From 8d8d0216fc033c5576dd7cf55f442486dffc8cdc Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Tue, 21 Jul 2020 14:01:11 +0200 Subject: [PATCH 2/2] Remove optimization for RAND_poll failing The loop to generate seed data will exit on RAND_status so we don't need to handle the case of RAND_poll failing separately. --- src/port/pg_strong_random.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c index eed8b87808..d3b4689f4f 100644 --- a/src/port/pg_strong_random.c +++ b/src/port/pg_strong_random.c @@ -109,6 +109,10 @@ pg_strong_random(void *buf, size_t len) * Check that OpenSSL's CSPRNG has been sufficiently seeded, and if not * add more seed data using RAND_poll(). With some older versions of * OpenSSL, it may be necessary to call RAND_poll() a number of times. + * If RAND_poll() fails to generate seed data within the given amount of + * retries, subsequent RAND_bytes() calls will fail but we allow that to + * happen to let pg_strong_random callers handle that with appropriate + * error handling. */ #define NUM_RAND_POLL_RETRIES 8 @@ -120,16 +124,7 @@ pg_strong_random(void *buf, size_t len) break; } - if (RAND_poll() == 0) - { - /* - * RAND_poll() failed to generate any seed data, which means that - * RAND_bytes() will probably fail. For now, just fall through - * and let that happen. XXX: maybe we could seed it some other - * way. - */ - break; - } + RAND_poll(); } if (RAND_bytes(buf, len) == 1) -- 2.21.1 (Apple Git-122.3)