Add pg_strong_random_init function to initialize random number generator

Currently only OpenSSL requires this initialization, but in the future
other SSL implementations are likely to need it as well. Abstracting
this functionality out into a separate function makes this cleaner and
more clear, and also removes the dependency on OpenSSL headers from
fork_process.c.

OpenSSL is special in that we need to initialize this random number
generator even if we're not going to use it directly, until we drop
support for everything prior to OpenSSL 1.1.1. (And of course also if we
actually use it). All other implementations are left empty at this time,
but more are expected to be added in the future.

Author: Daniel Gustafsson <daniel@yesql.se>, Michael Paquier <michael@paquier.xyz>
Reviewed-By: Magnus Hagander <magnus@hagander.net>
Discussion: https://postgr.es/m/F6291C3C-747C-4C93-BCE0-28BB420B1FF5@yesql.se

diff --git a/src/backend/postmaster/fork_process.c b/src/backend/postmaster/fork_process.c
index 15d634080078106113b5454d34e7d487eaea8391..5247b9f23c9f5a43b62fda9c0bd40e049c4610d0 100644 (file)
--- a/src/backend/postmaster/fork_process.c
+++ b/src/backend/postmaster/fork_process.c
@@ -16,9 +16,6 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <unistd.h>
-#ifdef USE_OPENSSL
-#include <openssl/rand.h>
-#endif
 
 #include "postmaster/fork_process.h"
 
@@ -108,14 +105,8 @@ fork_process(void)
            }
        }
 
-       /*
-        * Make sure processes do not share OpenSSL randomness state. This is
-        * no longer required in OpenSSL 1.1.1 and later versions, but until
-        * we drop support for version < 1.1.1 we need to do this.
-        */
-#ifdef USE_OPENSSL
-       RAND_poll();
-#endif
+       /* do post-fork initialization for random number generation */
+       pg_strong_random_init();
    }
 
    return result;

diff --git a/src/include/port.h b/src/include/port.h
index d25716bf7f8368a5d4664ca0e856446d2fb4eaac..5dfb00b07cc4f5858a84dae789ee188cb76b5fa5 100644 (file)
--- a/src/include/port.h
+++ b/src/include/port.h
@@ -513,6 +513,7 @@ extern char *pg_inet_net_ntop(int af, const void *src, int bits,
                              char *dst, size_t size);
 
 /* port/pg_strong_random.c */
+extern void pg_strong_random_init(void);
 extern bool pg_strong_random(void *buf, size_t len);
 
 /*

diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index 14e8382cd8952adbd7558667cd8266571050dd92..6d85f50b7c8dcd523862a94a5e0e8a3b54ff3ea7 100644 (file)
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -24,7 +24,7 @@
 #include <unistd.h>
 #include <sys/time.h>
 
-#ifdef USE_OPENSSL
+#ifdef USE_OPENSSL_RANDOM
 #include <openssl/rand.h>
 #endif
 #ifdef USE_WIN32_RANDOM
@@ -75,6 +75,50 @@ random_from_file(const char *filename, void *buf, size_t len)
 }
 #endif
 
+/*
+ * pg_strong_random_init
+ *
+ * Initialize the randomness state of "strong" random numbers.  This is invoked
+ * *after* forking a process, and should include initialization steps specific
+ * to the chosen random source to prove fork-safety.
+ */
+void
+pg_strong_random_init(void)
+{
+#if defined(USE_OPENSSL)
+   /*
+    * Make sure processes do not share OpenSSL randomness state. We need to
+    * call this even if pg_strong_random is implemented using another source
+    * for random numbers to ensure fork-safety in our TLS backend.  This is no
+    * longer required in OpenSSL 1.1.1 and later versions, but until we drop
+    * support for version < 1.1.1 we need to do this.
+   */
+   RAND_poll();
+#endif
+
+#if defined(USE_OPENSSL_RANDOM)
+   /*
+    * In case the backend is using the PRNG from OpenSSL without being built
+    * with support for OpenSSL, make sure to perform post-fork initialization.
+    * If the backend is using OpenSSL then we have already performed this
+    * step. The same version caveat as discussed in the comment above applies
+    * here as well.
+    */
+#ifndef USE_OPENSSL
+   RAND_poll();
+#endif
+
+#elif defined(USE_WIN32_RANDOM)
+   /* no initialization needed for WIN32 */
+
+#elif defined(USE_DEV_URANDOM)
+   /* no initialization needed for /dev/urandom */
+
+#else
+#error no source of random numbers configured
+#endif
+}
+
 /*
  * pg_strong_random
  *