On Wed, Nov 04, 2020 at 10:05:48AM +0100, Magnus Hagander wrote: > Yes, we should absolutely do that. We already do this for > pg_strong_random() itself, and we should definitely repeat the pattern > in the init function.
This poked at my curiosity, so I looked at it. The result looks indeed like an improvement to me, while taking care of the point of upthread to make the implementation stuff controlled only by USE_OPENSSL_RANDOM. Per se the attached. This could make random number generation predictible when an extension calls directly RAND_bytes() if USE_OPENSSL_RANDOM is not used while building with OpenSSL, but perhaps I am just too much of a pessimistic nature. -- Michael
diff --git a/src/include/port.h b/src/include/port.h
index d25716bf7f..5dfb00b07c 100644
--- a/src/include/port.h
+++ b/src/include/port.h
@@ -513,6 +513,7 @@ extern char *pg_inet_net_ntop(int af, const void *src, int bits,
char *dst, size_t size);
/* port/pg_strong_random.c */
+extern void pg_strong_random_init(void);
extern bool pg_strong_random(void *buf, size_t len);
/*
diff --git a/src/backend/postmaster/fork_process.c b/src/backend/postmaster/fork_process.c
index 15d6340800..5247b9f23c 100644
--- a/src/backend/postmaster/fork_process.c
+++ b/src/backend/postmaster/fork_process.c
@@ -16,9 +16,6 @@
#include <sys/stat.h>
#include <sys/time.h>
#include <unistd.h>
-#ifdef USE_OPENSSL
-#include <openssl/rand.h>
-#endif
#include "postmaster/fork_process.h"
@@ -108,14 +105,8 @@ fork_process(void)
}
}
- /*
- * Make sure processes do not share OpenSSL randomness state. This is
- * no longer required in OpenSSL 1.1.1 and later versions, but until
- * we drop support for version < 1.1.1 we need to do this.
- */
-#ifdef USE_OPENSSL
- RAND_poll();
-#endif
+ /* do post-fork initialization for random number generation */
+ pg_strong_random_init();
}
return result;
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index 14e8382cd8..005bcb81fd 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -24,7 +24,7 @@
#include <unistd.h>
#include <sys/time.h>
-#ifdef USE_OPENSSL
+#ifdef USE_OPENSSL_RANDOM
#include <openssl/rand.h>
#endif
#ifdef USE_WIN32_RANDOM
@@ -75,6 +75,39 @@ random_from_file(const char *filename, void *buf, size_t len)
}
#endif
+/*
+ * pg_strong_random_init
+ *
+ * Initialize the randomness state of "strong" random numbers. This
+ * is used after forking a process, and should include initialization
+ * steps specific to the chosen random source.
+ *
+ * Note that this applies normally to SSL implementations, so when
+ * implementing a new one, be careful to consider this initialization
+ * step.
+ */
+void
+pg_strong_random_init(void)
+{
+#if defined(USE_OPENSSL_RANDOM)
+ /*
+ * Make sure processes do not share OpenSSL randomness state. This is
+ * no longer required in OpenSSL 1.1.1 and later versions, but until
+ * we drop support for version < 1.1.1 we need to do this.
+ */
+ RAND_poll();
+
+#elif defined(USE_WIN32_RANDOM)
+ /* nothing needed for WIN32 */
+
+#elif defined(USE_DEV_URANDOM)
+ /* nothing needed for /dev/urandom */
+
+#else
+#error no initialization for random number implementation configured
+#endif
+}
+
/*
* pg_strong_random
*
signature.asc
Description: PGP signature
