pgsql: Guard against rare RAND_bytes() failures in pg_strong_random(). - Mailing list pgsql-committers

From Dean Rasheed
Subject pgsql: Guard against rare RAND_bytes() failures in pg_strong_random().
Date
Msg-id E1fgQWZ-0004jq-6f@gemulon.postgresql.org
Whole thread Raw
List pgsql-committers
Guard against rare RAND_bytes() failures in pg_strong_random().

When built using OpenSSL, pg_strong_random() uses RAND_bytes() to
generate the random number. On very rare occasions that can fail, if
its PRNG has not been seeded with enough data. Additionally, once it
does fail, all subsequent calls will also fail until more seed data is
added. Since this is required during backend startup, this can result
in all new backends failing to start until a postmaster restart.

Guard against that by checking the state of OpenSSL's PRNG using
RAND_status(), and if necessary (very rarely), seeding it using
RAND_poll().

Back-patch to v10, where pg_strong_random() was introduced.

Dean Rasheed and Michael Paquier.

Discussion: https://postgr.es/m/CAEZATCXMtxbzSAvyKKk5uCRf9pNt4UV%2BF_5v%3DgLfJUuPxU4Ytg%40mail.gmail.com

Branch
------
REL_11_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/1f919e663ee20430dfde5614a025ac2dbd0f4bfb

Modified Files
--------------
src/port/pg_strong_random.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)


pgsql-committers by date:

Previous
From: Michael Paquier
Date:
Subject: pgsql: Bump catalog version for recent toast table additions
Next
From: Tom Lane
Date:
Subject: pgsql: Avoid unportable shell syntax in pg_upgrade's test script.