On 18 July 2018 at 14:01, Michael Paquier wrote:
> Thanks for the updated version. This looks safer to me. It is possible
> to simplify the code by removing the external RAND_status() call and
> check for RAND_status() first in the loop as per the attached.
OK, thanks.
Barring any further
On Wed, Jul 18, 2018 at 10:14:56AM +0100, Dean Rasheed wrote:
> OK, I guess that it is possible that an older version of OpenSSL
> requires RAND_poll() to be called multiple times. Here's an updated
> patch doing that (with up to 8 retries, based on the old OpenSSL
> code).
Thanks for the updated
On 18 July 2018 at 03:17, Michael Paquier wrote:
>> [1] https://wiki.openssl.org/index.php/Random_Numbers
>
> This quote from the wiki is scary so that's not quite clean either for
> Windows:
> "Be careful when deferring to RAND_poll on some Unix systems because it
> does not seed the generator.
On Tue, Jul 17, 2018 at 02:28:14PM +0100, Dean Rasheed wrote:
> From what I understand from here [1], some parts of OpenSSL call
> RAND_poll() once on initialisation, and that's enough to get the PRNG
> going. It's not obvious that calling it multiple times would have any
> benefit.
>
> They also
On Tue, Jul 17, 2018 at 01:31:01PM -0400, Robert Haas wrote:
> On Tue, Jul 17, 2018 at 1:27 PM, Alvaro Herrera
> wrote:
>> On 2018-Jul-17, Robert Haas wrote:
>>> On Tue, Jul 17, 2018 at 8:33 AM, Dean Rasheed
>>> wrote:
if (RAND_status() == 0)
RAND_poll();
>>>
>>> Looks like a
On Tue, Jul 17, 2018 at 1:27 PM, Alvaro Herrera
wrote:
> On 2018-Jul-17, Robert Haas wrote:
>
>> On Tue, Jul 17, 2018 at 8:33 AM, Dean Rasheed
>> wrote:
>> > if (RAND_status() == 0)
>> > RAND_poll();
>>
>> Looks like a recipe for an infinite loop. At least, I think we ought
>> to have a
On 2018-Jul-17, Robert Haas wrote:
> On Tue, Jul 17, 2018 at 8:33 AM, Dean Rasheed
> wrote:
> > if (RAND_status() == 0)
> > RAND_poll();
>
> Looks like a recipe for an infinite loop. At least, I think we ought
> to have a CHECK_FOR_INTERRUPTS() in that loop.
What loop?
--
Álvaro
On Tue, Jul 17, 2018 at 8:33 AM, Dean Rasheed wrote:
> if (RAND_status() == 0)
> RAND_poll();
Looks like a recipe for an infinite loop. At least, I think we ought
to have a CHECK_FOR_INTERRUPTS() in that loop.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise
On 17 July 2018 at 14:04, Michael Paquier wrote:
> On Tue, Jul 17, 2018 at 01:33:11PM +0100, Dean Rasheed wrote:
>> Looking for precedents elsewhere, I found [2] which does exactly that,
>> although I'm slightly dubious about the need for the for-loop there. I
>> also found a thread [3], which
On Tue, Jul 17, 2018 at 01:33:11PM +0100, Dean Rasheed wrote:
> Looking for precedents elsewhere, I found [2] which does exactly that,
> although I'm slightly dubious about the need for the for-loop there. I
> also found a thread [3], which recommends simply doing
>
> if (RAND_status() == 0)
>
Last week I upgraded 15 servers from various pre-10 versions to 10.4.
At first everything looked OK, but then (around 4 days later) one of
them failed with this in the logs:
2018-07-14 01:53:35.840 BST LOG: could not generate random cancel key
2018-07-14 01:53:37.233 BST LOG: could not
11 matches
Mail list logo
