On Tue, Jul 17, 2018 at 01:33:11PM +0100, Dean Rasheed wrote:
> Looking for precedents elsewhere, I found [2] which does exactly that,
> although I'm slightly dubious about the need for the for-loop there. I
> also found a thread [3], which recommends simply doing
>
> if (RAND_status() == 0)
> RAND_poll();
>
> which seems preferable. Attached is a patch to do this in pg_strong_random().
Checking for the return result of RAND_poll() would also be good thing
to do. From what I read in OpenSSL code it could fail as well, and
we could combine that with a loop attempted to feed the machinery a
decided amount of times, just failing after successive failures.
--
Michael