ACCESS_REQUEST;
packet->length = RADIUS_HEADER_LENGTH;
- if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH))
+ if (!pg_strong_random((char *) packet->vector, RADIUS_VECTOR_LENGTH))
{
ereport(LOG,
(errmsg("could not generate random encryption vector")));
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 2d5a0ac7d3..ce19624f73 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -367,16 +367,6 @@ static volatile sig_atomic_t WalReceiverRequested = false;
static volatile bool StartWorkerNeeded = true;
static volatile bool HaveCrashedWorker = false;
-#ifndef HAVE_STRONG_RANDOM
-/*
- * State for assigning cancel keys.
- * Also, the global MyCancelKey passes the cancel key assigned to a given
- * backend from the postmaster to that backend (via fork).
- */
-static unsigned int random_seed = 0;
-static struct timeval random_start_time;
-#endif
-
#ifdef USE_SSL
/* Set when and if SSL has been initialized properly */
static bool LoadedSSL = false;
@@ -1361,10 +1351,6 @@ PostmasterMain(int argc, char *argv[])
* Remember postmaster startup time
*/
PgStartTime = GetCurrentTimestamp();
-#ifndef HAVE_STRONG_RANDOM
- /* RandomCancelKey wants its own copy */
- gettimeofday(&random_start_time, NULL);
-#endif
/*
* Report postmaster status in the postmaster.pid file, to allow pg_ctl to
@@ -2531,27 +2517,12 @@ InitProcessGlobals(void)
MyStartTimestamp = GetCurrentTimestamp();
MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
- /*
- * Don't want backend to be able to see the postmaster random number
- * generator state. We have to clobber the static random_seed.
- */
-#ifndef HAVE_STRONG_RANDOM
- random_seed = 0;
- random_start_time.tv_usec = 0;
-#endif
-
/*
* Set a different seed for random() in every process. We want something
* unpredictable, so if possible, use high-quality random bits for the
* seed. Otherwise, fall back to a seed based on timestamp and PID.
- *
- * Note we can't use pg_backend_random here, since this is used in the
- * postmaster, and even in a backend we might not be attached to shared
- * memory yet.
*/
-#ifdef HAVE_STRONG_RANDOM
if (!pg_strong_random(&rseed, sizeof(rseed)))
-#endif
{
/*
* Since PIDs and timestamps tend to change more frequently in their
@@ -5256,38 +5227,7 @@ StartupPacketTimeoutHandler(void)
static bool
RandomCancelKey(int32 *cancel_key)
{
-#ifdef HAVE_STRONG_RANDOM
return pg_strong_random((char *) cancel_key, sizeof(int32));
-#else
-
- /*
- * If built with --disable-strong-random, use plain old erand48.
- *
- * We cannot use pg_backend_random() in postmaster, because it stores its
- * state in shared memory.
- */
- static unsigned short seed[3];
-
- /*
- * Select a random seed at the time of first receiving a request.
- */
- if (random_seed == 0)
- {
- struct timeval random_stop_time;
-
- gettimeofday(&random_stop_time, NULL);
-
- seed[0] = (unsigned short) random_start_time.tv_usec;
- seed[1] = (unsigned short) (random_stop_time.tv_usec) ^ (random_start_time.tv_usec >> 16);
- seed[2] = (unsigned short) (random_stop_time.tv_usec >> 16);
-
- random_seed = 1;
- }
-
- *cancel_key = pg_jrand48(seed);
-
- return true;
-#endif
}
/*
diff --git a/src/backend/storage/ipc/ipci.c b/src/backend/storage/ipc/ipci.c
index 0c86a581c0..473513a927 100644
--- a/src/backend/storage/ipc/ipci.c
+++ b/src/backend/storage/ipc/ipci.c
@@ -44,7 +44,6 @@
#include "storage/procsignal.h"
#include "storage/sinvaladt.h"
#include "storage/spin.h"
-#include "utils/backend_random.h"
#include "utils/snapmgr.h"
@@ -149,7 +148,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port)
size = add_size(size, BTreeShmemSize());
size = add_size(size, SyncScanShmemSize());
size = add_size(size, AsyncShmemSize());
- size = add_size(size, BackendRandomShmemSize());
#ifdef EXEC_BACKEND
size = add_size(size, ShmemBackendArraySize());
#endif
@@ -269,7 +267,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port)
BTreeShmemInit();
SyncScanShmemInit();
AsyncShmemInit();
- BackendRandomShmemInit();
#ifdef EXEC_BACKEND
diff --git a/src/backend/utils/adt/float.c b/src/backend/utils/adt/float.c
index add099ec9d..248122089e 100644
--- a/src/backend/utils/adt/float.c
+++ b/src/backend/utils/adt/float.c
@@ -24,7 +24,6 @@
#include "libpq/pqformat.h"
#include "miscadmin.h"
#include "utils/array.h"
-#include "utils/backend_random.h"
#include "utils/float.h"
#include "utils/fmgrprotos.h"
#include "utils/sortsupport.h"
@@ -2393,7 +2392,7 @@ drandom(PG_FUNCTION_ARGS)
* Should that fail for some reason, we fall back on a lower-quality
* seed based on current time and PID.
*/
- if (!pg_backend_random((char *) drandom_seed, sizeof(drandom_seed)))
+ if (!pg_strong_random((char *) drandom_seed, sizeof(drandom_seed)))
{
TimestampTz now = GetCurrentTimestamp();
uint64 iseed;
diff --git a/src/backend/utils/misc/Makefile b/src/backend/utils/misc/Makefile
index a53fcdf188..ec7ec131e5 100644
--- a/src/backend/utils/misc/Makefile
+++ b/src/backend/utils/misc/Makefile
@@ -14,9 +14,9 @@ include $(top_builddir)/src/Makefile.global
override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS)
-OBJS = backend_random.o guc.o help_config.o pg_config.o pg_controldata.o \
- pg_rusage.o ps_status.o queryenvironment.o rls.o sampling.o \
- superuser.o timeout.o tzparser.o
+OBJS = guc.o help_config.o pg_config.o pg_controldata.o pg_rusage.o \
+ ps_status.o queryenvironment.o rls.o sampling.o superuser.o \
+ timeout.o tzparser.o
# This location might depend on the installation directories. Therefore
# we can't substitute it into pg_config.h.
diff --git a/src/backend/utils/misc/backend_random.c b/src/backend/utils/misc/backend_random.c
deleted file mode 100644
index a64f3ac398..0000000000
--- a/src/backend/utils/misc/backend_random.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/*-------------------------------------------------------------------------
- *
- * backend_random.c
- * Backend random number generation routine.
- *
- * pg_backend_random() function fills a buffer with random bytes. Normally,
- * it is just a thin wrapper around pg_strong_random(), but when compiled
- * with --disable-strong-random, we provide a built-in implementation.
- *
- * This function is used for generating nonces in authentication, and for
- * random salt generation in pgcrypto. The built-in implementation is not
- * cryptographically strong, but if the user asked for it, we'll go ahead
- * and use it anyway.
- *
- * The built-in implementation uses the standard erand48 algorithm, with
- * a seed shared between all backends.
- *
- * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
- * Portions Copyright (c) 1994, Regents of the University of California
- *
- *
- * IDENTIFICATION
- * src/backend/utils/misc/backend_random.c
- *
- *-------------------------------------------------------------------------
- */
-
-#include "postgres.h"
-
-#include <sys/time.h>
-
-#include "miscadmin.h"
-#include "storage/lwlock.h"
-#include "storage/shmem.h"
-#include "utils/backend_random.h"
-#include "utils/timestamp.h"
-
-#ifdef HAVE_STRONG_RANDOM
-
-Size
-BackendRandomShmemSize(void)
-{
- return 0;
-}
-
-void
-BackendRandomShmemInit(void)
-{
- /* do nothing */
-}
-
-bool
-pg_backend_random(char *dst, int len)
-{
- /* should not be called in postmaster */
- Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
-
- return pg_strong_random(dst, len);
-}
-
-#else
-
-/*
- * Seed for the PRNG, stored in shared memory.
- *
- * Protected by BackendRandomLock.
- */
-typedef struct
-{
- bool initialized;
- unsigned short seed[3];
-} BackendRandomShmemStruct;
-
-static BackendRandomShmemStruct * BackendRandomShmem;
-
-Size
-BackendRandomShmemSize(void)
-{
- return sizeof(BackendRandomShmemStruct);
-}
-
-void
-BackendRandomShmemInit(void)
-{
- bool found;
-
- BackendRandomShmem = (BackendRandomShmemStruct *)
- ShmemInitStruct("Backend PRNG state",
- BackendRandomShmemSize(),
- &found);
-
- if (!IsUnderPostmaster)
- {
- Assert(!found);
-
- BackendRandomShmem->initialized = false;
- }
- else
- Assert(found);
-}
-
-bool
-pg_backend_random(char *dst, int len)
-{
- int i;
- char *end = dst + len;
-
- /* should not be called in postmaster */
- Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
-
- LWLockAcquire(BackendRandomLock, LW_EXCLUSIVE);
-
- /*
- * Seed the PRNG on the first use.
- */
- if (!BackendRandomShmem->initialized)
- {
- struct timeval now;
-
- gettimeofday(&now, NULL);
-
- BackendRandomShmem->seed[0] = now.tv_sec;
- BackendRandomShmem->seed[1] = (unsigned short) (now.tv_usec);
- BackendRandomShmem->seed[2] = (unsigned short) (now.tv_usec >> 16);
-
- /*
- * Mix in the cancel key, generated by the postmaster. This adds what
- * little entropy the postmaster had to the seed.
- */
- BackendRandomShmem->seed[0] ^= (MyCancelKey);
- BackendRandomShmem->seed[1] ^= (MyCancelKey >> 16);
-
- BackendRandomShmem->initialized = true;
- }
-
- for (i = 0; dst < end; i++)
- {
- uint32 r;
- int j;
-
- /*
- * pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from it.
- */
- r = (uint32) pg_jrand48(BackendRandomShmem->seed);
-
- for (j = 0; j < 4 && dst < end; j++)
- {
- *(dst++) = (char) (r & 0xFF);
- r >>= 8;
- }
- }
- LWLockRelease(BackendRandomLock);
-
- return true;
-}
-
-
-#endif /* HAVE_STRONG_RANDOM */
diff --git a/src/bin/pgbench/pgbench.c b/src/bin/pgbench/pgbench.c
index c64e16187a..f3f4ac3e3c 100644
--- a/src/bin/pgbench/pgbench.c
+++ b/src/bin/pgbench/pgbench.c
@@ -4844,13 +4844,9 @@ set_random_seed(const char *seed)
else if (strcmp(seed, "rand") == 0)
{
/* use some "strong" random source */
-#ifdef HAVE_STRONG_RANDOM
if (!pg_strong_random(&iseed, sizeof(iseed)))
-#endif
{
- fprintf(stderr,
- "cannot seed random from a strong source, none available: "
- "use \"time\" or an unsigned integer value.\n");
+ fprintf(stderr, "could not generate random seed.\n");
return false;
}
}
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 76bd81e9bf..9d99816eae 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -552,9 +552,6 @@
/* Define to 1 if you have the `strnlen' function. */
#undef HAVE_STRNLEN
-/* Define to use have a strong random number source */
-#undef HAVE_STRONG_RANDOM
-
/* Define to 1 if you have the `strsignal' function. */
#undef HAVE_STRSIGNAL
diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32
index de0c4d9997..1a89a8c24e 100644
--- a/src/include/pg_config.h.win32
+++ b/src/include/pg_config.h.win32
@@ -412,9 +412,6 @@
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
-/* Define to use have a strong random number source */
-#define HAVE_STRONG_RANDOM 1
-
/* Define to 1 if you have the `strsignal' function. */
/* #undef HAVE_STRSIGNAL */
diff --git a/src/include/port.h b/src/include/port.h
index 570a9052a2..ebf9d55979 100644
--- a/src/include/port.h
+++ b/src/include/port.h
@@ -498,9 +498,12 @@ extern char *inet_net_ntop(int af, const void *src, int bits,
char *dst, size_t size);
/* port/pg_strong_random.c */
-#ifdef HAVE_STRONG_RANDOM
extern bool pg_strong_random(void *buf, size_t len);
-#endif
+/*
+ * pg_backend_random used to be a wrapper for pg_strong_random before
+ * Postgres 12 for the backend code.
+ */
+#define pg_backend_random pg_strong_random
/* port/pgcheckdir.c */
extern int pg_check_dir(const char *dir);
diff --git a/src/include/utils/backend_random.h b/src/include/utils/backend_random.h
deleted file mode 100644
index 99ea2cb9fb..0000000000
--- a/src/include/utils/backend_random.h
+++ /dev/null
@@ -1,19 +0,0 @@
-/*-------------------------------------------------------------------------
- *
- * backend_random.h
- * Declarations for backend random number generation
- *
- * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
- *
- * src/include/utils/backend_random.h
- *
- *-------------------------------------------------------------------------
- */
-#ifndef BACKEND_RANDOM_H
-#define BACKEND_RANDOM_H
-
-extern Size BackendRandomShmemSize(void);
-extern void BackendRandomShmemInit(void);
-extern bool pg_backend_random(char *dst, int len);
-
-#endif /* BACKEND_RANDOM_H */
diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index 603ef4c002..6f9e6789d5 100644
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -19,11 +19,6 @@
#include "common/scram-common.h"
#include "fe-auth.h"
-/* These are needed for getpid(), in the fallback implementation */
-#ifndef HAVE_STRONG_RANDOM
-#include <sys/types.h>
-#include <unistd.h>
-#endif
/*
* Status of exchange messages used for SCRAM authentication via the
@@ -72,7 +67,6 @@ static bool verify_server_signature(fe_scram_state *state);
static void calculate_client_proof(fe_scram_state *state,
const char *client_final_message_without_proof,
uint8 *result);
-static bool pg_frontend_random(char *dst, int len);
/*
* Initialize SCRAM exchange status.
@@ -320,7 +314,7 @@ build_client_first_message(fe_scram_state *state)
* Generate a "raw" nonce. This is converted to ASCII-printable form by
* base64-encoding it.
*/
- if (!pg_frontend_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
+ if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not generate nonce\n"));
@@ -764,7 +758,7 @@ pg_fe_scram_build_verifier(const char *password)
password = (const char *) prep_password;
/* Generate a random salt */
- if (!pg_frontend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
+ if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
{
if (prep_password)
free(prep_password);
@@ -779,55 +773,3 @@ pg_fe_scram_build_verifier(const char *password)
return result;
}
-
-/*
- * Random number generator.
- */
-static bool
-pg_frontend_random(char *dst, int len)
-{
-#ifdef HAVE_STRONG_RANDOM
- return pg_strong_random(dst, len);
-#else
- int i;
- char *end = dst + len;
-
- static unsigned short seed[3];
- static int mypid = 0;
-
- pglock_thread();
-
- if (mypid != getpid())
- {
- struct timeval now;
-
- gettimeofday(&now, NULL);
-
- seed[0] = now.tv_sec ^ getpid();
- seed[1] = (unsigned short) (now.tv_usec);
- seed[2] = (unsigned short) (now.tv_usec >> 16);
- }
-
- for (i = 0; dst < end; i++)
- {
- uint32 r;
- int j;
-
- /*
- * pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from
- * it.
- */
- r = (uint32) pg_jrand48(seed);
-
- for (j = 0; j < 4 && dst < end; j++)
- {
- *(dst++) = (char) (r & 0xFF);
- r >>= 8;
- }
- }
-
- pgunlock_thread();
-
- return true;
-#endif
-}
diff --git a/src/port/Makefile b/src/port/Makefile
index ae3f973ae1..9cfc0f9279 100644
--- a/src/port/Makefile
+++ b/src/port/Makefile
@@ -37,14 +37,10 @@ LIBS += $(PTHREAD_LIBS)
OBJS = $(LIBOBJS) $(PG_CRC32C_OBJS) chklocale.o erand48.o inet_net_ntop.o \
noblock.o path.o pgcheckdir.o pgmkdirp.o pgsleep.o \
- pgstrcasecmp.o pgstrsignal.o pqsignal.o \
+ pg_strong_random.o pgstrcasecmp.o pgstrsignal.o pqsignal.o \
qsort.o qsort_arg.o quotes.o snprintf.o sprompt.o strerror.o \
tar.o thread.o
-ifeq ($(enable_strong_random), yes)
-OBJS += pg_strong_random.o
-endif
-
# libpgport.a, libpgport_shlib.a, and libpgport_srv.a contain the same files
# foo.o, foo_shlib.o, and foo_srv.o are all built from foo.c
OBJS_SHLIB = $(OBJS:%.o=%_shlib.o)
signature.asc
Description: PGP signature
