projects / users / rhaas / postgres.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0a0727c)
Use RAND_poll() for seeding randomness after fork().
authorNoah Misch <noah@leadboat.com>
Sat, 25 Jul 2020 21:50:59 +0000 (14:50 -0700)
committerNoah Misch <noah@leadboat.com>
Sat, 25 Jul 2020 21:50:59 +0000 (14:50 -0700)
OpenSSL deprecated RAND_cleanup(), and OpenSSL 1.1.0 made it into a
no-op.  Replace it with RAND_poll(), per an OpenSSL community
recommendation.  While this has no user-visible consequences under
OpenSSL defaults, it might help under non-default settings.

Daniel Gustafsson, reviewed by David Steele and Michael Paquier.

Discussion: https://postgr.es/m/9B038FA5-23E8-40D0-B932-D515E1D8F66A@yesql.se

src/backend/postmaster/fork_process.c patch | blob | blame | history

diff --git a/src/backend/postmaster/fork_process.c b/src/backend/postmaster/fork_process.c
index def3cee37e2d78fbad55781c73df8eaa96fe32da..15d634080078106113b5454d34e7d487eaea8391 100644 (file)
--- a/src/backend/postmaster/fork_process.c
+++ b/src/backend/postmaster/fork_process.c
@@ -109,10 +109,12 @@ fork_process(void)
                }
 
                /*
-                * Make sure processes do not share OpenSSL randomness state.
+                * Make sure processes do not share OpenSSL randomness state. This is
+                * no longer required in OpenSSL 1.1.1 and later versions, but until
+                * we drop support for version < 1.1.1 we need to do this.
                 */
 #ifdef USE_OPENSSL
-               RAND_cleanup();
+               RAND_poll();
 #endif
        }
 
Robert Haas's development tree.