Forbid gen_random_uuid() with --disable-strong-random

Previously, gen_random_uuid() would fall back to a weak random number generator, unlike gen_random_bytes() which would just fail. And this was not made very clear in the docs. For consistency, also make gen_random_uuid() fail outright, if compiled with --disable-strong-random. Re-word the error message you get with --disable-strong-random. It is also used by pgp functions that require random salts, and now also gen_random_uuid(). Reported by Radek Slupik. Discussion: https://www.postgresql.org/message-id/20170101232054.10135.50528@wrigleys.postgresql.org
2025-07-27 12:41:57 +03:00 · 2017-07-03 12:10:11 +03:00
parent 647675228f
commit bf723a274c
6 changed files with 41 additions and 41 deletions
--- a/contrib/pgcrypto/pgcrypto.c
+++ b/contrib/pgcrypto/pgcrypto.c
@ -451,13 +451,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid);
 Datum
 pg_random_uuid(PG_FUNCTION_ARGS)
 {
+#ifdef HAVE_STRONG_RANDOM
 	uint8	   *buf = (uint8 *) palloc(UUID_LEN);

-	/*
-	 * Generate random bits. pg_backend_random() will do here, we don't promis
-	 * UUIDs to be cryptographically random, when built with
-	 * --disable-strong-random.
-	 */
+	/* Generate random bits. */
 	if (!pg_backend_random((char *) buf, UUID_LEN))
 		px_THROW_ERROR(PXE_NO_RANDOM);

@ -469,6 +466,9 @@ pg_random_uuid(PG_FUNCTION_ARGS)
 	buf[8] = (buf[8] & 0x3f) | 0x80;	/* "variant" field */

 	PG_RETURN_UUID_P((pg_uuid_t *) buf);
+#else
+	px_THROW_ERROR(PXE_NO_RANDOM);
+#endif
 }

 static void *