diff options
| author | Michael Paquier <michael@paquier.xyz> | 2019-01-01 20:05:51 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2019-01-01 20:05:51 +0900 |
| commit | 1707a0d2aa6b2bcfe78f63836c769943a1a6b9e0 (patch) | |
| tree | 2e4acf6889358493cfda78582d54b8b751c3fbe5 | |
| parent | d880b208e5fcf55e3ae396d5fc5fa6639f58205f (diff) | |
| download | postgresql-1707a0d2aa6b2bcfe78f63836c769943a1a6b9e0.tar.gz postgresql-1707a0d2aa6b2bcfe78f63836c769943a1a6b9e0.zip | |
Remove configure switch --disable-strong-random
This removes a portion of infrastructure introduced by fe0a0b5 to allow
compilation of Postgres in environments where no strong random source is
available, meaning that there is no linking to OpenSSL and no
/dev/urandom (Windows having its own CryptoAPI). No systems shipped
this century lack /dev/urandom, and the buildfarm is actually not
testing this switch at all, so just remove it. This simplifies
particularly some backend code which included a fallback implementation
using shared memory, and removes a set of alternate regression output
files from pgcrypto.
Author: Michael Paquier
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/20181230063219.GG608@paquier.xyz
32 files changed, 60 insertions, 1183 deletions
diff --git a/configure b/configure index ea40f5f03df..79a18717d38 100755 --- a/configure +++ b/configure @@ -761,7 +761,6 @@ GENHTML LCOV GCOV enable_debug -enable_strong_random enable_rpath default_port WANTED_LANGUAGES @@ -829,7 +828,6 @@ with_pgport enable_rpath enable_spinlocks enable_atomics -enable_strong_random enable_debug enable_profiling enable_coverage @@ -1512,7 +1510,6 @@ Optional Features: executables --disable-spinlocks do not use spinlocks --disable-atomics do not use atomic operations - --disable-strong-random do not use a strong random number source --enable-debug build with debugging symbols (-g) --enable-profiling build with profiling enabled --enable-coverage build with coverage testing instrumentation @@ -3273,34 +3270,6 @@ fi # -# Random number generation -# - - -# Check whether --enable-strong-random was given. -if test "${enable_strong_random+set}" = set; then : - enableval=$enable_strong_random; - case $enableval in - yes) - : - ;; - no) - : - ;; - *) - as_fn_error $? "no argument expected for --enable-strong-random option" "$LINENO" 5 - ;; - esac - -else - enable_strong_random=yes - -fi - - - - -# # --enable-debug adds -g to compiler flags # @@ -17937,7 +17906,7 @@ fi # in the template or configure command line. # If not selected manually, try to select a source automatically. -if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then +if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then if test x"$with_openssl" = x"yes" ; then USE_OPENSSL_RANDOM=1 elif test "$PORTNAME" = "win32" ; then @@ -17971,42 +17940,28 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5 $as_echo_n "checking which random number source to use... " >&6; } -if test "$enable_strong_random" = yes ; then - if test x"$USE_OPENSSL_RANDOM" = x"1" ; then +if test x"$USE_OPENSSL_RANDOM" = x"1" ; then $as_echo "#define USE_OPENSSL_RANDOM 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5 $as_echo "OpenSSL" >&6; } - elif test x"$USE_WIN32_RANDOM" = x"1" ; then +elif test x"$USE_WIN32_RANDOM" = x"1" ; then $as_echo "#define USE_WIN32_RANDOM 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5 $as_echo "Windows native" >&6; } - elif test x"$USE_DEV_URANDOM" = x"1" ; then +elif test x"$USE_DEV_URANDOM" = x"1" ; then $as_echo "#define USE_DEV_URANDOM 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5 $as_echo "/dev/urandom" >&6; } - else - as_fn_error $? " -no source of strong random numbers was found -PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers, -for authentication protocols. You can use --disable-strong-random to use a -built-in pseudo random number generator, but that may be insecure." "$LINENO" 5 - fi - -$as_echo "#define HAVE_STRONG_RANDOM 1" >>confdefs.h - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: weak builtin PRNG" >&5 -$as_echo "weak builtin PRNG" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -*** Not using a strong random number source may be insecure." >&5 -$as_echo "$as_me: WARNING: -*** Not using a strong random number source may be insecure." >&2;} + as_fn_error $? " +no source of strong random numbers was found +PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers." "$LINENO" 5 fi # If not set in template file, set bytes to use libc memset() diff --git a/configure.in b/configure.in index 89a0fb2470f..5084cddea34 100644 --- a/configure.in +++ b/configure.in @@ -194,13 +194,6 @@ PGAC_ARG_BOOL(enable, atomics, yes, [do not use atomic operations]) # -# Random number generation -# -PGAC_ARG_BOOL(enable, strong-random, yes, - [do not use a strong random number source]) -AC_SUBST(enable_strong_random) - -# # --enable-debug adds -g to compiler flags # PGAC_ARG_BOOL(enable, debug, no, @@ -2151,7 +2144,7 @@ fi # in the template or configure command line. # If not selected manually, try to select a source automatically. -if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then +if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then if test x"$with_openssl" = x"yes" ; then USE_OPENSSL_RANDOM=1 elif test "$PORTNAME" = "win32" ; then @@ -2166,28 +2159,19 @@ if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && fi AC_MSG_CHECKING([which random number source to use]) -if test "$enable_strong_random" = yes ; then - if test x"$USE_OPENSSL_RANDOM" = x"1" ; then - AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation]) - AC_MSG_RESULT([OpenSSL]) - elif test x"$USE_WIN32_RANDOM" = x"1" ; then - AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation]) - AC_MSG_RESULT([Windows native]) - elif test x"$USE_DEV_URANDOM" = x"1" ; then - AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation]) - AC_MSG_RESULT([/dev/urandom]) - else - AC_MSG_ERROR([ -no source of strong random numbers was found -PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers, -for authentication protocols. You can use --disable-strong-random to use a -built-in pseudo random number generator, but that may be insecure.]) - fi - AC_DEFINE(HAVE_STRONG_RANDOM, 1, [Define to use have a strong random number source]) +if test x"$USE_OPENSSL_RANDOM" = x"1" ; then + AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation]) + AC_MSG_RESULT([OpenSSL]) +elif test x"$USE_WIN32_RANDOM" = x"1" ; then + AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation]) + AC_MSG_RESULT([Windows native]) +elif test x"$USE_DEV_URANDOM" = x"1" ; then + AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation]) + AC_MSG_RESULT([/dev/urandom]) else - AC_MSG_RESULT([weak builtin PRNG]) - AC_MSG_WARN([ -*** Not using a strong random number source may be insecure.]) + AC_MSG_ERROR([ +no source of strong random numbers was found +PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers.]) fi # If not set in template file, set bytes to use libc memset() diff --git a/contrib/pgcrypto/expected/pgp-compression_1.out b/contrib/pgcrypto/expected/pgp-compression_1.out deleted file mode 100644 index 655830ae140..00000000000 --- a/contrib/pgcrypto/expected/pgp-compression_1.out +++ /dev/null @@ -1,42 +0,0 @@ --- --- PGP compression support --- -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- - -ww0ECQMCsci6AdHnELlh0kQB4jFcVwHMJg0Bulop7m3Mi36s15TAhBo0AnzIrRFrdLVCkKohsS6+ -DMcmR53SXfLoDJOv/M8uKj3QSq7oWNIp95pxfA== -=tbSn ------END PGP MESSAGE----- -'), 'key', 'expect-compress-algo=1'); - pgp_sym_decrypt ------------------ - Secret message -(1 row) - -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret message', 'key', 'compress-algo=0'), - 'key', 'expect-compress-algo=0'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret message', 'key', 'compress-algo=1'), - 'key', 'expect-compress-algo=1'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret message', 'key', 'compress-algo=2'), - 'key', 'expect-compress-algo=2'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- level=0 should turn compression off -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret message', 'key', - 'compress-algo=2, compress-level=0'), - 'key', 'expect-compress-algo=0'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. diff --git a/contrib/pgcrypto/expected/pgp-decrypt_1.out b/contrib/pgcrypto/expected/pgp-decrypt_1.out deleted file mode 100644 index f3df4e618ad..00000000000 --- a/contrib/pgcrypto/expected/pgp-decrypt_1.out +++ /dev/null @@ -1,424 +0,0 @@ --- --- pgp_descrypt tests --- --- Checking ciphers -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.blowfish.sha1.mdc.s2k3.z0 - -jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS -yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE= -=JcP+ ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest -UTAsG35A1vYs02VARKzGz6xI2UHwFUirP+brPBg3Ee7muOx8pA== -=XtrP ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes192.sha1.mdc.s2k3.z0 - -jA0ECAMCI7YQpWqp3D1g0kQBCjB7GlX7+SQeXNleXeXQ78ZAPNliquGDq9u378zI -5FPTqAhIB2/2fjY8QEIs1ai00qphjX2NitxV/3Wn+6dufB4Q4g== -=rCZt ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes256.sha1.mdc.s2k3.z0 - -jA0ECQMC4f/5djqCC1Rg0kQBTHEPsD+Sw7biBsM2er3vKyGPAQkuTBGKC5ie7hT/ -lceMfQdbAg6oTFyJpk/wH18GzRDphCofg0X8uLgkAKMrpcmgog== -=fB6S ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - --- Checking MDC modes -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.nomdc.s2k3.z0 - -jA0EBwMCnv07rlXqWctgyS2Dm2JfOKCRL4sLSLJUC8RS2cH7cIhKSuLitOtyquB+ -u9YkgfJfsuRJmgQ9tmo= -=60ui ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCEeP3idNjQ1Bg0kQBf4G0wX+2QNzLh2YNwYkQgQkfYhn/hLXjV4nK9nsE -8Ex1Dsdt5UPvOz8W8VKQRS6loOfOe+yyXil8W3IYFwUpdDUi+Q== -=moGf ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - --- Checking hashes -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.md5.mdc.s2k3.z0 - -jA0EBwMClrXXtOXetohg0kQBn0Kl1ymevQZRHkdoYRHgzCwSQEiss7zYff2UNzgO -KyRrHf7zEBuZiZ2AG34jNVMOLToj1jJUg5zTSdecUzQVCykWTA== -=NyLk ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCApbdlrURoWJg0kQBzHM/E0o7djY82bNuspjxjAcPFrrtp0uvDdMQ4z2m -/PM8jhgI5vxFYfNQjLl8y3fHYIomk9YflN9K/Q13iq8A8sjeTw== -=FxbQ ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - --- Checking S2K modes -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k0.z0 - -jAQEBwAC0kQBKTaLAKE3xzps+QIZowqRNb2eAdzBw2LxEW2YD5PgNlbhJdGg+dvw -Ah9GXjGS1TVALzTImJbz1uHUZRfhJlFbc5yGQw== -=YvkV ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k1.z0 - -jAwEBwEC/QTByBLI3b/SRAHPxKzI6SZBo5lAEOD+EsvKQWO4adL9tDY+++Iqy1xK -4IaWXVKEj9R2Lr2xntWWMGZtcKtjD2lFFRXXd9dZp1ZThNDz -=dbXm ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCEq4Su3ZqNEJg0kQB4QG5jBTKF0i04xtH+avzmLhstBNRxvV3nsmB3cwl -z+9ZaA/XdSx5ZiFnMym8P6r8uY9rLjjNptvvRHlxIReF+p9MNg== -=VJKg ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes192.sha1.mdc.s2k0.z0 - -jAQECAAC0kQBBDnQWkgsx9YFaqDfWmpsiyAJ6y2xG/sBvap1dySYEMuZ+wJTXQ9E -Cr3i2M7TgVZ0M4jp4QL0adG1lpN5iK7aQeOwMw== -=cg+i ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes192.sha1.mdc.s2k1.z0 - -jAwECAECruOfyNDFiTnSRAEVoGXm4A9UZKkWljdzjEO/iaE7mIraltIpQMkiqCh9 -7h8uZ2u9uRBOv222fZodGvc6bvq/4R4hAa/6qSHtm8mdmvGt -=aHmC ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes192.sha1.mdc.s2k3.z0 - -jA0ECAMCjFn6SRi3SONg0kQBqtSHPaD0m7rXfDAhCWU/ypAsI93GuHGRyM99cvMv -q6eF6859ZVnli3BFSDSk3a4e/pXhglxmDYCfjAXkozKNYLo6yw== -=K0LS ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes256.sha1.mdc.s2k0.z0 - -jAQECQAC0kQB4L1eMbani07XF2ZYiXNK9LW3v8w41oUPl7dStmrJPQFwsdxmrDHu -rQr3WbdKdY9ufjOE5+mXI+EFkSPrF9rL9NCq6w== -=RGts ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes256.sha1.mdc.s2k1.z0 - -jAwECQECKHhrou7ZOIXSRAHWIVP+xjVQcjAVBTt+qh9SNzYe248xFTwozkwev3mO -+KVJW0qhk0An+Y2KF99/bYFl9cL5D3Tl43fC8fXGl3x3m7pR -=SUrU ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes256.sha1.mdc.s2k3.z0 - -jA0ECQMCjc8lwZu8Fz1g0kQBkEzjImi21liep5jj+3dAJ2aZFfUkohi8b3n9z+7+ -4+NRzL7cMW2RLAFnJbiqXDlRHMwleeuLN1up2WIxsxtYYuaBjA== -=XZrG ------END PGP MESSAGE----- -'), 'foobar'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - --- Checking longer passwords -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCx6dBiuqrYNRg0kQBEo63AvA1SCslxP7ayanLf1H0/hlk2nONVhTwVEWi -tTGup1mMz6Cfh1uDRErUuXpx9A0gdMu7zX0o5XjrL7WGDAZdSw== -=XKKG ------END PGP MESSAGE----- -'), '0123456789abcdefghij'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCBDvYuS990iFg0kQBW31UK5OiCjWf5x6KJ8qNNT2HZWQCjCBZMU0XsOC6 -CMxFKadf144H/vpoV9GA0f22keQgCl0EsTE4V4lweVOPTKCMJg== -=gWDh ------END PGP MESSAGE----- -'), '0123456789abcdefghij2jk4h5g2j54khg23h54g2kh54g2khj54g23hj54'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCqXbFafC+ofVg0kQBejyiPqH0QMERVGfmPOjtAxvyG5KDIJPYojTgVSDt -FwsDabdQUz5O7bgNSnxfmyw1OifGF+W2bIn/8W+0rDf8u3+O+Q== -=OxOF ------END PGP MESSAGE----- -'), 'x'); - pgp_sym_decrypt ------------------ - Secret message. -(1 row) - --- Checking various data -select encode(digest(pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat1.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCGJ+SpuOysINg0kQBJfSjzsW0x4OVcAyr17O7FBvMTwIGeGcJd99oTQU8 -Xtx3kDqnhUq9Z1fS3qPbi5iNP2A9NxOBxPWz2JzxhydANlgbxg== -=W/ik ------END PGP MESSAGE----- -'), '0123456789abcdefghij'), 'sha1'), 'hex'); - encode ------------------------------------------- - 0225e3ede6f2587b076d021a189ff60aad67e066 -(1 row) - --- expected: 0225e3ede6f2587b076d021a189ff60aad67e066 -select encode(digest(pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat2.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCvdpDvidNzMxg0jUBvj8eS2+1t/9/zgemxvhtc0fvdKGGbjH7dleaTJRB -SaV9L04ky1qECNDx3XjnoKLC+H7IOQ== -=Fxen ------END PGP MESSAGE----- -'), '0123456789abcdefghij'), 'sha1'), 'hex'); - encode ------------------------------------------- - da39a3ee5e6b4b0d3255bfef95601890afd80709 -(1 row) - --- expected: da39a3ee5e6b4b0d3255bfef95601890afd80709 -select encode(digest(pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: dat3.aes.sha1.mdc.s2k3.z0 - -jA0EBwMCxQvxJZ3G/HRg0lgBeYmTa7/uDAjPyFwSX4CYBgpZWVn/JS8JzILrcWF8 -gFnkUKIE0PSaYFp+Yi1VlRfUtRQ/X/LYNGa7tWZS+4VQajz2Xtz4vUeAEiYFYPXk -73Hb8m1yRhQK -=ivrD ------END PGP MESSAGE----- -'), '0123456789abcdefghij'), 'sha1'), 'hex'); - encode ------------------------------------------- - 5e5c135efc0dd00633efc6dfd6e731ea408a5b4c -(1 row) - --- expected: 5e5c135efc0dd00633efc6dfd6e731ea408a5b4c --- Checking CRLF -select encode(digest(pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: crlf mess - -ww0ECQMCt7VAtby6l4Bi0lgB5KMIZiiF/b3CfMfUyY0eDncsGXtkbu1X+l9brjpMP8eJnY79Amms -a3nsOzKTXUfS9VyaXo8IrncM6n7fdaXpwba/3tNsAhJG4lDv1k4g9v8Ix2dfv6Rs -=mBP9 ------END PGP MESSAGE----- -'), 'key', 'convert-crlf=0'), 'sha1'), 'hex'); - encode ------------------------------------------- - 9353062be7720f1446d30b9e75573a4833886784 -(1 row) - --- expected: 9353062be7720f1446d30b9e75573a4833886784 -select encode(digest(pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- -Comment: crlf mess - -ww0ECQMCt7VAtby6l4Bi0lgB5KMIZiiF/b3CfMfUyY0eDncsGXtkbu1X+l9brjpMP8eJnY79Amms -a3nsOzKTXUfS9VyaXo8IrncM6n7fdaXpwba/3tNsAhJG4lDv1k4g9v8Ix2dfv6Rs -=mBP9 ------END PGP MESSAGE----- -'), 'key', 'convert-crlf=1'), 'sha1'), 'hex'); - encode ------------------------------------------- - 7efefcab38467f7484d6fa43dc86cf5281bd78e2 -(1 row) - --- expected: 7efefcab38467f7484d6fa43dc86cf5281bd78e2 --- check BUG #11905, problem with messages 6 less than a power of 2. -select pgp_sym_decrypt(pgp_sym_encrypt(repeat('x',65530),'1'),'1') = repeat('x',65530); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- expected: true --- Negative tests --- Decryption with a certain incorrect key yields an apparent Literal Data --- packet reporting its content to be binary data. Ciphertext source: --- iterative pgp_sym_encrypt('secret', 'key') until the random prefix gave --- rise to that property. -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- - -ww0EBwMCxf8PTrQBmJdl0jcB6y2joE7GSLKRv7trbNsF5Z8ou5NISLUg31llVH/S0B2wl4bvzZjV -VsxxqLSPzNLAeIspJk5G -=mSd/ ------END PGP MESSAGE----- -'), 'wrong-key', 'debug=1'); -NOTICE: dbg: prefix_init: corrupt prefix -NOTICE: dbg: parse_literal_data: data type=b -NOTICE: dbg: mdcbuf_finish: bad MDC pkt hdr -ERROR: Wrong key or corrupt data --- Routine text/binary mismatch. -select pgp_sym_decrypt(pgp_sym_encrypt_bytea('P', 'key'), 'key', 'debug=1'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- Decryption with a certain incorrect key yields an apparent BZip2-compressed --- plaintext. Ciphertext source: iterative pgp_sym_encrypt('secret', 'key') --- until the random prefix gave rise to that property. -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- - -ww0EBwMC9rK/dMkF5Zlt0jcBlzAQ1mQY2qYbKYbw8h3EZ5Jk0K2IiY92R82TRhWzBIF/8cmXDPtP -GXsd65oYJZp3Khz0qfyn -=Nmpq ------END PGP MESSAGE----- -'), 'wrong-key', 'debug=1'); -NOTICE: dbg: prefix_init: corrupt prefix -NOTICE: dbg: parse_compressed_data: bzip2 unsupported -NOTICE: dbg: mdcbuf_finish: bad MDC pkt hdr -ERROR: Wrong key or corrupt data --- Routine use of BZip2 compression. Ciphertext source: --- echo x | gpg --homedir /nonexistent --personal-compress-preferences bzip2 \ --- --personal-cipher-preferences aes --no-emit-version --batch \ --- --symmetric --passphrase key --armor -select pgp_sym_decrypt(dearmor(' ------BEGIN PGP MESSAGE----- - -jA0EBwMCRhFrAKNcLVJg0mMBLJG1cCASNk/x/3dt1zJ+2eo7jHfjgg3N6wpB3XIe -QCwkWJwlBG5pzbO5gu7xuPQN+TbPJ7aQ2sLx3bAHhtYb0i3vV9RO10Gw++yUyd4R -UCAAw2JRIISttRHMfDpDuZJpvYo= -=AZ9M ------END PGP MESSAGE----- -'), 'key', 'debug=1'); -NOTICE: dbg: parse_compressed_data: bzip2 unsupported -ERROR: Unsupported compression algorithm diff --git a/contrib/pgcrypto/expected/pgp-encrypt_1.out b/contrib/pgcrypto/expected/pgp-encrypt_1.out deleted file mode 100644 index 72f346414ab..00000000000 --- a/contrib/pgcrypto/expected/pgp-encrypt_1.out +++ /dev/null @@ -1,161 +0,0 @@ --- --- PGP encrypt --- --- ensure consistent test output regardless of the default bytea format -SET bytea_output TO escape; -select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), 'key'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- check whether the defaults are ok -select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), - 'key', 'expect-cipher-algo=aes128, - expect-disable-mdc=0, - expect-sess-key=0, - expect-s2k-mode=3, - expect-s2k-digest-algo=sha1, - expect-compress-algo=0 - '); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- maybe the expect- stuff simply does not work -select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), - 'key', 'expect-cipher-algo=bf, - expect-disable-mdc=1, - expect-sess-key=1, - expect-s2k-mode=0, - expect-s2k-digest-algo=md5, - expect-compress-algo=1 - '); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- bytea as text -select pgp_sym_decrypt(pgp_sym_encrypt_bytea('Binary', 'baz'), 'baz'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- text as bytea -select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- algorithm change -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=bf'), - 'key', 'expect-cipher-algo=bf'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes'), - 'key', 'expect-cipher-algo=aes128'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes192'), - 'key', 'expect-cipher-algo=aes192'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- s2k change -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-mode=0'), - 'key', 'expect-s2k-mode=0'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-mode=1'), - 'key', 'expect-s2k-mode=1'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-mode=3'), - 'key', 'expect-s2k-mode=3'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- s2k count change -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-count=1024'), - 'key', 'expect-s2k-count=1024'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- s2k_count rounds up -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-count=65000000'), - 'key', 'expect-s2k-count=65000000'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- s2k digest change -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), - 'key', 'expect-s2k-digest-algo=md5'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), - 'key', 'expect-s2k-digest-algo=sha1'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- sess key -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'sess-key=0'), - 'key', 'expect-sess-key=0'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'sess-key=1'), - 'key', 'expect-sess-key=1'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'), - 'key', 'expect-sess-key=1, expect-cipher-algo=bf'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'), - 'key', 'expect-sess-key=1, expect-cipher-algo=aes192'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'), - 'key', 'expect-sess-key=1, expect-cipher-algo=aes256'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- no mdc -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 'disable-mdc=1'), - 'key', 'expect-disable-mdc=1'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- crlf -select encode(pgp_sym_decrypt_bytea( - pgp_sym_encrypt(E'1\n2\n3\r\n', 'key', 'convert-crlf=1'), - 'key'), 'hex'); -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- conversion should be lossless -select encode(digest(pgp_sym_decrypt( - pgp_sym_encrypt(E'\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'), - 'key', 'convert-crlf=1'), 'sha1'), 'hex') as result, - encode(digest(E'\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect; -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. diff --git a/contrib/pgcrypto/expected/pgp-pubkey-encrypt_1.out b/contrib/pgcrypto/expected/pgp-pubkey-encrypt_1.out deleted file mode 100644 index 6da4c6da413..00000000000 --- a/contrib/pgcrypto/expected/pgp-pubkey-encrypt_1.out +++ /dev/null @@ -1,62 +0,0 @@ --- --- PGP Public Key Encryption --- --- ensure consistent test output regardless of the default bytea format -SET bytea_output TO escape; --- successful encrypt/decrypt -select pgp_pub_decrypt( - pgp_pub_encrypt('Secret msg', dearmor(pubkey)), - dearmor(seckey)) -from keytbl where keytbl.id=1; -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_pub_decrypt( - pgp_pub_encrypt('Secret msg', dearmor(pubkey)), - dearmor(seckey)) -from keytbl where keytbl.id=2; -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_pub_decrypt( - pgp_pub_encrypt('Secret msg', dearmor(pubkey)), - dearmor(seckey)) -from keytbl where keytbl.id=3; -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. -select pgp_pub_decrypt( - pgp_pub_encrypt('Secret msg', dearmor(pubkey)), - dearmor(seckey)) -from keytbl where keytbl.id=6; -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- try with rsa-sign only -select pgp_pub_decrypt( - pgp_pub_encrypt('Secret msg', dearmor(pubkey)), - dearmor(seckey)) -from keytbl where keytbl.id=4; -ERROR: No encryption key found --- try with secret key -select pgp_pub_decrypt( - pgp_pub_encrypt('Secret msg', dearmor(seckey)), - dearmor(seckey)) -from keytbl where keytbl.id=1; -ERROR: Refusing to encrypt with secret key --- does text-to-bytea works -select pgp_pub_decrypt_bytea( - pgp_pub_encrypt('Secret msg', dearmor(pubkey)), - dearmor(seckey)) -from keytbl where keytbl.id=1; -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. --- and bytea-to-text? -select pgp_pub_decrypt( - pgp_pub_encrypt_bytea('Secret msg', dearmor(pubkey)), - dearmor(seckey)) -from keytbl where keytbl.id=1; -ERROR: generating random data is not supported by this build -DETAIL: This functionality requires a source of strong random numbers. -HINT: You need to rebuild PostgreSQL using --enable-strong-random. diff --git a/contrib/pgcrypto/pgcrypto.c b/contrib/pgcrypto/pgcrypto.c index de09ececcfd..c5587679098 100644 --- a/contrib/pgcrypto/pgcrypto.c +++ b/contrib/pgcrypto/pgcrypto.c @@ -34,7 +34,6 @@ #include <ctype.h> #include "parser/scansup.h" -#include "utils/backend_random.h" #include "utils/builtins.h" #include "utils/uuid.h" @@ -423,7 +422,6 @@ PG_FUNCTION_INFO_V1(pg_random_bytes); Datum pg_random_bytes(PG_FUNCTION_ARGS) { -#ifdef HAVE_STRONG_RANDOM int len = PG_GETARG_INT32(0); bytea *res; @@ -440,9 +438,6 @@ pg_random_bytes(PG_FUNCTION_ARGS) px_THROW_ERROR(PXE_NO_RANDOM); PG_RETURN_BYTEA_P(res); -#else - px_THROW_ERROR(PXE_NO_RANDOM); -#endif } /* SQL function: gen_random_uuid() returns uuid */ @@ -451,11 +446,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid); Datum pg_random_uuid(PG_FUNCTION_ARGS) { -#ifdef HAVE_STRONG_RANDOM uint8 *buf = (uint8 *) palloc(UUID_LEN); /* Generate random bits. */ - if (!pg_backend_random((char *) buf, UUID_LEN)) + if (!pg_strong_random(buf, UUID_LEN)) px_THROW_ERROR(PXE_NO_RANDOM); /* @@ -466,9 +460,6 @@ pg_random_uuid(PG_FUNCTION_ARGS) buf[8] = (buf[8] & 0x3f) | 0x80; /* "variant" field */ PG_RETURN_UUID_P((pg_uuid_t *) buf); -#else - px_THROW_ERROR(PXE_NO_RANDOM); -#endif } static void * diff --git a/contrib/pgcrypto/pgp-encrypt.c b/contrib/pgcrypto/pgp-encrypt.c index d510729e5b4..8a6cd826755 100644 --- a/contrib/pgcrypto/pgp-encrypt.c +++ b/contrib/pgcrypto/pgp-encrypt.c @@ -37,8 +37,6 @@ #include "px.h" #include "pgp.h" -#include "utils/backend_random.h" - #define MDC_DIGEST_LEN 20 #define STREAM_ID 0xE0 @@ -481,13 +479,12 @@ init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst) static int write_prefix(PGP_Context *ctx, PushFilter *dst) { -#ifdef HAVE_STRONG_RANDOM uint8 prefix[PGP_MAX_BLOCK + 2]; int res, bs; bs = pgp_get_cipher_block_size(ctx->cipher_algo); - if (!pg_backend_random((char *) prefix, bs)) + if (!pg_strong_random(prefix, bs)) return PXE_NO_RANDOM; prefix[bs + 0] = prefix[bs - 2]; @@ -496,9 +493,6 @@ write_prefix(PGP_Context *ctx, PushFilter *dst) res = pushf_write(dst, prefix, bs + 2); px_memset(prefix, 0, bs + 2); return res < 0 ? res : 0; -#else - return PXE_NO_RANDOM; -#endif } /* @@ -587,13 +581,9 @@ init_sess_key(PGP_Context *ctx) { if (ctx->use_sess_key || ctx->pub_key) { -#ifdef HAVE_STRONG_RANDOM ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo); - if (!pg_strong_random((char *) ctx->sess_key, ctx->sess_key_len)) + if (!pg_strong_random(ctx->sess_key, ctx->sess_key_len)) return PXE_NO_RANDOM; -#else - return PXE_NO_RANDOM; -#endif } else { diff --git a/contrib/pgcrypto/pgp-mpi-internal.c b/contrib/pgcrypto/pgp-mpi-internal.c index 545009ce199..c73f086b0be 100644 --- a/contrib/pgcrypto/pgp-mpi-internal.c +++ b/contrib/pgcrypto/pgp-mpi-internal.c @@ -57,13 +57,12 @@ mp_clear_free(mpz_t *a) static int mp_px_rand(uint32 bits, mpz_t *res) { -#ifdef HAVE_STRONG_RANDOM unsigned bytes = (bits + 7) / 8; int last_bits = bits & 7; uint8 *buf; buf = px_alloc(bytes); - if (!pg_strong_random((char *) buf, bytes)) + if (!pg_strong_random(buf, bytes)) { px_free(buf); return PXE_NO_RANDOM; @@ -83,9 +82,6 @@ mp_px_rand(uint32 bits, mpz_t *res) px_free(buf); return 0; -#else - return PXE_NO_RANDOM; -#endif } static void diff --git a/contrib/pgcrypto/pgp-pubenc.c b/contrib/pgcrypto/pgp-pubenc.c index e4ff832f90d..08599f09786 100644 --- a/contrib/pgcrypto/pgp-pubenc.c +++ b/contrib/pgcrypto/pgp-pubenc.c @@ -39,7 +39,6 @@ static int pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) { -#ifdef HAVE_STRONG_RANDOM uint8 *buf, *p; int pad_len = res_len - 2 - data_len; @@ -50,7 +49,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) buf = px_alloc(res_len); buf[0] = 0x02; - if (!pg_strong_random((char *) buf + 1, pad_len)) + if (!pg_strong_random(buf + 1, pad_len)) { px_free(buf); return PXE_NO_RANDOM; @@ -62,7 +61,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) { if (*p == 0) { - if (!pg_strong_random((char *) p, 1)) + if (!pg_strong_random(p, 1)) { px_memset(buf, 0, res_len); px_free(buf); @@ -78,10 +77,6 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) *res_p = buf; return 0; - -#else - return PXE_NO_RANDOM; -#endif } static int diff --git a/contrib/pgcrypto/pgp-s2k.c b/contrib/pgcrypto/pgp-s2k.c index a0fd8969efe..3f2f442ffcc 100644 --- a/contrib/pgcrypto/pgp-s2k.c +++ b/contrib/pgcrypto/pgp-s2k.c @@ -34,7 +34,6 @@ #include "px.h" #include "pgp.h" -#include "utils/backend_random.h" static int calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key, @@ -235,13 +234,13 @@ pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count) case PGP_S2K_SIMPLE: break; case PGP_S2K_SALTED: - if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT)) + if (!pg_strong_random(s2k->salt, PGP_S2K_SALT)) return PXE_NO_RANDOM; break; case PGP_S2K_ISALTED: - if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT)) + if (!pg_strong_random(s2k->salt, PGP_S2K_SALT)) return PXE_NO_RANDOM; - if (!pg_backend_random((char *) &tmp, 1)) + if (!pg_strong_random(&tmp, 1)) return PXE_NO_RANDOM; s2k->iter = decide_s2k_iter(tmp, count); break; diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c index ee40788fe71..51be0b7da17 100644 --- a/contrib/pgcrypto/px-crypt.c +++ b/contrib/pgcrypto/px-crypt.c @@ -34,7 +34,6 @@ #include "px.h" #include "px-crypt.h" -#include "utils/backend_random.h" static char * run_crypt_des(const char *psw, const char *salt, @@ -153,7 +152,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds) return PXE_BAD_SALT_ROUNDS; } - if (!pg_backend_random(rbuf, g->input_len)) + if (!pg_strong_random(rbuf, g->input_len)) return PXE_NO_RANDOM; p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN); diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index aea8e863af0..0f02fb56c4f 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -56,7 +56,7 @@ static const struct error_desc px_err_list[] = { {PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"}, {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"}, {PXE_MCRYPT_INTERNAL, "mcrypt internal error"}, - {PXE_NO_RANDOM, "No strong random source"}, + {PXE_NO_RANDOM, "Failed to generate strong random bits"}, {PXE_DECRYPT_FAILED, "Decryption failed"}, {PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"}, {PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"}, @@ -97,17 +97,9 @@ px_THROW_ERROR(int err) { if (err == PXE_NO_RANDOM) { -#ifdef HAVE_STRONG_RANDOM ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("could not generate a random number"))); -#else - ereport(ERROR, - (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), - errmsg("generating random data is not supported by this build"), - errdetail("This functionality requires a source of strong random numbers."), - errhint("You need to rebuild PostgreSQL using --enable-strong-random."))); -#endif } else { diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml index d3326ce182b..3c9544cc27c 100644 --- a/doc/src/sgml/installation.sgml +++ b/doc/src/sgml/installation.sgml @@ -245,8 +245,10 @@ su - postgres <listitem> <para> You need <productname>OpenSSL</productname>, if you want to support - encrypted client connections. The minimum required version is - 0.9.8. + encrypted client connections. <productname>OpenSSL</productname> is + also required for random number generation on platforms that do not + have <filename>/dev/urandom</filename> (except Windows). The minimum + version required is 0.9.8. </para> </listitem> @@ -1112,24 +1114,6 @@ su - postgres </varlistentry> <varlistentry> - <term><option>--disable-strong-random</option></term> - <listitem> - <para> - Allow the build to succeed even if <productname>PostgreSQL</productname> - has no support for strong random numbers on the platform. - A source of random numbers is needed for some authentication - protocols, as well as some routines in the - <xref linkend="pgcrypto"/> - module. <option>--disable-strong-random</option> disables functionality that - requires cryptographically strong random numbers, and substitutes - a weak pseudo-random-number-generator for the generation of - authentication salt values and query cancel keys. It may make - authentication less secure. - </para> - </listitem> - </varlistentry> - - <varlistentry> <term><option>--disable-thread-safety</option></term> <listitem> <para> diff --git a/doc/src/sgml/monitoring.sgml b/doc/src/sgml/monitoring.sgml index 96bcc3a63be..60a85a78981 100644 --- a/doc/src/sgml/monitoring.sgml +++ b/doc/src/sgml/monitoring.sgml @@ -849,7 +849,7 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser <tbody> <row> - <entry morerows="64"><literal>LWLock</literal></entry> + <entry morerows="63"><literal>LWLock</literal></entry> <entry><literal>ShmemIndexLock</literal></entry> <entry>Waiting to find or allocate space in shared memory.</entry> </row> @@ -1035,10 +1035,6 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser <entry>Waiting to read or update old snapshot control information.</entry> </row> <row> - <entry><literal>BackendRandomLock</literal></entry> - <entry>Waiting to generate a random number.</entry> - </row> - <row> <entry><literal>LogicalRepWorkerLock</literal></entry> <entry>Waiting for action on logical replication worker to finish.</entry> </row> diff --git a/src/Makefile.global.in b/src/Makefile.global.in index b47971edef5..4b6bab37dc9 100644 --- a/src/Makefile.global.in +++ b/src/Makefile.global.in @@ -203,7 +203,6 @@ enable_dtrace = @enable_dtrace@ enable_coverage = @enable_coverage@ enable_tap_tests = @enable_tap_tests@ enable_thread_safety = @enable_thread_safety@ -enable_strong_random = @enable_strong_random@ python_includespec = @python_includespec@ python_libdir = @python_libdir@ diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index 998818cbacc..26b4977acbe 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -65,7 +65,6 @@ #include "storage/reinit.h" #include "storage/smgr.h" #include "storage/spin.h" -#include "utils/backend_random.h" #include "utils/builtins.h" #include "utils/guc.h" #include "utils/memutils.h" @@ -5132,7 +5131,7 @@ BootStrapXLOG(void) * a genuine-looking password challenge for the non-existent user, in lieu * of an actual stored password. */ - if (!pg_backend_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN)) + if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN)) ereport(PANIC, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("could not generate secret authorization token"))); diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c index e997c946001..9a969a7029e 100644 --- a/src/backend/libpq/auth-scram.c +++ b/src/backend/libpq/auth-scram.c @@ -102,7 +102,6 @@ #include "libpq/crypt.h" #include "libpq/scram.h" #include "miscadmin.h" -#include "utils/backend_random.h" #include "utils/builtins.h" #include "utils/timestamp.h" @@ -468,7 +467,7 @@ pg_be_scram_build_verifier(const char *password) password = (const char *) prep_password; /* Generate random salt */ - if (!pg_backend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN)) + if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN)) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("could not generate random salt"))); @@ -1123,7 +1122,7 @@ build_server_first_message(scram_state *state) char raw_nonce[SCRAM_RAW_NONCE_LEN]; int encoded_len; - if (!pg_backend_random(raw_nonce, SCRAM_RAW_NONCE_LEN)) + if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN)) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("could not generate random nonce"))); diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index ff0832dba8b..0c2ca39d1bd 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -36,7 +36,6 @@ #include "port/pg_bswap.h" #include "replication/walsender.h" #include "storage/ipc.h" -#include "utils/backend_random.h" #include "utils/timestamp.h" @@ -835,7 +834,7 @@ CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail) errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled"))); /* include the salt to use for computing the response */ - if (!pg_backend_random(md5Salt, 4)) + if (!pg_strong_random(md5Salt, 4)) { ereport(LOG, (errmsg("could not generate random MD5 salt"))); @@ -3036,7 +3035,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por /* Construct RADIUS packet */ packet->code = RADIUS_ACCESS_REQUEST; packet->length = RADIUS_HEADER_LENGTH; - if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH)) + if (!pg_strong_random(packet->vector, RADIUS_VECTOR_LENGTH)) { ereport(LOG, (errmsg("could not generate random encryption vector"))); diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 2d5a0ac7d3b..406cc2cf2d4 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -367,16 +367,6 @@ static volatile sig_atomic_t WalReceiverRequested = false; static volatile bool StartWorkerNeeded = true; static volatile bool HaveCrashedWorker = false; -#ifndef HAVE_STRONG_RANDOM -/* - * State for assigning cancel keys. - * Also, the global MyCancelKey passes the cancel key assigned to a given - * backend from the postmaster to that backend (via fork). - */ -static unsigned int random_seed = 0; -static struct timeval random_start_time; -#endif - #ifdef USE_SSL /* Set when and if SSL has been initialized properly */ static bool LoadedSSL = false; @@ -1361,10 +1351,6 @@ PostmasterMain(int argc, char *argv[]) * Remember postmaster startup time */ PgStartTime = GetCurrentTimestamp(); -#ifndef HAVE_STRONG_RANDOM - /* RandomCancelKey wants its own copy */ - gettimeofday(&random_start_time, NULL); -#endif /* * Report postmaster status in the postmaster.pid file, to allow pg_ctl to @@ -2532,26 +2518,11 @@ InitProcessGlobals(void) MyStartTime = timestamptz_to_time_t(MyStartTimestamp); /* - * Don't want backend to be able to see the postmaster random number - * generator state. We have to clobber the static random_seed. - */ -#ifndef HAVE_STRONG_RANDOM - random_seed = 0; - random_start_time.tv_usec = 0; -#endif - - /* * Set a different seed for random() in every process. We want something * unpredictable, so if possible, use high-quality random bits for the * seed. Otherwise, fall back to a seed based on timestamp and PID. - * - * Note we can't use pg_backend_random here, since this is used in the - * postmaster, and even in a backend we might not be attached to shared - * memory yet. */ -#ifdef HAVE_STRONG_RANDOM if (!pg_strong_random(&rseed, sizeof(rseed))) -#endif { /* * Since PIDs and timestamps tend to change more frequently in their @@ -5256,38 +5227,7 @@ StartupPacketTimeoutHandler(void) static bool RandomCancelKey(int32 *cancel_key) { -#ifdef HAVE_STRONG_RANDOM - return pg_strong_random((char *) cancel_key, sizeof(int32)); -#else - - /* - * If built with --disable-strong-random, use plain old erand48. - * - * We cannot use pg_backend_random() in postmaster, because it stores its - * state in shared memory. - */ - static unsigned short seed[3]; - - /* - * Select a random seed at the time of first receiving a request. - */ - if (random_seed == 0) - { - struct timeval random_stop_time; - - gettimeofday(&random_stop_time, NULL); - - seed[0] = (unsigned short) random_start_time.tv_usec; - seed[1] = (unsigned short) (random_stop_time.tv_usec) ^ (random_start_time.tv_usec >> 16); - seed[2] = (unsigned short) (random_stop_time.tv_usec >> 16); - - random_seed = 1; - } - - *cancel_key = pg_jrand48(seed); - - return true; -#endif + return pg_strong_random(cancel_key, sizeof(int32)); } /* diff --git a/src/backend/storage/ipc/ipci.c b/src/backend/storage/ipc/ipci.c index 0c86a581c03..473513a9272 100644 --- a/src/backend/storage/ipc/ipci.c +++ b/src/backend/storage/ipc/ipci.c @@ -44,7 +44,6 @@ #include "storage/procsignal.h" #include "storage/sinvaladt.h" #include "storage/spin.h" -#include "utils/backend_random.h" #include "utils/snapmgr.h" @@ -149,7 +148,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port) size = add_size(size, BTreeShmemSize()); size = add_size(size, SyncScanShmemSize()); size = add_size(size, AsyncShmemSize()); - size = add_size(size, BackendRandomShmemSize()); #ifdef EXEC_BACKEND size = add_size(size, ShmemBackendArraySize()); #endif @@ -269,7 +267,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port) BTreeShmemInit(); SyncScanShmemInit(); AsyncShmemInit(); - BackendRandomShmemInit(); #ifdef EXEC_BACKEND diff --git a/src/backend/storage/lmgr/lwlocknames.txt b/src/backend/storage/lmgr/lwlocknames.txt index e6025ecedb3..db478432291 100644 --- a/src/backend/storage/lmgr/lwlocknames.txt +++ b/src/backend/storage/lmgr/lwlocknames.txt @@ -47,6 +47,5 @@ CommitTsLock 39 ReplicationOriginLock 40 MultiXactTruncationLock 41 OldSnapshotTimeMapLock 42 -BackendRandomLock 43 -LogicalRepWorkerLock 44 -CLogTruncationLock 45 +LogicalRepWorkerLock 43 +CLogTruncationLock 44 diff --git a/src/backend/utils/adt/float.c b/src/backend/utils/adt/float.c index add099ec9dc..1407f9612ca 100644 --- a/src/backend/utils/adt/float.c +++ b/src/backend/utils/adt/float.c @@ -24,7 +24,6 @@ #include "libpq/pqformat.h" #include "miscadmin.h" #include "utils/array.h" -#include "utils/backend_random.h" #include "utils/float.h" #include "utils/fmgrprotos.h" #include "utils/sortsupport.h" @@ -2393,7 +2392,7 @@ drandom(PG_FUNCTION_ARGS) * Should that fail for some reason, we fall back on a lower-quality * seed based on current time and PID. */ - if (!pg_backend_random((char *) drandom_seed, sizeof(drandom_seed))) + if (!pg_strong_random(drandom_seed, sizeof(drandom_seed))) { TimestampTz now = GetCurrentTimestamp(); uint64 iseed; diff --git a/src/backend/utils/misc/Makefile b/src/backend/utils/misc/Makefile index a53fcdf1889..ec7ec131e5a 100644 --- a/src/backend/utils/misc/Makefile +++ b/src/backend/utils/misc/Makefile @@ -14,9 +14,9 @@ include $(top_builddir)/src/Makefile.global override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS) -OBJS = backend_random.o guc.o help_config.o pg_config.o pg_controldata.o \ - pg_rusage.o ps_status.o queryenvironment.o rls.o sampling.o \ - superuser.o timeout.o tzparser.o +OBJS = guc.o help_config.o pg_config.o pg_controldata.o pg_rusage.o \ + ps_status.o queryenvironment.o rls.o sampling.o superuser.o \ + timeout.o tzparser.o # This location might depend on the installation directories. Therefore # we can't substitute it into pg_config.h. diff --git a/src/backend/utils/misc/backend_random.c b/src/backend/utils/misc/backend_random.c deleted file mode 100644 index a64f3ac3980..00000000000 --- a/src/backend/utils/misc/backend_random.c +++ /dev/null @@ -1,158 +0,0 @@ -/*------------------------------------------------------------------------- - * - * backend_random.c - * Backend random number generation routine. - * - * pg_backend_random() function fills a buffer with random bytes. Normally, - * it is just a thin wrapper around pg_strong_random(), but when compiled - * with --disable-strong-random, we provide a built-in implementation. - * - * This function is used for generating nonces in authentication, and for - * random salt generation in pgcrypto. The built-in implementation is not - * cryptographically strong, but if the user asked for it, we'll go ahead - * and use it anyway. - * - * The built-in implementation uses the standard erand48 algorithm, with - * a seed shared between all backends. - * - * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group - * Portions Copyright (c) 1994, Regents of the University of California - * - * - * IDENTIFICATION - * src/backend/utils/misc/backend_random.c - * - *------------------------------------------------------------------------- - */ - -#include "postgres.h" - -#include <sys/time.h> - -#include "miscadmin.h" -#include "storage/lwlock.h" -#include "storage/shmem.h" -#include "utils/backend_random.h" -#include "utils/timestamp.h" - -#ifdef HAVE_STRONG_RANDOM - -Size -BackendRandomShmemSize(void) -{ - return 0; -} - -void -BackendRandomShmemInit(void) -{ - /* do nothing */ -} - -bool -pg_backend_random(char *dst, int len) -{ - /* should not be called in postmaster */ - Assert(IsUnderPostmaster || !IsPostmasterEnvironment); - - return pg_strong_random(dst, len); -} - -#else - -/* - * Seed for the PRNG, stored in shared memory. - * - * Protected by BackendRandomLock. - */ -typedef struct -{ - bool initialized; - unsigned short seed[3]; -} BackendRandomShmemStruct; - -static BackendRandomShmemStruct * BackendRandomShmem; - -Size -BackendRandomShmemSize(void) -{ - return sizeof(BackendRandomShmemStruct); -} - -void -BackendRandomShmemInit(void) -{ - bool found; - - BackendRandomShmem = (BackendRandomShmemStruct *) - ShmemInitStruct("Backend PRNG state", - BackendRandomShmemSize(), - &found); - - if (!IsUnderPostmaster) - { - Assert(!found); - - BackendRandomShmem->initialized = false; - } - else - Assert(found); -} - -bool -pg_backend_random(char *dst, int len) -{ - int i; - char *end = dst + len; - - /* should not be called in postmaster */ - Assert(IsUnderPostmaster || !IsPostmasterEnvironment); - - LWLockAcquire(BackendRandomLock, LW_EXCLUSIVE); - - /* - * Seed the PRNG on the first use. - */ - if (!BackendRandomShmem->initialized) - { - struct timeval now; - - gettimeofday(&now, NULL); - - BackendRandomShmem->seed[0] = now.tv_sec; - BackendRandomShmem->seed[1] = (unsigned short) (now.tv_usec); - BackendRandomShmem->seed[2] = (unsigned short) (now.tv_usec >> 16); - - /* - * Mix in the cancel key, generated by the postmaster. This adds what - * little entropy the postmaster had to the seed. - */ - BackendRandomShmem->seed[0] ^= (MyCancelKey); - BackendRandomShmem->seed[1] ^= (MyCancelKey >> 16); - - BackendRandomShmem->initialized = true; - } - - for (i = 0; dst < end; i++) - { - uint32 r; - int j; - - /* - * pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from it. - */ - r = (uint32) pg_jrand48(BackendRandomShmem->seed); - - for (j = 0; j < 4 && dst < end; j++) - { - *(dst++) = (char) (r & 0xFF); - r >>= 8; - } - } - LWLockRelease(BackendRandomLock); - - return true; -} - - -#endif /* HAVE_STRONG_RANDOM */ diff --git a/src/bin/pgbench/pgbench.c b/src/bin/pgbench/pgbench.c index c64e16187ad..f3f4ac3e3c2 100644 --- a/src/bin/pgbench/pgbench.c +++ b/src/bin/pgbench/pgbench.c @@ -4844,13 +4844,9 @@ set_random_seed(const char *seed) else if (strcmp(seed, "rand") == 0) { /* use some "strong" random source */ -#ifdef HAVE_STRONG_RANDOM if (!pg_strong_random(&iseed, sizeof(iseed))) -#endif { - fprintf(stderr, - "cannot seed random from a strong source, none available: " - "use \"time\" or an unsigned integer value.\n"); + fprintf(stderr, "could not generate random seed.\n"); return false; } } diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 76bd81e9bf2..9d99816eae9 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -552,9 +552,6 @@ /* Define to 1 if you have the `strnlen' function. */ #undef HAVE_STRNLEN -/* Define to use have a strong random number source */ -#undef HAVE_STRONG_RANDOM - /* Define to 1 if you have the `strsignal' function. */ #undef HAVE_STRSIGNAL diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32 index de0c4d9997b..1a89a8c24e2 100644 --- a/src/include/pg_config.h.win32 +++ b/src/include/pg_config.h.win32 @@ -412,9 +412,6 @@ /* Define to 1 if you have the <string.h> header file. */ #define HAVE_STRING_H 1 -/* Define to use have a strong random number source */ -#define HAVE_STRONG_RANDOM 1 - /* Define to 1 if you have the `strsignal' function. */ /* #undef HAVE_STRSIGNAL */ diff --git a/src/include/port.h b/src/include/port.h index 570a9052a28..ebf9d55979d 100644 --- a/src/include/port.h +++ b/src/include/port.h @@ -498,9 +498,12 @@ extern char *inet_net_ntop(int af, const void *src, int bits, char *dst, size_t size); /* port/pg_strong_random.c */ -#ifdef HAVE_STRONG_RANDOM extern bool pg_strong_random(void *buf, size_t len); -#endif +/* + * pg_backend_random used to be a wrapper for pg_strong_random before + * Postgres 12 for the backend code. + */ +#define pg_backend_random pg_strong_random /* port/pgcheckdir.c */ extern int pg_check_dir(const char *dir); diff --git a/src/include/utils/backend_random.h b/src/include/utils/backend_random.h deleted file mode 100644 index 99ea2cb9fb5..00000000000 --- a/src/include/utils/backend_random.h +++ /dev/null @@ -1,19 +0,0 @@ -/*------------------------------------------------------------------------- - * - * backend_random.h - * Declarations for backend random number generation - * - * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group - * - * src/include/utils/backend_random.h - * - *------------------------------------------------------------------------- - */ -#ifndef BACKEND_RANDOM_H -#define BACKEND_RANDOM_H - -extern Size BackendRandomShmemSize(void); -extern void BackendRandomShmemInit(void); -extern bool pg_backend_random(char *dst, int len); - -#endif /* BACKEND_RANDOM_H */ diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c index 603ef4c0020..6f9e6789d56 100644 --- a/src/interfaces/libpq/fe-auth-scram.c +++ b/src/interfaces/libpq/fe-auth-scram.c @@ -19,11 +19,6 @@ #include "common/scram-common.h" #include "fe-auth.h" -/* These are needed for getpid(), in the fallback implementation */ -#ifndef HAVE_STRONG_RANDOM -#include <sys/types.h> -#include <unistd.h> -#endif /* * Status of exchange messages used for SCRAM authentication via the @@ -72,7 +67,6 @@ static bool verify_server_signature(fe_scram_state *state); static void calculate_client_proof(fe_scram_state *state, const char *client_final_message_without_proof, uint8 *result); -static bool pg_frontend_random(char *dst, int len); /* * Initialize SCRAM exchange status. @@ -320,7 +314,7 @@ build_client_first_message(fe_scram_state *state) * Generate a "raw" nonce. This is converted to ASCII-printable form by * base64-encoding it. */ - if (!pg_frontend_random(raw_nonce, SCRAM_RAW_NONCE_LEN)) + if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN)) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("could not generate nonce\n")); @@ -764,7 +758,7 @@ pg_fe_scram_build_verifier(const char *password) password = (const char *) prep_password; /* Generate a random salt */ - if (!pg_frontend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN)) + if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN)) { if (prep_password) free(prep_password); @@ -779,55 +773,3 @@ pg_fe_scram_build_verifier(const char *password) return result; } - -/* - * Random number generator. - */ -static bool -pg_frontend_random(char *dst, int len) -{ -#ifdef HAVE_STRONG_RANDOM - return pg_strong_random(dst, len); -#else - int i; - char *end = dst + len; - - static unsigned short seed[3]; - static int mypid = 0; - - pglock_thread(); - - if (mypid != getpid()) - { - struct timeval now; - - gettimeofday(&now, NULL); - - seed[0] = now.tv_sec ^ getpid(); - seed[1] = (unsigned short) (now.tv_usec); - seed[2] = (unsigned short) (now.tv_usec >> 16); - } - - for (i = 0; dst < end; i++) - { - uint32 r; - int j; - - /* - * pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from - * it. - */ - r = (uint32) pg_jrand48(seed); - - for (j = 0; j < 4 && dst < end; j++) - { - *(dst++) = (char) (r & 0xFF); - r >>= 8; - } - } - - pgunlock_thread(); - - return true; -#endif -} diff --git a/src/port/Makefile b/src/port/Makefile index ae3f973ae14..9cfc0f92796 100644 --- a/src/port/Makefile +++ b/src/port/Makefile @@ -37,14 +37,10 @@ LIBS += $(PTHREAD_LIBS) OBJS = $(LIBOBJS) $(PG_CRC32C_OBJS) chklocale.o erand48.o inet_net_ntop.o \ noblock.o path.o pgcheckdir.o pgmkdirp.o pgsleep.o \ - pgstrcasecmp.o pgstrsignal.o pqsignal.o \ + pg_strong_random.o pgstrcasecmp.o pgstrsignal.o pqsignal.o \ qsort.o qsort_arg.o quotes.o snprintf.o sprompt.o strerror.o \ tar.o thread.o -ifeq ($(enable_strong_random), yes) -OBJS += pg_strong_random.o -endif - # libpgport.a, libpgport_shlib.a, and libpgport_srv.a contain the same files # foo.o, foo_shlib.o, and foo_srv.o are all built from foo.c OBJS_SHLIB = $(OBJS:%.o=%_shlib.o) |