Commit 1707a0d2 authored by Michael Paquier's avatar Michael Paquier

Remove configure switch --disable-strong-random

This removes a portion of infrastructure introduced by fe0a0b59 to allow
compilation of Postgres in environments where no strong random source is
available, meaning that there is no linking to OpenSSL and no
/dev/urandom (Windows having its own CryptoAPI).  No systems shipped
this century lack /dev/urandom, and the buildfarm is actually not
testing this switch at all, so just remove it.  This simplifies
particularly some backend code which included a fallback implementation
using shared memory, and removes a set of alternate regression output
files from pgcrypto.

Author: Michael Paquier
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/20181230063219.GG608@paquier.xyz
parent d880b208
...@@ -761,7 +761,6 @@ GENHTML ...@@ -761,7 +761,6 @@ GENHTML
LCOV LCOV
GCOV GCOV
enable_debug enable_debug
enable_strong_random
enable_rpath enable_rpath
default_port default_port
WANTED_LANGUAGES WANTED_LANGUAGES
...@@ -829,7 +828,6 @@ with_pgport ...@@ -829,7 +828,6 @@ with_pgport
enable_rpath enable_rpath
enable_spinlocks enable_spinlocks
enable_atomics enable_atomics
enable_strong_random
enable_debug enable_debug
enable_profiling enable_profiling
enable_coverage enable_coverage
...@@ -1512,7 +1510,6 @@ Optional Features: ...@@ -1512,7 +1510,6 @@ Optional Features:
executables executables
--disable-spinlocks do not use spinlocks --disable-spinlocks do not use spinlocks
--disable-atomics do not use atomic operations --disable-atomics do not use atomic operations
--disable-strong-random do not use a strong random number source
--enable-debug build with debugging symbols (-g) --enable-debug build with debugging symbols (-g)
--enable-profiling build with profiling enabled --enable-profiling build with profiling enabled
--enable-coverage build with coverage testing instrumentation --enable-coverage build with coverage testing instrumentation
...@@ -3272,34 +3269,6 @@ fi ...@@ -3272,34 +3269,6 @@ fi
#
# Random number generation
#
# Check whether --enable-strong-random was given.
if test "${enable_strong_random+set}" = set; then :
enableval=$enable_strong_random;
case $enableval in
yes)
:
;;
no)
:
;;
*)
as_fn_error $? "no argument expected for --enable-strong-random option" "$LINENO" 5
;;
esac
else
enable_strong_random=yes
fi
# #
# --enable-debug adds -g to compiler flags # --enable-debug adds -g to compiler flags
# #
...@@ -17937,7 +17906,7 @@ fi ...@@ -17937,7 +17906,7 @@ fi
# in the template or configure command line. # in the template or configure command line.
# If not selected manually, try to select a source automatically. # If not selected manually, try to select a source automatically.
if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
if test x"$with_openssl" = x"yes" ; then if test x"$with_openssl" = x"yes" ; then
USE_OPENSSL_RANDOM=1 USE_OPENSSL_RANDOM=1
elif test "$PORTNAME" = "win32" ; then elif test "$PORTNAME" = "win32" ; then
...@@ -17971,42 +17940,28 @@ fi ...@@ -17971,42 +17940,28 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
$as_echo_n "checking which random number source to use... " >&6; } $as_echo_n "checking which random number source to use... " >&6; }
if test "$enable_strong_random" = yes ; then if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
$as_echo "#define USE_OPENSSL_RANDOM 1" >>confdefs.h $as_echo "#define USE_OPENSSL_RANDOM 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
$as_echo "OpenSSL" >&6; } $as_echo "OpenSSL" >&6; }
elif test x"$USE_WIN32_RANDOM" = x"1" ; then elif test x"$USE_WIN32_RANDOM" = x"1" ; then
$as_echo "#define USE_WIN32_RANDOM 1" >>confdefs.h $as_echo "#define USE_WIN32_RANDOM 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
$as_echo "Windows native" >&6; } $as_echo "Windows native" >&6; }
elif test x"$USE_DEV_URANDOM" = x"1" ; then elif test x"$USE_DEV_URANDOM" = x"1" ; then
$as_echo "#define USE_DEV_URANDOM 1" >>confdefs.h $as_echo "#define USE_DEV_URANDOM 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
$as_echo "/dev/urandom" >&6; } $as_echo "/dev/urandom" >&6; }
else
as_fn_error $? "
no source of strong random numbers was found
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,
for authentication protocols. You can use --disable-strong-random to use a
built-in pseudo random number generator, but that may be insecure." "$LINENO" 5
fi
$as_echo "#define HAVE_STRONG_RANDOM 1" >>confdefs.h
else else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: weak builtin PRNG" >&5 as_fn_error $? "
$as_echo "weak builtin PRNG" >&6; } no source of strong random numbers was found
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers." "$LINENO" 5
*** Not using a strong random number source may be insecure." >&5
$as_echo "$as_me: WARNING:
*** Not using a strong random number source may be insecure." >&2;}
fi fi
# If not set in template file, set bytes to use libc memset() # If not set in template file, set bytes to use libc memset()
......
...@@ -193,13 +193,6 @@ PGAC_ARG_BOOL(enable, spinlocks, yes, ...@@ -193,13 +193,6 @@ PGAC_ARG_BOOL(enable, spinlocks, yes,
PGAC_ARG_BOOL(enable, atomics, yes, PGAC_ARG_BOOL(enable, atomics, yes,
[do not use atomic operations]) [do not use atomic operations])
#
# Random number generation
#
PGAC_ARG_BOOL(enable, strong-random, yes,
[do not use a strong random number source])
AC_SUBST(enable_strong_random)
# #
# --enable-debug adds -g to compiler flags # --enable-debug adds -g to compiler flags
# #
...@@ -2151,7 +2144,7 @@ fi ...@@ -2151,7 +2144,7 @@ fi
# in the template or configure command line. # in the template or configure command line.
# If not selected manually, try to select a source automatically. # If not selected manually, try to select a source automatically.
if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
if test x"$with_openssl" = x"yes" ; then if test x"$with_openssl" = x"yes" ; then
USE_OPENSSL_RANDOM=1 USE_OPENSSL_RANDOM=1
elif test "$PORTNAME" = "win32" ; then elif test "$PORTNAME" = "win32" ; then
...@@ -2166,28 +2159,19 @@ if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && ...@@ -2166,28 +2159,19 @@ if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" &&
fi fi
AC_MSG_CHECKING([which random number source to use]) AC_MSG_CHECKING([which random number source to use])
if test "$enable_strong_random" = yes ; then if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
if test x"$USE_OPENSSL_RANDOM" = x"1" ; then AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])
AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation]) AC_MSG_RESULT([OpenSSL])
AC_MSG_RESULT([OpenSSL]) elif test x"$USE_WIN32_RANDOM" = x"1" ; then
elif test x"$USE_WIN32_RANDOM" = x"1" ; then AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])
AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation]) AC_MSG_RESULT([Windows native])
AC_MSG_RESULT([Windows native]) elif test x"$USE_DEV_URANDOM" = x"1" ; then
elif test x"$USE_DEV_URANDOM" = x"1" ; then AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])
AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation]) AC_MSG_RESULT([/dev/urandom])
AC_MSG_RESULT([/dev/urandom])
else
AC_MSG_ERROR([
no source of strong random numbers was found
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,
for authentication protocols. You can use --disable-strong-random to use a
built-in pseudo random number generator, but that may be insecure.])
fi
AC_DEFINE(HAVE_STRONG_RANDOM, 1, [Define to use have a strong random number source])
else else
AC_MSG_RESULT([weak builtin PRNG]) AC_MSG_ERROR([
AC_MSG_WARN([ no source of strong random numbers was found
*** Not using a strong random number source may be insecure.]) PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers.])
fi fi
# If not set in template file, set bytes to use libc memset() # If not set in template file, set bytes to use libc memset()
......
--
-- PGP compression support
--
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
ww0ECQMCsci6AdHnELlh0kQB4jFcVwHMJg0Bulop7m3Mi36s15TAhBo0AnzIrRFrdLVCkKohsS6+
DMcmR53SXfLoDJOv/M8uKj3QSq7oWNIp95pxfA==
=tbSn
-----END PGP MESSAGE-----
'), 'key', 'expect-compress-algo=1');
pgp_sym_decrypt
-----------------
Secret message
(1 row)
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=0'),
'key', 'expect-compress-algo=0');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=1'),
'key', 'expect-compress-algo=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=2'),
'key', 'expect-compress-algo=2');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- level=0 should turn compression off
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key',
'compress-algo=2, compress-level=0'),
'key', 'expect-compress-algo=0');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
This diff is collapsed.
--
-- PGP encrypt
--
-- ensure consistent test output regardless of the default bytea format
SET bytea_output TO escape;
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), 'key');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- check whether the defaults are ok
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=aes128,
expect-disable-mdc=0,
expect-sess-key=0,
expect-s2k-mode=3,
expect-s2k-digest-algo=sha1,
expect-compress-algo=0
');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- maybe the expect- stuff simply does not work
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=bf,
expect-disable-mdc=1,
expect-sess-key=1,
expect-s2k-mode=0,
expect-s2k-digest-algo=md5,
expect-compress-algo=1
');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- bytea as text
select pgp_sym_decrypt(pgp_sym_encrypt_bytea('Binary', 'baz'), 'baz');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- text as bytea
select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- algorithm change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=bf'),
'key', 'expect-cipher-algo=bf');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes'),
'key', 'expect-cipher-algo=aes128');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes192'),
'key', 'expect-cipher-algo=aes192');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- s2k change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=0'),
'key', 'expect-s2k-mode=0');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=1'),
'key', 'expect-s2k-mode=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=3'),
'key', 'expect-s2k-mode=3');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- s2k count change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-count=1024'),
'key', 'expect-s2k-count=1024');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- s2k_count rounds up
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-count=65000000'),
'key', 'expect-s2k-count=65000000');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- s2k digest change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),
'key', 'expect-s2k-digest-algo=md5');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'),
'key', 'expect-s2k-digest-algo=sha1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- sess key
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=0'),
'key', 'expect-sess-key=0');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1'),
'key', 'expect-sess-key=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'),
'key', 'expect-sess-key=1, expect-cipher-algo=bf');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes192');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes256');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- no mdc
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'disable-mdc=1'),
'key', 'expect-disable-mdc=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- crlf
select encode(pgp_sym_decrypt_bytea(
pgp_sym_encrypt(E'1\n2\n3\r\n', 'key', 'convert-crlf=1'),
'key'), 'hex');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- conversion should be lossless
select encode(digest(pgp_sym_decrypt(
pgp_sym_encrypt(E'\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'),
'key', 'convert-crlf=1'), 'sha1'), 'hex') as result,
encode(digest(E'\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
--
-- PGP Public Key Encryption
--
-- ensure consistent test output regardless of the default bytea format
SET bytea_output TO escape;
-- successful encrypt/decrypt
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=2;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=3;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=6;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- try with rsa-sign only
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=4;
ERROR: No encryption key found
-- try with secret key
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(seckey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
ERROR: Refusing to encrypt with secret key
-- does text-to-bytea works
select pgp_pub_decrypt_bytea(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- and bytea-to-text?
select pgp_pub_decrypt(
pgp_pub_encrypt_bytea('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
...@@ -34,7 +34,6 @@ ...@@ -34,7 +34,6 @@
#include <ctype.h> #include <ctype.h>
#include "parser/scansup.h" #include "parser/scansup.h"
#include "utils/backend_random.h"
#include "utils/builtins.h" #include "utils/builtins.h"
#include "utils/uuid.h" #include "utils/uuid.h"
...@@ -423,7 +422,6 @@ PG_FUNCTION_INFO_V1(pg_random_bytes); ...@@ -423,7 +422,6 @@ PG_FUNCTION_INFO_V1(pg_random_bytes);
Datum Datum
pg_random_bytes(PG_FUNCTION_ARGS) pg_random_bytes(PG_FUNCTION_ARGS)
{ {
#ifdef HAVE_STRONG_RANDOM
int len = PG_GETARG_INT32(0); int len = PG_GETARG_INT32(0);
bytea *res; bytea *res;
...@@ -440,9 +438,6 @@ pg_random_bytes(PG_FUNCTION_ARGS) ...@@ -440,9 +438,6 @@ pg_random_bytes(PG_FUNCTION_ARGS)
px_THROW_ERROR(PXE_NO_RANDOM); px_THROW_ERROR(PXE_NO_RANDOM);
PG_RETURN_BYTEA_P(res); PG_RETURN_BYTEA_P(res);
#else
px_THROW_ERROR(PXE_NO_RANDOM);
#endif
} }
/* SQL function: gen_random_uuid() returns uuid */ /* SQL function: gen_random_uuid() returns uuid */
...@@ -451,11 +446,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid); ...@@ -451,11 +446,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid);
Datum Datum
pg_random_uuid(PG_FUNCTION_ARGS) pg_random_uuid(PG_FUNCTION_ARGS)
{ {
#ifdef HAVE_STRONG_RANDOM
uint8 *buf = (uint8 *) palloc(UUID_LEN); uint8 *buf = (uint8 *) palloc(UUID_LEN);
/* Generate random bits. */ /* Generate random bits. */
if (!pg_backend_random((char *) buf, UUID_LEN)) if (!pg_strong_random(buf, UUID_LEN))
px_THROW_ERROR(PXE_NO_RANDOM); px_THROW_ERROR(PXE_NO_RANDOM);
/* /*
...@@ -466,9 +460,6 @@ pg_random_uuid(PG_FUNCTION_ARGS) ...@@ -466,9 +460,6 @@ pg_random_uuid(PG_FUNCTION_ARGS)
buf[8] = (buf[8] & 0x3f) | 0x80; /* "variant" field */ buf[8] = (buf[8] & 0x3f) | 0x80; /* "variant" field */
PG_RETURN_UUID_P((pg_uuid_t *) buf); PG_RETURN_UUID_P((pg_uuid_t *) buf);
#else
px_THROW_ERROR(PXE_NO_RANDOM);
#endif
} }
static void * static void *
......
...@@ -37,8 +37,6 @@ ...@@ -37,8 +37,6 @@
#include "px.h" #include "px.h"
#include "pgp.h" #include "pgp.h"
#include "utils/backend_random.h"
#define MDC_DIGEST_LEN 20 #define MDC_DIGEST_LEN 20
#define STREAM_ID 0xE0 #define STREAM_ID 0xE0
...@@ -481,13 +479,12 @@ init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst) ...@@ -481,13 +479,12 @@ init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst)
static int static int
write_prefix(PGP_Context *ctx, PushFilter *dst) write_prefix(PGP_Context *ctx, PushFilter *dst)
{ {
#ifdef HAVE_STRONG_RANDOM
uint8 prefix[PGP_MAX_BLOCK + 2]; uint8 prefix[PGP_MAX_BLOCK + 2];
int res, int res,
bs; bs;
bs = pgp_get_cipher_block_size(ctx->cipher_algo); bs = pgp_get_cipher_block_size(ctx->cipher_algo);
if (!pg_backend_random((char *) prefix, bs)) if (!pg_strong_random(prefix, bs))
return PXE_NO_RANDOM; return PXE_NO_RANDOM;
prefix[bs + 0] = prefix[bs - 2]; prefix[bs + 0] = prefix[bs - 2];
...@@ -496,9 +493,6 @@ write_prefix(PGP_Context *ctx, PushFilter *dst) ...@@ -496,9 +493,6 @@ write_prefix(PGP_Context *ctx, PushFilter *dst)
res = pushf_write(dst, prefix, bs + 2); res = pushf_write(dst, prefix, bs + 2);
px_memset(prefix, 0, bs + 2); px_memset(prefix, 0, bs + 2);
return res < 0 ? res : 0; return res < 0 ? res : 0;
#else
return PXE_NO_RANDOM;
#endif
} }
/* /*
...@@ -587,13 +581,9 @@ init_sess_key(PGP_Context *ctx) ...@@ -587,13 +581,9 @@ init_sess_key(PGP_Context *ctx)
{ {
if (ctx->use_sess_key || ctx->pub_key) if (ctx->use_sess_key || ctx->pub_key)
{ {
#ifdef HAVE_STRONG_RANDOM
ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo); ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo);
if (!pg_strong_random((char *) ctx->sess_key, ctx->sess_key_len)) if (!pg_strong_random(ctx->sess_key, ctx->sess_key_len))
return PXE_NO_RANDOM; return PXE_NO_RANDOM;
#else
return PXE_NO_RANDOM;
#endif
} }
else else
{ {
......
...@@ -57,13 +57,12 @@ mp_clear_free(mpz_t *a) ...@@ -57,13 +57,12 @@ mp_clear_free(mpz_t *a)
static int static int
mp_px_rand(uint32 bits, mpz_t *res) mp_px_rand(uint32 bits, mpz_t *res)
{ {
#ifdef HAVE_STRONG_RANDOM
unsigned bytes = (bits + 7) / 8; unsigned bytes = (bits + 7) / 8;
int last_bits = bits & 7; int last_bits = bits & 7;
uint8 *buf; uint8 *buf;
buf = px_alloc(bytes); buf = px_alloc(bytes);
if (!pg_strong_random((char *) buf, bytes)) if (!pg_strong_random(buf, bytes))
{ {
px_free(buf); px_free(buf);
return PXE_NO_RANDOM; return PXE_NO_RANDOM;
...@@ -83,9 +82,6 @@ mp_px_rand(uint32 bits, mpz_t *res) ...@@ -83,9 +82,6 @@ mp_px_rand(uint32 bits, mpz_t *res)
px_free(buf); px_free(buf);
return 0; return 0;
#else
return PXE_NO_RANDOM;
#endif
} }
static void static void
......
...@@ -39,7 +39,6 @@ ...@@ -39,7 +39,6 @@
static int static int
pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
{ {
#ifdef HAVE_STRONG_RANDOM
uint8 *buf, uint8 *buf,
*p; *p;
int pad_len = res_len - 2 - data_len; int pad_len = res_len - 2 - data_len;
...@@ -50,7 +49,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) ...@@ -50,7 +49,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
buf = px_alloc(res_len); buf = px_alloc(res_len);
buf[0] = 0x02; buf[0] = 0x02;
if (!pg_strong_random((char *) buf + 1, pad_len)) if (!pg_strong_random(buf + 1, pad_len))
{ {
px_free(buf); px_free(buf);
return PXE_NO_RANDOM; return PXE_NO_RANDOM;
...@@ -62,7 +61,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) ...@@ -62,7 +61,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
{ {
if (*p == 0) if (*p == 0)
{ {
if (!pg_strong_random((char *) p, 1)) if (!pg_strong_random(p, 1))
{ {
px_memset(buf, 0, res_len); px_memset(buf, 0, res_len);
px_free(buf); px_free(buf);
...@@ -78,10 +77,6 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) ...@@ -78,10 +77,6 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
*res_p = buf; *res_p = buf;
return 0; return 0;
#else
return PXE_NO_RANDOM;
#endif
} }
static int static int
......
...@@ -34,7 +34,6 @@ ...@@ -34,7 +34,6 @@
#include "px.h" #include "px.h"
#include "pgp.h" #include "pgp.h"
#include "utils/backend_random.h"
static int static int
calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key, calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
...@@ -235,13 +234,13 @@ pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count) ...@@ -235,13 +234,13 @@ pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count)
case PGP_S2K_SIMPLE: case PGP_S2K_SIMPLE:
break; break;
case PGP_S2K_SALTED: case PGP_S2K_SALTED:
if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT)) if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
return PXE_NO_RANDOM; return PXE_NO_RANDOM;
break; break;
case PGP_S2K_ISALTED: case PGP_S2K_ISALTED:
if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT)) if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
return PXE_NO_RANDOM; return PXE_NO_RANDOM;
if (!pg_backend_random((char *) &tmp, 1)) if (!pg_strong_random(&tmp, 1))
return PXE_NO_RANDOM; return PXE_NO_RANDOM;
s2k->iter = decide_s2k_iter(tmp, count); s2k->iter = decide_s2k_iter(tmp, count);
break; break;
......
...@@ -34,7 +34,6 @@ ...@@ -34,7 +34,6 @@
#include "px.h" #include "px.h"
#include "px-crypt.h" #include "px-crypt.h"
#include "utils/backend_random.h"
static char * static char *
run_crypt_des(const char *psw, const char *salt, run_crypt_des(const char *psw, const char *salt,
...@@ -153,7 +152,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds) ...@@ -153,7 +152,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
return PXE_BAD_SALT_ROUNDS; return PXE_BAD_SALT_ROUNDS;
} }
if (!pg_backend_random(rbuf, g->input_len)) if (!pg_strong_random(rbuf, g->input_len))
return PXE_NO_RANDOM; return PXE_NO_RANDOM;
p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN); p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);
......
...@@ -56,7 +56,7 @@ static const struct error_desc px_err_list[] = { ...@@ -56,7 +56,7 @@ static const struct error_desc px_err_list[] = {
{PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"}, {PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"},
{PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"}, {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
{PXE_MCRYPT_INTERNAL, "mcrypt internal error"}, {PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
{PXE_NO_RANDOM, "No strong random source"}, {PXE_NO_RANDOM, "Failed to generate strong random bits"},
{PXE_DECRYPT_FAILED, "Decryption failed"}, {PXE_DECRYPT_FAILED, "Decryption failed"},
{PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"}, {PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
{PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"}, {PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
...@@ -97,17 +97,9 @@ px_THROW_ERROR(int err) ...@@ -97,17 +97,9 @@ px_THROW_ERROR(int err)
{ {
if (err == PXE_NO_RANDOM) if (err == PXE_NO_RANDOM)
{ {
#ifdef HAVE_STRONG_RANDOM
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR), (errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate a random number"))); errmsg("could not generate a random number")));
#else
ereport(ERROR,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("generating random data is not supported by this build"),
errdetail("This functionality requires a source of strong random numbers."),
errhint("You need to rebuild PostgreSQL using --enable-strong-random.")));
#endif
} }
else else
{ {
......
...@@ -245,8 +245,10 @@ su - postgres ...@@ -245,8 +245,10 @@ su - postgres
<listitem> <listitem>
<para> <para>
You need <productname>OpenSSL</productname>, if you want to support You need <productname>OpenSSL</productname>, if you want to support
encrypted client connections. The minimum required version is encrypted client connections. <productname>OpenSSL</productname> is
0.9.8. also required for random number generation on platforms that do not
have <filename>/dev/urandom</filename> (except Windows). The minimum
version required is 0.9.8.
</para> </para>
</listitem> </listitem>
...@@ -1111,24 +1113,6 @@ su - postgres ...@@ -1111,24 +1113,6 @@ su - postgres
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><option>--disable-strong-random</option></term>
<listitem>
<para>
Allow the build to succeed even if <productname>PostgreSQL</productname>
has no support for strong random numbers on the platform.
A source of random numbers is needed for some authentication
protocols, as well as some routines in the
<xref linkend="pgcrypto"/>
module. <option>--disable-strong-random</option> disables functionality that
requires cryptographically strong random numbers, and substitutes
a weak pseudo-random-number-generator for the generation of
authentication salt values and query cancel keys. It may make
authentication less secure.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>--disable-thread-safety</option></term> <term><option>--disable-thread-safety</option></term>
<listitem> <listitem>
......
...@@ -849,7 +849,7 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser ...@@ -849,7 +849,7 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser
<tbody> <tbody>
<row> <row>
<entry morerows="64"><literal>LWLock</literal></entry> <entry morerows="63"><literal>LWLock</literal></entry>
<entry><literal>ShmemIndexLock</literal></entry> <entry><literal>ShmemIndexLock</literal></entry>
<entry>Waiting to find or allocate space in shared memory.</entry> <entry>Waiting to find or allocate space in shared memory.</entry>
</row> </row>
...@@ -1034,10 +1034,6 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser ...@@ -1034,10 +1034,6 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser
<entry><literal>OldSnapshotTimeMapLock</literal></entry> <entry><literal>OldSnapshotTimeMapLock</literal></entry>
<entry>Waiting to read or update old snapshot control information.</entry> <entry>Waiting to read or update old snapshot control information.</entry>
</row> </row>
<row>
<entry><literal>BackendRandomLock</literal></entry>
<entry>Waiting to generate a random number.</entry>
</row>
<row> <row>
<entry><literal>LogicalRepWorkerLock</literal></entry> <entry><literal>LogicalRepWorkerLock</literal></entry>
<entry>Waiting for action on logical replication worker to finish.</entry> <entry>Waiting for action on logical replication worker to finish.</entry>
......
...@@ -203,7 +203,6 @@ enable_dtrace = @enable_dtrace@ ...@@ -203,7 +203,6 @@ enable_dtrace = @enable_dtrace@
enable_coverage = @enable_coverage@ enable_coverage = @enable_coverage@
enable_tap_tests = @enable_tap_tests@ enable_tap_tests = @enable_tap_tests@
enable_thread_safety = @enable_thread_safety@ enable_thread_safety = @enable_thread_safety@
enable_strong_random = @enable_strong_random@
python_includespec = @python_includespec@ python_includespec = @python_includespec@
python_libdir = @python_libdir@ python_libdir = @python_libdir@
......
...@@ -65,7 +65,6 @@ ...@@ -65,7 +65,6 @@
#include "storage/reinit.h" #include "storage/reinit.h"
#include "storage/smgr.h" #include "storage/smgr.h"
#include "storage/spin.h" #include "storage/spin.h"
#include "utils/backend_random.h"
#include "utils/builtins.h" #include "utils/builtins.h"
#include "utils/guc.h" #include "utils/guc.h"
#include "utils/memutils.h" #include "utils/memutils.h"
...@@ -5132,7 +5131,7 @@ BootStrapXLOG(void) ...@@ -5132,7 +5131,7 @@ BootStrapXLOG(void)
* a genuine-looking password challenge for the non-existent user, in lieu * a genuine-looking password challenge for the non-existent user, in lieu
* of an actual stored password. * of an actual stored password.
*/ */
if (!pg_backend_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN)) if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
ereport(PANIC, ereport(PANIC,
(errcode(ERRCODE_INTERNAL_ERROR), (errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate secret authorization token"))); errmsg("could not generate secret authorization token")));
......
...@@ -102,7 +102,6 @@ ...@@ -102,7 +102,6 @@
#include "libpq/crypt.h" #include "libpq/crypt.h"
#include "libpq/scram.h" #include "libpq/scram.h"
#include "miscadmin.h" #include "miscadmin.h"
#include "utils/backend_random.h"
#include "utils/builtins.h" #include "utils/builtins.h"
#include "utils/timestamp.h" #include "utils/timestamp.h"
...@@ -468,7 +467,7 @@ pg_be_scram_build_verifier(const char *password) ...@@ -468,7 +467,7 @@ pg_be_scram_build_verifier(const char *password)
password = (const char *) prep_password; password = (const char *) prep_password;
/* Generate random salt */ /* Generate random salt */
if (!pg_backend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN)) if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR), (errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate random salt"))); errmsg("could not generate random salt")));
...@@ -1123,7 +1122,7 @@ build_server_first_message(scram_state *state) ...@@ -1123,7 +1122,7 @@ build_server_first_message(scram_state *state)
char raw_nonce[SCRAM_RAW_NONCE_LEN]; char raw_nonce[SCRAM_RAW_NONCE_LEN];
int encoded_len; int encoded_len;
if (!pg_backend_random(raw_nonce, SCRAM_RAW_NONCE_LEN)) if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR), (errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate random nonce"))); errmsg("could not generate random nonce")));
......
...@@ -36,7 +36,6 @@ ...@@ -36,7 +36,6 @@
#include "port/pg_bswap.h" #include "port/pg_bswap.h"
#include "replication/walsender.h" #include "replication/walsender.h"
#include "storage/ipc.h" #include "storage/ipc.h"
#include "utils/backend_random.h"
#include "utils/timestamp.h" #include "utils/timestamp.h"
...@@ -835,7 +834,7 @@ CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail) ...@@ -835,7 +834,7 @@ CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail)
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled"))); errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
/* include the salt to use for computing the response */ /* include the salt to use for computing the response */
if (!pg_backend_random(md5Salt, 4)) if (!pg_strong_random(md5Salt, 4))
{ {
ereport(LOG, ereport(LOG,
(errmsg("could not generate random MD5 salt"))); (errmsg("could not generate random MD5 salt")));
...@@ -3036,7 +3035,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por ...@@ -3036,7 +3035,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por
/* Construct RADIUS packet */ /* Construct RADIUS packet */
packet->code = RADIUS_ACCESS_REQUEST; packet->code = RADIUS_ACCESS_REQUEST;
packet->length = RADIUS_HEADER_LENGTH; packet->length = RADIUS_HEADER_LENGTH;
if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH)) if (!pg_strong_random(packet->vector, RADIUS_VECTOR_LENGTH))
{ {
ereport(LOG, ereport(LOG,
(errmsg("could not generate random encryption vector"))); (errmsg("could not generate random encryption vector")));
......
...@@ -367,16 +367,6 @@ static volatile sig_atomic_t WalReceiverRequested = false; ...@@ -367,16 +367,6 @@ static volatile sig_atomic_t WalReceiverRequested = false;
static volatile bool StartWorkerNeeded = true; static volatile bool StartWorkerNeeded = true;
static volatile bool HaveCrashedWorker = false; static volatile bool HaveCrashedWorker = false;
#ifndef HAVE_STRONG_RANDOM
/*
* State for assigning cancel keys.
* Also, the global MyCancelKey passes the cancel key assigned to a given
* backend from the postmaster to that backend (via fork).
*/
static unsigned int random_seed = 0;
static struct timeval random_start_time;
#endif
#ifdef USE_SSL #ifdef USE_SSL
/* Set when and if SSL has been initialized properly */ /* Set when and if SSL has been initialized properly */
static bool LoadedSSL = false; static bool LoadedSSL = false;
...@@ -1361,10 +1351,6 @@ PostmasterMain(int argc, char *argv[]) ...@@ -1361,10 +1351,6 @@ PostmasterMain(int argc, char *argv[])
* Remember postmaster startup time * Remember postmaster startup time
*/ */
PgStartTime = GetCurrentTimestamp(); PgStartTime = GetCurrentTimestamp();
#ifndef HAVE_STRONG_RANDOM
/* RandomCancelKey wants its own copy */
gettimeofday(&random_start_time, NULL);
#endif
/* /*
* Report postmaster status in the postmaster.pid file, to allow pg_ctl to * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
...@@ -2531,27 +2517,12 @@ InitProcessGlobals(void) ...@@ -2531,27 +2517,12 @@ InitProcessGlobals(void)
MyStartTimestamp = GetCurrentTimestamp(); MyStartTimestamp = GetCurrentTimestamp();
MyStartTime = timestamptz_to_time_t(MyStartTimestamp); MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
/*
* Don't want backend to be able to see the postmaster random number
* generator state. We have to clobber the static random_seed.
*/
#ifndef HAVE_STRONG_RANDOM
random_seed = 0;
random_start_time.tv_usec = 0;
#endif
/* /*
* Set a different seed for random() in every process. We want something * Set a different seed for random() in every process. We want something
* unpredictable, so if possible, use high-quality random bits for the * unpredictable, so if possible, use high-quality random bits for the
* seed. Otherwise, fall back to a seed based on timestamp and PID. * seed. Otherwise, fall back to a seed based on timestamp and PID.
*
* Note we can't use pg_backend_random here, since this is used in the
* postmaster, and even in a backend we might not be attached to shared
* memory yet.
*/ */
#ifdef HAVE_STRONG_RANDOM
if (!pg_strong_random(&rseed, sizeof(rseed))) if (!pg_strong_random(&rseed, sizeof(rseed)))
#endif
{ {
/* /*
* Since PIDs and timestamps tend to change more frequently in their * Since PIDs and timestamps tend to change more frequently in their
...@@ -5256,38 +5227,7 @@ StartupPacketTimeoutHandler(void) ...@@ -5256,38 +5227,7 @@ StartupPacketTimeoutHandler(void)
static bool static bool
RandomCancelKey(int32 *cancel_key) RandomCancelKey(int32 *cancel_key)
{ {
#ifdef HAVE_STRONG_RANDOM return pg_strong_random(cancel_key, sizeof(int32));
return pg_strong_random((char *) cancel_key, sizeof(int32));
#else
/*
* If built with --disable-strong-random, use plain old erand48.
*
* We cannot use pg_backend_random() in postmaster, because it stores its
* state in shared memory.
*/
static unsigned short seed[3];
/*
* Select a random seed at the time of first receiving a request.
*/
if (random_seed == 0)
{
struct timeval random_stop_time;
gettimeofday(&random_stop_time, NULL);
seed[0] = (unsigned short) random_start_time.tv_usec;
seed[1] = (unsigned short) (random_stop_time.tv_usec) ^ (random_start_time.tv_usec >> 16);
seed[2] = (unsigned short) (random_stop_time.tv_usec >> 16);
random_seed = 1;
}
*cancel_key = pg_jrand48(seed);
return true;
#endif
} }
/* /*
......
...@@ -44,7 +44,6 @@ ...@@ -44,7 +44,6 @@
#include "storage/procsignal.h" #include "storage/procsignal.h"
#include "storage/sinvaladt.h" #include "storage/sinvaladt.h"
#include "storage/spin.h" #include "storage/spin.h"
#include "utils/backend_random.h"
#include "utils/snapmgr.h" #include "utils/snapmgr.h"
...@@ -149,7 +148,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port) ...@@ -149,7 +148,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port)
size = add_size(size, BTreeShmemSize()); size = add_size(size, BTreeShmemSize());
size = add_size(size, SyncScanShmemSize()); size = add_size(size, SyncScanShmemSize());
size = add_size(size, AsyncShmemSize()); size = add_size(size, AsyncShmemSize());
size = add_size(size, BackendRandomShmemSize());
#ifdef EXEC_BACKEND #ifdef EXEC_BACKEND
size = add_size(size, ShmemBackendArraySize()); size = add_size(size, ShmemBackendArraySize());
#endif #endif
...@@ -269,7 +267,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port) ...@@ -269,7 +267,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port)
BTreeShmemInit(); BTreeShmemInit();
SyncScanShmemInit(); SyncScanShmemInit();
AsyncShmemInit(); AsyncShmemInit();
BackendRandomShmemInit();
#ifdef EXEC_BACKEND #ifdef EXEC_BACKEND
......
...@@ -47,6 +47,5 @@ CommitTsLock 39 ...@@ -47,6 +47,5 @@ CommitTsLock 39
ReplicationOriginLock 40 ReplicationOriginLock 40
MultiXactTruncationLock 41 MultiXactTruncationLock 41
OldSnapshotTimeMapLock 42 OldSnapshotTimeMapLock 42
BackendRandomLock 43 LogicalRepWorkerLock 43
LogicalRepWorkerLock 44 CLogTruncationLock 44
CLogTruncationLock 45
...@@ -24,7 +24,6 @@ ...@@ -24,7 +24,6 @@
#include "libpq/pqformat.h" #include "libpq/pqformat.h"
#include "miscadmin.h" #include "miscadmin.h"
#include "utils/array.h" #include "utils/array.h"
#include "utils/backend_random.h"
#include "utils/float.h" #include "utils/float.h"
#include "utils/fmgrprotos.h" #include "utils/fmgrprotos.h"
#include "utils/sortsupport.h" #include "utils/sortsupport.h"
...@@ -2393,7 +2392,7 @@ drandom(PG_FUNCTION_ARGS) ...@@ -2393,7 +2392,7 @@ drandom(PG_FUNCTION_ARGS)
* Should that fail for some reason, we fall back on a lower-quality * Should that fail for some reason, we fall back on a lower-quality
* seed based on current time and PID. * seed based on current time and PID.
*/ */
if (!pg_backend_random((char *) drandom_seed, sizeof(drandom_seed))) if (!pg_strong_random(drandom_seed, sizeof(drandom_seed)))
{ {
TimestampTz now = GetCurrentTimestamp(); TimestampTz now = GetCurrentTimestamp();
uint64 iseed; uint64 iseed;
......
...@@ -14,9 +14,9 @@ include $(top_builddir)/src/Makefile.global ...@@ -14,9 +14,9 @@ include $(top_builddir)/src/Makefile.global
override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS)
OBJS = backend_random.o guc.o help_config.o pg_config.o pg_controldata.o \ OBJS = guc.o help_config.o pg_config.o pg_controldata.o pg_rusage.o \
pg_rusage.o ps_status.o queryenvironment.o rls.o sampling.o \ ps_status.o queryenvironment.o rls.o sampling.o superuser.o \
superuser.o timeout.o tzparser.o timeout.o tzparser.o
# This location might depend on the installation directories. Therefore # This location might depend on the installation directories. Therefore
# we can't substitute it into pg_config.h. # we can't substitute it into pg_config.h.
......
/*-------------------------------------------------------------------------
*
* backend_random.c
* Backend random number generation routine.
*
* pg_backend_random() function fills a buffer with random bytes. Normally,
* it is just a thin wrapper around pg_strong_random(), but when compiled
* with --disable-strong-random, we provide a built-in implementation.
*
* This function is used for generating nonces in authentication, and for
* random salt generation in pgcrypto. The built-in implementation is not
* cryptographically strong, but if the user asked for it, we'll go ahead
* and use it anyway.
*
* The built-in implementation uses the standard erand48 algorithm, with
* a seed shared between all backends.
*
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
*
* IDENTIFICATION
* src/backend/utils/misc/backend_random.c
*
*-------------------------------------------------------------------------
*/
#include "postgres.h"
#include <sys/time.h>
#include "miscadmin.h"
#include "storage/lwlock.h"
#include "storage/shmem.h"
#include "utils/backend_random.h"
#include "utils/timestamp.h"
#ifdef HAVE_STRONG_RANDOM
Size
BackendRandomShmemSize(void)
{
return 0;
}
void
BackendRandomShmemInit(void)
{
/* do nothing */
}
bool
pg_backend_random(char *dst, int len)
{
/* should not be called in postmaster */
Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
return pg_strong_random(dst, len);
}
#else
/*
* Seed for the PRNG, stored in shared memory.
*
* Protected by BackendRandomLock.
*/
typedef struct
{
bool initialized;
unsigned short seed[3];
} BackendRandomShmemStruct;
static BackendRandomShmemStruct * BackendRandomShmem;
Size
BackendRandomShmemSize(void)
{
return sizeof(BackendRandomShmemStruct);
}
void
BackendRandomShmemInit(void)
{
bool found;
BackendRandomShmem = (BackendRandomShmemStruct *)
ShmemInitStruct("Backend PRNG state",
BackendRandomShmemSize(),
&found);
if (!IsUnderPostmaster)
{
Assert(!found);
BackendRandomShmem->initialized = false;
}
else
Assert(found);
}
bool
pg_backend_random(char *dst, int len)
{
int i;
char *end = dst + len;
/* should not be called in postmaster */
Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
LWLockAcquire(BackendRandomLock, LW_EXCLUSIVE);
/*
* Seed the PRNG on the first use.
*/
if (!BackendRandomShmem->initialized)
{
struct timeval now;
gettimeofday(&now, NULL);
BackendRandomShmem->seed[0] = now.tv_sec;
BackendRandomShmem->seed[1] = (unsigned short) (now.tv_usec);
BackendRandomShmem->seed[2] = (unsigned short) (now.tv_usec >> 16);
/*
* Mix in the cancel key, generated by the postmaster. This adds what
* little entropy the postmaster had to the seed.
*/
BackendRandomShmem->seed[0] ^= (MyCancelKey);
BackendRandomShmem->seed[1] ^= (MyCancelKey >> 16);
BackendRandomShmem->initialized = true;
}
for (i = 0; dst < end; i++)
{
uint32 r;
int j;
/*
* pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from it.
*/
r = (uint32) pg_jrand48(BackendRandomShmem->seed);
for (j = 0; j < 4 && dst < end; j++)
{
*(dst++) = (char) (r & 0xFF);
r >>= 8;
}
}
LWLockRelease(BackendRandomLock);
return true;
}
#endif /* HAVE_STRONG_RANDOM */
...@@ -4844,13 +4844,9 @@ set_random_seed(const char *seed) ...@@ -4844,13 +4844,9 @@ set_random_seed(const char *seed)
else if (strcmp(seed, "rand") == 0) else if (strcmp(seed, "rand") == 0)
{ {
/* use some "strong" random source */ /* use some "strong" random source */
#ifdef HAVE_STRONG_RANDOM
if (!pg_strong_random(&iseed, sizeof(iseed))) if (!pg_strong_random(&iseed, sizeof(iseed)))
#endif
{ {
fprintf(stderr, fprintf(stderr, "could not generate random seed.\n");
"cannot seed random from a strong source, none available: "
"use \"time\" or an unsigned integer value.\n");
return false; return false;
} }
} }
......
...@@ -552,9 +552,6 @@ ...@@ -552,9 +552,6 @@
/* Define to 1 if you have the `strnlen' function. */ /* Define to 1 if you have the `strnlen' function. */
#undef HAVE_STRNLEN #undef HAVE_STRNLEN
/* Define to use have a strong random number source */
#undef HAVE_STRONG_RANDOM
/* Define to 1 if you have the `strsignal' function. */ /* Define to 1 if you have the `strsignal' function. */
#undef HAVE_STRSIGNAL #undef HAVE_STRSIGNAL
......
...@@ -412,9 +412,6 @@ ...@@ -412,9 +412,6 @@
/* Define to 1 if you have the <string.h> header file. */ /* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1 #define HAVE_STRING_H 1
/* Define to use have a strong random number source */
#define HAVE_STRONG_RANDOM 1
/* Define to 1 if you have the `strsignal' function. */ /* Define to 1 if you have the `strsignal' function. */
/* #undef HAVE_STRSIGNAL */ /* #undef HAVE_STRSIGNAL */
......
...@@ -498,9 +498,12 @@ extern char *inet_net_ntop(int af, const void *src, int bits, ...@@ -498,9 +498,12 @@ extern char *inet_net_ntop(int af, const void *src, int bits,
char *dst, size_t size); char *dst, size_t size);
/* port/pg_strong_random.c */ /* port/pg_strong_random.c */
#ifdef HAVE_STRONG_RANDOM
extern bool pg_strong_random(void *buf, size_t len); extern bool pg_strong_random(void *buf, size_t len);
#endif /*
* pg_backend_random used to be a wrapper for pg_strong_random before
* Postgres 12 for the backend code.
*/
#define pg_backend_random pg_strong_random
/* port/pgcheckdir.c */ /* port/pgcheckdir.c */
extern int pg_check_dir(const char *dir); extern int pg_check_dir(const char *dir);
......
/*-------------------------------------------------------------------------
*
* backend_random.h
* Declarations for backend random number generation
*
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
*
* src/include/utils/backend_random.h
*
*-------------------------------------------------------------------------
*/
#ifndef BACKEND_RANDOM_H
#define BACKEND_RANDOM_H
extern Size BackendRandomShmemSize(void);
extern void BackendRandomShmemInit(void);
extern bool pg_backend_random(char *dst, int len);
#endif /* BACKEND_RANDOM_H */
...@@ -19,11 +19,6 @@ ...@@ -19,11 +19,6 @@
#include "common/scram-common.h" #include "common/scram-common.h"
#include "fe-auth.h" #include "fe-auth.h"
/* These are needed for getpid(), in the fallback implementation */
#ifndef HAVE_STRONG_RANDOM
#include <sys/types.h>
#include <unistd.h>
#endif
/* /*
* Status of exchange messages used for SCRAM authentication via the * Status of exchange messages used for SCRAM authentication via the
...@@ -72,7 +67,6 @@ static bool verify_server_signature(fe_scram_state *state); ...@@ -72,7 +67,6 @@ static bool verify_server_signature(fe_scram_state *state);
static void calculate_client_proof(fe_scram_state *state, static void calculate_client_proof(fe_scram_state *state,
const char *client_final_message_without_proof, const char *client_final_message_without_proof,
uint8 *result); uint8 *result);
static bool pg_frontend_random(char *dst, int len);
/* /*
* Initialize SCRAM exchange status. * Initialize SCRAM exchange status.
...@@ -320,7 +314,7 @@ build_client_first_message(fe_scram_state *state) ...@@ -320,7 +314,7 @@ build_client_first_message(fe_scram_state *state)
* Generate a "raw" nonce. This is converted to ASCII-printable form by * Generate a "raw" nonce. This is converted to ASCII-printable form by
* base64-encoding it. * base64-encoding it.
*/ */
if (!pg_frontend_random(raw_nonce, SCRAM_RAW_NONCE_LEN)) if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
{ {
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not generate nonce\n")); libpq_gettext("could not generate nonce\n"));
...@@ -764,7 +758,7 @@ pg_fe_scram_build_verifier(const char *password) ...@@ -764,7 +758,7 @@ pg_fe_scram_build_verifier(const char *password)
password = (const char *) prep_password; password = (const char *) prep_password;
/* Generate a random salt */ /* Generate a random salt */
if (!pg_frontend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN)) if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
{ {
if (prep_password) if (prep_password)
free(prep_password); free(prep_password);
...@@ -779,55 +773,3 @@ pg_fe_scram_build_verifier(const char *password) ...@@ -779,55 +773,3 @@ pg_fe_scram_build_verifier(const char *password)
return result; return result;
} }
/*
* Random number generator.
*/
static bool
pg_frontend_random(char *dst, int len)
{
#ifdef HAVE_STRONG_RANDOM
return pg_strong_random(dst, len);
#else
int i;
char *end = dst + len;
static unsigned short seed[3];
static int mypid = 0;
pglock_thread();
if (mypid != getpid())
{
struct timeval now;
gettimeofday(&now, NULL);
seed[0] = now.tv_sec ^ getpid();
seed[1] = (unsigned short) (now.tv_usec);
seed[2] = (unsigned short) (now.tv_usec >> 16);
}
for (i = 0; dst < end; i++)
{
uint32 r;
int j;
/*
* pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from
* it.
*/
r = (uint32) pg_jrand48(seed);
for (j = 0; j < 4 && dst < end; j++)
{
*(dst++) = (char) (r & 0xFF);
r >>= 8;
}
}
pgunlock_thread();
return true;
#endif
}
...@@ -37,14 +37,10 @@ LIBS += $(PTHREAD_LIBS) ...@@ -37,14 +37,10 @@ LIBS += $(PTHREAD_LIBS)
OBJS = $(LIBOBJS) $(PG_CRC32C_OBJS) chklocale.o erand48.o inet_net_ntop.o \ OBJS = $(LIBOBJS) $(PG_CRC32C_OBJS) chklocale.o erand48.o inet_net_ntop.o \
noblock.o path.o pgcheckdir.o pgmkdirp.o pgsleep.o \ noblock.o path.o pgcheckdir.o pgmkdirp.o pgsleep.o \
pgstrcasecmp.o pgstrsignal.o pqsignal.o \ pg_strong_random.o pgstrcasecmp.o pgstrsignal.o pqsignal.o \
qsort.o qsort_arg.o quotes.o snprintf.o sprompt.o strerror.o \ qsort.o qsort_arg.o quotes.o snprintf.o sprompt.o strerror.o \
tar.o thread.o tar.o thread.o
ifeq ($(enable_strong_random), yes)
OBJS += pg_strong_random.o
endif
# libpgport.a, libpgport_shlib.a, and libpgport_srv.a contain the same files # libpgport.a, libpgport_shlib.a, and libpgport_srv.a contain the same files
# foo.o, foo_shlib.o, and foo_srv.o are all built from foo.c # foo.o, foo_shlib.o, and foo_srv.o are all built from foo.c
OBJS_SHLIB = $(OBJS:%.o=%_shlib.o) OBJS_SHLIB = $(OBJS:%.o=%_shlib.o)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment