Use RAND_poll() for seeding randomness after fork().

nmisch · nmisch · commit ce4939ff7089 · 2020-07-25T14:50:59.000-07:00
OpenSSL deprecated RAND_cleanup(), and OpenSSL 1.1.0 made it into a no-op. Replace it with RAND_poll(), per an OpenSSL community recommendation. While this has no user-visible consequences under OpenSSL defaults, it might help under non-default settings. Daniel Gustafsson, reviewed by David Steele and Michael Paquier. Discussion: https://postgr.es/m/9B038FA5-23E8-40D0-B932-D515E1D8F66A@yesql.se
diff --git a/src/backend/postmaster/fork_process.c b/src/backend/postmaster/fork_process.c
@@ -109,10 +109,12 @@ fork_process(void)
 		}
 
 		/*
-		 * Make sure processes do not share OpenSSL randomness state.
+		 * Make sure processes do not share OpenSSL randomness state. This is
+		 * no longer required in OpenSSL 1.1.1 and later versions, but until
+		 * we drop support for version < 1.1.1 we need to do this.
 		 */
 #ifdef USE_OPENSSL
-		RAND_cleanup();
+		RAND_poll();
 #endif
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -109,10 +109,12 @@ fork_process(void)`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`/*`
`112`		`- * Make sure processes do not share OpenSSL randomness state.`
	`112`	`+ * Make sure processes do not share OpenSSL randomness state. This is`
	`113`	`+ * no longer required in OpenSSL 1.1.1 and later versions, but until`
	`114`	`+ * we drop support for version < 1.1.1 we need to do this.`
`113`	`115`	`*/`
`114`	`116`	`#ifdef USE_OPENSSL`
`115`		`- RAND_cleanup();`
	`117`	`+ RAND_poll();`
`116`	`118`	`#endif`
`117`	`119`	`}`
`118`	`120`