diff options
| -rw-r--r-- | contrib/chkpass/chkpass.c | 9 | ||||
| -rw-r--r-- | src/backend/libpq/auth.c | 13 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 8 |
3 files changed, 13 insertions, 17 deletions
diff --git a/contrib/chkpass/chkpass.c b/contrib/chkpass/chkpass.c index 9425c089b5b..3803ccff9ac 100644 --- a/contrib/chkpass/chkpass.c +++ b/contrib/chkpass/chkpass.c @@ -17,6 +17,7 @@ #endif #include "fmgr.h" +#include "utils/backend_random.h" #include "utils/builtins.h" PG_MODULE_MAGIC; @@ -77,8 +78,12 @@ chkpass_in(PG_FUNCTION_ARGS) result = (chkpass *) palloc0(sizeof(chkpass)); - mysalt[0] = salt_chars[random() & 0x3f]; - mysalt[1] = salt_chars[random() & 0x3f]; + if (!pg_backend_random(mysalt, 2)) + ereport(ERROR, + (errmsg("could not generate random salt"))); + + mysalt[0] = salt_chars[mysalt[0] & 0x3f]; + mysalt[1] = salt_chars[mysalt[1] & 0x3f]; mysalt[2] = 0; /* technically the terminator is not necessary * but I like to play safe */ diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 2b1841fb9bb..9b79dc517da 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -194,9 +194,6 @@ static int pg_SSPI_make_upn(char *accountname, * RADIUS Authentication *---------------------------------------------------------------- */ -#ifdef USE_OPENSSL -#include <openssl/rand.h> -#endif static int CheckRADIUSAuth(Port *port); @@ -718,7 +715,7 @@ CheckMD5Auth(Port *port, char **logdetail) if (!pg_backend_random(md5Salt, 4)) { ereport(LOG, - (errmsg("could not acquire random number for MD5 salt."))); + (errmsg("could not generate random MD5 salt."))); return STATUS_ERROR; } @@ -2550,18 +2547,12 @@ CheckRADIUSAuth(Port *port) /* Construct RADIUS packet */ packet->code = RADIUS_ACCESS_REQUEST; packet->length = RADIUS_HEADER_LENGTH; -#ifdef USE_OPENSSL - if (RAND_bytes(packet->vector, RADIUS_VECTOR_LENGTH) != 1) + if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH)) { ereport(LOG, (errmsg("could not generate random encryption vector"))); return STATUS_ERROR; } -#else - for (i = 0; i < RADIUS_VECTOR_LENGTH; i++) - /* Use a lower strengh random number of OpenSSL is not available */ - packet->vector[i] = random() % 255; -#endif packet->id = packet->vector[0]; radius_add_attribute(packet, RADIUS_SERVICE_TYPE, (unsigned char *) &service, sizeof(service)); radius_add_attribute(packet, RADIUS_USER_NAME, (unsigned char *) port->user_name, strlen(port->user_name)); diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 09884b31325..16dc075a3a1 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -3903,8 +3903,8 @@ BackendStartup(Port *port) { free(bn); ereport(LOG, - (errcode(ERRCODE_OUT_OF_MEMORY), - errmsg("could not acquire random number"))); + (errcode(ERRCODE_INTERNAL_ERROR), + errmsg("could not generate random cancel key"))); return STATUS_ERROR; } @@ -5288,7 +5288,7 @@ StartAutovacuumWorker(void) { ereport(LOG, (errcode(ERRCODE_INTERNAL_ERROR), - errmsg("could not acquire random number"))); + errmsg("could not generate random cancel key"))); return; } @@ -5594,7 +5594,7 @@ assign_backendlist_entry(RegisteredBgWorker *rw) { ereport(LOG, (errcode(ERRCODE_INTERNAL_ERROR), - errmsg("could not acquire random number"))); + errmsg("could not generate random cancel key"))); rw->rw_crashed_at = GetCurrentTimestamp(); return false; |