Forbid gen_random_uuid() with --disable-strong-random

Previously, gen_random_uuid() would fall back to a weak random number
generator, unlike gen_random_bytes() which would just fail. And this was
not made very clear in the docs. For consistency, also make
gen_random_uuid() fail outright, if compiled with --disable-strong-random.

Re-word the error message you get with --disable-strong-random. It is also
used by pgp functions that require random salts, and now also
gen_random_uuid().

Reported by Radek Slupik.

Discussion: https://www.postgresql.org/message-id/[email protected]

1 files changed, 5 insertions, 5 deletions

diff --git a/contrib/pgcrypto/pgcrypto.c b/contrib/pgcrypto/pgcrypto.c
index 4e3516a86ad..e09f3378da6 100644
--- a/contrib/pgcrypto/pgcrypto.c
+++ b/contrib/pgcrypto/pgcrypto.c
@@ -451,13 +451,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid);
 Datum
 pg_random_uuid(PG_FUNCTION_ARGS)
 {
+#ifdef HAVE_STRONG_RANDOM
 	uint8	   *buf = (uint8 *) palloc(UUID_LEN);
 
-	/*
-	 * Generate random bits. pg_backend_random() will do here, we don't promis
-	 * UUIDs to be cryptographically random, when built with
-	 * --disable-strong-random.
-	 */
+	/* Generate random bits. */
 	if (!pg_backend_random((char *) buf, UUID_LEN))
 		px_THROW_ERROR(PXE_NO_RANDOM);
 
@@ -469,6 +466,9 @@ pg_random_uuid(PG_FUNCTION_ARGS)
 	buf[8] = (buf[8] & 0x3f) | 0x80;	/* "variant" field */
 
 	PG_RETURN_UUID_P((pg_uuid_t *) buf);
+#else
+	px_THROW_ERROR(PXE_NO_RANDOM);
+#endif
 }
 
 static void *