NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit5ee180a

committed

Add pg_strong_random_init function to initialize random number generator

Currently only OpenSSL requires this initialization, but in the futureother SSL implementations are likely to need it as well. Abstractingthis functionality out into a separate function makes this cleaner andmore clear, and also removes the dependency on OpenSSL headers fromfork_process.c.OpenSSL is special in that we need to initialize this random numbergenerator even if we're not going to use it directly, until we dropsupport for everything prior to OpenSSL 1.1.1. (And of course also if weactually use it). All other implementations are left empty at this time,but more are expected to be added in the future.Author: Daniel Gustafsson <daniel@yesql.se>, Michael Paquier <michael@paquier.xyz>Reviewed-By: Magnus Hagander <magnus@hagander.net>Discussion:https://postgr.es/m/F6291C3C-747C-4C93-BCE0-28BB420B1FF5@yesql.se

1 parent4f841ce commit5ee180aCopy full SHA for 5ee180a

File tree

3 files changed

+48

-12

lines changed

src
- backend/postmaster
  - fork_process.c
- include
  - port.h
- port
  - pg_strong_random.c

3 files changed

+48

-12

lines changed

`‎src/backend/postmaster/fork_process.c`

Lines changed: 2 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,9 +16,6 @@`
`16`	`16`	`#include<sys/stat.h>`
`17`	`17`	`#include<sys/time.h>`
`18`	`18`	`#include<unistd.h>`
`19`		`-#ifdefUSE_OPENSSL`
`20`		`-#include<openssl/rand.h>`
`21`		`-#endif`
`22`	`19`
`23`	`20`	`#include"postmaster/fork_process.h"`
`24`	`21`
`@@ -108,14 +105,8 @@ fork_process(void)`
`108`	`105`	`}`
`109`	`106`	`}`
`110`	`107`
`111`		`-/*`
`112`		`- * Make sure processes do not share OpenSSL randomness state. This is`
`113`		`- * no longer required in OpenSSL 1.1.1 and later versions, but until`
`114`		`- * we drop support for version < 1.1.1 we need to do this.`
`115`		`- */`
`116`		`-#ifdefUSE_OPENSSL`
`117`		`-RAND_poll();`
`118`		`-#endif`
	`108`	`+/* do post-fork initialization for random number generation */`
	`109`	`+pg_strong_random_init();`
`119`	`110`	`}`
`120`	`111`
`121`	`112`	`returnresult;`

`‎src/include/port.h`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -513,6 +513,7 @@ extern char pg_inet_net_ntop(int af, const void src, int bits,`
`513`	`513`	`char*dst,size_tsize);`
`514`	`514`
`515`	`515`	`/* port/pg_strong_random.c */`
	`516`	`+externvoidpg_strong_random_init(void);`
`516`	`517`	`externboolpg_strong_random(void*buf,size_tlen);`
`517`	`518`
`518`	`519`	`/*`

`‎src/port/pg_strong_random.c`

Lines changed: 45 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@`
`24`	`24`	`#include<unistd.h>`
`25`	`25`	`#include<sys/time.h>`
`26`	`26`
`27`		`-#ifdefUSE_OPENSSL`
	`27`	`+#ifdefUSE_OPENSSL_RANDOM`
`28`	`28`	`#include<openssl/rand.h>`
`29`	`29`	`#endif`
`30`	`30`	`#ifdefUSE_WIN32_RANDOM`
`@@ -75,6 +75,50 @@ random_from_file(const char filename, void buf, size_t len)`
`75`	`75`	`}`
`76`	`76`	`#endif`
`77`	`77`
	`78`	`+/*`
	`79`	`+ * pg_strong_random_init`
	`80`	`+ *`
	`81`	`+ * Initialize the randomness state of "strong" random numbers. This is invoked`
	`82`	`+ * after forking a process, and should include initialization steps specific`
	`83`	`+ * to the chosen random source to prove fork-safety.`
	`84`	`+ */`
	`85`	`+void`
	`86`	`+pg_strong_random_init(void)`
	`87`	`+{`
	`88`	`+#if defined(USE_OPENSSL)`
	`89`	`+/*`
	`90`	`+ * Make sure processes do not share OpenSSL randomness state. We need to`
	`91`	`+ * call this even if pg_strong_random is implemented using another source`
	`92`	`+ * for random numbers to ensure fork-safety in our TLS backend. This is no`
	`93`	`+ * longer required in OpenSSL 1.1.1 and later versions, but until we drop`
	`94`	`+ * support for version < 1.1.1 we need to do this.`
	`95`	`+*/`
	`96`	`+RAND_poll();`
	`97`	`+#endif`
	`98`	`+`
	`99`	`+#if defined(USE_OPENSSL_RANDOM)`
	`100`	`+/*`
	`101`	`+ * In case the backend is using the PRNG from OpenSSL without being built`
	`102`	`+ * with support for OpenSSL, make sure to perform post-fork initialization.`
	`103`	`+ * If the backend is using OpenSSL then we have already performed this`
	`104`	`+ * step. The same version caveat as discussed in the comment above applies`
	`105`	`+ * here as well.`
	`106`	`+ */`
	`107`	`+#ifndefUSE_OPENSSL`
	`108`	`+RAND_poll();`
	`109`	`+#endif`
	`110`	`+`
	`111`	`+#elif defined(USE_WIN32_RANDOM)`
	`112`	`+/* no initialization needed for WIN32 */`
	`113`	`+`
	`114`	`+#elif defined(USE_DEV_URANDOM)`
	`115`	`+/* no initialization needed for /dev/urandom */`
	`116`	`+`
	`117`	`+#else`
	`118`	`+#error no source of random numbers configured`
	`119`	`+#endif`
	`120`	`+}`
	`121`	`+`
`78`	`122`	`/*`
`79`	`123`	`* pg_strong_random`
`80`	`124`	`*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5ee180a

File tree

3 files changed

3 files changed

`‎src/backend/postmaster/fork_process.c`

`‎src/include/port.h`

`‎src/port/pg_strong_random.c`

0 commit comments