summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gustafsson2024-09-02 11:52:27 +0000
committerDaniel Gustafsson2024-09-02 11:52:27 +0000
commitc3333dbc0c0f53452abfccf6c2dd5a86728a19dc (patch)
tree3eb2c8a63ae7f3a2e43eaeb6c52e8058df8795b4
parenta70e01d4306fdbcd5fbedb4ca97e5c21c995da60 (diff)
Only perform pg_strong_random init when required
The random number generator in OpenSSL 1.1.1 was redesigned to provide fork safety by default, thus removing the need for calling RAND_poll after forking to ensure that two processes cannot share the same state. Since we now support 1.1.0 as the minumum version, and 1.1.0 is being increasingly phased out from production use, only perform the RAND_poll initialization for installations running 1.1.0 by checking the OpenSSL version number. LibreSSL changed random number generator when forking OpenSSL and has provided fork safety since version 2.0.2. This removes the overhead of initializing the RNG for strong random for the vast majority of users for whom it is no longer required. Reviewed-by: Jacob Champion <[email protected]> Reviewed-by: Peter Eisentraut <[email protected]> Reviewed-by: Michael Paquier <[email protected]> Discussion: https://postgr.es/m/CA+hUKGKh7QrYzu=8yWEUJvXtMVm_CNWH1L_TLWCbZMwbi1XP2Q@mail.gmail.com
-rw-r--r--src/port/pg_strong_random.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index 5f2b2484252..a8efb2b1886 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -50,17 +50,20 @@
#ifdef USE_OPENSSL
+#include <openssl/opensslv.h>
#include <openssl/rand.h>
void
pg_strong_random_init(void)
{
+#if (OPENSSL_VERSION_NUMBER < 0x10101000L)
/*
- * Make sure processes do not share OpenSSL randomness state. This is no
- * longer required in OpenSSL 1.1.1 and later versions, but until we drop
- * support for version < 1.1.1 we need to do this.
+ * Make sure processes do not share OpenSSL randomness state. This is not
+ * required on LibreSSL and no longer required in OpenSSL 1.1.1 and later
+ * versions.
*/
RAND_poll();
+#endif
}
bool