Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 16f96c7

Browse files
committed
Remove ability to independently select random number generator
Remove the ability to select random number generator independently from SSL library. Instead, use the random number generator from the SSL library (today only OpenSSL supported) if one is configured. If no SSL library is configured, use the platform default (which means use CryptoAPI on Win32 and /dev/urandom on Linux). This also restructures pg_strong_random.c to have three clearly separate sections, one for each implementation, with two functions in each, instead of a scattered set of ifdefs throughout the whole file. Author: Daniel Gustafsson, Magnus Hagander, Michael Paquier Discussion: https://postgr.es/m/632623.1605460616@sss.pgh.pa.us
1 parent b5acf10 commit 16f96c7

File tree

5 files changed

+114
-201
lines changed

5 files changed

+114
-201
lines changed

configure

+19-42
Original file line numberDiff line numberDiff line change
@@ -18055,19 +18055,21 @@ $as_echo "#define USE_WIN32_SHARED_MEMORY 1" >>confdefs.h
1805518055
SHMEM_IMPLEMENTATION="src/backend/port/win32_shmem.c"
1805618056
fi
1805718057

18058-
# Select random number source
18059-
#
18060-
# You can override this logic by setting the appropriate USE_*RANDOM flag to 1
18061-
# in the template or configure command line.
18062-
18063-
# If not selected manually, try to select a source automatically.
18064-
if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
18065-
if test x"$with_openssl" = x"yes" ; then
18066-
USE_OPENSSL_RANDOM=1
18067-
elif test "$PORTNAME" = "win32" ; then
18068-
USE_WIN32_RANDOM=1
18069-
else
18070-
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
18058+
# Select random number source. If a TLS library is used then it will be the
18059+
# first choice, else the native platform sources (Windows API or /dev/urandom)
18060+
# will be used.
18061+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
18062+
$as_echo_n "checking which random number source to use... " >&6; }
18063+
if test x"$with_openssl" = x"yes" ; then
18064+
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
18065+
$as_echo "OpenSSL" >&6; }
18066+
elif test x"$PORTNAME" = x"win32" ; then
18067+
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
18068+
$as_echo "Windows native" >&6; }
18069+
else
18070+
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
18071+
$as_echo "/dev/urandom" >&6; }
18072+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
1807118073
$as_echo_n "checking for /dev/urandom... " >&6; }
1807218074
if ${ac_cv_file__dev_urandom+:} false; then :
1807318075
$as_echo_n "(cached) " >&6
@@ -18087,36 +18089,11 @@ if test "x$ac_cv_file__dev_urandom" = xyes; then :
1808718089
fi
1808818090

1808918091

18090-
if test x"$ac_cv_file__dev_urandom" = x"yes" ; then
18091-
USE_DEV_URANDOM=1
18092-
fi
18093-
fi
18094-
fi
18095-
18096-
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
18097-
$as_echo_n "checking which random number source to use... " >&6; }
18098-
if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
18099-
18100-
$as_echo "#define USE_OPENSSL_RANDOM 1" >>confdefs.h
18101-
18102-
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
18103-
$as_echo "OpenSSL" >&6; }
18104-
elif test x"$USE_WIN32_RANDOM" = x"1" ; then
18105-
18106-
$as_echo "#define USE_WIN32_RANDOM 1" >>confdefs.h
18107-
18108-
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
18109-
$as_echo "Windows native" >&6; }
18110-
elif test x"$USE_DEV_URANDOM" = x"1" ; then
18111-
18112-
$as_echo "#define USE_DEV_URANDOM 1" >>confdefs.h
18113-
18114-
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
18115-
$as_echo "/dev/urandom" >&6; }
18116-
else
18117-
as_fn_error $? "
18092+
if test x"$ac_cv_file__dev_urandom" = x"no" ; then
18093+
as_fn_error $? "
1811818094
no source of strong random numbers was found
18119-
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers." "$LINENO" 5
18095+
PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
18096+
fi
1812018097
fi
1812118098

1812218099
# If not set in template file, set bytes to use libc memset()

configure.ac

+12-29
Original file line numberDiff line numberDiff line change
@@ -2152,40 +2152,23 @@ else
21522152
SHMEM_IMPLEMENTATION="src/backend/port/win32_shmem.c"
21532153
fi
21542154

2155-
# Select random number source
2156-
#
2157-
# You can override this logic by setting the appropriate USE_*RANDOM flag to 1
2158-
# in the template or configure command line.
2159-
2160-
# If not selected manually, try to select a source automatically.
2161-
if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
2162-
if test x"$with_openssl" = x"yes" ; then
2163-
USE_OPENSSL_RANDOM=1
2164-
elif test "$PORTNAME" = "win32" ; then
2165-
USE_WIN32_RANDOM=1
2166-
else
2167-
AC_CHECK_FILE([/dev/urandom], [], [])
2168-
2169-
if test x"$ac_cv_file__dev_urandom" = x"yes" ; then
2170-
USE_DEV_URANDOM=1
2171-
fi
2172-
fi
2173-
fi
2174-
2155+
# Select random number source. If a TLS library is used then it will be the
2156+
# first choice, else the native platform sources (Windows API or /dev/urandom)
2157+
# will be used.
21752158
AC_MSG_CHECKING([which random number source to use])
2176-
if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
2177-
AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])
2159+
if test x"$with_openssl" = x"yes" ; then
21782160
AC_MSG_RESULT([OpenSSL])
2179-
elif test x"$USE_WIN32_RANDOM" = x"1" ; then
2180-
AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])
2161+
elif test x"$PORTNAME" = x"win32" ; then
21812162
AC_MSG_RESULT([Windows native])
2182-
elif test x"$USE_DEV_URANDOM" = x"1" ; then
2183-
AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])
2184-
AC_MSG_RESULT([/dev/urandom])
21852163
else
2186-
AC_MSG_ERROR([
2164+
AC_MSG_RESULT([/dev/urandom])
2165+
AC_CHECK_FILE([/dev/urandom], [], [])
2166+
2167+
if test x"$ac_cv_file__dev_urandom" = x"no" ; then
2168+
AC_MSG_ERROR([
21872169
no source of strong random numbers was found
2188-
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers.])
2170+
PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
2171+
fi
21892172
fi
21902173

21912174
# If not set in template file, set bytes to use libc memset()

src/include/pg_config.h.in

-9
Original file line numberDiff line numberDiff line change
@@ -862,9 +862,6 @@
862862
/* Define to 1 to build with BSD Authentication support. (--with-bsd-auth) */
863863
#undef USE_BSD_AUTH
864864

865-
/* Define to use /dev/urandom for random number generation */
866-
#undef USE_DEV_URANDOM
867-
868865
/* Define to build with ICU support. (--with-icu) */
869866
#undef USE_ICU
870867

@@ -887,9 +884,6 @@
887884
/* Define to build with OpenSSL support. (--with-openssl) */
888885
#undef USE_OPENSSL
889886

890-
/* Define to use OpenSSL for random number generation */
891-
#undef USE_OPENSSL_RANDOM
892-
893887
/* Define to 1 to build with PAM support. (--with-pam) */
894888
#undef USE_PAM
895889

@@ -914,9 +908,6 @@
914908
/* Define to select unnamed POSIX semaphores. */
915909
#undef USE_UNNAMED_POSIX_SEMAPHORES
916910

917-
/* Define to use native Windows API for random number generation */
918-
#undef USE_WIN32_RANDOM
919-
920911
/* Define to select Win32-style semaphores. */
921912
#undef USE_WIN32_SEMAPHORES
922913

0 commit comments

Comments
 (0)