mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove configure switch --disable-strong-random

Browse Source 
This removes a portion of infrastructure introduced by fe0a0b5 to allow
compilation of Postgres in environments where no strong random source is
available, meaning that there is no linking to OpenSSL and no
/dev/urandom (Windows having its own CryptoAPI).  No systems shipped
this century lack /dev/urandom, and the buildfarm is actually not
testing this switch at all, so just remove it.  This simplifies
particularly some backend code which included a fallback implementation
using shared memory, and removes a set of alternate regression output
files from pgcrypto.

Author: Michael Paquier
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/20181230063219.GG608@paquier.xyz
This commit is contained in:
Michael Paquier 2019-01-01 20:05:51 +09:00
parent d880b208e5
commit 1707a0d2aa
32 changed files with 60 additions and 1183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
configure vendored
View File

@ -761,7 +761,6 @@ GENHTML
LCOV
GCOV
enable_debug
enable_strong_random
enable_rpath
default_port
WANTED_LANGUAGES
@ -829,7 +828,6 @@ with_pgport
enable_rpath
enable_spinlocks
enable_atomics
enable_strong_random
enable_debug
enable_profiling
enable_coverage
@ -1512,7 +1510,6 @@ Optional Features:
executables
--disable-spinlocks do not use spinlocks
--disable-atomics do not use atomic operations
--disable-strong-random do not use a strong random number source
--enable-debug build with debugging symbols (-g)
--enable-profiling build with profiling enabled
--enable-coverage build with coverage testing instrumentation
@ -3272,34 +3269,6 @@ fi
#
# Random number generation
#
# Check whether --enable-strong-random was given.
if test "${enable_strong_random+set}" = set; then :
enableval=$enable_strong_random;
case $enableval in
yes)
:
;;
no)
:
;;
*)
as_fn_error $? "no argument expected for --enable-strong-random option" "$LINENO" 5
;;
esac
else
enable_strong_random=yes
fi
#
# --enable-debug adds -g to compiler flags
#
@ -17937,7 +17906,7 @@ fi
# in the template or configure command line.
# If not selected manually, try to select a source automatically.
if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
if test x"$with_openssl" = x"yes" ; then
USE_OPENSSL_RANDOM=1
elif test "$PORTNAME" = "win32" ; then
@ -17971,42 +17940,28 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
$as_echo_n "checking which random number source to use... " >&6; }
if test "$enable_strong_random" = yes ; then
if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
$as_echo "#define USE_OPENSSL_RANDOM 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
$as_echo "OpenSSL" >&6; }
elif test x"$USE_WIN32_RANDOM" = x"1" ; then
elif test x"$USE_WIN32_RANDOM" = x"1" ; then
$as_echo "#define USE_WIN32_RANDOM 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
$as_echo "Windows native" >&6; }
elif test x"$USE_DEV_URANDOM" = x"1" ; then
elif test x"$USE_DEV_URANDOM" = x"1" ; then
$as_echo "#define USE_DEV_URANDOM 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
$as_echo "/dev/urandom" >&6; }
else
as_fn_error $? "
no source of strong random numbers was found
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,
for authentication protocols. You can use --disable-strong-random to use a
built-in pseudo random number generator, but that may be insecure." "$LINENO" 5
fi
$as_echo "#define HAVE_STRONG_RANDOM 1" >>confdefs.h
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: weak builtin PRNG" >&5
$as_echo "weak builtin PRNG" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
*** Not using a strong random number source may be insecure." >&5
$as_echo "$as_me: WARNING:
*** Not using a strong random number source may be insecure." >&2;}
as_fn_error $? "
no source of strong random numbers was found
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers." "$LINENO" 5
fi
# If not set in template file, set bytes to use libc memset()

42
configure.in
View File

@ -193,13 +193,6 @@ PGAC_ARG_BOOL(enable, spinlocks, yes,
PGAC_ARG_BOOL(enable, atomics, yes,
[do not use atomic operations])
#
# Random number generation
#
PGAC_ARG_BOOL(enable, strong-random, yes,
[do not use a strong random number source])
AC_SUBST(enable_strong_random)
#
# --enable-debug adds -g to compiler flags
#
@ -2151,7 +2144,7 @@ fi
# in the template or configure command line.
# If not selected manually, try to select a source automatically.
if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
if test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then
if test x"$with_openssl" = x"yes" ; then
USE_OPENSSL_RANDOM=1
elif test "$PORTNAME" = "win32" ; then
@ -2166,28 +2159,19 @@ if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" &&
fi
AC_MSG_CHECKING([which random number source to use])
if test "$enable_strong_random" = yes ; then
if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])
AC_MSG_RESULT([OpenSSL])
elif test x"$USE_WIN32_RANDOM" = x"1" ; then
AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])
AC_MSG_RESULT([Windows native])
elif test x"$USE_DEV_URANDOM" = x"1" ; then
AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])
AC_MSG_RESULT([/dev/urandom])
else
AC_MSG_ERROR([
no source of strong random numbers was found
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,
for authentication protocols. You can use --disable-strong-random to use a
built-in pseudo random number generator, but that may be insecure.])
fi
AC_DEFINE(HAVE_STRONG_RANDOM, 1, [Define to use have a strong random number source])
if test x"$USE_OPENSSL_RANDOM" = x"1" ; then
AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])
AC_MSG_RESULT([OpenSSL])
elif test x"$USE_WIN32_RANDOM" = x"1" ; then
AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])
AC_MSG_RESULT([Windows native])
elif test x"$USE_DEV_URANDOM" = x"1" ; then
AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])
AC_MSG_RESULT([/dev/urandom])
else
AC_MSG_RESULT([weak builtin PRNG])
AC_MSG_WARN([
*** Not using a strong random number source may be insecure.])
AC_MSG_ERROR([
no source of strong random numbers was found
PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers.])
fi
# If not set in template file, set bytes to use libc memset()

42
contrib/pgcrypto/expected/pgp-compression_1.out
View File

@ -1,42 +0,0 @@
--
-- PGP compression support
--
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
ww0ECQMCsci6AdHnELlh0kQB4jFcVwHMJg0Bulop7m3Mi36s15TAhBo0AnzIrRFrdLVCkKohsS6+
DMcmR53SXfLoDJOv/M8uKj3QSq7oWNIp95pxfA==
=tbSn
-----END PGP MESSAGE-----
'), 'key', 'expect-compress-algo=1');
pgp_sym_decrypt
-----------------
Secret message
(1 row)
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=0'),
'key', 'expect-compress-algo=0');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=1'),
'key', 'expect-compress-algo=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=2'),
'key', 'expect-compress-algo=2');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- level=0 should turn compression off
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key',
'compress-algo=2, compress-level=0'),
'key', 'expect-compress-algo=0');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.

424
contrib/pgcrypto/expected/pgp-decrypt_1.out
View File

@ -1,424 +0,0 @@
--
-- pgp_descrypt tests
--
-- Checking ciphers
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.blowfish.sha1.mdc.s2k3.z0
jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
=JcP+
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
UTAsG35A1vYs02VARKzGz6xI2UHwFUirP+brPBg3Ee7muOx8pA==
=XtrP
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes192.sha1.mdc.s2k3.z0
jA0ECAMCI7YQpWqp3D1g0kQBCjB7GlX7+SQeXNleXeXQ78ZAPNliquGDq9u378zI
5FPTqAhIB2/2fjY8QEIs1ai00qphjX2NitxV/3Wn+6dufB4Q4g==
=rCZt
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes256.sha1.mdc.s2k3.z0
jA0ECQMC4f/5djqCC1Rg0kQBTHEPsD+Sw7biBsM2er3vKyGPAQkuTBGKC5ie7hT/
lceMfQdbAg6oTFyJpk/wH18GzRDphCofg0X8uLgkAKMrpcmgog==
=fB6S
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
-- Checking MDC modes
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.nomdc.s2k3.z0
jA0EBwMCnv07rlXqWctgyS2Dm2JfOKCRL4sLSLJUC8RS2cH7cIhKSuLitOtyquB+
u9YkgfJfsuRJmgQ9tmo=
=60ui
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCEeP3idNjQ1Bg0kQBf4G0wX+2QNzLh2YNwYkQgQkfYhn/hLXjV4nK9nsE
8Ex1Dsdt5UPvOz8W8VKQRS6loOfOe+yyXil8W3IYFwUpdDUi+Q==
=moGf
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
-- Checking hashes
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.md5.mdc.s2k3.z0
jA0EBwMClrXXtOXetohg0kQBn0Kl1ymevQZRHkdoYRHgzCwSQEiss7zYff2UNzgO
KyRrHf7zEBuZiZ2AG34jNVMOLToj1jJUg5zTSdecUzQVCykWTA==
=NyLk
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCApbdlrURoWJg0kQBzHM/E0o7djY82bNuspjxjAcPFrrtp0uvDdMQ4z2m
/PM8jhgI5vxFYfNQjLl8y3fHYIomk9YflN9K/Q13iq8A8sjeTw==
=FxbQ
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
-- Checking S2K modes
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k0.z0
jAQEBwAC0kQBKTaLAKE3xzps+QIZowqRNb2eAdzBw2LxEW2YD5PgNlbhJdGg+dvw
Ah9GXjGS1TVALzTImJbz1uHUZRfhJlFbc5yGQw==
=YvkV
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k1.z0
jAwEBwEC/QTByBLI3b/SRAHPxKzI6SZBo5lAEOD+EsvKQWO4adL9tDY+++Iqy1xK
4IaWXVKEj9R2Lr2xntWWMGZtcKtjD2lFFRXXd9dZp1ZThNDz
=dbXm
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCEq4Su3ZqNEJg0kQB4QG5jBTKF0i04xtH+avzmLhstBNRxvV3nsmB3cwl
z+9ZaA/XdSx5ZiFnMym8P6r8uY9rLjjNptvvRHlxIReF+p9MNg==
=VJKg
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes192.sha1.mdc.s2k0.z0
jAQECAAC0kQBBDnQWkgsx9YFaqDfWmpsiyAJ6y2xG/sBvap1dySYEMuZ+wJTXQ9E
Cr3i2M7TgVZ0M4jp4QL0adG1lpN5iK7aQeOwMw==
=cg+i
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes192.sha1.mdc.s2k1.z0
jAwECAECruOfyNDFiTnSRAEVoGXm4A9UZKkWljdzjEO/iaE7mIraltIpQMkiqCh9
7h8uZ2u9uRBOv222fZodGvc6bvq/4R4hAa/6qSHtm8mdmvGt
=aHmC
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes192.sha1.mdc.s2k3.z0
jA0ECAMCjFn6SRi3SONg0kQBqtSHPaD0m7rXfDAhCWU/ypAsI93GuHGRyM99cvMv
q6eF6859ZVnli3BFSDSk3a4e/pXhglxmDYCfjAXkozKNYLo6yw==
=K0LS
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes256.sha1.mdc.s2k0.z0
jAQECQAC0kQB4L1eMbani07XF2ZYiXNK9LW3v8w41oUPl7dStmrJPQFwsdxmrDHu
rQr3WbdKdY9ufjOE5+mXI+EFkSPrF9rL9NCq6w==
=RGts
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes256.sha1.mdc.s2k1.z0
jAwECQECKHhrou7ZOIXSRAHWIVP+xjVQcjAVBTt+qh9SNzYe248xFTwozkwev3mO
+KVJW0qhk0An+Y2KF99/bYFl9cL5D3Tl43fC8fXGl3x3m7pR
=SUrU
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes256.sha1.mdc.s2k3.z0
jA0ECQMCjc8lwZu8Fz1g0kQBkEzjImi21liep5jj+3dAJ2aZFfUkohi8b3n9z+7+
4+NRzL7cMW2RLAFnJbiqXDlRHMwleeuLN1up2WIxsxtYYuaBjA==
=XZrG
-----END PGP MESSAGE-----
'), 'foobar');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
-- Checking longer passwords
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCx6dBiuqrYNRg0kQBEo63AvA1SCslxP7ayanLf1H0/hlk2nONVhTwVEWi
tTGup1mMz6Cfh1uDRErUuXpx9A0gdMu7zX0o5XjrL7WGDAZdSw==
=XKKG
-----END PGP MESSAGE-----
'), '0123456789abcdefghij');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCBDvYuS990iFg0kQBW31UK5OiCjWf5x6KJ8qNNT2HZWQCjCBZMU0XsOC6
CMxFKadf144H/vpoV9GA0f22keQgCl0EsTE4V4lweVOPTKCMJg==
=gWDh
-----END PGP MESSAGE-----
'), '0123456789abcdefghij2jk4h5g2j54khg23h54g2kh54g2khj54g23hj54');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCqXbFafC+ofVg0kQBejyiPqH0QMERVGfmPOjtAxvyG5KDIJPYojTgVSDt
FwsDabdQUz5O7bgNSnxfmyw1OifGF+W2bIn/8W+0rDf8u3+O+Q==
=OxOF
-----END PGP MESSAGE-----
'), 'x');
pgp_sym_decrypt
-----------------
Secret message.
(1 row)
-- Checking various data
select encode(digest(pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCGJ+SpuOysINg0kQBJfSjzsW0x4OVcAyr17O7FBvMTwIGeGcJd99oTQU8
Xtx3kDqnhUq9Z1fS3qPbi5iNP2A9NxOBxPWz2JzxhydANlgbxg==
=W/ik
-----END PGP MESSAGE-----
'), '0123456789abcdefghij'), 'sha1'), 'hex');
encode
------------------------------------------
0225e3ede6f2587b076d021a189ff60aad67e066
(1 row)
-- expected: 0225e3ede6f2587b076d021a189ff60aad67e066
select encode(digest(pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat2.aes.sha1.mdc.s2k3.z0
jA0EBwMCvdpDvidNzMxg0jUBvj8eS2+1t/9/zgemxvhtc0fvdKGGbjH7dleaTJRB
SaV9L04ky1qECNDx3XjnoKLC+H7IOQ==
=Fxen
-----END PGP MESSAGE-----
'), '0123456789abcdefghij'), 'sha1'), 'hex');
encode
------------------------------------------
da39a3ee5e6b4b0d3255bfef95601890afd80709
(1 row)
-- expected: da39a3ee5e6b4b0d3255bfef95601890afd80709
select encode(digest(pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: dat3.aes.sha1.mdc.s2k3.z0
jA0EBwMCxQvxJZ3G/HRg0lgBeYmTa7/uDAjPyFwSX4CYBgpZWVn/JS8JzILrcWF8
gFnkUKIE0PSaYFp+Yi1VlRfUtRQ/X/LYNGa7tWZS+4VQajz2Xtz4vUeAEiYFYPXk
73Hb8m1yRhQK
=ivrD
-----END PGP MESSAGE-----
'), '0123456789abcdefghij'), 'sha1'), 'hex');
encode
------------------------------------------
5e5c135efc0dd00633efc6dfd6e731ea408a5b4c
(1 row)
-- expected: 5e5c135efc0dd00633efc6dfd6e731ea408a5b4c
-- Checking CRLF
select encode(digest(pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: crlf mess
ww0ECQMCt7VAtby6l4Bi0lgB5KMIZiiF/b3CfMfUyY0eDncsGXtkbu1X+l9brjpMP8eJnY79Amms
a3nsOzKTXUfS9VyaXo8IrncM6n7fdaXpwba/3tNsAhJG4lDv1k4g9v8Ix2dfv6Rs
=mBP9
-----END PGP MESSAGE-----
'), 'key', 'convert-crlf=0'), 'sha1'), 'hex');
encode
------------------------------------------
9353062be7720f1446d30b9e75573a4833886784
(1 row)
-- expected: 9353062be7720f1446d30b9e75573a4833886784
select encode(digest(pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
Comment: crlf mess
ww0ECQMCt7VAtby6l4Bi0lgB5KMIZiiF/b3CfMfUyY0eDncsGXtkbu1X+l9brjpMP8eJnY79Amms
a3nsOzKTXUfS9VyaXo8IrncM6n7fdaXpwba/3tNsAhJG4lDv1k4g9v8Ix2dfv6Rs
=mBP9
-----END PGP MESSAGE-----
'), 'key', 'convert-crlf=1'), 'sha1'), 'hex');
encode
------------------------------------------
7efefcab38467f7484d6fa43dc86cf5281bd78e2
(1 row)
-- expected: 7efefcab38467f7484d6fa43dc86cf5281bd78e2
-- check BUG #11905, problem with messages 6 less than a power of 2.
select pgp_sym_decrypt(pgp_sym_encrypt(repeat('x',65530),'1'),'1') = repeat('x',65530);
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- expected: true
-- Negative tests
-- Decryption with a certain incorrect key yields an apparent Literal Data
-- packet reporting its content to be binary data. Ciphertext source:
-- iterative pgp_sym_encrypt('secret', 'key') until the random prefix gave
-- rise to that property.
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
ww0EBwMCxf8PTrQBmJdl0jcB6y2joE7GSLKRv7trbNsF5Z8ou5NISLUg31llVH/S0B2wl4bvzZjV
VsxxqLSPzNLAeIspJk5G
=mSd/
-----END PGP MESSAGE-----
'), 'wrong-key', 'debug=1');
NOTICE: dbg: prefix_init: corrupt prefix
NOTICE: dbg: parse_literal_data: data type=b
NOTICE: dbg: mdcbuf_finish: bad MDC pkt hdr
ERROR: Wrong key or corrupt data
-- Routine text/binary mismatch.
select pgp_sym_decrypt(pgp_sym_encrypt_bytea('P', 'key'), 'key', 'debug=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- Decryption with a certain incorrect key yields an apparent BZip2-compressed
-- plaintext. Ciphertext source: iterative pgp_sym_encrypt('secret', 'key')
-- until the random prefix gave rise to that property.
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
ww0EBwMC9rK/dMkF5Zlt0jcBlzAQ1mQY2qYbKYbw8h3EZ5Jk0K2IiY92R82TRhWzBIF/8cmXDPtP
GXsd65oYJZp3Khz0qfyn
=Nmpq
-----END PGP MESSAGE-----
'), 'wrong-key', 'debug=1');
NOTICE: dbg: prefix_init: corrupt prefix
NOTICE: dbg: parse_compressed_data: bzip2 unsupported
NOTICE: dbg: mdcbuf_finish: bad MDC pkt hdr
ERROR: Wrong key or corrupt data
-- Routine use of BZip2 compression. Ciphertext source:
-- echo x | gpg --homedir /nonexistent --personal-compress-preferences bzip2 \
-- --personal-cipher-preferences aes --no-emit-version --batch \
-- --symmetric --passphrase key --armor
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
jA0EBwMCRhFrAKNcLVJg0mMBLJG1cCASNk/x/3dt1zJ+2eo7jHfjgg3N6wpB3XIe
QCwkWJwlBG5pzbO5gu7xuPQN+TbPJ7aQ2sLx3bAHhtYb0i3vV9RO10Gw++yUyd4R
UCAAw2JRIISttRHMfDpDuZJpvYo=
=AZ9M
-----END PGP MESSAGE-----
'), 'key', 'debug=1');
NOTICE: dbg: parse_compressed_data: bzip2 unsupported
ERROR: Unsupported compression algorithm

161
contrib/pgcrypto/expected/pgp-encrypt_1.out
View File

@ -1,161 +0,0 @@
--
-- PGP encrypt
--
-- ensure consistent test output regardless of the default bytea format
SET bytea_output TO escape;
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), 'key');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- check whether the defaults are ok
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=aes128,
expect-disable-mdc=0,
expect-sess-key=0,
expect-s2k-mode=3,
expect-s2k-digest-algo=sha1,
expect-compress-algo=0
');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- maybe the expect- stuff simply does not work
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=bf,
expect-disable-mdc=1,
expect-sess-key=1,
expect-s2k-mode=0,
expect-s2k-digest-algo=md5,
expect-compress-algo=1
');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- bytea as text
select pgp_sym_decrypt(pgp_sym_encrypt_bytea('Binary', 'baz'), 'baz');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- text as bytea
select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- algorithm change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=bf'),
'key', 'expect-cipher-algo=bf');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes'),
'key', 'expect-cipher-algo=aes128');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes192'),
'key', 'expect-cipher-algo=aes192');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- s2k change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=0'),
'key', 'expect-s2k-mode=0');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=1'),
'key', 'expect-s2k-mode=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=3'),
'key', 'expect-s2k-mode=3');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- s2k count change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-count=1024'),
'key', 'expect-s2k-count=1024');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- s2k_count rounds up
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-count=65000000'),
'key', 'expect-s2k-count=65000000');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- s2k digest change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),
'key', 'expect-s2k-digest-algo=md5');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'),
'key', 'expect-s2k-digest-algo=sha1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- sess key
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=0'),
'key', 'expect-sess-key=0');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1'),
'key', 'expect-sess-key=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'),
'key', 'expect-sess-key=1, expect-cipher-algo=bf');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes192');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes256');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- no mdc
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 'disable-mdc=1'),
'key', 'expect-disable-mdc=1');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- crlf
select encode(pgp_sym_decrypt_bytea(
pgp_sym_encrypt(E'1\n2\n3\r\n', 'key', 'convert-crlf=1'),
'key'), 'hex');
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- conversion should be lossless
select encode(digest(pgp_sym_decrypt(
pgp_sym_encrypt(E'\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'),
'key', 'convert-crlf=1'), 'sha1'), 'hex') as result,
encode(digest(E'\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.

62
contrib/pgcrypto/expected/pgp-pubkey-encrypt_1.out
View File

@ -1,62 +0,0 @@
--
-- PGP Public Key Encryption
--
-- ensure consistent test output regardless of the default bytea format
SET bytea_output TO escape;
-- successful encrypt/decrypt
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=2;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=3;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=6;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- try with rsa-sign only
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=4;
ERROR: No encryption key found
-- try with secret key
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(seckey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
ERROR: Refusing to encrypt with secret key
-- does text-to-bytea works
select pgp_pub_decrypt_bytea(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
-- and bytea-to-text?
select pgp_pub_decrypt(
pgp_pub_encrypt_bytea('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
ERROR: generating random data is not supported by this build
DETAIL: This functionality requires a source of strong random numbers.
HINT: You need to rebuild PostgreSQL using --enable-strong-random.

11
contrib/pgcrypto/pgcrypto.c
View File

@ -34,7 +34,6 @@
#include <ctype.h>
#include "parser/scansup.h"
#include "utils/backend_random.h"
#include "utils/builtins.h"
#include "utils/uuid.h"
@ -423,7 +422,6 @@ PG_FUNCTION_INFO_V1(pg_random_bytes);
Datum
pg_random_bytes(PG_FUNCTION_ARGS)
{
#ifdef HAVE_STRONG_RANDOM
int len = PG_GETARG_INT32(0);
bytea *res;
@ -440,9 +438,6 @@ pg_random_bytes(PG_FUNCTION_ARGS)
px_THROW_ERROR(PXE_NO_RANDOM);
PG_RETURN_BYTEA_P(res);
#else
px_THROW_ERROR(PXE_NO_RANDOM);
#endif
}
/* SQL function: gen_random_uuid() returns uuid */
@ -451,11 +446,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid);
Datum
pg_random_uuid(PG_FUNCTION_ARGS)
{
#ifdef HAVE_STRONG_RANDOM
uint8 *buf = (uint8 *) palloc(UUID_LEN);
/* Generate random bits. */
if (!pg_backend_random((char *) buf, UUID_LEN))
if (!pg_strong_random(buf, UUID_LEN))
px_THROW_ERROR(PXE_NO_RANDOM);
/*
@ -466,9 +460,6 @@ pg_random_uuid(PG_FUNCTION_ARGS)
buf[8] = (buf[8] & 0x3f) | 0x80; /* "variant" field */
PG_RETURN_UUID_P((pg_uuid_t *) buf);
#else
px_THROW_ERROR(PXE_NO_RANDOM);
#endif
}
static void *

14
contrib/pgcrypto/pgp-encrypt.c
View File

@ -37,8 +37,6 @@
#include "px.h"
#include "pgp.h"
#include "utils/backend_random.h"
#define MDC_DIGEST_LEN 20
#define STREAM_ID 0xE0
@ -481,13 +479,12 @@ init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst)
static int
write_prefix(PGP_Context *ctx, PushFilter *dst)
{
#ifdef HAVE_STRONG_RANDOM
uint8 prefix[PGP_MAX_BLOCK + 2];
int res,
bs;
bs = pgp_get_cipher_block_size(ctx->cipher_algo);
if (!pg_backend_random((char *) prefix, bs))
if (!pg_strong_random(prefix, bs))
return PXE_NO_RANDOM;
prefix[bs + 0] = prefix[bs - 2];
@ -496,9 +493,6 @@ write_prefix(PGP_Context *ctx, PushFilter *dst)
res = pushf_write(dst, prefix, bs + 2);
px_memset(prefix, 0, bs + 2);
return res < 0 ? res : 0;
#else
return PXE_NO_RANDOM;
#endif
}
/*
@ -587,13 +581,9 @@ init_sess_key(PGP_Context *ctx)
{
if (ctx->use_sess_key || ctx->pub_key)
{
#ifdef HAVE_STRONG_RANDOM
ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo);
if (!pg_strong_random((char *) ctx->sess_key, ctx->sess_key_len))
if (!pg_strong_random(ctx->sess_key, ctx->sess_key_len))
return PXE_NO_RANDOM;
#else
return PXE_NO_RANDOM;
#endif
}
else
{

6
contrib/pgcrypto/pgp-mpi-internal.c
View File

@ -57,13 +57,12 @@ mp_clear_free(mpz_t *a)
static int
mp_px_rand(uint32 bits, mpz_t *res)
{
#ifdef HAVE_STRONG_RANDOM
unsigned bytes = (bits + 7) / 8;
int last_bits = bits & 7;
uint8 *buf;
buf = px_alloc(bytes);
if (!pg_strong_random((char *) buf, bytes))
if (!pg_strong_random(buf, bytes))
{
px_free(buf);
return PXE_NO_RANDOM;
@ -83,9 +82,6 @@ mp_px_rand(uint32 bits, mpz_t *res)
px_free(buf);
return 0;
#else
return PXE_NO_RANDOM;
#endif
}
static void

9
contrib/pgcrypto/pgp-pubenc.c
View File

@ -39,7 +39,6 @@
static int
pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
{
#ifdef HAVE_STRONG_RANDOM
uint8 *buf,
*p;
int pad_len = res_len - 2 - data_len;
@ -50,7 +49,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
buf = px_alloc(res_len);
buf[0] = 0x02;
if (!pg_strong_random((char *) buf + 1, pad_len))
if (!pg_strong_random(buf + 1, pad_len))
{
px_free(buf);
return PXE_NO_RANDOM;
@ -62,7 +61,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
{
if (*p == 0)
{
if (!pg_strong_random((char *) p, 1))
if (!pg_strong_random(p, 1))
{
px_memset(buf, 0, res_len);
px_free(buf);
@ -78,10 +77,6 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
*res_p = buf;
return 0;
#else
return PXE_NO_RANDOM;
#endif
}
static int

7
contrib/pgcrypto/pgp-s2k.c
View File

@ -34,7 +34,6 @@
#include "px.h"
#include "pgp.h"
#include "utils/backend_random.h"
static int
calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
@ -235,13 +234,13 @@ pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count)
case PGP_S2K_SIMPLE:
break;
case PGP_S2K_SALTED:
if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT))
if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
return PXE_NO_RANDOM;
break;
case PGP_S2K_ISALTED:
if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT))
if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
return PXE_NO_RANDOM;
if (!pg_backend_random((char *) &tmp, 1))
if (!pg_strong_random(&tmp, 1))
return PXE_NO_RANDOM;
s2k->iter = decide_s2k_iter(tmp, count);
break;

3
contrib/pgcrypto/px-crypt.c
View File

@ -34,7 +34,6 @@
#include "px.h"
#include "px-crypt.h"
#include "utils/backend_random.h"
static char *
run_crypt_des(const char *psw, const char *salt,
@ -153,7 +152,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
return PXE_BAD_SALT_ROUNDS;
}
if (!pg_backend_random(rbuf, g->input_len))
if (!pg_strong_random(rbuf, g->input_len))
return PXE_NO_RANDOM;
p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);

10
contrib/pgcrypto/px.c
View File

@ -56,7 +56,7 @@ static const struct error_desc px_err_list[] = {
{PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"},
{PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
{PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
{PXE_NO_RANDOM, "No strong random source"},
{PXE_NO_RANDOM, "Failed to generate strong random bits"},
{PXE_DECRYPT_FAILED, "Decryption failed"},
{PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
{PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
@ -97,17 +97,9 @@ px_THROW_ERROR(int err)
{
if (err == PXE_NO_RANDOM)
{
#ifdef HAVE_STRONG_RANDOM
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate a random number")));
#else
ereport(ERROR,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("generating random data is not supported by this build"),
errdetail("This functionality requires a source of strong random numbers."),
errhint("You need to rebuild PostgreSQL using --enable-strong-random.")));
#endif
}
else
{

24
doc/src/sgml/installation.sgml
View File

@ -245,8 +245,10 @@ su - postgres
<listitem>
<para>
You need <productname>OpenSSL</productname>, if you want to support
encrypted client connections. The minimum required version is
0.9.8.
encrypted client connections. <productname>OpenSSL</productname> is
also required for random number generation on platforms that do not
have <filename>/dev/urandom</filename> (except Windows). The minimum
version required is 0.9.8.
</para>
</listitem>
@ -1111,24 +1113,6 @@ su - postgres
</listitem>
</varlistentry>
<varlistentry>
<term><option>--disable-strong-random</option></term>
<listitem>
<para>
Allow the build to succeed even if <productname>PostgreSQL</productname>
has no support for strong random numbers on the platform.
A source of random numbers is needed for some authentication
protocols, as well as some routines in the
<xref linkend="pgcrypto"/>
module. <option>--disable-strong-random</option> disables functionality that
requires cryptographically strong random numbers, and substitutes
a weak pseudo-random-number-generator for the generation of
authentication salt values and query cancel keys. It may make
authentication less secure.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--disable-thread-safety</option></term>
<listitem>

6
doc/src/sgml/monitoring.sgml
View File

@ -849,7 +849,7 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser
<tbody>
<row>
<entry morerows="64"><literal>LWLock</literal></entry>
<entry morerows="63"><literal>LWLock</literal></entry>
<entry><literal>ShmemIndexLock</literal></entry>
<entry>Waiting to find or allocate space in shared memory.</entry>
</row>
@ -1034,10 +1034,6 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser
<entry><literal>OldSnapshotTimeMapLock</literal></entry>
<entry>Waiting to read or update old snapshot control information.</entry>
</row>
<row>
<entry><literal>BackendRandomLock</literal></entry>
<entry>Waiting to generate a random number.</entry>
</row>
<row>
<entry><literal>LogicalRepWorkerLock</literal></entry>
<entry>Waiting for action on logical replication worker to finish.</entry>

1
src/Makefile.global.in
View File

@ -203,7 +203,6 @@ enable_dtrace = @enable_dtrace@
enable_coverage = @enable_coverage@
enable_tap_tests = @enable_tap_tests@
enable_thread_safety = @enable_thread_safety@
enable_strong_random = @enable_strong_random@
python_includespec = @python_includespec@
python_libdir = @python_libdir@

3
src/backend/access/transam/xlog.c
View File

@ -65,7 +65,6 @@
#include "storage/reinit.h"
#include "storage/smgr.h"
#include "storage/spin.h"
#include "utils/backend_random.h"
#include "utils/builtins.h"
#include "utils/guc.h"
#include "utils/memutils.h"
@ -5132,7 +5131,7 @@ BootStrapXLOG(void)
* a genuine-looking password challenge for the non-existent user, in lieu
* of an actual stored password.
*/
if (!pg_backend_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
ereport(PANIC,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate secret authorization token")));

5
src/backend/libpq/auth-scram.c
View File

@ -102,7 +102,6 @@
#include "libpq/crypt.h"
#include "libpq/scram.h"
#include "miscadmin.h"
#include "utils/backend_random.h"
#include "utils/builtins.h"
#include "utils/timestamp.h"
@ -468,7 +467,7 @@ pg_be_scram_build_verifier(const char *password)
password = (const char *) prep_password;
/* Generate random salt */
if (!pg_backend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate random salt")));
@ -1123,7 +1122,7 @@ build_server_first_message(scram_state *state)
char raw_nonce[SCRAM_RAW_NONCE_LEN];
int encoded_len;
if (!pg_backend_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate random nonce")));

5
src/backend/libpq/auth.c
View File

@ -36,7 +36,6 @@
#include "port/pg_bswap.h"
#include "replication/walsender.h"
#include "storage/ipc.h"
#include "utils/backend_random.h"
#include "utils/timestamp.h"
@ -835,7 +834,7 @@ CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail)
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
/* include the salt to use for computing the response */
if (!pg_backend_random(md5Salt, 4))
if (!pg_strong_random(md5Salt, 4))
{
ereport(LOG,
(errmsg("could not generate random MD5 salt")));
@ -3036,7 +3035,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por
/* Construct RADIUS packet */
packet->code = RADIUS_ACCESS_REQUEST;
packet->length = RADIUS_HEADER_LENGTH;
if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH))
if (!pg_strong_random(packet->vector, RADIUS_VECTOR_LENGTH))
{
ereport(LOG,
(errmsg("could not generate random encryption vector")));

62
src/backend/postmaster/postmaster.c
View File

@ -367,16 +367,6 @@ static volatile sig_atomic_t WalReceiverRequested = false;
static volatile bool StartWorkerNeeded = true;
static volatile bool HaveCrashedWorker = false;
#ifndef HAVE_STRONG_RANDOM
/*
* State for assigning cancel keys.
* Also, the global MyCancelKey passes the cancel key assigned to a given
* backend from the postmaster to that backend (via fork).
*/
static unsigned int random_seed = 0;
static struct timeval random_start_time;
#endif
#ifdef USE_SSL
/* Set when and if SSL has been initialized properly */
static bool LoadedSSL = false;
@ -1361,10 +1351,6 @@ PostmasterMain(int argc, char *argv[])
* Remember postmaster startup time
*/
PgStartTime = GetCurrentTimestamp();
#ifndef HAVE_STRONG_RANDOM
/* RandomCancelKey wants its own copy */
gettimeofday(&random_start_time, NULL);
#endif
/*
* Report postmaster status in the postmaster.pid file, to allow pg_ctl to
@ -2531,27 +2517,12 @@ InitProcessGlobals(void)
MyStartTimestamp = GetCurrentTimestamp();
MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
/*
* Don't want backend to be able to see the postmaster random number
* generator state. We have to clobber the static random_seed.
*/
#ifndef HAVE_STRONG_RANDOM
random_seed = 0;
random_start_time.tv_usec = 0;
#endif
/*
* Set a different seed for random() in every process. We want something
* unpredictable, so if possible, use high-quality random bits for the
* seed. Otherwise, fall back to a seed based on timestamp and PID.
*
* Note we can't use pg_backend_random here, since this is used in the
* postmaster, and even in a backend we might not be attached to shared
* memory yet.
*/
#ifdef HAVE_STRONG_RANDOM
if (!pg_strong_random(&rseed, sizeof(rseed)))
#endif
{
/*
* Since PIDs and timestamps tend to change more frequently in their
@ -5256,38 +5227,7 @@ StartupPacketTimeoutHandler(void)
static bool
RandomCancelKey(int32 *cancel_key)
{
#ifdef HAVE_STRONG_RANDOM
return pg_strong_random((char *) cancel_key, sizeof(int32));
#else
/*
* If built with --disable-strong-random, use plain old erand48.
*
* We cannot use pg_backend_random() in postmaster, because it stores its
* state in shared memory.
*/
static unsigned short seed[3];
/*
* Select a random seed at the time of first receiving a request.
*/
if (random_seed == 0)
{
struct timeval random_stop_time;
gettimeofday(&random_stop_time, NULL);
seed[0] = (unsigned short) random_start_time.tv_usec;
seed[1] = (unsigned short) (random_stop_time.tv_usec) ^ (random_start_time.tv_usec >> 16);
seed[2] = (unsigned short) (random_stop_time.tv_usec >> 16);
random_seed = 1;
}
*cancel_key = pg_jrand48(seed);
return true;
#endif
return pg_strong_random(cancel_key, sizeof(int32));
}
/*

3
src/backend/storage/ipc/ipci.c
View File

@ -44,7 +44,6 @@
#include "storage/procsignal.h"
#include "storage/sinvaladt.h"
#include "storage/spin.h"
#include "utils/backend_random.h"
#include "utils/snapmgr.h"
@ -149,7 +148,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port)
size = add_size(size, BTreeShmemSize());
size = add_size(size, SyncScanShmemSize());
size = add_size(size, AsyncShmemSize());
size = add_size(size, BackendRandomShmemSize());
#ifdef EXEC_BACKEND
size = add_size(size, ShmemBackendArraySize());
#endif
@ -269,7 +267,6 @@ CreateSharedMemoryAndSemaphores(bool makePrivate, int port)
BTreeShmemInit();
SyncScanShmemInit();
AsyncShmemInit();
BackendRandomShmemInit();
#ifdef EXEC_BACKEND

5
src/backend/storage/lmgr/lwlocknames.txt
View File

@ -47,6 +47,5 @@ CommitTsLock 39
ReplicationOriginLock 40
MultiXactTruncationLock 41
OldSnapshotTimeMapLock 42
BackendRandomLock 43
LogicalRepWorkerLock 44
CLogTruncationLock 45
LogicalRepWorkerLock 43
CLogTruncationLock 44

3
src/backend/utils/adt/float.c
View File

@ -24,7 +24,6 @@
#include "libpq/pqformat.h"
#include "miscadmin.h"
#include "utils/array.h"
#include "utils/backend_random.h"
#include "utils/float.h"
#include "utils/fmgrprotos.h"
#include "utils/sortsupport.h"
@ -2393,7 +2392,7 @@ drandom(PG_FUNCTION_ARGS)
* Should that fail for some reason, we fall back on a lower-quality
* seed based on current time and PID.
*/
if (!pg_backend_random((char *) drandom_seed, sizeof(drandom_seed)))
if (!pg_strong_random(drandom_seed, sizeof(drandom_seed)))
{
TimestampTz now = GetCurrentTimestamp();
uint64 iseed;

6
src/backend/utils/misc/Makefile
View File

@ -14,9 +14,9 @@ include $(top_builddir)/src/Makefile.global
override CPPFLAGS := -I. -I$(srcdir) $(CPPFLAGS)
OBJS = backend_random.o guc.o help_config.o pg_config.o pg_controldata.o \
pg_rusage.o ps_status.o queryenvironment.o rls.o sampling.o \
superuser.o timeout.o tzparser.o
OBJS = guc.o help_config.o pg_config.o pg_controldata.o pg_rusage.o \
ps_status.o queryenvironment.o rls.o sampling.o superuser.o \
timeout.o tzparser.o
# This location might depend on the installation directories. Therefore
# we can't substitute it into pg_config.h.

158
src/backend/utils/misc/backend_random.c
View File

@ -1,158 +0,0 @@
/*-------------------------------------------------------------------------
*
* backend_random.c
* Backend random number generation routine.
*
* pg_backend_random() function fills a buffer with random bytes. Normally,
* it is just a thin wrapper around pg_strong_random(), but when compiled
* with --disable-strong-random, we provide a built-in implementation.
*
* This function is used for generating nonces in authentication, and for
* random salt generation in pgcrypto. The built-in implementation is not
* cryptographically strong, but if the user asked for it, we'll go ahead
* and use it anyway.
*
* The built-in implementation uses the standard erand48 algorithm, with
* a seed shared between all backends.
*
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
*
* IDENTIFICATION
* src/backend/utils/misc/backend_random.c
*
*-------------------------------------------------------------------------
*/
#include "postgres.h"
#include <sys/time.h>
#include "miscadmin.h"
#include "storage/lwlock.h"
#include "storage/shmem.h"
#include "utils/backend_random.h"
#include "utils/timestamp.h"
#ifdef HAVE_STRONG_RANDOM
Size
BackendRandomShmemSize(void)
{
return 0;
}
void
BackendRandomShmemInit(void)
{
/* do nothing */
}
bool
pg_backend_random(char *dst, int len)
{
/* should not be called in postmaster */
Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
return pg_strong_random(dst, len);
}
#else
/*
* Seed for the PRNG, stored in shared memory.
*
* Protected by BackendRandomLock.
*/
typedef struct
{
bool initialized;
unsigned short seed[3];
} BackendRandomShmemStruct;
static BackendRandomShmemStruct * BackendRandomShmem;
Size
BackendRandomShmemSize(void)
{
return sizeof(BackendRandomShmemStruct);
}
void
BackendRandomShmemInit(void)
{
bool found;
BackendRandomShmem = (BackendRandomShmemStruct *)
ShmemInitStruct("Backend PRNG state",
BackendRandomShmemSize(),
&found);
if (!IsUnderPostmaster)
{
Assert(!found);
BackendRandomShmem->initialized = false;
}
else
Assert(found);
}
bool
pg_backend_random(char *dst, int len)
{
int i;
char *end = dst + len;
/* should not be called in postmaster */
Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
LWLockAcquire(BackendRandomLock, LW_EXCLUSIVE);
/*
* Seed the PRNG on the first use.
*/
if (!BackendRandomShmem->initialized)
{
struct timeval now;
gettimeofday(&now, NULL);
BackendRandomShmem->seed[0] = now.tv_sec;
BackendRandomShmem->seed[1] = (unsigned short) (now.tv_usec);
BackendRandomShmem->seed[2] = (unsigned short) (now.tv_usec >> 16);
/*
* Mix in the cancel key, generated by the postmaster. This adds what
* little entropy the postmaster had to the seed.
*/
BackendRandomShmem->seed[0] ^= (MyCancelKey);
BackendRandomShmem->seed[1] ^= (MyCancelKey >> 16);
BackendRandomShmem->initialized = true;
}
for (i = 0; dst < end; i++)
{
uint32 r;
int j;
/*
* pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from it.
*/
r = (uint32) pg_jrand48(BackendRandomShmem->seed);
for (j = 0; j < 4 && dst < end; j++)
{
*(dst++) = (char) (r & 0xFF);
r >>= 8;
}
}
LWLockRelease(BackendRandomLock);
return true;
}
#endif /* HAVE_STRONG_RANDOM */

6
src/bin/pgbench/pgbench.c
View File

@ -4844,13 +4844,9 @@ set_random_seed(const char *seed)
else if (strcmp(seed, "rand") == 0)
{
/* use some "strong" random source */
#ifdef HAVE_STRONG_RANDOM
if (!pg_strong_random(&iseed, sizeof(iseed)))
#endif
{
fprintf(stderr,
"cannot seed random from a strong source, none available: "
"use \"time\" or an unsigned integer value.\n");
fprintf(stderr, "could not generate random seed.\n");
return false;
}
}

3
src/include/pg_config.h.in
View File

@ -552,9 +552,6 @@
/* Define to 1 if you have the `strnlen' function. */
#undef HAVE_STRNLEN
/* Define to use have a strong random number source */
#undef HAVE_STRONG_RANDOM
/* Define to 1 if you have the `strsignal' function. */
#undef HAVE_STRSIGNAL

3
src/include/pg_config.h.win32
View File

@ -412,9 +412,6 @@
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to use have a strong random number source */
#define HAVE_STRONG_RANDOM 1
/* Define to 1 if you have the `strsignal' function. */
/* #undef HAVE_STRSIGNAL */

7
src/include/port.h
View File

@ -498,9 +498,12 @@ extern char *inet_net_ntop(int af, const void *src, int bits,
char *dst, size_t size);
/* port/pg_strong_random.c */
#ifdef HAVE_STRONG_RANDOM
extern bool pg_strong_random(void *buf, size_t len);
#endif
/*
* pg_backend_random used to be a wrapper for pg_strong_random before
* Postgres 12 for the backend code.
*/
#define pg_backend_random pg_strong_random
/* port/pgcheckdir.c */
extern int pg_check_dir(const char *dir);

19
src/include/utils/backend_random.h
View File

@ -1,19 +0,0 @@
/*-------------------------------------------------------------------------
*
* backend_random.h
* Declarations for backend random number generation
*
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
*
* src/include/utils/backend_random.h
*
*-------------------------------------------------------------------------
*/
#ifndef BACKEND_RANDOM_H
#define BACKEND_RANDOM_H
extern Size BackendRandomShmemSize(void);
extern void BackendRandomShmemInit(void);
extern bool pg_backend_random(char *dst, int len);
#endif /* BACKEND_RANDOM_H */

62
src/interfaces/libpq/fe-auth-scram.c
View File

@ -19,11 +19,6 @@
#include "common/scram-common.h"
#include "fe-auth.h"
/* These are needed for getpid(), in the fallback implementation */
#ifndef HAVE_STRONG_RANDOM
#include <sys/types.h>
#include <unistd.h>
#endif
/*
* Status of exchange messages used for SCRAM authentication via the
@ -72,7 +67,6 @@ static bool verify_server_signature(fe_scram_state *state);
static void calculate_client_proof(fe_scram_state *state,
const char *client_final_message_without_proof,
uint8 *result);
static bool pg_frontend_random(char *dst, int len);
/*
* Initialize SCRAM exchange status.
@ -320,7 +314,7 @@ build_client_first_message(fe_scram_state *state)
* Generate a "raw" nonce. This is converted to ASCII-printable form by
* base64-encoding it.
*/
if (!pg_frontend_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not generate nonce\n"));
@ -764,7 +758,7 @@ pg_fe_scram_build_verifier(const char *password)
password = (const char *) prep_password;
/* Generate a random salt */
if (!pg_frontend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
{
if (prep_password)
free(prep_password);
@ -779,55 +773,3 @@ pg_fe_scram_build_verifier(const char *password)
return result;
}
/*
* Random number generator.
*/
static bool
pg_frontend_random(char *dst, int len)
{
#ifdef HAVE_STRONG_RANDOM
return pg_strong_random(dst, len);
#else
int i;
char *end = dst + len;
static unsigned short seed[3];
static int mypid = 0;
pglock_thread();
if (mypid != getpid())
{
struct timeval now;
gettimeofday(&now, NULL);
seed[0] = now.tv_sec ^ getpid();
seed[1] = (unsigned short) (now.tv_usec);
seed[2] = (unsigned short) (now.tv_usec >> 16);
}
for (i = 0; dst < end; i++)
{
uint32 r;
int j;
/*
* pg_jrand48 returns a 32-bit integer. Fill the next 4 bytes from
* it.
*/
r = (uint32) pg_jrand48(seed);
for (j = 0; j < 4 && dst < end; j++)
{
*(dst++) = (char) (r & 0xFF);
r >>= 8;
}
}
pgunlock_thread();
return true;
#endif
}

6
src/port/Makefile
View File

@ -37,14 +37,10 @@ LIBS += $(PTHREAD_LIBS)
OBJS = $(LIBOBJS) $(PG_CRC32C_OBJS) chklocale.o erand48.o inet_net_ntop.o \
noblock.o path.o pgcheckdir.o pgmkdirp.o pgsleep.o \
pgstrcasecmp.o pgstrsignal.o pqsignal.o \
pg_strong_random.o pgstrcasecmp.o pgstrsignal.o pqsignal.o \
qsort.o qsort_arg.o quotes.o snprintf.o sprompt.o strerror.o \
tar.o thread.o
ifeq ($(enable_strong_random), yes)
OBJS += pg_strong_random.o
endif
# libpgport.a, libpgport_shlib.a, and libpgport_srv.a contain the same files
# foo.o, foo_shlib.o, and foo_srv.o are all built from foo.c
OBJS_SHLIB = $(OBJS:%.o=%_shlib.o)