From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PG 10: could not generate random cancel key |
Date: | 2018-07-18 02:17:06 |
Message-ID: | 20180718021706.GI2998@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Jul 17, 2018 at 02:28:14PM +0100, Dean Rasheed wrote:
> From what I understand from here [1], some parts of OpenSSL call
> RAND_poll() once on initialisation, and that's enough to get the PRNG
> going. It's not obvious that calling it multiple times would have any
> benefit.
>
> They also don't appear to bother checking the return code from
> RAND_poll() [2]. If it did fail, there'd not be much you could do
> anyway, so you might as well just let it continue and let RAND_bytes()
> fail. In fact it may even be possible for RAND_poll() to fail, but
> just do enough to cause RAND_bytes() to succeed.
>
> [1] https://wiki.openssl.org/index.php/Random_Numbers
This quote from the wiki is scary so that's not quite clean either for
Windows:
"Be careful when deferring to RAND_poll on some Unix systems because it
does not seed the generator. See the code guarded with
OPENSSL_SYS_VXWORKS in rand_unix.c. Additionally, RAND_poll can have
negative interactions on newer Windows platforms, so your program could
hang or crash depending on the potential issue. See Windows Issues
below."
> [2] https://github.com/benvanik/openssl/blob/master/openssl/crypto/rand/md_rand.c
This repository is outdated, on OpenSSL HEAD I am seeing this used only
in rand_win.c. And this commit is sort of interesting because there was
a retry loop done with RAND_poll(). Please see this one:
commit: c16de9d8329d41a2433d0f273c080d9d06ad7a87
author: Dr. Matthias St. Pierre <Matthias(dot)St(dot)Pierre(at)ncp-e(dot)com>
date: Thu, 31 Aug 2017 23:16:22 +0200
committer: Ben Kaduk <kaduk(at)mit(dot)edu>
date: Wed, 18 Oct 2017 08:39:20 -0500
Fix reseeding issues of the public RAND_DRBG
apps/ocsp.c also has the wisdom to check for a failure on RAND_poll().
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2018-07-18 02:23:58 | Re: "Write amplification" is made worse by "getting tired" while inserting into nbtree secondary indexes (Was: Why B-Tree suffix truncation matters) |
Previous Message | Thomas Munro | 2018-07-18 02:02:47 | Re: [HACKERS] PATCH: Keep one postmaster monitoring pipe per process |