Remove configure switch --disable-strong-random

This removes a portion of infrastructure introduced by fe0a0b59 to allow
compilation of Postgres in environments where no strong random source is
available, meaning that there is no linking to OpenSSL and no
/dev/urandom (Windows having its own CryptoAPI).  No systems shipped
this century lack /dev/urandom, and the buildfarm is actually not
testing this switch at all, so just remove it.  This simplifies
particularly some backend code which included a fallback implementation
using shared memory, and removes a set of alternate regression output
files from pgcrypto.

Author: Michael Paquier
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/20181230063219.GG608@paquier.xyz

configure

@@ -761,7 +761,6 @@ GENHTML
 LCOV
 GCOV
 enable_debug
-enable_strong_random
 enable_rpath
 default_port
 WANTED_LANGUAGES
@@ -829,7 +828,6 @@ with_pgport
 enable_rpath
 enable_spinlocks
 enable_atomics
-enable_strong_random
 enable_debug
 enable_profiling
 enable_coverage
@@ -1512,7 +1510,6 @@ Optional Features:
                           executables
   --disable-spinlocks     do not use spinlocks
   --disable-atomics       do not use atomic operations
-  --disable-strong-random do not use a strong random number source
   --enable-debug          build with debugging symbols (-g)
   --enable-profiling      build with profiling enabled
   --enable-coverage       build with coverage testing instrumentation
@@ -3272,34 +3269,6 @@ fi
 
 
 
-#
-# Random number generation
-#
-
-
-# Check whether --enable-strong-random was given.
-if test "${enable_strong_random+set}" = set; then :
-  enableval=$enable_strong_random;
-  case $enableval in
-    yes)
-      :
-      ;;
-    no)
-      :
-      ;;
-    *)
-      as_fn_error $? "no argument expected for --enable-strong-random option" "$LINENO" 5
-      ;;
-  esac
-
-else
-  enable_strong_random=yes
-
-fi
-
-
-
-
 #
 # --enable-debug adds -g to compiler flags
 #
@@ -17937,7 +17906,7 @@ fi
 # in the template or configure command line.
 
 # If not selected manually, try to select a source automatically.
-if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
+if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
   if test x"$with_openssl" = x"yes" ; then
     USE_OPENSSL_RANDOM=1
   elif test "$PORTNAME" = "win32" ; then
@@ -17971,42 +17940,28 @@ fi
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
 $as_echo_n "checking which random number source to use... " >&6; }
-if test "$enable_strong_random" = yes ; then
-  if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
+if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
 
 $as_echo "#define USE_OPENSSL_RANDOM 1" >>confdefs.h
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
 $as_echo "OpenSSL" >&6; }
-  elif test x"$USE_WIN32_RANDOM" = x"1" ; then
+elif test x"$USE_WIN32_RANDOM" = x"1" ; then
 
 $as_echo "#define USE_WIN32_RANDOM 1" >>confdefs.h
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
 $as_echo "Windows native" >&6; }
-  elif test x"$USE_DEV_URANDOM" = x"1" ; then
+elif test x"$USE_DEV_URANDOM" = x"1" ; then
 
 $as_echo "#define USE_DEV_URANDOM 1" >>confdefs.h
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
 $as_echo "/dev/urandom" >&6; }
-  else
-    as_fn_error $? "
-no source of strong random numbers was found
-PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,
-for authentication protocols. You can use --disable-strong-random to use a
-built-in pseudo random number generator, but that may be insecure." "$LINENO" 5
-  fi
-
-$as_echo "#define HAVE_STRONG_RANDOM 1" >>confdefs.h
-
 else
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: weak builtin PRNG" >&5
-$as_echo "weak builtin PRNG" >&6; }
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
-*** Not using a strong random number source may be insecure." >&5
-$as_echo "$as_me: WARNING:
-*** Not using a strong random number source may be insecure." >&2;}
+  as_fn_error $? "
+no source of strong random numbers was found
+PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers." "$LINENO" 5
 fi
 
 # If not set in template file, set bytes to use libc memset()

configure.in

@@ -193,13 +193,6 @@ PGAC_ARG_BOOL(enable, spinlocks, yes,
 PGAC_ARG_BOOL(enable, atomics, yes,
               [do not use atomic operations])
 
-#
-# Random number generation
-#
-PGAC_ARG_BOOL(enable, strong-random, yes,
-              [do not use a strong random number source])
-AC_SUBST(enable_strong_random)
-
 #
 # --enable-debug adds -g to compiler flags
 #
@@ -2151,7 +2144,7 @@ fi
 # in the template or configure command line.
 
 # If not selected manually, try to select a source automatically.
-if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
+if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
   if test x"$with_openssl" = x"yes" ; then
     USE_OPENSSL_RANDOM=1
   elif test "$PORTNAME" = "win32" ; then
@@ -2166,28 +2159,19 @@ if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" &&
 fi
 
 AC_MSG_CHECKING([which random number source to use])
-if test "$enable_strong_random" = yes ; then
-  if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
-    AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])
-    AC_MSG_RESULT([OpenSSL])
-  elif test x"$USE_WIN32_RANDOM" = x"1" ; then
-    AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])
-    AC_MSG_RESULT([Windows native])
-  elif test x"$USE_DEV_URANDOM" = x"1" ; then
-    AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])
-    AC_MSG_RESULT([/dev/urandom])
-  else
-    AC_MSG_ERROR([
-no source of strong random numbers was found
-PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,
-for authentication protocols. You can use --disable-strong-random to use a
-built-in pseudo random number generator, but that may be insecure.])
-  fi
-  AC_DEFINE(HAVE_STRONG_RANDOM, 1, [Define to use have a strong random number source])
+if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
+  AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])
+  AC_MSG_RESULT([OpenSSL])
+elif test x"$USE_WIN32_RANDOM" = x"1" ; then
+  AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])
+  AC_MSG_RESULT([Windows native])
+elif test x"$USE_DEV_URANDOM" = x"1" ; then
+  AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])
+  AC_MSG_RESULT([/dev/urandom])
 else
-    AC_MSG_RESULT([weak builtin PRNG])
-    AC_MSG_WARN([
-*** Not using a strong random number source may be insecure.])
+  AC_MSG_ERROR([
+no source of strong random numbers was found
+PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers.])
 fi
 
 # If not set in template file, set bytes to use libc memset()

contrib/pgcrypto/expected/pgp-compression_1.out

---
--- PGP compression support
---
-select pgp_sym_decrypt(dearmor('
------BEGIN PGP MESSAGE-----
-
-ww0ECQMCsci6AdHnELlh0kQB4jFcVwHMJg0Bulop7m3Mi36s15TAhBo0AnzIrRFrdLVCkKohsS6+
-DMcmR53SXfLoDJOv/M8uKj3QSq7oWNIp95pxfA==
-=tbSn
------END PGP MESSAGE-----
-'), 'key', 'expect-compress-algo=1');
- pgp_sym_decrypt 
------------------
- Secret message
-(1 row)
-
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret message', 'key', 'compress-algo=0'),
-	'key', 'expect-compress-algo=0');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret message', 'key', 'compress-algo=1'),
-	'key', 'expect-compress-algo=1');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret message', 'key', 'compress-algo=2'),
-	'key', 'expect-compress-algo=2');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- level=0 should turn compression off
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret message', 'key',
-			'compress-algo=2, compress-level=0'),
-	'key', 'expect-compress-algo=0');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.

contrib/pgcrypto/expected/pgp-encrypt_1.out

---
--- PGP encrypt
---
--- ensure consistent test output regardless of the default bytea format
-SET bytea_output TO escape;
-select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), 'key');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- check whether the defaults are ok
-select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'),
-	'key', 'expect-cipher-algo=aes128,
-		expect-disable-mdc=0,
-		expect-sess-key=0,
-		expect-s2k-mode=3,
-		expect-s2k-digest-algo=sha1,
-		expect-compress-algo=0
-		');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- maybe the expect- stuff simply does not work
-select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'),
-	'key', 'expect-cipher-algo=bf,
-		expect-disable-mdc=1,
-		expect-sess-key=1,
-		expect-s2k-mode=0,
-		expect-s2k-digest-algo=md5,
-		expect-compress-algo=1
-		');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- bytea as text
-select pgp_sym_decrypt(pgp_sym_encrypt_bytea('Binary', 'baz'), 'baz');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- text as bytea
-select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- algorithm change
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=bf'),
-	'key', 'expect-cipher-algo=bf');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes'),
-	'key', 'expect-cipher-algo=aes128');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes192'),
-	'key', 'expect-cipher-algo=aes192');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- s2k change
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 's2k-mode=0'),
-	'key', 'expect-s2k-mode=0');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 's2k-mode=1'),
-	'key', 'expect-s2k-mode=1');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 's2k-mode=3'),
-	'key', 'expect-s2k-mode=3');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- s2k count change
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 's2k-count=1024'),
-	'key', 'expect-s2k-count=1024');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- s2k_count rounds up
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 's2k-count=65000000'),
-	'key', 'expect-s2k-count=65000000');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- s2k digest change
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),
-	'key', 'expect-s2k-digest-algo=md5');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-		pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'),
-	'key', 'expect-s2k-digest-algo=sha1');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- sess key
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 'sess-key=0'),
-	'key', 'expect-sess-key=0');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 'sess-key=1'),
-	'key', 'expect-sess-key=1');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'),
-	'key', 'expect-sess-key=1, expect-cipher-algo=bf');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'),
-	'key', 'expect-sess-key=1, expect-cipher-algo=aes192');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_sym_decrypt(
-	pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'),
-	'key', 'expect-sess-key=1, expect-cipher-algo=aes256');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- no mdc
-select pgp_sym_decrypt(
-		pgp_sym_encrypt('Secret.', 'key', 'disable-mdc=1'),
-	'key', 'expect-disable-mdc=1');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- crlf
-select encode(pgp_sym_decrypt_bytea(
-	pgp_sym_encrypt(E'1\n2\n3\r\n', 'key', 'convert-crlf=1'),
-	'key'), 'hex');
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- conversion should be lossless
-select encode(digest(pgp_sym_decrypt(
-  pgp_sym_encrypt(E'\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'),
-	'key', 'convert-crlf=1'), 'sha1'), 'hex') as result,
-  encode(digest(E'\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect;
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.

contrib/pgcrypto/expected/pgp-pubkey-encrypt_1.out

---
--- PGP Public Key Encryption
---
--- ensure consistent test output regardless of the default bytea format
-SET bytea_output TO escape;
--- successful encrypt/decrypt
-select pgp_pub_decrypt(
-	pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
-	dearmor(seckey))
-from keytbl where keytbl.id=1;
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_pub_decrypt(
-		pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
-		dearmor(seckey))
-from keytbl where keytbl.id=2;
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_pub_decrypt(
-		pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
-		dearmor(seckey))
-from keytbl where keytbl.id=3;
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
-select pgp_pub_decrypt(
-		pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
-		dearmor(seckey))
-from keytbl where keytbl.id=6;
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- try with rsa-sign only
-select pgp_pub_decrypt(
-		pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
-		dearmor(seckey))
-from keytbl where keytbl.id=4;
-ERROR:  No encryption key found
--- try with secret key
-select pgp_pub_decrypt(
-		pgp_pub_encrypt('Secret msg', dearmor(seckey)),
-		dearmor(seckey))
-from keytbl where keytbl.id=1;
-ERROR:  Refusing to encrypt with secret key
--- does text-to-bytea works
-select pgp_pub_decrypt_bytea(
-		pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
-		dearmor(seckey))
-from keytbl where keytbl.id=1;
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.
--- and bytea-to-text?
-select pgp_pub_decrypt(
-		pgp_pub_encrypt_bytea('Secret msg', dearmor(pubkey)),
-		dearmor(seckey))
-from keytbl where keytbl.id=1;
-ERROR:  generating random data is not supported by this build
-DETAIL:  This functionality requires a source of strong random numbers.
-HINT:  You need to rebuild PostgreSQL using --enable-strong-random.

contrib/pgcrypto/pgcrypto.c

@@ -34,7 +34,6 @@
 #include <ctype.h>
 
 #include "parser/scansup.h"
-#include "utils/backend_random.h"
 #include "utils/builtins.h"
 #include "utils/uuid.h"
 
@@ -423,7 +422,6 @@ PG_FUNCTION_INFO_V1(pg_random_bytes);
 Datum
 pg_random_bytes(PG_FUNCTION_ARGS)
 {
-#ifdef HAVE_STRONG_RANDOM
 	int			len = PG_GETARG_INT32(0);
 	bytea	   *res;
 
@@ -440,9 +438,6 @@ pg_random_bytes(PG_FUNCTION_ARGS)
 		px_THROW_ERROR(PXE_NO_RANDOM);
 
 	PG_RETURN_BYTEA_P(res);
-#else
-	px_THROW_ERROR(PXE_NO_RANDOM);
-#endif
 }
 
 /* SQL function: gen_random_uuid() returns uuid */
@@ -451,11 +446,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid);
 Datum
 pg_random_uuid(PG_FUNCTION_ARGS)
 {
-#ifdef HAVE_STRONG_RANDOM
 	uint8	   *buf = (uint8 *) palloc(UUID_LEN);
 
 	/* Generate random bits. */
-	if (!pg_backend_random((char *) buf, UUID_LEN))
+	if (!pg_strong_random(buf, UUID_LEN))
 		px_THROW_ERROR(PXE_NO_RANDOM);
 
 	/*
@@ -466,9 +460,6 @@ pg_random_uuid(PG_FUNCTION_ARGS)
 	buf[8] = (buf[8] & 0x3f) | 0x80;	/* "variant" field */
 
 	PG_RETURN_UUID_P((pg_uuid_t *) buf);
-#else
-	px_THROW_ERROR(PXE_NO_RANDOM);
-#endif
 }
 
 static void *

contrib/pgcrypto/pgp-encrypt.c

@@ -37,8 +37,6 @@
 #include "px.h"
 #include "pgp.h"
 
-#include "utils/backend_random.h"
-
 
 #define MDC_DIGEST_LEN 20
 #define STREAM_ID 0xE0
@@ -481,13 +479,12 @@ init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst)
 static int
 write_prefix(PGP_Context *ctx, PushFilter *dst)
 {
-#ifdef HAVE_STRONG_RANDOM
 	uint8		prefix[PGP_MAX_BLOCK + 2];
 	int			res,
 				bs;
 
 	bs = pgp_get_cipher_block_size(ctx->cipher_algo);
-	if (!pg_backend_random((char *) prefix, bs))
+	if (!pg_strong_random(prefix, bs))
 		return PXE_NO_RANDOM;
 
 	prefix[bs + 0] = prefix[bs - 2];
@@ -496,9 +493,6 @@ write_prefix(PGP_Context *ctx, PushFilter *dst)
 	res = pushf_write(dst, prefix, bs + 2);
 	px_memset(prefix, 0, bs + 2);
 	return res < 0 ? res : 0;
-#else
-	return PXE_NO_RANDOM;
-#endif
 }
 
 /*
@@ -587,13 +581,9 @@ init_sess_key(PGP_Context *ctx)
 {
 	if (ctx->use_sess_key || ctx->pub_key)
 	{
-#ifdef HAVE_STRONG_RANDOM
 		ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo);
-		if (!pg_strong_random((char *) ctx->sess_key, ctx->sess_key_len))
+		if (!pg_strong_random(ctx->sess_key, ctx->sess_key_len))
 			return PXE_NO_RANDOM;
-#else
-		return PXE_NO_RANDOM;
-#endif
 	}
 	else
 	{

contrib/pgcrypto/pgp-mpi-internal.c

@@ -57,13 +57,12 @@ mp_clear_free(mpz_t *a)
 static int
 mp_px_rand(uint32 bits, mpz_t *res)
 {
-#ifdef HAVE_STRONG_RANDOM
 	unsigned	bytes = (bits + 7) / 8;
 	int			last_bits = bits & 7;
 	uint8	   *buf;
 
 	buf = px_alloc(bytes);
-	if (!pg_strong_random((char *) buf, bytes))
+	if (!pg_strong_random(buf, bytes))
 	{
 		px_free(buf);
 		return PXE_NO_RANDOM;
@@ -83,9 +82,6 @@ mp_px_rand(uint32 bits, mpz_t *res)
 	px_free(buf);
 
 	return 0;
-#else
-	return PXE_NO_RANDOM;
-#endif
 }
 
 static void

contrib/pgcrypto/pgp-pubenc.c

@@ -39,7 +39,6 @@
 static int
 pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
 {
-#ifdef HAVE_STRONG_RANDOM
 	uint8	   *buf,
 			   *p;
 	int			pad_len = res_len - 2 - data_len;
@@ -50,7 +49,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
 	buf = px_alloc(res_len);
 	buf[0] = 0x02;
 
-	if (!pg_strong_random((char *) buf + 1, pad_len))
+	if (!pg_strong_random(buf + 1, pad_len))
 	{
 		px_free(buf);
 		return PXE_NO_RANDOM;
@@ -62,7 +61,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
 	{
 		if (*p == 0)
 		{
-			if (!pg_strong_random((char *) p, 1))
+			if (!pg_strong_random(p, 1))
 			{
 				px_memset(buf, 0, res_len);
 				px_free(buf);
@@ -78,10 +77,6 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
 	*res_p = buf;
 
 	return 0;
-
-#else
-	return PXE_NO_RANDOM;
-#endif
 }
 
 static int

contrib/pgcrypto/pgp-s2k.c

@@ -34,7 +34,6 @@
 #include "px.h"
 #include "pgp.h"
 
-#include "utils/backend_random.h"
 
 static int
 calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
@@ -235,13 +234,13 @@ pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count)
 		case PGP_S2K_SIMPLE:
 			break;
 		case PGP_S2K_SALTED:
-			if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT))
+			if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
 				return PXE_NO_RANDOM;
 			break;
 		case PGP_S2K_ISALTED:
-			if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT))
+			if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
 				return PXE_NO_RANDOM;
-			if (!pg_backend_random((char *) &tmp, 1))
+			if (!pg_strong_random(&tmp, 1))
 				return PXE_NO_RANDOM;
 			s2k->iter = decide_s2k_iter(tmp, count);
 			break;

contrib/pgcrypto/px-crypt.c

@@ -34,7 +34,6 @@
 #include "px.h"
 #include "px-crypt.h"
 
-#include "utils/backend_random.h"
 
 static char *
 run_crypt_des(const char *psw, const char *salt,
@@ -153,7 +152,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
 			return PXE_BAD_SALT_ROUNDS;
 	}
 
-	if (!pg_backend_random(rbuf, g->input_len))
+	if (!pg_strong_random(rbuf, g->input_len))
 		return PXE_NO_RANDOM;
 
 	p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);

contrib/pgcrypto/px.c

@@ -56,7 +56,7 @@ static const struct error_desc px_err_list[] = {
 	{PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"},
 	{PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
 	{PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
-	{PXE_NO_RANDOM, "No strong random source"},
+	{PXE_NO_RANDOM, "Failed to generate strong random bits"},
 	{PXE_DECRYPT_FAILED, "Decryption failed"},
 	{PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
 	{PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
@@ -97,17 +97,9 @@ px_THROW_ERROR(int err)
 {
 	if (err == PXE_NO_RANDOM)
 	{
-#ifdef HAVE_STRONG_RANDOM
 		ereport(ERROR,
 				(errcode(ERRCODE_INTERNAL_ERROR),
 				 errmsg("could not generate a random number")));
-#else
-		ereport(ERROR,
-				(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
-				 errmsg("generating random data is not supported by this build"),
-				 errdetail("This functionality requires a source of strong random numbers."),
-				 errhint("You need to rebuild PostgreSQL using --enable-strong-random.")));
-#endif
 	}
 	else
 	{

doc/src/sgml/installation.sgml

@@ -245,8 +245,10 @@ su - postgres
     <listitem>
      <para>
       You need <productname>OpenSSL</productname>, if you want to support
-      encrypted client connections. The minimum required version is
-      0.9.8.
+      encrypted client connections.  <productname>OpenSSL</productname> is
+      also required for random number generation on platforms that do not
+      have <filename>/dev/urandom</filename> (except Windows).  The minimum
+      version required is 0.9.8.
      </para>
     </listitem>
 
@@ -1111,24 +1113,6 @@ su - postgres
        </listitem>
       </varlistentry>
 
-      <varlistentry>
-       <term><option>--disable-strong-random</option></term>
-       <listitem>
-        <para>
-         Allow the build to succeed even if <productname>PostgreSQL</productname>
-         has no support for strong random numbers on the platform.
-         A source of random numbers is needed for some authentication
-         protocols, as well as some routines in the
-         <xref linkend="pgcrypto"/>
-         module. <option>--disable-strong-random</option> disables functionality that
-         requires cryptographically strong random numbers, and substitutes
-         a weak pseudo-random-number-generator for the generation of
-         authentication salt values and query cancel keys. It may make
-         authentication less secure.
-        </para>
-       </listitem>
-      </varlistentry>
-
       <varlistentry>
        <term><option>--disable-thread-safety</option></term>
        <listitem>

doc/src/sgml/monitoring.sgml

@@ -849,7 +849,7 @@ postgres   27093  0.0  0.0  30096  2752 ?        Ss   11:34   0:00 postgres: ser
 
       <tbody>
        <row>
-        <entry morerows="64"><literal>LWLock</literal></entry>
+        <entry morerows="63"><literal>LWLock</literal></entry>
         <entry><literal>ShmemIndexLock</literal></entry>
         <entry>Waiting to find or allocate space in shared memory.</entry>
        </row>
@@ -1034,10 +1034,6 @@ postgres   27093  0.0  0.0  30096  2752 ?        Ss   11:34   0:00 postgres: ser
          <entry><literal>OldSnapshotTimeMapLock</literal></entry>
          <entry>Waiting to read or update old snapshot control information.</entry>
         </row>
-        <row>
-         <entry><literal>BackendRandomLock</literal></entry>
-         <entry>Waiting to generate a random number.</entry>
-        </row>
         <row>
          <entry><literal>LogicalRepWorkerLock</literal></entry>
          <entry>Waiting for action on logical replication worker to finish.</entry>

src/Makefile.global.in

@@ -203,7 +203,6 @@ enable_dtrace	= @enable_dtrace@
 enable_coverage	= @enable_coverage@
 enable_tap_tests	= @enable_tap_tests@
 enable_thread_safety	= @enable_thread_safety@
-enable_strong_random	= @enable_strong_random@
 
 python_includespec	= @python_includespec@
 python_libdir		= @python_libdir@

src/backend/access/transam/xlog.c

@@ -65,7 +65,6 @@
 #include "storage/reinit.h"
 #include "storage/smgr.h"
 #include "storage/spin.h"
-#include "utils/backend_random.h"
 #include "utils/builtins.h"
 #include "utils/guc.h"
 #include "utils/memutils.h"
@@ -5132,7 +5131,7 @@ BootStrapXLOG(void)
 	 * a genuine-looking password challenge for the non-existent user, in lieu
 	 * of an actual stored password.
 	 */
-	if (!pg_backend_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
+	if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
 		ereport(PANIC,
 				(errcode(ERRCODE_INTERNAL_ERROR),
 				 errmsg("could not generate secret authorization token")));

src/backend/libpq/auth-scram.c

@@ -102,7 +102,6 @@
 #include "libpq/crypt.h"
 #include "libpq/scram.h"
 #include "miscadmin.h"
-#include "utils/backend_random.h"
 #include "utils/builtins.h"
 #include "utils/timestamp.h"
 
@@ -468,7 +467,7 @@ pg_be_scram_build_verifier(const char *password)
 		password = (const char *) prep_password;
 
 	/* Generate random salt */
-	if (!pg_backend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
+	if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
 		ereport(ERROR,
 				(errcode(ERRCODE_INTERNAL_ERROR),
 				 errmsg("could not generate random salt")));
@@ -1123,7 +1122,7 @@ build_server_first_message(scram_state *state)
 	char		raw_nonce[SCRAM_RAW_NONCE_LEN];
 	int			encoded_len;
 
-	if (!pg_backend_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
+	if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
 		ereport(ERROR,
 				(errcode(ERRCODE_INTERNAL_ERROR),
 				 errmsg("could not generate random nonce")));

src/backend/libpq/auth.c

@@ -36,7 +36,6 @@
 #include "port/pg_bswap.h"
 #include "replication/walsender.h"
 #include "storage/ipc.h"
-#include "utils/backend_random.h"
 #include "utils/timestamp.h"
 
 
@@ -835,7 +834,7 @@ CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail)
 				 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
 
 	/* include the salt to use for computing the response */
-	if (!pg_backend_random(md5Salt, 4))
+	if (!pg_strong_random(md5Salt, 4))
 	{
 		ereport(LOG,
 				(errmsg("could not generate random MD5 salt")));
@@ -3036,7 +3035,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por
 	/* Construct RADIUS packet */
 	packet->code = RADIUS_ACCESS_REQUEST;
 	packet->length = RADIUS_HEADER_LENGTH;
-	if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH))
+	if (!pg_strong_random(packet->vector, RADIUS_VECTOR_LENGTH))
 	{
 		ereport(LOG,
 				(errmsg("could not generate random encryption vector")));

src/backend/postmaster/postmaster.c

@@ -367,16 +367,6 @@ static volatile sig_atomic_t WalReceiverRequested = false;
 static volatile bool StartWorkerNeeded = true;
 static volatile bool HaveCrashedWorker = false;
 
-#ifndef HAVE_STRONG_RANDOM
-/*
- * State for assigning cancel keys.
- * Also, the global MyCancelKey passes the cancel key assigned to a given
- * backend from the postmaster to that backend (via fork).
- */
-static unsigned int random_seed = 0;
-static struct timeval random_start_time;
-#endif
-
 #ifdef USE_SSL
 /* Set when and if SSL has been initialized properly */
 static bool LoadedSSL = false;
@@ -1361,10 +1351,6 @@ PostmasterMain(int argc, char *argv[])
 	 * Remember postmaster startup time
 	 */
 	PgStartTime = GetCurrentTimestamp();
-#ifndef HAVE_STRONG_RANDOM
-	/* RandomCancelKey wants its own copy */
-	gettimeofday(&random_start_time, NULL);
-#endif
 
 	/*
 	 * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
@@ -2531,27 +2517,12 @@ InitProcessGlobals(void)
 	MyStartTimestamp = GetCurrentTimestamp();
 	MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
 
-	/*
-	 * Don't want backend to be able to see the postmaster random number
-	 * generator state.  We have to clobber the static random_seed.
-	 */
-#ifndef HAVE_STRONG_RANDOM
-	random_seed = 0;
-	random_start_time.tv_usec = 0;
-#endif
-
 	/*
 	 * Set a different seed for random() in every process.  We want something
 	 * unpredictable, so if possible, use high-quality random bits for the
 	 * seed.  Otherwise, fall back to a seed based on timestamp and PID.
-	 *
-	 * Note we can't use pg_backend_random here, since this is used in the
-	 * postmaster, and even in a backend we might not be attached to shared
-	 * memory yet.
 	 */
-#ifdef HAVE_STRONG_RANDOM
 	if (!pg_strong_random(&rseed, sizeof(rseed)))
-#endif
 	{
 		/*
 		 * Since PIDs and timestamps tend to change more frequently in their
@@ -5256,38 +5227,7 @@ StartupPacketTimeoutHandler(void)
 static bool
 RandomCancelKey(int32 *cancel_key)
 {
-#ifdef HAVE_STRONG_RANDOM
-	return pg_strong_random((char *) cancel_key, sizeof(int32));
-#else
-
-	/*
-	 * If built with --disable-strong-random, use plain old erand48.
-	 *
-	 * We cannot use pg_backend_random() in postmaster, because it stores its
-	 * state in shared memory.
-	 */
-	static unsigned short seed[3];
-
-	/*
-	 * Select a random seed at the time of first receiving a request.
-	 */
-	if (random_seed == 0)
-	{
-		struct timeval random_stop_time;
-
-		gettimeofday(&random_stop_time, NULL);
-
-		seed[0] = (unsigned short) random_start_time.tv_usec;
-		seed[1] = (unsigned short) (random_stop_time.tv_usec) ^ (random_start_time.tv_usec >> 16);
-		seed[2] = (unsigned short) (random_stop_time.tv_usec >> 16);
-
-		random_seed = 1;
-	}
-
-	*cancel_key = pg_jrand48(seed);
-
-	return true;
-#endif
+	return pg_strong_random(cancel_key, sizeof(int32));
 }
 
 /*

src/backend/storage/ipc/ipci.c

@@ -44,7 +44,6 @@
 #include "storage/procsignal.h"
 #include "storage/sinvaladt.h"
 #include "storage/spin.h"
-#include "utils/backend_random.h"
 #include "utils/snapmgr.h"
 
 
@@ -149,7 +148,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port)
 		size = add_size(size, BTreeShmemSize());
 		size = add_size(size, SyncScanShmemSize());
 		size = add_size(size, AsyncShmemSize());
-		size = add_size(size, BackendRandomShmemSize());
 #ifdef EXEC_BACKEND
 		size = add_size(size, ShmemBackendArraySize());
 #endif
@@ -269,7 +267,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port)
 	BTreeShmemInit();
 	SyncScanShmemInit();
 	AsyncShmemInit();
-	BackendRandomShmemInit();
 
 #ifdef EXEC_BACKEND
 

src/backend/storage/lmgr/lwlocknames.txt

@@ -47,6 +47,5 @@ CommitTsLock						39
 ReplicationOriginLock				40
 MultiXactTruncationLock				41
 OldSnapshotTimeMapLock				42
-BackendRandomLock					43
-LogicalRepWorkerLock				44
-CLogTruncationLock					45
+LogicalRepWorkerLock				43
+CLogTruncationLock					44

src/backend/utils/adt/float.c

@@ -24,7 +24,6 @@
 #include "libpq/pqformat.h"
 #include "miscadmin.h"
 #include "utils/array.h"
-#include "utils/backend_random.h"
 #include "utils/float.h"
 #include "utils/fmgrprotos.h"
 #include "utils/sortsupport.h"
@@ -2393,7 +2392,7 @@ drandom(PG_FUNCTION_ARGS)
 		 * Should that fail for some reason, we fall back on a lower-quality
 		 * seed based on current time and PID.
 		 */
-		if (!pg_backend_random((char *) drandom_seed, sizeof(drandom_seed)))
+		if (!pg_strong_random(drandom_seed, sizeof(drandom_seed)))
 		{
 			TimestampTz now = GetCurrentTimestamp();
 			uint64		iseed;

src/backend/utils/misc/Makefile

@@ -14,9 +14,9 @@ include $(top_builddir)/src/Makefile.global
 
 override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS)
 
-OBJS = backend_random.o guc.o help_config.o pg_config.o pg_controldata.o \
-       pg_rusage.o ps_status.o queryenvironment.o rls.o sampling.o \
-       superuser.o timeout.o tzparser.o
+OBJS = guc.o help_config.o pg_config.o pg_controldata.o pg_rusage.o \
+       ps_status.o queryenvironment.o rls.o sampling.o superuser.o \
+       timeout.o tzparser.o
 
 # This location might depend on the installation directories. Therefore
 # we can't substitute it into pg_config.h.

src/backend/utils/misc/backend_random.c

-/*-------------------------------------------------------------------------
- *
- * backend_random.c
- *	  Backend random number generation routine.
- *
- * pg_backend_random() function fills a buffer with random bytes. Normally,
- * it is just a thin wrapper around pg_strong_random(), but when compiled
- * with --disable-strong-random, we provide a built-in implementation.
- *
- * This function is used for generating nonces in authentication, and for
- * random salt generation in pgcrypto. The built-in implementation is not
- * cryptographically strong, but if the user asked for it, we'll go ahead
- * and use it anyway.
- *
- * The built-in implementation uses the standard erand48 algorithm, with
- * a seed shared between all backends.
- *
- * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
- * Portions Copyright (c) 1994, Regents of the University of California
- *
- *
- * IDENTIFICATION
- *	  src/backend/utils/misc/backend_random.c
- *
- *-------------------------------------------------------------------------
- */
-
-#include "postgres.h"
-
-#include <sys/time.h>
-
-#include "miscadmin.h"
-#include "storage/lwlock.h"
-#include "storage/shmem.h"
-#include "utils/backend_random.h"
-#include "utils/timestamp.h"
-
-#ifdef HAVE_STRONG_RANDOM
-
-Size
-BackendRandomShmemSize(void)
-{
-	return 0;
-}
-
-void
-BackendRandomShmemInit(void)
-{
-	/* do nothing */
-}
-
-bool
-pg_backend_random(char *dst, int len)
-{
-	/* should not be called in postmaster */
-	Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
-
-	return pg_strong_random(dst, len);
-}
-
-#else
-
-/*
- * Seed for the PRNG, stored in shared memory.
- *
- * Protected by BackendRandomLock.
- */
-typedef struct
-{
-	bool		initialized;
-	unsigned short seed[3];
-}			BackendRandomShmemStruct;
-
-static BackendRandomShmemStruct * BackendRandomShmem;
-
-Size
-BackendRandomShmemSize(void)
-{
-	return sizeof(BackendRandomShmemStruct);
-}
-
-void
-BackendRandomShmemInit(void)
-{
-	bool		found;
-
-	BackendRandomShmem = (BackendRandomShmemStruct *)
-		ShmemInitStruct("Backend PRNG state",
-						BackendRandomShmemSize(),
-						&found);
-
-	if (!IsUnderPostmaster)
-	{
-		Assert(!found);
-
-		BackendRandomShmem->initialized = false;
-	}
-	else
-		Assert(found);
-}
-
-bool
-pg_backend_random(char *dst, int len)
-{
-	int			i;
-	char	   *end = dst + len;
-
-	/* should not be called in postmaster */
-	Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
-
-	LWLockAcquire(BackendRandomLock, LW_EXCLUSIVE);
-
-	/*
-	 * Seed the PRNG on the first use.
-	 */
-	if (!BackendRandomShmem->initialized)
-	{
-		struct timeval now;
-
-		gettimeofday(&now, NULL);
-
-		BackendRandomShmem->seed[0] = now.tv_sec;
-		BackendRandomShmem->seed[1] = (unsigned short) (now.tv_usec);
-		BackendRandomShmem->seed[2] = (unsigned short) (now.tv_usec >> 16);
-
-		/*
-		 * Mix in the cancel key, generated by the postmaster. This adds what
-		 * little entropy the postmaster had to the seed.
-		 */
-		BackendRandomShmem->seed[0] ^= (MyCancelKey);
-		BackendRandomShmem->seed[1] ^= (MyCancelKey >> 16);
-
-		BackendRandomShmem->initialized = true;
-	}
-
-	for (i = 0; dst < end; i++)
-	{
-		uint32		r;
-		int			j;
-
-		/*
-		 * pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from it.
-		 */
-		r = (uint32) pg_jrand48(BackendRandomShmem->seed);
-
-		for (j = 0; j < 4 && dst < end; j++)
-		{
-			*(dst++) = (char) (r & 0xFF);
-			r >>= 8;
-		}
-	}
-	LWLockRelease(BackendRandomLock);
-
-	return true;
-}
-
-
-#endif							/* HAVE_STRONG_RANDOM */

src/bin/pgbench/pgbench.c

@@ -4844,13 +4844,9 @@ set_random_seed(const char *seed)
 	else if (strcmp(seed, "rand") == 0)
 	{
 		/* use some "strong" random source */
-#ifdef HAVE_STRONG_RANDOM
 		if (!pg_strong_random(&iseed, sizeof(iseed)))
-#endif
 		{
-			fprintf(stderr,
-					"cannot seed random from a strong source, none available: "
-					"use \"time\" or an unsigned integer value.\n");
+			fprintf(stderr, "could not generate random seed.\n");
 			return false;
 		}
 	}

src/include/pg_config.h.in

@@ -552,9 +552,6 @@
 /* Define to 1 if you have the `strnlen' function. */
 #undef HAVE_STRNLEN
 
-/* Define to use have a strong random number source */
-#undef HAVE_STRONG_RANDOM
-
 /* Define to 1 if you have the `strsignal' function. */
 #undef HAVE_STRSIGNAL
 

src/include/pg_config.h.win32

@@ -412,9 +412,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1
 
-/* Define to use have a strong random number source */
-#define HAVE_STRONG_RANDOM 1
-
 /* Define to 1 if you have the `strsignal' function. */
 /* #undef HAVE_STRSIGNAL */
 

src/include/port.h

@@ -498,9 +498,12 @@ extern char *inet_net_ntop(int af, const void *src, int bits,
 			  char *dst, size_t size);
 
 /* port/pg_strong_random.c */
-#ifdef HAVE_STRONG_RANDOM
 extern bool pg_strong_random(void *buf, size_t len);
-#endif
+/*
+ * pg_backend_random used to be a wrapper for pg_strong_random before
+ * Postgres 12 for the backend code.
+ */
+#define pg_backend_random pg_strong_random
 
 /* port/pgcheckdir.c */
 extern int	pg_check_dir(const char *dir);

src/include/utils/backend_random.h

-/*-------------------------------------------------------------------------
- *
- * backend_random.h
- *		Declarations for backend random number generation
- *
- * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
- *
- *	  src/include/utils/backend_random.h
- *
- *-------------------------------------------------------------------------
- */
-#ifndef BACKEND_RANDOM_H
-#define BACKEND_RANDOM_H
-
-extern Size BackendRandomShmemSize(void);
-extern void BackendRandomShmemInit(void);
-extern bool pg_backend_random(char *dst, int len);
-
-#endif							/* BACKEND_RANDOM_H */

src/interfaces/libpq/fe-auth-scram.c

@@ -19,11 +19,6 @@
 #include "common/scram-common.h"
 #include "fe-auth.h"
 
-/* These are needed for getpid(), in the fallback implementation */
-#ifndef HAVE_STRONG_RANDOM
-#include <sys/types.h>
-#include <unistd.h>
-#endif
 
 /*
  * Status of exchange messages used for SCRAM authentication via the
@@ -72,7 +67,6 @@ static bool verify_server_signature(fe_scram_state *state);
 static void calculate_client_proof(fe_scram_state *state,
 					   const char *client_final_message_without_proof,
 					   uint8 *result);
-static bool pg_frontend_random(char *dst, int len);
 
 /*
  * Initialize SCRAM exchange status.
@@ -320,7 +314,7 @@ build_client_first_message(fe_scram_state *state)
 	 * Generate a "raw" nonce.  This is converted to ASCII-printable form by
 	 * base64-encoding it.
 	 */
-	if (!pg_frontend_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
+	if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
 	{
 		printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("could not generate nonce\n"));
@@ -764,7 +758,7 @@ pg_fe_scram_build_verifier(const char *password)
 		password = (const char *) prep_password;
 
 	/* Generate a random salt */
-	if (!pg_frontend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
+	if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
 	{
 		if (prep_password)
 			free(prep_password);
@@ -779,55 +773,3 @@ pg_fe_scram_build_verifier(const char *password)
 
 	return result;
 }
-
-/*
- * Random number generator.
- */
-static bool
-pg_frontend_random(char *dst, int len)
-{
-#ifdef HAVE_STRONG_RANDOM
-	return pg_strong_random(dst, len);
-#else
-	int			i;
-	char	   *end = dst + len;
-
-	static unsigned short seed[3];
-	static int	mypid = 0;
-
-	pglock_thread();
-
-	if (mypid != getpid())
-	{
-		struct timeval now;
-
-		gettimeofday(&now, NULL);
-
-		seed[0] = now.tv_sec ^ getpid();
-		seed[1] = (unsigned short) (now.tv_usec);
-		seed[2] = (unsigned short) (now.tv_usec >> 16);
-	}
-
-	for (i = 0; dst < end; i++)
-	{
-		uint32		r;
-		int			j;
-
-		/*
-		 * pg_jrand48 returns a 32-bit integer.  Fill the next 4 bytes from
-		 * it.
-		 */
-		r = (uint32) pg_jrand48(seed);
-
-		for (j = 0; j < 4 && dst < end; j++)
-		{
-			*(dst++) = (char) (r & 0xFF);
-			r >>= 8;
-		}
-	}
-
-	pgunlock_thread();
-
-	return true;
-#endif
-}

src/port/Makefile

@@ -37,14 +37,10 @@ LIBS += $(PTHREAD_LIBS)
 
 OBJS = $(LIBOBJS) $(PG_CRC32C_OBJS) chklocale.o erand48.o inet_net_ntop.o \
 	noblock.o path.o pgcheckdir.o pgmkdirp.o pgsleep.o \
-	pgstrcasecmp.o pgstrsignal.o pqsignal.o \
+	pg_strong_random.o pgstrcasecmp.o pgstrsignal.o pqsignal.o \
 	qsort.o qsort_arg.o quotes.o snprintf.o sprompt.o strerror.o \
 	tar.o thread.o
 
-ifeq ($(enable_strong_random), yes)
-OBJS += pg_strong_random.o
-endif
-
 # libpgport.a, libpgport_shlib.a, and libpgport_srv.a contain the same files
 # foo.o, foo_shlib.o, and foo_srv.o are all built from foo.c
 OBJS_SHLIB = $(OBJS:%.o=%_shlib.o)