Use RAND_poll() for seeding randomness after fork().

OpenSSL deprecated RAND_cleanup(), and OpenSSL 1.1.0 made it into a no-op. Replace it with RAND_poll(), per an OpenSSL community recommendation. While this has no user-visible consequences under OpenSSL defaults, it might help under non-default settings. Daniel Gustafsson, reviewed by David Steele and Michael Paquier. Discussion: https://postgr.es/m/[email protected]
author: Noah Misch 2020-07-25 21:50:59 +0000
committer: Noah Misch 2020-07-25 21:50:59 +0000
commit: ce4939ff70890fa658a4095b9fe457f8432b2575 (patch)
tree: bc883e4de05b523f755a8bca5795ab280d67bf8a
parent: 0a0727ccfc5f4e2926623abe877bdc0b5bfd682e (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/backend/postmaster/fork_process.c b/src/backend/postmaster/fork_process.c
index def3cee37e..15d6340800 100644
--- a/src/backend/postmaster/fork_process.c
+++ b/src/backend/postmaster/fork_process.c
@@ -109,10 +109,12 @@ fork_process(void)
 		}
 
 		/*
-		 * Make sure processes do not share OpenSSL randomness state.
+		 * Make sure processes do not share OpenSSL randomness state. This is
+		 * no longer required in OpenSSL 1.1.1 and later versions, but until
+		 * we drop support for version < 1.1.1 we need to do this.
 		 */
 #ifdef USE_OPENSSL
-		RAND_cleanup();
+		RAND_poll();
 #endif
 	}
author	Noah Misch	2020-07-25 21:50:59 +0000
committer	Noah Misch	2020-07-25 21:50:59 +0000
commit	ce4939ff70890fa658a4095b9fe457f8432b2575 (patch)
tree	bc883e4de05b523f755a8bca5795ab280d67bf8a
parent	0a0727ccfc5f4e2926623abe877bdc0b5bfd682e (diff)