diff options
| author | Neil Conway | 2005-03-21 05:22:14 +0000 |
|---|---|---|
| committer | Neil Conway | 2005-03-21 05:22:14 +0000 |
| commit | 19b676869a1d9c1bf25a2332bdbe04bb9027c340 (patch) | |
| tree | bf12fc5bff3da3f6d6ac93a9d8ed7aa220f4bd52 /contrib/pgcrypto/random.c | |
| parent | 1ea9169b420bea40228f2a8e5df28b886a099134 (diff) | |
pgcrypto update:
Reserve px_get_random_bytes() for strong randomness,
add new function px_get_pseudo_random_bytes() for
weak randomness and use it in gen_salt().
On openssl case, use RAND_pseudo_bytes() for
px_get_pseudo_random_bytes().
Final result is that is user has not configured random
souce but kept the 'silly' one, gen_salt() keeps
working, but pgp_encrypt() will throw error.
Marko Kreen
Diffstat (limited to 'contrib/pgcrypto/random.c')
| -rw-r--r-- | contrib/pgcrypto/random.c | 53 |
1 files changed, 41 insertions, 12 deletions
diff --git a/contrib/pgcrypto/random.c b/contrib/pgcrypto/random.c index 840d4df7fc4..7f2f5f49258 100644 --- a/contrib/pgcrypto/random.c +++ b/contrib/pgcrypto/random.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $PostgreSQL: pgsql/contrib/pgcrypto/random.c,v 1.9 2005/03/21 05:19:55 neilc Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/random.c,v 1.10 2005/03/21 05:22:14 neilc Exp $ */ @@ -78,10 +78,16 @@ px_get_random_bytes(uint8 *dst, unsigned count) return res; } +int +px_get_pseudo_random_bytes(uint8 *dst, unsigned count) +{ + return px_get_random_bytes(dst, count); +} + #elif defined(RAND_SILLY) int -px_get_random_bytes(uint8 *dst, unsigned count) +px_get_pseudo_random_bytes(uint8 *dst, unsigned count) { int i; @@ -90,6 +96,12 @@ px_get_random_bytes(uint8 *dst, unsigned count) return i; } +int +px_get_random_bytes(uint8 *dst, unsigned count) +{ + return PXE_NO_RANDOM; +} + #elif defined(RAND_OPENSSL) #include <openssl/evp.h> @@ -99,22 +111,24 @@ px_get_random_bytes(uint8 *dst, unsigned count) static int openssl_random_init = 0; +/* + * OpenSSL random should re-feeded occasionally. From /dev/urandom + * preferably. + */ +static void init_openssl() +{ + if (RAND_get_rand_method() == NULL) + RAND_set_rand_method(RAND_SSLeay()); + openssl_random_init = 1; +} + int px_get_random_bytes(uint8 *dst, unsigned count) { int res; if (!openssl_random_init) - { - if (RAND_get_rand_method() == NULL) - RAND_set_rand_method(RAND_SSLeay()); - openssl_random_init = 1; - } - - /* - * OpenSSL random should re-feeded occasionally. From /dev/urandom - * preferably. - */ + init_openssl(); res = RAND_bytes(dst, count); if (res == 1) @@ -123,6 +137,21 @@ px_get_random_bytes(uint8 *dst, unsigned count) return PXE_OSSL_RAND_ERROR; } +int +px_get_pseudo_random_bytes(uint8 *dst, unsigned count) +{ + int res; + + if (!openssl_random_init) + init_openssl(); + + res = RAND_pseudo_bytes(dst, count); + if (res == 0 || res == 1) + return count; + + return PXE_OSSL_RAND_ERROR; +} + #else #error "Invalid random source" #endif |