Skip site navigation (1) Skip section navigation (2)

Re: pgcrypto seeding problem when ssl=on

From: Marko Kreen <markokr(at)gmail(dot)com>
To: Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Postgres Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pgcrypto seeding problem when ssl=on
Date: 2013-01-13 21:50:10
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Fri, Dec 21, 2012 at 10:27 PM, Noah Misch <noah(at)leadboat(dot)com> wrote:
> How about instead calling RAND_cleanup() after each backend fork?

Attached is a patch that adds RAND_cleanup() to fork_process().
That way all forked processes start with fresh state.  This should
make sure the problem does not happen in any processes
forked by postmaster.

Please backpatch.


Alternative is to put RAND_cleanup() to BackendInitialize() so only
new backends start with fresh state.

Another alternative is to put RAND_cleanup() after SSL_accept(),
that way core code sees no change, but other OpenSSL users
in backend operate securely.


Attachment: rand_cleanup.diff
Description: application/octet-stream (637 bytes)

In response to


pgsql-hackers by date

Next:From: Tom LaneDate: 2013-01-13 22:46:12
Subject: Re: pgcrypto seeding problem when ssl=on
Previous:From: Tom LaneDate: 2013-01-13 21:43:28
Subject: Re: count(*) of zero rows returns 1

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group