Support getrandom() for pg_strong_random() source

From ff529f2ce5a5fc472ecf70649b7c31a82a7239c8 Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Mon, 21 Jul 2025 23:02:24 -0700
Subject: [PATCH v2] Support getentropy() as source of pg_strong_random() where
 available.

Author:
Reviewed-by:
Discussion: https://postgr.es/m/
Backpatch-through:
---
 configure                   | 24 +++++++++++++++++++++-
 configure.ac                |  8 +++++++-
 meson.build                 |  5 +++++
 src/include/pg_config.h.in  |  3 +++
 src/port/pg_strong_random.c | 40 ++++++++++++++++++++++++++++++++++---
 5 files changed, 75 insertions(+), 5 deletions(-)

diff --git a/configure b/configure
index 507a2437c33..f11cd4265bf 100755
--- a/configure
+++ b/configure
@@ -16243,6 +16243,25 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+ac_fn_c_check_header_mongrel "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_random_h" = xyes; then :
+  for ac_func in getentropy
+do :
+  ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy"
+if test "x$ac_cv_func_getentropy" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETENTROPY 1
+_ACEOF
+
+$as_echo "#define HAVE_GETENTROPY 1" >>confdefs.h
+
+fi
+done
+
+fi
+
+
+
 ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
 if test "x$ac_cv_func_explicit_bzero" = xyes; then :
   $as_echo "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
@@ -18479,6 +18498,9 @@ $as_echo "Windows native" >&6; }
 elif test x"$cross_compiling" = x"yes"; then
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
+elif test x"$ac_cv_func_getentropy" = x"yes"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: getentropy" >&5
+$as_echo "getentropy" >&6; }
 else
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
 $as_echo "/dev/urandom" >&6; }
@@ -18505,7 +18527,7 @@ fi
   if test x"$ac_cv_file__dev_urandom" = x"no" ; then
     as_fn_error $? "
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+PostgreSQL can use OpenSSL, native Windows API, getentropy function, or /dev/urandom as a source of random numbers." "$LINENO" 5
   fi
 fi
 
diff --git a/configure.ac b/configure.ac
index 5f4548adc5c..9cf453fcd23 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1850,6 +1850,10 @@ AC_CHECK_DECLS([memset_s], [], [], [#define __STDC_WANT_LIB_EXT1__ 1
 # This is probably only present on macOS, but may as well check always
 AC_CHECK_DECLS(F_FULLFSYNC, [], [], [#include <fcntl.h>])
 
+AC_CHECK_HEADER([sys/random.h],
+ [AC_CHECK_FUNCS([getentropy],
+  [AC_DEFINE(HAVE_GETENTROPY, 1, [Define to 1 if you have getentropy])])])
+
 AC_REPLACE_FUNCS(m4_normalize([
 	explicit_bzero
 	getopt
@@ -2314,6 +2318,8 @@ elif test x"$PORTNAME" = x"win32" ; then
   AC_MSG_RESULT([Windows native])
 elif test x"$cross_compiling" = x"yes"; then
   AC_MSG_RESULT([assuming /dev/urandom])
+elif test x"$ac_cv_func_getentropy" = x"yes"; then
+  AC_MSG_RESULT(getentropy)
 else
   AC_MSG_RESULT([/dev/urandom])
   AC_CHECK_FILE([/dev/urandom], [], [])
@@ -2321,7 +2327,7 @@ else
   if test x"$ac_cv_file__dev_urandom" = x"no" ; then
     AC_MSG_ERROR([
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+PostgreSQL can use OpenSSL, native Windows API, getentropy function, or /dev/urandom as a source of random numbers.])
   fi
 fi
 
diff --git a/meson.build b/meson.build
index ca423dc8e12..d34c6ae39f2 100644
--- a/meson.build
+++ b/meson.build
@@ -2705,6 +2705,11 @@ return 0;
    don't.'''.format(func))
 endforeach
 
+if cc.has_header('sys/random.h') and cc.has_function('getentropy',
+    args: test_c_args, prefix: '''
+#include <sys/random.h>''')
+  cdata.set('HAVE_GETENTROPY', 1)
+endif
 
 if cc.has_type('struct option',
     args: test_c_args, include_directories: postgres_inc,
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index c4dc5d72bdb..eb02137f92d 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -172,6 +172,9 @@
 /* Define to 1 if you have the `getauxval' function. */
 #undef HAVE_GETAUXVAL
 
+/* Define to 1 if you have getentropy */
+#undef HAVE_GETENTROPY
+
 /* Define to 1 if you have the `getifaddrs' function. */
 #undef HAVE_GETIFADDRS
 
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index ea6780dcc9f..c3ea5f7b779 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -40,7 +40,8 @@
  *
  * 1. OpenSSL's RAND_bytes()
  * 2. Windows' CryptGenRandom() function
- * 3. /dev/urandom
+ * 3. getentropy() function
+ * 4. /dev/urandom
  *
  * Returns true on success, and false if none of the sources
  * were available. NB: It is important to check the return value!
@@ -134,10 +135,43 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* not USE_OPENSSL or WIN32 */
+#elif HAVE_GETENTROPY
+
+#include <sys/random.h>
+
+#define GETENTROPY_MAX_LEN	256
+
+void
+pg_strong_random_init(void)
+{
+	/* No initialization needed */
+}
+
+bool
+pg_strong_random(void *buf, size_t len)
+{
+	char	   *p = buf;
+	ssize_t		res;
+
+	while (len)
+	{
+		size_t		l = Min(len, GETENTROPY_MAX_LEN);
+
+		res = getentropy(buf, l);
+		if (res < 0)
+			return false;
+
+		p += l;
+		len -= l;
+	}
+
+	return true;
+}
+
+#else							/* not USE_OPENSSL, WIN32, or HAVE_GETENTROPY */
 
 /*
- * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
+ * Without OpenSSL, Win32, or getentropy() support, just read /dev/urandom ourselves.
  */
 
 void
-- 
2.47.3

From 05a53fe6ab33cfa9d6673ee8b868ce66b349e35b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dagfinn=20Ilmari=20Manns=C3=A5ker?= <ilmari@ilmari.org>
Date: Wed, 30 Jul 2025 12:36:46 +0100
Subject: [PATCH v3] Support getentropy() as source of pg_strong_random() where
 available

---
 configure                   | 24 ++++++++++++++++++-
 configure.ac                |  8 ++++++-
 meson.build                 |  9 ++++++++
 src/include/pg_config.h.in  |  6 +++++
 src/port/pg_strong_random.c | 46 ++++++++++++++++++++++++++++++++++---
 5 files changed, 88 insertions(+), 5 deletions(-)

diff --git a/configure b/configure
index 507a2437c33..f11cd4265bf 100755
--- a/configure
+++ b/configure
@@ -16243,6 +16243,25 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+ac_fn_c_check_header_mongrel "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_random_h" = xyes; then :
+  for ac_func in getentropy
+do :
+  ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy"
+if test "x$ac_cv_func_getentropy" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETENTROPY 1
+_ACEOF
+
+$as_echo "#define HAVE_GETENTROPY 1" >>confdefs.h
+
+fi
+done
+
+fi
+
+
+
 ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
 if test "x$ac_cv_func_explicit_bzero" = xyes; then :
   $as_echo "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
@@ -18479,6 +18498,9 @@ $as_echo "Windows native" >&6; }
 elif test x"$cross_compiling" = x"yes"; then
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
+elif test x"$ac_cv_func_getentropy" = x"yes"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: getentropy" >&5
+$as_echo "getentropy" >&6; }
 else
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
 $as_echo "/dev/urandom" >&6; }
@@ -18505,7 +18527,7 @@ fi
   if test x"$ac_cv_file__dev_urandom" = x"no" ; then
     as_fn_error $? "
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+PostgreSQL can use OpenSSL, native Windows API, getentropy function, or /dev/urandom as a source of random numbers." "$LINENO" 5
   fi
 fi
 
diff --git a/configure.ac b/configure.ac
index 5f4548adc5c..9cf453fcd23 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1850,6 +1850,10 @@ AC_CHECK_DECLS([memset_s], [], [], [#define __STDC_WANT_LIB_EXT1__ 1
 # This is probably only present on macOS, but may as well check always
 AC_CHECK_DECLS(F_FULLFSYNC, [], [], [#include <fcntl.h>])
 
+AC_CHECK_HEADER([sys/random.h],
+ [AC_CHECK_FUNCS([getentropy],
+  [AC_DEFINE(HAVE_GETENTROPY, 1, [Define to 1 if you have getentropy])])])
+
 AC_REPLACE_FUNCS(m4_normalize([
 	explicit_bzero
 	getopt
@@ -2314,6 +2318,8 @@ elif test x"$PORTNAME" = x"win32" ; then
   AC_MSG_RESULT([Windows native])
 elif test x"$cross_compiling" = x"yes"; then
   AC_MSG_RESULT([assuming /dev/urandom])
+elif test x"$ac_cv_func_getentropy" = x"yes"; then
+  AC_MSG_RESULT(getentropy)
 else
   AC_MSG_RESULT([/dev/urandom])
   AC_CHECK_FILE([/dev/urandom], [], [])
@@ -2321,7 +2327,7 @@ else
   if test x"$ac_cv_file__dev_urandom" = x"no" ; then
     AC_MSG_ERROR([
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+PostgreSQL can use OpenSSL, native Windows API, getentropy function, or /dev/urandom as a source of random numbers.])
   fi
 fi
 
diff --git a/meson.build b/meson.build
index ca423dc8e12..b422b623db1 100644
--- a/meson.build
+++ b/meson.build
@@ -2627,6 +2627,7 @@ header_checks = [
   'sys/personality.h',
   'sys/prctl.h',
   'sys/procctl.h',
+  'sys/random.h',
   'sys/signalfd.h',
   'sys/ucred.h',
   'termios.h',
@@ -2705,6 +2706,14 @@ return 0;
    don't.'''.format(func))
 endforeach
 
+if cc.has_function('getentropy',
+    args: test_c_args,
+    prefix: '''
+#include <unistd.h>
+@0@
+'''.format(cdata.get('HAVE_SYS_RANDOM_H') == 1 ? '#include <sys/random.h>' : ''))
+  cdata.set('HAVE_GETENTROPY', 1)
+endif
 
 if cc.has_type('struct option',
     args: test_c_args, include_directories: postgres_inc,
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index c4dc5d72bdb..147ab293518 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -172,6 +172,9 @@
 /* Define to 1 if you have the `getauxval' function. */
 #undef HAVE_GETAUXVAL
 
+/* Define to 1 if you have getentropy */
+#undef HAVE_GETENTROPY
+
 /* Define to 1 if you have the `getifaddrs' function. */
 #undef HAVE_GETIFADDRS
 
@@ -448,6 +451,9 @@
 /* Define to 1 if you have the <sys/procctl.h> header file. */
 #undef HAVE_SYS_PROCCTL_H
 
+/* Define to 1 if you have the <sys/random.h> header file. */
+#undef HAVE_SYS_RANDOM_H
+
 /* Define to 1 if you have the <sys/signalfd.h> header file. */
 #undef HAVE_SYS_SIGNALFD_H
 
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index ea6780dcc9f..da482e96ae7 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -40,7 +40,8 @@
  *
  * 1. OpenSSL's RAND_bytes()
  * 2. Windows' CryptGenRandom() function
- * 3. /dev/urandom
+ * 3. getentropy() function
+ * 4. /dev/urandom
  *
  * Returns true on success, and false if none of the sources
  * were available. NB: It is important to check the return value!
@@ -134,10 +135,49 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* not USE_OPENSSL or WIN32 */
+#elif HAVE_GETENTROPY
+
+#include <limits.h>
+
+#ifdef HAVE_SYS_RANDOM_H
+#include <sys/random.h>
+#endif
+
+#ifndef GETENTROPY_MAX
+#define GETENTROPY_MAX	256
+#endif
+
+void
+pg_strong_random_init(void)
+{
+	/* No initialization needed */
+}
+
+bool
+pg_strong_random(void *buf, size_t len)
+{
+	char	   *p = buf;
+	ssize_t		res;
+
+	while (len)
+	{
+		size_t		l = Min(len, GETENTROPY_MAX);
+
+		res = getentropy(p, l);
+		if (res < 0)
+			return false;
+
+		p += l;
+		len -= l;
+	}
+
+	return true;
+}
+
+#else							/* not USE_OPENSSL, WIN32, or HAVE_GETENTROPY */
 
 /*
- * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
+ * Without OpenSSL, Win32, or getentropy() support, just read /dev/urandom ourselves.
  */
 
 void
-- 
2.50.1

From 88b155c691806bd116b001334cad8ffc1f43e741 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dagfinn=20Ilmari=20Manns=C3=A5ker?= <ilmari@ilmari.org>
Date: Wed, 30 Jul 2025 12:36:46 +0100
Subject: [PATCH v4] Support getentropy() as source of pg_strong_random() where
 available

---
 configure                   | 24 ++++++++++++++++++-
 configure.ac                |  8 ++++++-
 meson.build                 |  9 ++++++++
 src/include/pg_config.h.in  |  6 +++++
 src/port/pg_strong_random.c | 46 ++++++++++++++++++++++++++++++++++---
 5 files changed, 88 insertions(+), 5 deletions(-)

diff --git a/configure b/configure
index 507a2437c33..f11cd4265bf 100755
--- a/configure
+++ b/configure
@@ -16243,6 +16243,25 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+ac_fn_c_check_header_mongrel "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_random_h" = xyes; then :
+  for ac_func in getentropy
+do :
+  ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy"
+if test "x$ac_cv_func_getentropy" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETENTROPY 1
+_ACEOF
+
+$as_echo "#define HAVE_GETENTROPY 1" >>confdefs.h
+
+fi
+done
+
+fi
+
+
+
 ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
 if test "x$ac_cv_func_explicit_bzero" = xyes; then :
   $as_echo "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
@@ -18479,6 +18498,9 @@ $as_echo "Windows native" >&6; }
 elif test x"$cross_compiling" = x"yes"; then
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
+elif test x"$ac_cv_func_getentropy" = x"yes"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: getentropy" >&5
+$as_echo "getentropy" >&6; }
 else
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
 $as_echo "/dev/urandom" >&6; }
@@ -18505,7 +18527,7 @@ fi
   if test x"$ac_cv_file__dev_urandom" = x"no" ; then
     as_fn_error $? "
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+PostgreSQL can use OpenSSL, native Windows API, getentropy function, or /dev/urandom as a source of random numbers." "$LINENO" 5
   fi
 fi
 
diff --git a/configure.ac b/configure.ac
index 5f4548adc5c..9cf453fcd23 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1850,6 +1850,10 @@ AC_CHECK_DECLS([memset_s], [], [], [#define __STDC_WANT_LIB_EXT1__ 1
 # This is probably only present on macOS, but may as well check always
 AC_CHECK_DECLS(F_FULLFSYNC, [], [], [#include <fcntl.h>])
 
+AC_CHECK_HEADER([sys/random.h],
+ [AC_CHECK_FUNCS([getentropy],
+  [AC_DEFINE(HAVE_GETENTROPY, 1, [Define to 1 if you have getentropy])])])
+
 AC_REPLACE_FUNCS(m4_normalize([
 	explicit_bzero
 	getopt
@@ -2314,6 +2318,8 @@ elif test x"$PORTNAME" = x"win32" ; then
   AC_MSG_RESULT([Windows native])
 elif test x"$cross_compiling" = x"yes"; then
   AC_MSG_RESULT([assuming /dev/urandom])
+elif test x"$ac_cv_func_getentropy" = x"yes"; then
+  AC_MSG_RESULT(getentropy)
 else
   AC_MSG_RESULT([/dev/urandom])
   AC_CHECK_FILE([/dev/urandom], [], [])
@@ -2321,7 +2327,7 @@ else
   if test x"$ac_cv_file__dev_urandom" = x"no" ; then
     AC_MSG_ERROR([
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+PostgreSQL can use OpenSSL, native Windows API, getentropy function, or /dev/urandom as a source of random numbers.])
   fi
 fi
 
diff --git a/meson.build b/meson.build
index ca423dc8e12..70f5d6494cb 100644
--- a/meson.build
+++ b/meson.build
@@ -2627,6 +2627,7 @@ header_checks = [
   'sys/personality.h',
   'sys/prctl.h',
   'sys/procctl.h',
+  'sys/random.h',
   'sys/signalfd.h',
   'sys/ucred.h',
   'termios.h',
@@ -2705,6 +2706,14 @@ return 0;
    don't.'''.format(func))
 endforeach
 
+if cc.has_function('getentropy',
+    args: test_c_args,
+    prefix: '''
+#include <unistd.h>
+@0@
+'''.format('@0@'.format(cdata.get('HAVE_SYS_RANDOM_H')) == '1' ? '#include <sys/random.h>' : ''))
+  cdata.set('HAVE_GETENTROPY', 1)
+endif
 
 if cc.has_type('struct option',
     args: test_c_args, include_directories: postgres_inc,
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index c4dc5d72bdb..147ab293518 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -172,6 +172,9 @@
 /* Define to 1 if you have the `getauxval' function. */
 #undef HAVE_GETAUXVAL
 
+/* Define to 1 if you have getentropy */
+#undef HAVE_GETENTROPY
+
 /* Define to 1 if you have the `getifaddrs' function. */
 #undef HAVE_GETIFADDRS
 
@@ -448,6 +451,9 @@
 /* Define to 1 if you have the <sys/procctl.h> header file. */
 #undef HAVE_SYS_PROCCTL_H
 
+/* Define to 1 if you have the <sys/random.h> header file. */
+#undef HAVE_SYS_RANDOM_H
+
 /* Define to 1 if you have the <sys/signalfd.h> header file. */
 #undef HAVE_SYS_SIGNALFD_H
 
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index ea6780dcc9f..da482e96ae7 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -40,7 +40,8 @@
  *
  * 1. OpenSSL's RAND_bytes()
  * 2. Windows' CryptGenRandom() function
- * 3. /dev/urandom
+ * 3. getentropy() function
+ * 4. /dev/urandom
  *
  * Returns true on success, and false if none of the sources
  * were available. NB: It is important to check the return value!
@@ -134,10 +135,49 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* not USE_OPENSSL or WIN32 */
+#elif HAVE_GETENTROPY
+
+#include <limits.h>
+
+#ifdef HAVE_SYS_RANDOM_H
+#include <sys/random.h>
+#endif
+
+#ifndef GETENTROPY_MAX
+#define GETENTROPY_MAX	256
+#endif
+
+void
+pg_strong_random_init(void)
+{
+	/* No initialization needed */
+}
+
+bool
+pg_strong_random(void *buf, size_t len)
+{
+	char	   *p = buf;
+	ssize_t		res;
+
+	while (len)
+	{
+		size_t		l = Min(len, GETENTROPY_MAX);
+
+		res = getentropy(p, l);
+		if (res < 0)
+			return false;
+
+		p += l;
+		len -= l;
+	}
+
+	return true;
+}
+
+#else							/* not USE_OPENSSL, WIN32, or HAVE_GETENTROPY */
 
 /*
- * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
+ * Without OpenSSL, Win32, or getentropy() support, just read /dev/urandom ourselves.
  */
 
 void
-- 
2.50.1

From 2e1f3ef7233f9ecafc0f4bfccdb1195bdebbf256 Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Mon, 22 Sep 2025 23:20:06 -0700
Subject: [PATCH 1/2] PoC: Select random source type.

---
 src/backend/utils/misc/Makefile               |  1 +
 src/backend/utils/misc/guc_parameters.dat     |  8 +++
 src/backend/utils/misc/guc_tables.c           |  1 +
 src/backend/utils/misc/meson.build            |  1 +
 src/backend/utils/misc/postgresql.conf.sample |  1 +
 src/backend/utils/misc/random_source.c        | 59 +++++++++++++++++++
 src/bin/initdb/initdb.c                       | 13 ++++
 src/include/port.h                            | 31 +++++++++-
 src/include/utils/guc.h                       |  1 +
 src/include/utils/guc_hooks.h                 |  1 +
 src/include/utils/random_source.h             | 32 ++++++++++
 src/port/pg_strong_random.c                   | 37 ++++++++----
 12 files changed, 174 insertions(+), 12 deletions(-)
 create mode 100644 src/backend/utils/misc/random_source.c
 create mode 100644 src/include/utils/random_source.h

diff --git a/src/backend/utils/misc/Makefile b/src/backend/utils/misc/Makefile
index b362ae43771..96686c50e5f 100644
--- a/src/backend/utils/misc/Makefile
+++ b/src/backend/utils/misc/Makefile
@@ -27,6 +27,7 @@ OBJS = \
 	pg_rusage.o \
 	ps_status.o \
 	queryenvironment.o \
+	random_source.o \
 	rls.o \
 	sampling.o \
 	stack_depth.o \
diff --git a/src/backend/utils/misc/guc_parameters.dat b/src/backend/utils/misc/guc_parameters.dat
index 6bc6be13d2a..22e9aa7dbab 100644
--- a/src/backend/utils/misc/guc_parameters.dat
+++ b/src/backend/utils/misc/guc_parameters.dat
@@ -3475,4 +3475,12 @@
   assign_hook => 'assign_io_method',
 },
 
+{ name => 'random_source_type', type => 'enum', context => 'PGC_BACKEND', group => 'RESOURCES_KERNEL',
+  short_desc => 'Selects the random data generation function.',
+  variable => 'random_source_type',
+  boot_val => 'DEFAULT_RANDOM_SOURCE_TYPE',
+  options => 'random_source_type_options',
+  assign_hook => 'assign_random_source_type',
+},
+
 ]
diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
index 00c8376cf4d..0bdc144a155 100644
--- a/src/backend/utils/misc/guc_tables.c
+++ b/src/backend/utils/misc/guc_tables.c
@@ -99,6 +99,7 @@
 #include "utils/pg_locale.h"
 #include "utils/plancache.h"
 #include "utils/ps_status.h"
+#include "utils/random_source.h"
 #include "utils/rls.h"
 #include "utils/xml.h"
 
diff --git a/src/backend/utils/misc/meson.build b/src/backend/utils/misc/meson.build
index 9e389a00d05..6b03998b942 100644
--- a/src/backend/utils/misc/meson.build
+++ b/src/backend/utils/misc/meson.build
@@ -12,6 +12,7 @@ backend_sources += files(
   'pg_rusage.c',
   'ps_status.c',
   'queryenvironment.c',
+  'random_source.c',
   'rls.c',
   'sampling.c',
   'stack_depth.c',
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index c36fcb9ab61..c148b06bd27 100644
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -772,6 +772,7 @@ autovacuum_worker_slots = 16	# autovacuum worker slots to allocate
 #gin_pending_list_limit = 4MB
 #createrole_self_grant = ''		# set and/or inherit
 #event_triggers = on
+#random_source_type = 'system'
 
 # - Locale and Formatting -
 
diff --git a/src/backend/utils/misc/random_source.c b/src/backend/utils/misc/random_source.c
new file mode 100644
index 00000000000..8ae67cf8d85
--- /dev/null
+++ b/src/backend/utils/misc/random_source.c
@@ -0,0 +1,59 @@
+/*-------------------------------------------------------------------------
+ *
+ * random_source.c
+ *
+ * Dynamically setup random generation function based on random_source_type
+ * GUC parameter.
+ *
+ * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994-5, Regents of the University of California
+ *
+ *
+ * IDENTIFICATION
+ *	  src/backend/utils/misc/random_source.c
+ *
+ *-------------------------------------------------------------------------
+ */
+
+#include "postgres.h"
+
+#include "port.h"
+#include "utils/random_source.h"
+#include "utils/guc.h"
+#include "utils/guc_hooks.h"
+
+const struct config_enum_entry random_source_type_options[] = {
+	{"system", RANDOM_SOURCE_TYPE_SYSTEM, false},
+#ifdef USE_OPENSSL
+	{"openssl", RANDOM_SOURCE_TYPE_OSSL, false},
+#endif
+	{NULL, 0, false}
+};
+
+static const struct
+{
+	pg_strong_random_init_fn initfn;
+	pg_strong_random_fn genfn;
+}			random_source_type_table[] = {
+
+	[RANDOM_SOURCE_TYPE_SYSTEM] = {
+		.initfn = pg_strong_random_init_system,
+		.genfn = pg_strong_random_system,
+	},
+#ifdef USE_OPENSSL
+	[RANDOM_SOURCE_TYPE_OSSL] = {
+		.initfn = pg_strong_random_init_openssl,
+		.genfn = pg_strong_random_openssl,
+	},
+#endif
+};
+
+int			random_source_type = DEFAULT_RANDOM_SOURCE_TYPE;
+
+/* Assign hook for random_source_type */
+void
+assign_random_source_type(int newval, void *extra)
+{
+	pg_strong_random_init_impl = random_source_type_table[newval].initfn;
+	pg_strong_random_impl = random_source_type_table[newval].genfn;
+}
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index 92fe2f531f7..bcf7fb0f20c 100644
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -1109,6 +1109,16 @@ choose_dsm_implementation(void)
 #endif
 }
 
+static const char *
+choose_random_source_type(void)
+{
+#ifdef USE_OPENSSL
+	return "openssl";
+#else
+	return "system";
+#endif
+}
+
 /*
  * Determine platform-specific config settings
  *
@@ -1356,6 +1366,9 @@ setup_config(void)
 	conflines = replace_guc_value(conflines, "dynamic_shared_memory_type",
 								  dynamic_shared_memory_type, false);
 
+	conflines = replace_guc_value(conflines, "random_source_type",
+								  choose_random_source_type(), false);
+
 	/* Caution: these depend on wal_segment_size_mb, they're not constants */
 	conflines = replace_guc_value(conflines, "min_wal_size",
 								  pretty_wal_size(DEFAULT_MIN_WAL_SEGS), false);
diff --git a/src/include/port.h b/src/include/port.h
index 3964d3b1293..d7464c231a5 100644
--- a/src/include/port.h
+++ b/src/include/port.h
@@ -509,8 +509,35 @@ extern char *pg_inet_net_ntop(int af, const void *src, int bits,
 							  char *dst, size_t size);
 
 /* port/pg_strong_random.c */
-extern void pg_strong_random_init(void);
-extern bool pg_strong_random(void *buf, size_t len);
+extern void pg_strong_random_init_system(void);
+extern bool pg_strong_random_system(void *buf, size_t len);
+#ifdef USE_OPENSSL
+extern void pg_strong_random_init_openssl(void);
+extern bool pg_strong_random_openssl(void *buf, size_t len);
+#endif
+
+typedef void (*pg_strong_random_init_fn) (void);
+typedef bool (*pg_strong_random_fn) (void *buf, size_t len);
+
+/* Function pointers to the random data generation implementations */
+extern pg_strong_random_init_fn pg_strong_random_init_impl;
+extern pg_strong_random_fn pg_strong_random_impl;
+
+/*
+ * Public functions to generate strong random data. The functions invoked
+ * from these function can be replaced by setting function pointers.
+ */
+static pg_attribute_always_inline void
+pg_strong_random_init(void)
+{
+	(*pg_strong_random_init_impl) ();
+}
+
+static pg_attribute_always_inline bool
+pg_strong_random(void *buf, size_t len)
+{
+	return (*pg_strong_random_impl) (buf, len);
+}
 
 /*
  * pg_backend_random used to be a wrapper for pg_strong_random before
diff --git a/src/include/utils/guc.h b/src/include/utils/guc.h
index f21ec37da89..c64e99318fa 100644
--- a/src/include/utils/guc.h
+++ b/src/include/utils/guc.h
@@ -343,6 +343,7 @@ extern PGDLLIMPORT bool optimize_bounded_sort;
 extern PGDLLIMPORT const struct config_enum_entry archive_mode_options[];
 extern PGDLLIMPORT const struct config_enum_entry dynamic_shared_memory_options[];
 extern PGDLLIMPORT const struct config_enum_entry io_method_options[];
+extern PGDLLIMPORT const struct config_enum_entry random_source_type_options[];
 extern PGDLLIMPORT const struct config_enum_entry recovery_target_action_options[];
 extern PGDLLIMPORT const struct config_enum_entry wal_level_options[];
 extern PGDLLIMPORT const struct config_enum_entry wal_sync_method_options[];
diff --git a/src/include/utils/guc_hooks.h b/src/include/utils/guc_hooks.h
index 82ac8646a8d..7bc8f6217ce 100644
--- a/src/include/utils/guc_hooks.h
+++ b/src/include/utils/guc_hooks.h
@@ -96,6 +96,7 @@ extern bool check_primary_slot_name(char **newval, void **extra,
 									GucSource source);
 extern bool check_random_seed(double *newval, void **extra, GucSource source);
 extern void assign_random_seed(double newval, void *extra);
+extern void assign_random_source_type(int newval, void *extra);
 extern const char *show_random_seed(void);
 extern bool check_recovery_prefetch(int *new_value, void **extra,
 									GucSource source);
diff --git a/src/include/utils/random_source.h b/src/include/utils/random_source.h
new file mode 100644
index 00000000000..b4f8a88db43
--- /dev/null
+++ b/src/include/utils/random_source.h
@@ -0,0 +1,32 @@
+/*-------------------------------------------------------------------------
+ *
+ * random_source.h
+ *
+ * Copyright (c) 2007-2025, PostgreSQL Global Development Group
+ *
+ * src/include/utils/random_source.h
+ *
+ *-------------------------------------------------------------------------
+ */
+
+#ifndef RANDOM_SOURCE_H
+#define RANDOM_SOURCE_H
+
+typedef enum RandomSourceType
+{
+	RANDOM_SOURCE_TYPE_SYSTEM = 0,
+#ifdef USE_OPENSSL
+	RANDOM_SOURCE_TYPE_OSSL,
+#endif
+}			RandomSourceType;
+
+#ifdef USE_OPENSSL
+#define DEFAULT_RANDOM_SOURCE_TYPE RANDOM_SOURCE_TYPE_OSSL
+#else
+#define DEFAULT_RANDOM_SOURCE_TYPE RANDOM_SOURCE_TYPE_SYSTEM
+#endif
+
+/* GUC */
+extern PGDLLIMPORT int random_source_type;
+
+#endif							/* RANDOM_SOURCE_H */
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index ea6780dcc9f..231995e42af 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -25,7 +25,7 @@
 #include <sys/time.h>
 
 /*
- * pg_strong_random & pg_strong_random_init
+ * pg_strong_random & pg_strong_random_init implementations.
  *
  * Generate requested number of random bytes. The returned bytes are
  * cryptographically secure, suitable for use e.g. in authentication.
@@ -48,6 +48,21 @@
  * would lead to predictable keys and security issues.
  */
 
+/*
+ * Set default implementations.
+ *
+ * The pg_strong_random and pg_strong_random_init implementations are fixed to
+ * the implementations follows in FRONTEND builds. On non-FRONTEND builds (i.e.,
+ * backends) the implementations could be replaced by random_source_type GUC
+ * parameter.
+ */
+#ifdef USE_OPENSSL
+pg_strong_random_init_fn pg_strong_random_init_impl = pg_strong_random_init_openssl;
+pg_strong_random_fn pg_strong_random_impl = pg_strong_random_openssl;
+#else
+pg_strong_random_init_fn pg_strong_random_init_impl = pg_strong_random_init_system;
+pg_strong_random_fn pg_strong_random_impl = pg_strong_random_system;
+#endif
 
 
 #ifdef USE_OPENSSL
@@ -55,13 +70,13 @@
 #include <openssl/rand.h>
 
 void
-pg_strong_random_init(void)
+pg_strong_random_init_openssl(void)
 {
 	/* No initialization needed */
 }
 
 bool
-pg_strong_random(void *buf, size_t len)
+pg_strong_random_openssl(void *buf, size_t len)
 {
 	int			i;
 
@@ -92,7 +107,9 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#elif WIN32
+#endif
+
+#if WIN32
 
 #include <wincrypt.h>
 /*
@@ -102,13 +119,13 @@ pg_strong_random(void *buf, size_t len)
 static HCRYPTPROV hProvider = 0;
 
 void
-pg_strong_random_init(void)
+pg_strong_random_init_system(void)
 {
 	/* No initialization needed on WIN32 */
 }
 
 bool
-pg_strong_random(void *buf, size_t len)
+pg_strong_random_system(void *buf, size_t len)
 {
 	if (hProvider == 0)
 	{
@@ -134,20 +151,20 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* not USE_OPENSSL or WIN32 */
+#else							/* not WIN32 */
 
 /*
- * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
+ * On Unix-like platforms, just read /dev/urandom ourselves.
  */
 
 void
-pg_strong_random_init(void)
+pg_strong_random_init_system(void)
 {
 	/* No initialization needed */
 }
 
 bool
-pg_strong_random(void *buf, size_t len)
+pg_strong_random_system(void *buf, size_t len)
 {
 	int			f;
 	char	   *p = buf;
-- 
2.47.3

From b607bfdc51ebe6401f32d01d3b614b818be1c645 Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Tue, 23 Sep 2025 00:24:12 -0700
Subject: [PATCH 2/2] PoC: Support getrandom() as the source of
 pg_strong_random().

getrandom() is the default random generation function when
random_source_type is set to 'system'.

Author:
Reviewed-by:
Discussion: https://postgr.es/m/
Backpatch-through:
---
 configure                   | 19 +++++++++++++++++++
 configure.ac                |  4 ++++
 meson.build                 |  6 ++++++
 src/include/pg_config.h.in  |  3 +++
 src/include/port.h          |  4 ++--
 src/port/pg_strong_random.c | 38 ++++++++++++++++++++++++++++++++++++-
 6 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 22cd866147b..08b8f04285f 100755
--- a/configure
+++ b/configure
@@ -18321,6 +18321,25 @@ PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of ra
   fi
 fi
 
+ac_fn_c_check_header_mongrel "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_random_h" = xyes; then :
+  for ac_func in getrandom
+do :
+  ac_fn_c_check_func "$LINENO" "getrandom" "ac_cv_func_getrandom"
+if test "x$ac_cv_func_getrandom" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETRANDOM 1
+_ACEOF
+
+$as_echo "#define HAVE_GETRANDOM 1" >>confdefs.h
+
+fi
+done
+
+fi
+
+
+
 # If not set in template file, set bytes to use libc memset()
 if test x"$MEMSET_LOOP_LIMIT" = x"" ; then
   MEMSET_LOOP_LIMIT=1024
diff --git a/configure.ac b/configure.ac
index e44943aa6fe..71be1318be6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2317,6 +2317,10 @@ PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of ra
   fi
 fi
 
+AC_CHECK_HEADER([sys/random.h],
+ [AC_CHECK_FUNCS([getrandom],
+  [AC_DEFINE(HAVE_GETRANDOM, 1, [Define to 1 if you have getrandom])])])
+
 # If not set in template file, set bytes to use libc memset()
 if test x"$MEMSET_LOOP_LIMIT" = x"" ; then
   MEMSET_LOOP_LIMIT=1024
diff --git a/meson.build b/meson.build
index 395416a6060..3d9a9ce2e9a 100644
--- a/meson.build
+++ b/meson.build
@@ -2713,6 +2713,12 @@ int main(void)
   endif
 endforeach
 
+if cc.has_header('sys/random.h') and cc.has_function('getrandom',
+    args: test_c_args, prefix: '''
+#include <sys/random.h>''')
+  cdata.set('HAVE_GETRANDOM', 1)
+endif
+
 if cc.has_type('socklen_t',
     args: test_c_args, include_directories: postgres_inc,
     prefix: '''
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index c4dc5d72bdb..aa742d20b18 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -190,6 +190,9 @@
 /* Define to 1 if you have the `getpeerucred' function. */
 #undef HAVE_GETPEERUCRED
 
+/* Define to 1 if you have the `getrandom' function. */
+#undef HAVE_GETRANDOM
+
 /* Define to 1 if you have the <gssapi_ext.h> header file. */
 #undef HAVE_GSSAPI_EXT_H
 
diff --git a/src/include/port.h b/src/include/port.h
index d7464c231a5..af1ebce15de 100644
--- a/src/include/port.h
+++ b/src/include/port.h
@@ -520,8 +520,8 @@ typedef void (*pg_strong_random_init_fn) (void);
 typedef bool (*pg_strong_random_fn) (void *buf, size_t len);
 
 /* Function pointers to the random data generation implementations */
-extern pg_strong_random_init_fn pg_strong_random_init_impl;
-extern pg_strong_random_fn pg_strong_random_impl;
+extern PGDLLIMPORT pg_strong_random_init_fn pg_strong_random_init_impl;
+extern PGDLLIMPORT pg_strong_random_fn pg_strong_random_impl;
 
 /*
  * Public functions to generate strong random data. The functions invoked
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index 231995e42af..6024efd0bbd 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -151,7 +151,43 @@ pg_strong_random_system(void *buf, size_t len)
 	return false;
 }
 
-#else							/* not WIN32 */
+#elif HAVE_GETRANDOM
+
+#include <sys/random.h>
+
+void
+pg_strong_random_init_system(void)
+{
+	/* No initialization needed */
+}
+
+bool
+pg_strong_random_system(void *buf, size_t len)
+{
+	char	   *p = buf;
+	ssize_t		res;
+
+	while (len)
+	{
+		/* Get random data from the urandom source in blocking mode */
+		res = getrandom(p, len, 0);
+
+		if (res <= 0)
+		{
+			if (errno == EINTR)
+				continue;		/* interrupted by signal, just retry */
+
+			return false;
+		}
+
+		p += res;
+		len -= res;
+	}
+
+	return true;
+}
+
+#else
 
 /*
  * On Unix-like platforms, just read /dev/urandom ourselves.
-- 
2.47.3

From 07b2b5de4f89a041bf534cae2e46e49bd9a9d8bd Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Tue, 21 Oct 2025 16:25:23 -0700
Subject: [PATCH v1 1/2] Add configure-time selection of random number source.

Previously, the random number source was automatically selected: OpenSSL
was the first choice, with native platform sources (Windows API or
/dev/urandom) used as fallback options.

This commit adds the ability to specify the random number source at
configure time using either the --with-random-source option for the
configure script or the -Drandom_source option for meson.

The selected random source can be viewed through the read-only GUC
parameter random_source.

XXX doc updates.

Reviewed-by:
Discussion: https://postgr.es/m/
---
 configure                                 | 78 +++++++++++++++++++----
 configure.ac                              | 50 +++++++++++----
 meson.build                               | 22 +++++++
 meson_options.txt                         |  4 ++
 src/backend/utils/misc/guc_parameters.dat |  8 ++-
 src/backend/utils/misc/guc_tables.c       |  7 ++
 src/include/pg_config.h.in                |  6 ++
 7 files changed, 149 insertions(+), 26 deletions(-)

diff --git a/configure b/configure
index 22cd866147b..809691fd61c 100755
--- a/configure
+++ b/configure
@@ -886,6 +886,7 @@ with_zstd
 with_ssl
 with_openssl
 enable_largefile
+with_random_source
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1605,6 +1606,8 @@ Optional Packages:
   --with-zstd             build with ZSTD support
   --with-ssl=LIB          use LIB for SSL/TLS support (openssl)
   --with-openssl          obsolete spelling of --with-ssl=openssl
+  --with-random-source=NAME
+                          set random number source (system,openssl)
 
 Some influential environment variables:
   PG_TEST_EXTRA
@@ -18277,24 +18280,69 @@ $as_echo "#define USE_WIN32_SHARED_MEMORY 1" >>confdefs.h
   SHMEM_IMPLEMENTATION="src/backend/port/win32_shmem.c"
 fi
 
-# Select random number source. If a TLS library is used then it will be the
-# first choice, else the native platform sources (Windows API or /dev/urandom)
-# will be used.
+#
+# Select random number source.
+#
+
+
+
+
+# Check whether --with-random-source was given.
+if test "${with_random_source+set}" = set; then :
+  withval=$with_random_source;
+  case $withval in
+    yes)
+      as_fn_error $? "argument required for --with-random-source option" "$LINENO" 5
+      ;;
+    no)
+      as_fn_error $? "argument required for --with-random-source option" "$LINENO" 5
+      ;;
+    *)
+      random_source=$withval
+      ;;
+  esac
+
+fi
+
+
+
+# If nothing is specified to --with-random-source, the default value is chosen depends
+# on OpenSSL availability.
+if test x"$random_source" = x"" ; then
+  if test x"$with_ssl" = x"openssl" ; then
+    random_source=openssl
+  else
+    random_source=system
+  fi
+elif test x"$random_source" != x"openssl" -a x"$random_source" != x"system" ; then
+  as_fn_error $? "--with-random-source must sepcify one of system or openssl" "$LINENO" 5
+fi
+
+if test "$random_source" = openssl -a x"$with_ssl" != x"openssl" ; then
+  as_fn_error $? "OpenSSL library is required for random number generation" "$LINENO" 5
+fi
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
 $as_echo_n "checking which random number source to use... " >&6; }
-if test x"$with_ssl" = x"openssl" ; then
+if test "$random_source" = openssl ; then
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
 $as_echo "OpenSSL" >&6; }
-elif test x"$PORTNAME" = x"win32" ; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
+
+$as_echo "#define USE_RANDOM_SOURCE_OPENSSL  1" >>confdefs.h
+
+else
+  # Select native platform source sources (Windows API or /dev/urandom) will
+  # be used.
+  if test x"$PORTNAME" = x"win32" ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
 $as_echo "Windows native" >&6; }
-elif test x"$cross_compiling" = x"yes"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
+  elif test x"$cross_compiling" = x"yes"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
 $as_echo "/dev/urandom" >&6; }
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
 $as_echo_n "checking for /dev/urandom... " >&6; }
 if ${ac_cv_file__dev_urandom+:} false; then :
   $as_echo_n "(cached) " >&6
@@ -18314,11 +18362,15 @@ if test "x$ac_cv_file__dev_urandom" = xyes; then :
 fi
 
 
-  if test x"$ac_cv_file__dev_urandom" = x"no" ; then
-    as_fn_error $? "
+    if test x"$ac_cv_file__dev_urandom" = x"no" ; then
+      as_fn_error $? "
 no source of strong random numbers was found
 PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+    fi
   fi
+
+$as_echo "#define USE_RANDOM_SOURCE_SYSTEM  1" >>confdefs.h
+
 fi
 
 # If not set in template file, set bytes to use libc memset()
diff --git a/configure.ac b/configure.ac
index e44943aa6fe..2690b71527b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2296,25 +2296,51 @@ else
   SHMEM_IMPLEMENTATION="src/backend/port/win32_shmem.c"
 fi
 
-# Select random number source. If a TLS library is used then it will be the
-# first choice, else the native platform sources (Windows API or /dev/urandom)
-# will be used.
+#
+# Select random number source.
+#
+
+PGAC_ARG_REQ(with, random-source, [NAME], [set random number source (system,openssl)],
+             [random_source=$withval])
+
+# If nothing is specified to --with-random-source, the default value is chosen depends
+# on OpenSSL availability.
+if test x"$random_source" = x"" ; then
+  if test x"$with_ssl" = x"openssl" ; then
+    random_source=openssl
+  else
+    random_source=system
+  fi
+elif test x"$random_source" != x"openssl" -a x"$random_source" != x"system" ; then
+  AC_MSG_ERROR([--with-random-source must sepcify one of system or openssl])
+fi
+
+if test "$random_source" = openssl -a x"$with_ssl" != x"openssl" ; then
+  AC_MSG_ERROR([OpenSSL library is required for random number generation])
+fi
+
 AC_MSG_CHECKING([which random number source to use])
-if test x"$with_ssl" = x"openssl" ; then
+if test "$random_source" = openssl ; then
   AC_MSG_RESULT([OpenSSL])
-elif test x"$PORTNAME" = x"win32" ; then
-  AC_MSG_RESULT([Windows native])
-elif test x"$cross_compiling" = x"yes"; then
-  AC_MSG_RESULT([assuming /dev/urandom])
+  AC_DEFINE([USE_RANDOM_SOURCE_OPENSSL] , 1, [Define to 1 to use OpenSSL libary for random number generation])
 else
-  AC_MSG_RESULT([/dev/urandom])
-  AC_CHECK_FILE([/dev/urandom], [], [])
+  # Select native platform source sources (Windows API or /dev/urandom) will
+  # be used.
+  if test x"$PORTNAME" = x"win32" ; then
+    AC_MSG_RESULT([Windows native])
+  elif test x"$cross_compiling" = x"yes"; then
+    AC_MSG_RESULT([assuming /dev/urandom])
+  else
+    AC_MSG_RESULT([/dev/urandom])
+    AC_CHECK_FILE([/dev/urandom], [], [])
 
-  if test x"$ac_cv_file__dev_urandom" = x"no" ; then
-    AC_MSG_ERROR([
+    if test x"$ac_cv_file__dev_urandom" = x"no" ; then
+      AC_MSG_ERROR([
 no source of strong random numbers was found
 PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+    fi
   fi
+  AC_DEFINE([USE_RANDOM_SOURCE_SYSTEM] , 1, [Define to 1 to use system native source for random number generation])
 fi
 
 # If not set in template file, set bytes to use libc memset()
diff --git a/meson.build b/meson.build
index 395416a6060..fce1e1436e7 100644
--- a/meson.build
+++ b/meson.build
@@ -2547,7 +2547,29 @@ if not have_optimized_crc
   cdata.set('USE_SLICING_BY_8_CRC32C', 1)
 endif
 
+###############################################################
+# Select random number source.
+###############################################################
+rand_src_opt = get_option('random_source')
+if rand_src_opt == 'auto'
+  if ssl.found()
+    rand_src_opt = 'openssl'
+  else
+    rand_src_opt = 'system'
+  endif
+endif
+
+if rand_src_opt == 'openssl' and not ssl.found()
+  error('OpenSSL library must be enabled for random number generation')
+endif
 
+if rand_src_opt == 'system'
+  cdata.set('USE_RANDOM_SOURCE_SYSTEM', 1,
+            description: 'Define to 1 to use system native source for random number generation')
+else
+  cdata.set('USE_RANDOM_SOURCE_OPENSSL', 1,
+            description: 'Define to 1 to use OpenSSL libary for random number generation')
+endif
 
 ###############################################################
 # Other CPU specific stuff
diff --git a/meson_options.txt b/meson_options.txt
index 06bf5627d3c..55f0f202c60 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -142,6 +142,10 @@ option('pltcl', type: 'feature', value: 'auto',
 option('tcl_version', type: 'string', value: 'tcl',
   description: 'Tcl version')
 
+option('random_source', type: 'combo', choices: ['auto', 'system', 'openssl'],
+  value: 'auto',
+  description: 'Select random number source')
+
 option('readline', type: 'feature', value: 'auto',
   description: 'Use GNU Readline or BSD Libedit for editing')
 
diff --git a/src/backend/utils/misc/guc_parameters.dat b/src/backend/utils/misc/guc_parameters.dat
index d6fc8333850..e3059c36b7d 100644
--- a/src/backend/utils/misc/guc_parameters.dat
+++ b/src/backend/utils/misc/guc_parameters.dat
@@ -3195,6 +3195,13 @@
   assign_hook => 'assign_log_connections',
 },
 
+{ name => 'random_source', type => 'string', context => 'PGC_INTERNAL', group => 'PRESET_OPTIONS',
+  short_desc => 'Shows implementation used for generating strong random number.',
+  flags => 'GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE',
+  variable => 'random_source',
+  boot_val => 'DEFAULT_RANDOM_SOURCE',
+},
+
 { name => 'backslash_quote', type => 'enum', context => 'PGC_USERSET', group => 'COMPAT_OPTIONS_PREVIOUS',
   short_desc => 'Sets whether "\\\\\'" is allowed in string literals.',
   variable => 'backslash_quote',
@@ -3500,5 +3507,4 @@
   options => 'io_method_options',
   assign_hook => 'assign_io_method',
 },
-
 ]
diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
index 00c8376cf4d..52630ada573 100644
--- a/src/backend/utils/misc/guc_tables.c
+++ b/src/backend/utils/misc/guc_tables.c
@@ -620,6 +620,13 @@ static int	num_os_semaphores;
 static bool data_checksums;
 static bool integer_datetimes;
 
+#ifdef USE_RANDOM_SOURCE_OPENSSL
+#define DEFAULT_RANDOM_SOURCE "openssl"
+#else
+#define DEFAULT_RANDOM_SOURCE "system"
+#endif
+static char *random_source = DEFAULT_RANDOM_SOURCE;
+
 #ifdef USE_ASSERT_CHECKING
 #define DEFAULT_ASSERT_ENABLED true
 #else
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index c4dc5d72bdb..35543a3e3c6 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -727,6 +727,12 @@
 /* Define to 1 to build with PAM support. (--with-pam) */
 #undef USE_PAM
 
+/* Define to 1 to use system's native source for random number generation  */
+#undef USE_RANDOM_SOURCE_SYSTEM
+
+/* Define to 1 to use OpenSSL libary for random number generation */
+#undef USE_RANDOM_SOURCE_OPENSSL
+
 /* Define to 1 to use software CRC-32C implementation (slicing-by-8). */
 #undef USE_SLICING_BY_8_CRC32C
 
-- 
2.47.3

From 8de85697dd0c8d334168749d2e104a97a455d395 Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Tue, 21 Oct 2025 17:35:15 -0700
Subject: [PATCH v1 2/2] Support getrandom() as random source where available.

getrandom system call is used when random_source is 'system' on Linux
and Unix-like operating systems. It's more faster than reading
/dev/urandom.

Reviewed-by:
Discussion: https://postgr.es/m/
Backpatch-through:
---
 configure                   | 24 +++++++++++++++++++++-
 configure.ac                |  8 +++++++-
 meson.build                 |  5 +++++
 src/include/pg_config.h.in  |  3 +++
 src/port/pg_strong_random.c | 40 +++++++++++++++++++++++++++++++++++--
 5 files changed, 76 insertions(+), 4 deletions(-)

diff --git a/configure b/configure
index 809691fd61c..bee4d57131b 100755
--- a/configure
+++ b/configure
@@ -16058,6 +16058,25 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+ac_fn_c_check_header_mongrel "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_random_h" = xyes; then :
+  for ac_func in getrandom
+do :
+  ac_fn_c_check_func "$LINENO" "getrandom" "ac_cv_func_getrandom"
+if test "x$ac_cv_func_getrandom" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETRANDOM 1
+_ACEOF
+
+$as_echo "#define HAVE_GETRANDOM 1" >>confdefs.h
+
+fi
+done
+
+fi
+
+
+
 ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
 if test "x$ac_cv_func_explicit_bzero" = xyes; then :
   $as_echo "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
@@ -18336,6 +18355,9 @@ else
   if test x"$PORTNAME" = x"win32" ; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
 $as_echo "Windows native" >&6; }
+  elif test x"$ac_cv_func_getrandom" = x"yes" ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: getrandom" >&5
+$as_echo "getrandom" >&6; }
   elif test x"$cross_compiling" = x"yes"; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
@@ -18365,7 +18387,7 @@ fi
     if test x"$ac_cv_file__dev_urandom" = x"no" ; then
       as_fn_error $? "
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+PostgreSQL can use OpenSSL, native Windows API, getrandom, or /dev/urandom as a source of random numbers." "$LINENO" 5
     fi
   fi
 
diff --git a/configure.ac b/configure.ac
index 2690b71527b..2a4ef82e145 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1842,6 +1842,10 @@ AC_CHECK_DECLS([memset_s], [], [], [#define __STDC_WANT_LIB_EXT1__ 1
 # This is probably only present on macOS, but may as well check always
 AC_CHECK_DECLS(F_FULLFSYNC, [], [], [#include <fcntl.h>])
 
+AC_CHECK_HEADER([sys/random.h],
+ [AC_CHECK_FUNCS([getrandom],
+  [AC_DEFINE(HAVE_GETRANDOM, 1, [Define to 1 if you have getrandom])])])
+
 AC_REPLACE_FUNCS(m4_normalize([
 	explicit_bzero
 	getopt
@@ -2328,6 +2332,8 @@ else
   # be used.
   if test x"$PORTNAME" = x"win32" ; then
     AC_MSG_RESULT([Windows native])
+  elif test x"$ac_cv_func_getrandom" = x"yes" ; then
+    AC_MSG_RESULT(getrandom)
   elif test x"$cross_compiling" = x"yes"; then
     AC_MSG_RESULT([assuming /dev/urandom])
   else
@@ -2337,7 +2343,7 @@ else
     if test x"$ac_cv_file__dev_urandom" = x"no" ; then
       AC_MSG_ERROR([
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+PostgreSQL can use OpenSSL, native Windows API, getrandom, or /dev/urandom as a source of random numbers.])
     fi
   fi
   AC_DEFINE([USE_RANDOM_SOURCE_SYSTEM] , 1, [Define to 1 to use system native source for random number generation])
diff --git a/meson.build b/meson.build
index fce1e1436e7..01c3c308b65 100644
--- a/meson.build
+++ b/meson.build
@@ -2710,6 +2710,11 @@ return 0;
    don't.'''.format(func))
 endforeach
 
+if cc.has_header('sys/random.h') and cc.has_function('getrandom',
+   args: test_c_args, prefix: '''
+#include <sys/random.h>''')
+  cdata.set('HAVE_GETRANDOM', 1)
+endif
 
 if cc.has_type('struct option',
     args: test_c_args, include_directories: postgres_inc,
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 35543a3e3c6..bf76baf0617 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -190,6 +190,9 @@
 /* Define to 1 if you have the `getpeerucred' function. */
 #undef HAVE_GETPEERUCRED
 
+/* Define to 1 if you have the `getrandom' function. */
+#undef HAVE_GETRANDOM
+
 /* Define to 1 if you have the <gssapi_ext.h> header file. */
 #undef HAVE_GSSAPI_EXT_H
 
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index ea6780dcc9f..0d2b5bc8ad5 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -40,7 +40,8 @@
  *
  * 1. OpenSSL's RAND_bytes()
  * 2. Windows' CryptGenRandom() function
- * 3. /dev/urandom
+ * 3. getrandom() function
+ * 4. /dev/urandom
  *
  * Returns true on success, and false if none of the sources
  * were available. NB: It is important to check the return value!
@@ -134,7 +135,42 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* not USE_OPENSSL or WIN32 */
+#elif HAVE_GETRANDOM
+
+#include <sys/random.h>
+
+void
+pg_strong_random_init(void)
+{
+	/* No initialization needed */
+}
+
+bool
+pg_strong_random(void *buf, size_t len)
+{
+	char	   *p = buf;
+	ssize_t		res;
+
+	while (len)
+	{
+		/* Get random data from the urandom source in blocking mode */
+		res = getrandom(p, len, 0);
+		if (res <= 0)
+		{
+			if (errno == EINTR)
+				continue;		/* interrupted by signal, just retry */
+
+			return false;
+		}
+
+		p += res;
+		len -= res;
+	}
+
+	return true;
+}
+
+#else							/* not USE_OPENSSL, WIN32, or HAVE_GETRANDOM */
 
 /*
  * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
-- 
2.47.3

From acdc90072ac0c78fe598522bd079f4456fb1ce3f Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Tue, 21 Oct 2025 16:25:23 -0700
Subject: [PATCH v2 1/2] Add configure-time selection of strong random number
 source.

Previously, the random number source was automatically selected: OpenSSL
was the first choice, with native platform sources (Windows API or
/dev/urandom) used as fallback options.

This commit adds the ability to specify the random number source at
configure time using either the --with-strong-random option for the
configure script or the -Dstrong_random option for meson.

The selected random source can be viewed through the read-only GUC
parameter strong_random_source.

Reviewed-by:
Discussion: https://postgr.es/m/
---
 configure                                 | 82 ++++++++++++++++++-----
 configure.ac                              | 50 ++++++++++----
 doc/src/sgml/config.sgml                  | 19 ++++++
 doc/src/sgml/installation.sgml            | 40 +++++++++++
 meson.build                               | 22 ++++++
 meson_options.txt                         |  4 ++
 src/backend/utils/misc/guc_parameters.dat |  7 ++
 src/backend/utils/misc/guc_tables.c       |  7 ++
 src/include/pg_config.h.in                |  6 ++
 src/port/pg_strong_random.c               |  6 +-
 10 files changed, 213 insertions(+), 30 deletions(-)

diff --git a/configure b/configure
index f7c24c8f576..c591f8d8fbd 100755
--- a/configure
+++ b/configure
@@ -886,6 +886,7 @@ with_zstd
 with_ssl
 with_openssl
 enable_largefile
+with_strong_random
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1605,6 +1606,8 @@ Optional Packages:
   --with-zstd             build with ZSTD support
   --with-ssl=LIB          use LIB for SSL/TLS support (openssl)
   --with-openssl          obsolete spelling of --with-ssl=openssl
+  --with-strong-random=NAME
+                          set strong random number source (system,openssl)
 
 Some influential environment variables:
   PG_TEST_EXTRA
@@ -15000,8 +15003,8 @@ fi
 
 
 # Even though restrict is in C99 and should be supported by all
-# supported compilers, but this macro is useful because it will prefer
-# a spelling that also works in C++ (often __restrict).  (restrict is
+# supported compilers, this test is useful because it will prefer a
+# spelling that also works in C++ (often __restrict).  (restrict is
 # not part of the C++ standard.)
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C/C++ restrict keyword" >&5
 $as_echo_n "checking for C/C++ restrict keyword... " >&6; }
@@ -18267,24 +18270,69 @@ $as_echo "#define USE_WIN32_SHARED_MEMORY 1" >>confdefs.h
   SHMEM_IMPLEMENTATION="src/backend/port/win32_shmem.c"
 fi
 
-# Select random number source. If a TLS library is used then it will be the
-# first choice, else the native platform sources (Windows API or /dev/urandom)
-# will be used.
+#
+# Select strong random number source.
+#
+
+
+
+
+# Check whether --with-strong-random was given.
+if test "${with_strong_random+set}" = set; then :
+  withval=$with_strong_random;
+  case $withval in
+    yes)
+      as_fn_error $? "argument required for --with-strong-random option" "$LINENO" 5
+      ;;
+    no)
+      as_fn_error $? "argument required for --with-strong-random option" "$LINENO" 5
+      ;;
+    *)
+      strong_random=$withval
+      ;;
+  esac
+
+fi
+
+
+
+# If nothing is specified to --with-strong-random, the default value is chosen depends
+# on OpenSSL availability.
+if test x"$strong_random" = x"" ; then
+  if test x"$with_ssl" = x"openssl" ; then
+    strong_random=openssl
+  else
+    strong_random=system
+  fi
+elif test x"$strong_random" != x"openssl" -a x"$strong_random" != x"system" ; then
+  as_fn_error $? "--with-strong-random must sepcify one of system or openssl" "$LINENO" 5
+fi
+
+if test "$strong_random" = openssl -a x"$with_ssl" != x"openssl" ; then
+  as_fn_error $? "OpenSSL library is required for random number generation" "$LINENO" 5
+fi
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
 $as_echo_n "checking which random number source to use... " >&6; }
-if test x"$with_ssl" = x"openssl" ; then
+if test "$strong_random" = openssl ; then
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
 $as_echo "OpenSSL" >&6; }
-elif test x"$PORTNAME" = x"win32" ; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
+
+$as_echo "#define STRONG_RANDOM_SOURCE_OPENSSL 1" >>confdefs.h
+
+else
+  # Select native platform source sources (Windows API or /dev/urandom) will
+  # be used.
+  if test x"$PORTNAME" = x"win32" ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
 $as_echo "Windows native" >&6; }
-elif test x"$cross_compiling" = x"yes"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
+  elif test x"$cross_compiling" = x"yes"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
 $as_echo "/dev/urandom" >&6; }
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
 $as_echo_n "checking for /dev/urandom... " >&6; }
 if ${ac_cv_file__dev_urandom+:} false; then :
   $as_echo_n "(cached) " >&6
@@ -18304,11 +18352,15 @@ if test "x$ac_cv_file__dev_urandom" = xyes; then :
 fi
 
 
-  if test x"$ac_cv_file__dev_urandom" = x"no" ; then
-    as_fn_error $? "
+    if test x"$ac_cv_file__dev_urandom" = x"no" ; then
+      as_fn_error $? "
 no source of strong random numbers was found
 PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+    fi
   fi
+
+$as_echo "#define STRONG_RANDOM_SOURCE_SYSTEM 1" >>confdefs.h
+
 fi
 
 # If not set in template file, set bytes to use libc memset()
diff --git a/configure.ac b/configure.ac
index 6c802deaacb..bfdb764f059 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2289,25 +2289,51 @@ else
   SHMEM_IMPLEMENTATION="src/backend/port/win32_shmem.c"
 fi
 
-# Select random number source. If a TLS library is used then it will be the
-# first choice, else the native platform sources (Windows API or /dev/urandom)
-# will be used.
+#
+# Select strong random number source.
+#
+
+PGAC_ARG_REQ(with, strong-random, [NAME], [set strong random number source (system,openssl)],
+             [strong_random=$withval])
+
+# If nothing is specified to --with-strong-random, the default value is chosen depends
+# on OpenSSL availability.
+if test x"$strong_random" = x"" ; then
+  if test x"$with_ssl" = x"openssl" ; then
+    strong_random=openssl
+  else
+    strong_random=system
+  fi
+elif test x"$strong_random" != x"openssl" -a x"$strong_random" != x"system" ; then
+  AC_MSG_ERROR([--with-strong-random must sepcify one of system or openssl])
+fi
+
+if test "$strong_random" = openssl -a x"$with_ssl" != x"openssl" ; then
+  AC_MSG_ERROR([OpenSSL library is required for random number generation])
+fi
+
 AC_MSG_CHECKING([which random number source to use])
-if test x"$with_ssl" = x"openssl" ; then
+if test "$strong_random" = openssl ; then
   AC_MSG_RESULT([OpenSSL])
-elif test x"$PORTNAME" = x"win32" ; then
-  AC_MSG_RESULT([Windows native])
-elif test x"$cross_compiling" = x"yes"; then
-  AC_MSG_RESULT([assuming /dev/urandom])
+  AC_DEFINE([STRONG_RANDOM_SOURCE_OPENSSL], 1, [Define to 1 to use OpenSSL libary for strong random number generation])
 else
-  AC_MSG_RESULT([/dev/urandom])
-  AC_CHECK_FILE([/dev/urandom], [], [])
+  # Select native platform source sources (Windows API or /dev/urandom) will
+  # be used.
+  if test x"$PORTNAME" = x"win32" ; then
+    AC_MSG_RESULT([Windows native])
+  elif test x"$cross_compiling" = x"yes"; then
+    AC_MSG_RESULT([assuming /dev/urandom])
+  else
+    AC_MSG_RESULT([/dev/urandom])
+    AC_CHECK_FILE([/dev/urandom], [], [])
 
-  if test x"$ac_cv_file__dev_urandom" = x"no" ; then
-    AC_MSG_ERROR([
+    if test x"$ac_cv_file__dev_urandom" = x"no" ; then
+      AC_MSG_ERROR([
 no source of strong random numbers was found
 PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+    fi
   fi
+  AC_DEFINE([STRONG_RANDOM_SOURCE_SYSTEM], 1, [Define to 1 to use system native source for strong random number generation])
 fi
 
 # If not set in template file, set bytes to use libc memset()
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 06d1e4403b5..d839f78e2db 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -12047,6 +12047,25 @@ dynamic_library_path = '/usr/local/lib/postgresql:$libdir'
       </listitem>
      </varlistentry>
 
+     <varlistentry id="guc-strong-random-source" xreflabel="strong_random_source">
+      <term><varname>strong_random_source</varname> (<type>string</type>)
+      <indexterm>
+       <primary><varname>strong_random_source</varname> configuration parameter</primary>
+      </indexterm>
+      </term>
+      <listitem>
+       <para>
+        Reports the name of implementation used to generate cryptographically secure
+        random data: <literal>system</literal> or <literal>openssl</literal>. It
+        is determined when building the server. See more information see
+        <link linkend="configure-option-with-strong-random"><option>--with-strong-random
+        </option></link> for installation with Autoconf or
+        <link linkend="configure-strong-random-meson"><option>-Dstrong_random</option>
+        </link> for installation with Meson.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry id="guc-wal-block-size" xreflabel="wal_block_size">
       <term><varname>wal_block_size</varname> (<type>integer</type>)
       <indexterm>
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index 593202f4fb2..3ff2f3fb5a1 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -1531,6 +1531,26 @@ build-postgresql:
        </listitem>
       </varlistentry>
 
+      <varlistentry id="configure-option-with-strong-random">
+       <term><option>--with-strong-random=<replaceable>NAME</replaceable></option></term>
+       <listitem>
+        <para>
+         Specifies the imlementation used to generate cryptographically secure random
+         data. Valid values are <literal>system</literal> and <literal>openssl</literal>.
+        </para>
+        <para>
+         <productname>PostgreSQL</productname> relies on strong random numbers in
+         security-sensitive operations. For example, random values are used when generating
+         salts for <literal>SCRAM-SHA-256</literal> password storage and when creating
+         UUIDs. By default, the implementation is chosen based on the
+         <option>--with-ssl</option> option: if <productname>PostgreSQL</productname>
+         is built with <productname>OpenSSL</productname> support,
+         <productname>OpenSSL</productname>'s random generator is used; otherwise, the
+         operating system native secure random facility is used. This option overrides
+         that behavior and forces use of the specified source.
+        </para>
+       </listitem>
+      </varlistentry>
      </variablelist>
 
    </sect3>
@@ -3054,6 +3074,26 @@ ninja install
        </para>
       </listitem>
      </varlistentry>
+
+     <varlistentry id="configure-strong-random-meson">
+      <term><option>-Dstrong_random={ auto | system | openssl }</option></term>
+       <listitem>
+        <para>
+         Specifies the imlementation used to generate cryptographically secure random
+         data.
+        </para>
+        <para>
+         <productname>PostgreSQL</productname> relies on strong random numbers in
+         security-sensitive operations. For example, random values are used when generating
+         salts for <literal>SCRAM-SHA-256</literal> password storage and when creating
+         UUIDs. Default to auto and the implementation will be chosen based on the
+         <option>-Dssl</option> option: if <productname>PostgreSQL</productname>
+         is built with <productname>OpenSSL</productname> support,
+         <productname>OpenSSL</productname>'s random generator is used; otherwise, the
+         operating system native secure random facility is used.
+        </para>
+       </listitem>
+     </varlistentry>
     </variablelist>
    </sect3>
 
diff --git a/meson.build b/meson.build
index 0f61ff6a700..90918fc12da 100644
--- a/meson.build
+++ b/meson.build
@@ -2547,7 +2547,29 @@ if not have_optimized_crc
   cdata.set('USE_SLICING_BY_8_CRC32C', 1)
 endif
 
+###############################################################
+# Select strong random number source.
+###############################################################
+rand_src_opt = get_option('strong_random')
+if rand_src_opt == 'auto'
+  if ssl.found()
+    rand_src_opt = 'openssl'
+  else
+    rand_src_opt = 'system'
+  endif
+endif
+
+if rand_src_opt == 'openssl' and not ssl.found()
+  error('OpenSSL library must be enabled for strong random number generation')
+endif
 
+if rand_src_opt == 'system'
+  cdata.set('STRONG_RANDOM_SOURCE_SYSTEM', 1,
+            description: 'Define to 1 to use system native source for strong random number generation')
+else
+  cdata.set('STRONG_RANDOM_SOURCE_OPENSSL', 1,
+            description: 'Define to 1 to use OpenSSL libary for strong random number generation')
+endif
 
 ###############################################################
 # Other CPU specific stuff
diff --git a/meson_options.txt b/meson_options.txt
index 06bf5627d3c..46850404c18 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -142,6 +142,10 @@ option('pltcl', type: 'feature', value: 'auto',
 option('tcl_version', type: 'string', value: 'tcl',
   description: 'Tcl version')
 
+option('strong_random', type: 'combo', choices: ['auto', 'system', 'openssl'],
+  value: 'auto',
+  description: 'Select strong random number source')
+
 option('readline', type: 'feature', value: 'auto',
   description: 'Use GNU Readline or BSD Libedit for editing')
 
diff --git a/src/backend/utils/misc/guc_parameters.dat b/src/backend/utils/misc/guc_parameters.dat
index d6fc8333850..b70f00cfcc1 100644
--- a/src/backend/utils/misc/guc_parameters.dat
+++ b/src/backend/utils/misc/guc_parameters.dat
@@ -3195,6 +3195,13 @@
   assign_hook => 'assign_log_connections',
 },
 
+{ name => 'strong_random_source', type => 'string', context => 'PGC_INTERNAL', group => 'PRESET_OPTIONS',
+  short_desc => 'Shows implementation used for generating strong random number.',
+  flags => 'GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE',
+  variable => 'strong_random_source',
+  boot_val => 'DEFAULT_STRONG_RANDOM_SOURCE',
+},
+
 { name => 'backslash_quote', type => 'enum', context => 'PGC_USERSET', group => 'COMPAT_OPTIONS_PREVIOUS',
   short_desc => 'Sets whether "\\\\\'" is allowed in string literals.',
   variable => 'backslash_quote',
diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
index 00c8376cf4d..1a58d0d19c1 100644
--- a/src/backend/utils/misc/guc_tables.c
+++ b/src/backend/utils/misc/guc_tables.c
@@ -620,6 +620,13 @@ static int	num_os_semaphores;
 static bool data_checksums;
 static bool integer_datetimes;
 
+#ifdef STRONG_RANDOM_SOURCE_OPENSSL
+#define DEFAULT_STRONG_RANDOM_SOURCE "openssl"
+#else
+#define DEFAULT_STRONG_RANDOM_SOURCE "system"
+#endif
+static char *strong_random_source = DEFAULT_STRONG_RANDOM_SOURCE;
+
 #ifdef USE_ASSERT_CHECKING
 #define DEFAULT_ASSERT_ENABLED true
 #else
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index f52f14cc566..4aeceb53eb4 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -666,6 +666,12 @@
 /* Define to 1 if strerror_r() returns int. */
 #undef STRERROR_R_INT
 
+/* Define to 1 to use system's native source for strong random number generation  */
+#undef STRONG_RANDOM_SOURCE_SYSTEM
+
+/* Define to 1 to use OpenSSL libary for strong random number generation */
+#undef STRONG_RANDOM_SOURCE_OPENSSL
+
 /* Define to 1 to use ARMv8 CRC Extension. */
 #undef USE_ARMV8_CRC32C
 
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index ea6780dcc9f..0d3f00f588f 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -50,7 +50,7 @@
 
 
 
-#ifdef USE_OPENSSL
+#ifdef STRONG_RANDOM_SOURCE_OPENSSL
 
 #include <openssl/rand.h>
 
@@ -92,7 +92,7 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#elif WIN32
+#elif WIN32						/* STRONG_RANDOM_SOURCE_SYSTEM and WIN32 */
 
 #include <wincrypt.h>
 /*
@@ -134,7 +134,7 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* not USE_OPENSSL or WIN32 */
+#else							/* STRONG_RANDOM_SOURCE_SYSTEM and not WIN32 */
 
 /*
  * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
-- 
2.47.3

From c30924b77c585cf5a28e4eb34924892f8e7e73b4 Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Tue, 21 Oct 2025 17:35:15 -0700
Subject: [PATCH v2 2/2] Support getrandom() as random source where available.

Use glibc's getrandom() function when strong_random_source is set to
'system' on Linux and Unix-like operating systems. This method is much
faster than reading from /dev/urandom. In particular, recent Linux
kernels support a vDSO implementation of getrandom(), which our
performance tests showed to be approximately 10x faster.

Reviewed-by:
Discussion: https://postgr.es/m/
---
 configure                   |  7 +++++--
 configure.ac                |  5 ++++-
 meson.build                 |  1 +
 src/include/pg_config.h.in  |  3 +++
 src/port/pg_strong_random.c | 41 ++++++++++++++++++++++++++++++++-----
 5 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/configure b/configure
index c591f8d8fbd..1f269148851 100755
--- a/configure
+++ b/configure
@@ -15444,7 +15444,7 @@ fi
 LIBS_including_readline="$LIBS"
 LIBS=`echo "$LIBS" | sed -e 's/-ledit//g' -e 's/-lreadline//g'`
 
-for ac_func in backtrace_symbols copyfile copy_file_range elf_aux_info getauxval getifaddrs getpeerucred inet_pton kqueue localeconv_l mbstowcs_l posix_fallocate ppoll pthread_is_threaded_np setproctitle setproctitle_fast strsignal syncfs sync_file_range uselocale wcstombs_l
+for ac_func in backtrace_symbols copyfile copy_file_range elf_aux_info getauxval getifaddrs getpeerucred getrandom inet_pton kqueue localeconv_l mbstowcs_l posix_fallocate ppoll pthread_is_threaded_np setproctitle setproctitle_fast strsignal syncfs sync_file_range uselocale wcstombs_l
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -18326,6 +18326,9 @@ else
   if test x"$PORTNAME" = x"win32" ; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
 $as_echo "Windows native" >&6; }
+  elif test x"$ac_cv_func_getrandom" = x"yes" ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: getrandom" >&5
+$as_echo "getrandom" >&6; }
   elif test x"$cross_compiling" = x"yes"; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
@@ -18355,7 +18358,7 @@ fi
     if test x"$ac_cv_file__dev_urandom" = x"no" ; then
       as_fn_error $? "
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+PostgreSQL can use OpenSSL, native Windows API, getrandom, or /dev/urandom as a source of random numbers." "$LINENO" 5
     fi
   fi
 
diff --git a/configure.ac b/configure.ac
index bfdb764f059..0ceced87ada 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1780,6 +1780,7 @@ AC_CHECK_FUNCS(m4_normalize([
 	getauxval
 	getifaddrs
 	getpeerucred
+	getrandom
 	inet_pton
 	kqueue
 	localeconv_l
@@ -2321,6 +2322,8 @@ else
   # be used.
   if test x"$PORTNAME" = x"win32" ; then
     AC_MSG_RESULT([Windows native])
+  elif test x"$ac_cv_func_getrandom" = x"yes" ; then
+    AC_MSG_RESULT(getrandom)
   elif test x"$cross_compiling" = x"yes"; then
     AC_MSG_RESULT([assuming /dev/urandom])
   else
@@ -2330,7 +2333,7 @@ else
     if test x"$ac_cv_file__dev_urandom" = x"no" ; then
       AC_MSG_ERROR([
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+PostgreSQL can use OpenSSL, native Windows API, getrandom, or /dev/urandom as a source of random numbers.])
     fi
   fi
   AC_DEFINE([STRONG_RANDOM_SOURCE_SYSTEM], 1, [Define to 1 to use system native source for strong random number generation])
diff --git a/meson.build b/meson.build
index 90918fc12da..db55125a2bf 100644
--- a/meson.build
+++ b/meson.build
@@ -2892,6 +2892,7 @@ func_checks = [
   ['getopt_long', {'dependencies': [getopt_dep, gnugetopt_dep], 'skip': always_replace_getopt_long}],
   ['getpeereid'],
   ['getpeerucred'],
+  ['getrandom'],
   ['inet_aton'],
   ['inet_pton'],
   ['kqueue'],
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 4aeceb53eb4..4534db6d0ef 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -190,6 +190,9 @@
 /* Define to 1 if you have the `getpeerucred' function. */
 #undef HAVE_GETPEERUCRED
 
+/* Define to 1 if you have the `getrandom' function. */
+#undef HAVE_GETRANDOM
+
 /* Define to 1 if you have the <gssapi_ext.h> header file. */
 #undef HAVE_GSSAPI_EXT_H
 
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index 0d3f00f588f..66ee335ce17 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -40,7 +40,8 @@
  *
  * 1. OpenSSL's RAND_bytes()
  * 2. Windows' CryptGenRandom() function
- * 3. /dev/urandom
+ * 3. glibc's getrandom() function
+ * 4. /dev/urandom
  *
  * Returns true on success, and false if none of the sources
  * were available. NB: It is important to check the return value!
@@ -134,12 +135,42 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* STRONG_RANDOM_SOURCE_SYSTEM and not WIN32 */
+#elif HAVE_GETRANDOM			/* STRONG_RANDOM_SOURCE_SYSTEM and
+								 * HAVE_GETRANDOM */
+#include <sys/random.h>
 
-/*
- * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
- */
+void
+pg_strong_random_init(void)
+{
+	/* No initialization needed */
+}
+
+bool
+pg_strong_random(void *buf, size_t len)
+{
+	char	   *p = buf;
+	ssize_t		res;
+
+	while (len)
+	{
+		/* Get random data from the urandom source in blocking mode */
+		res = getrandom(p, len, 0);
+		if (res <= 0)
+		{
+			if (errno == EINTR)
+				continue;		/* interrupted by signal, just retry */
+
+			return false;
+		}
+
+		p += res;
+		len -= res;
+	}
+
+	return true;
+}
 
+#else							/* not OpenSSL, WIN32, or HAVE_GETRANDOM */
 void
 pg_strong_random_init(void)
 {
-- 
2.47.3

From 71f650c1d87504e02309df00c138077f00e0d7bf Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Tue, 21 Oct 2025 16:25:23 -0700
Subject: [PATCH v3 1/2] Add configure-time selection of strong random number
 source.

Previously, the random number source was automatically selected: OpenSSL
was the first choice, with native platform sources (Windows API or
/dev/urandom) used as fallback options.

This commit adds the ability to specify the random number source at
configure time using either the --with-strong-random option for the
configure script or the -Dstrong_random option for meson.

The selected random source can be viewed through the read-only GUC
parameter strong_random_source.

Reviewed-by:
Discussion: https://postgr.es/m/
---
 configure                                 | 78 +++++++++++++++++++----
 configure.ac                              | 50 +++++++++++----
 doc/src/sgml/config.sgml                  | 19 ++++++
 doc/src/sgml/installation.sgml            | 40 ++++++++++++
 meson.build                               | 22 +++++++
 meson_options.txt                         |  4 ++
 src/backend/utils/misc/guc_parameters.dat |  7 ++
 src/backend/utils/misc/guc_tables.c       |  7 ++
 src/include/pg_config.h.in                |  6 ++
 src/port/pg_strong_random.c               |  6 +-
 10 files changed, 211 insertions(+), 28 deletions(-)

diff --git a/configure b/configure
index 02e4ec7890f..28df8d20139 100755
--- a/configure
+++ b/configure
@@ -887,6 +887,7 @@ with_zstd
 with_ssl
 with_openssl
 enable_largefile
+with_strong_random
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1606,6 +1607,8 @@ Optional Packages:
   --with-zstd             build with ZSTD support
   --with-ssl=LIB          use LIB for SSL/TLS support (openssl)
   --with-openssl          obsolete spelling of --with-ssl=openssl
+  --with-strong-random=NAME
+                          set strong random number source (system,openssl)
 
 Some influential environment variables:
   PG_TEST_EXTRA
@@ -18400,24 +18403,69 @@ $as_echo "#define USE_WIN32_SHARED_MEMORY 1" >>confdefs.h
   SHMEM_IMPLEMENTATION="src/backend/port/win32_shmem.c"
 fi
 
-# Select random number source. If a TLS library is used then it will be the
-# first choice, else the native platform sources (Windows API or /dev/urandom)
-# will be used.
+#
+# Select strong random number source.
+#
+
+
+
+
+# Check whether --with-strong-random was given.
+if test "${with_strong_random+set}" = set; then :
+  withval=$with_strong_random;
+  case $withval in
+    yes)
+      as_fn_error $? "argument required for --with-strong-random option" "$LINENO" 5
+      ;;
+    no)
+      as_fn_error $? "argument required for --with-strong-random option" "$LINENO" 5
+      ;;
+    *)
+      strong_random=$withval
+      ;;
+  esac
+
+fi
+
+
+
+# If nothing is specified to --with-strong-random, the default value is chosen depends
+# on OpenSSL availability.
+if test x"$strong_random" = x"" ; then
+  if test x"$with_ssl" = x"openssl" ; then
+    strong_random=openssl
+  else
+    strong_random=system
+  fi
+elif test x"$strong_random" != x"openssl" -a x"$strong_random" != x"system" ; then
+  as_fn_error $? "--with-strong-random must sepcify one of system or openssl" "$LINENO" 5
+fi
+
+if test "$strong_random" = openssl -a x"$with_ssl" != x"openssl" ; then
+  as_fn_error $? "OpenSSL library is required for random number generation" "$LINENO" 5
+fi
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
 $as_echo_n "checking which random number source to use... " >&6; }
-if test x"$with_ssl" = x"openssl" ; then
+if test "$strong_random" = openssl ; then
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
 $as_echo "OpenSSL" >&6; }
-elif test x"$PORTNAME" = x"win32" ; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
+
+$as_echo "#define STRONG_RANDOM_SOURCE_OPENSSL 1" >>confdefs.h
+
+else
+  # Select native platform source sources (Windows API or /dev/urandom) will
+  # be used.
+  if test x"$PORTNAME" = x"win32" ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
 $as_echo "Windows native" >&6; }
-elif test x"$cross_compiling" = x"yes"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
+  elif test x"$cross_compiling" = x"yes"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5
 $as_echo "/dev/urandom" >&6; }
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
 $as_echo_n "checking for /dev/urandom... " >&6; }
 if ${ac_cv_file__dev_urandom+:} false; then :
   $as_echo_n "(cached) " >&6
@@ -18437,11 +18485,15 @@ if test "x$ac_cv_file__dev_urandom" = xyes; then :
 fi
 
 
-  if test x"$ac_cv_file__dev_urandom" = x"no" ; then
-    as_fn_error $? "
+    if test x"$ac_cv_file__dev_urandom" = x"no" ; then
+      as_fn_error $? "
 no source of strong random numbers was found
 PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+    fi
   fi
+
+$as_echo "#define STRONG_RANDOM_SOURCE_SYSTEM 1" >>confdefs.h
+
 fi
 
 # If not set in template file, set bytes to use libc memset()
diff --git a/configure.ac b/configure.ac
index b90a220a635..c86083b2c74 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2287,25 +2287,51 @@ else
   SHMEM_IMPLEMENTATION="src/backend/port/win32_shmem.c"
 fi
 
-# Select random number source. If a TLS library is used then it will be the
-# first choice, else the native platform sources (Windows API or /dev/urandom)
-# will be used.
+#
+# Select strong random number source.
+#
+
+PGAC_ARG_REQ(with, strong-random, [NAME], [set strong random number source (system,openssl)],
+             [strong_random=$withval])
+
+# If nothing is specified to --with-strong-random, the default value is chosen depends
+# on OpenSSL availability.
+if test x"$strong_random" = x"" ; then
+  if test x"$with_ssl" = x"openssl" ; then
+    strong_random=openssl
+  else
+    strong_random=system
+  fi
+elif test x"$strong_random" != x"openssl" -a x"$strong_random" != x"system" ; then
+  AC_MSG_ERROR([--with-strong-random must sepcify one of system or openssl])
+fi
+
+if test "$strong_random" = openssl -a x"$with_ssl" != x"openssl" ; then
+  AC_MSG_ERROR([OpenSSL library is required for random number generation])
+fi
+
 AC_MSG_CHECKING([which random number source to use])
-if test x"$with_ssl" = x"openssl" ; then
+if test "$strong_random" = openssl ; then
   AC_MSG_RESULT([OpenSSL])
-elif test x"$PORTNAME" = x"win32" ; then
-  AC_MSG_RESULT([Windows native])
-elif test x"$cross_compiling" = x"yes"; then
-  AC_MSG_RESULT([assuming /dev/urandom])
+  AC_DEFINE([STRONG_RANDOM_SOURCE_OPENSSL], 1, [Define to 1 to use OpenSSL libary for strong random number generation])
 else
-  AC_MSG_RESULT([/dev/urandom])
-  AC_CHECK_FILE([/dev/urandom], [], [])
+  # Select native platform source sources (Windows API or /dev/urandom) will
+  # be used.
+  if test x"$PORTNAME" = x"win32" ; then
+    AC_MSG_RESULT([Windows native])
+  elif test x"$cross_compiling" = x"yes"; then
+    AC_MSG_RESULT([assuming /dev/urandom])
+  else
+    AC_MSG_RESULT([/dev/urandom])
+    AC_CHECK_FILE([/dev/urandom], [], [])
 
-  if test x"$ac_cv_file__dev_urandom" = x"no" ; then
-    AC_MSG_ERROR([
+    if test x"$ac_cv_file__dev_urandom" = x"no" ; then
+      AC_MSG_ERROR([
 no source of strong random numbers was found
 PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+    fi
   fi
+  AC_DEFINE([STRONG_RANDOM_SOURCE_SYSTEM], 1, [Define to 1 to use system native source for strong random number generation])
 fi
 
 # If not set in template file, set bytes to use libc memset()
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 601aa3afb8e..db8ce2b0999 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -12124,6 +12124,25 @@ dynamic_library_path = '/usr/local/lib/postgresql:$libdir'
       </listitem>
      </varlistentry>
 
+     <varlistentry id="guc-strong-random-source" xreflabel="strong_random_source">
+      <term><varname>strong_random_source</varname> (<type>string</type>)
+      <indexterm>
+       <primary><varname>strong_random_source</varname> configuration parameter</primary>
+      </indexterm>
+      </term>
+      <listitem>
+       <para>
+        Reports the name of implementation used to generate cryptographically secure
+        random data: <literal>system</literal> or <literal>openssl</literal>. It
+        is determined when building the server. See more information see
+        <link linkend="configure-option-with-strong-random"><option>--with-strong-random
+        </option></link> for installation with Autoconf or
+        <link linkend="configure-strong-random-meson"><option>-Dstrong_random</option>
+        </link> for installation with Meson.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry id="guc-wal-block-size" xreflabel="wal_block_size">
       <term><varname>wal_block_size</varname> (<type>integer</type>)
       <indexterm>
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index fe8d73e1f8c..ce0283ddf5b 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -1531,6 +1531,26 @@ build-postgresql:
        </listitem>
       </varlistentry>
 
+      <varlistentry id="configure-option-with-strong-random">
+       <term><option>--with-strong-random=<replaceable>NAME</replaceable></option></term>
+       <listitem>
+        <para>
+         Specifies the imlementation used to generate cryptographically secure random
+         data. Valid values are <literal>system</literal> and <literal>openssl</literal>.
+        </para>
+        <para>
+         <productname>PostgreSQL</productname> relies on strong random numbers in
+         security-sensitive operations. For example, random values are used when generating
+         salts for <literal>SCRAM-SHA-256</literal> password storage and when creating
+         UUIDs. By default, the implementation is chosen based on the
+         <option>--with-ssl</option> option: if <productname>PostgreSQL</productname>
+         is built with <productname>OpenSSL</productname> support,
+         <productname>OpenSSL</productname>'s random generator is used; otherwise, the
+         operating system native secure random facility is used. This option overrides
+         that behavior and forces use of the specified source.
+        </para>
+       </listitem>
+      </varlistentry>
      </variablelist>
 
    </sect3>
@@ -3054,6 +3074,26 @@ ninja install
        </para>
       </listitem>
      </varlistentry>
+
+     <varlistentry id="configure-strong-random-meson">
+      <term><option>-Dstrong_random={ auto | system | openssl }</option></term>
+       <listitem>
+        <para>
+         Specifies the imlementation used to generate cryptographically secure random
+         data.
+        </para>
+        <para>
+         <productname>PostgreSQL</productname> relies on strong random numbers in
+         security-sensitive operations. For example, random values are used when generating
+         salts for <literal>SCRAM-SHA-256</literal> password storage and when creating
+         UUIDs. Default to auto and the implementation will be chosen based on the
+         <option>-Dssl</option> option: if <productname>PostgreSQL</productname>
+         is built with <productname>OpenSSL</productname> support,
+         <productname>OpenSSL</productname>'s random generator is used; otherwise, the
+         operating system native secure random facility is used.
+        </para>
+       </listitem>
+     </varlistentry>
     </variablelist>
    </sect3>
 
diff --git a/meson.build b/meson.build
index c3834a9dc8f..ce28ac4c616 100644
--- a/meson.build
+++ b/meson.build
@@ -2576,7 +2576,29 @@ if not have_optimized_crc
   cdata.set('USE_SLICING_BY_8_CRC32C', 1)
 endif
 
+###############################################################
+# Select strong random number source.
+###############################################################
+rand_src_opt = get_option('strong_random')
+if rand_src_opt == 'auto'
+  if ssl.found()
+    rand_src_opt = 'openssl'
+  else
+    rand_src_opt = 'system'
+  endif
+endif
+
+if rand_src_opt == 'openssl' and not ssl.found()
+  error('OpenSSL library must be enabled for strong random number generation')
+endif
 
+if rand_src_opt == 'system'
+  cdata.set('STRONG_RANDOM_SOURCE_SYSTEM', 1,
+            description: 'Define to 1 to use system native source for strong random number generation')
+else
+  cdata.set('STRONG_RANDOM_SOURCE_OPENSSL', 1,
+            description: 'Define to 1 to use OpenSSL libary for strong random number generation')
+endif
 
 ###############################################################
 # Other CPU specific stuff
diff --git a/meson_options.txt b/meson_options.txt
index 6a793f3e479..19321c53e68 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -142,6 +142,10 @@ option('pltcl', type: 'feature', value: 'auto',
 option('tcl_version', type: 'string', value: 'tcl',
   description: 'Tcl version')
 
+option('strong_random', type: 'combo', choices: ['auto', 'system', 'openssl'],
+  value: 'auto',
+  description: 'Select strong random number source')
+
 option('readline', type: 'feature', value: 'auto',
   description: 'Use GNU Readline or BSD Libedit for editing')
 
diff --git a/src/backend/utils/misc/guc_parameters.dat b/src/backend/utils/misc/guc_parameters.dat
index 7c60b125564..fad27367c26 100644
--- a/src/backend/utils/misc/guc_parameters.dat
+++ b/src/backend/utils/misc/guc_parameters.dat
@@ -2784,6 +2784,13 @@
   assign_hook => 'assign_stats_fetch_consistency',
 },
 
+{ name => 'strong_random_source', type => 'string', context => 'PGC_INTERNAL', group => 'PRESET_OPTIONS',
+  short_desc => 'Shows implementation used for generating strong random number.',
+  flags => 'GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE',
+  variable => 'strong_random_source',
+  boot_val => 'DEFAULT_STRONG_RANDOM_SOURCE',
+},
+
 { name => 'subtransaction_buffers', type => 'int', context => 'PGC_POSTMASTER', group => 'RESOURCES_MEM',
   short_desc => 'Sets the size of the dedicated buffer pool used for the subtransaction cache.',
   long_desc => '0 means use a fraction of "shared_buffers".',
diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
index 73ff6ad0a32..ec008d48138 100644
--- a/src/backend/utils/misc/guc_tables.c
+++ b/src/backend/utils/misc/guc_tables.c
@@ -621,6 +621,13 @@ static int	effective_wal_level = WAL_LEVEL_REPLICA;
 static bool data_checksums;
 static bool integer_datetimes;
 
+#ifdef STRONG_RANDOM_SOURCE_OPENSSL
+#define DEFAULT_STRONG_RANDOM_SOURCE "openssl"
+#else
+#define DEFAULT_STRONG_RANDOM_SOURCE "system"
+#endif
+static char *strong_random_source = DEFAULT_STRONG_RANDOM_SOURCE;
+
 #ifdef USE_ASSERT_CHECKING
 #define DEFAULT_ASSERT_ENABLED true
 #else
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 2dd8f6b9a38..9bcc9c54ff8 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -660,6 +660,12 @@
 /* Define to 1 if strerror_r() returns int. */
 #undef STRERROR_R_INT
 
+/* Define to 1 to use system's native source for strong random number generation  */
+#undef STRONG_RANDOM_SOURCE_SYSTEM
+
+/* Define to 1 to use OpenSSL libary for strong random number generation */
+#undef STRONG_RANDOM_SOURCE_OPENSSL
+
 /* Define to 1 to use ARMv8 CRC Extension. */
 #undef USE_ARMV8_CRC32C
 
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index c8d8a70d896..cc6f598ac67 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -50,7 +50,7 @@
 
 
 
-#ifdef USE_OPENSSL
+#ifdef STRONG_RANDOM_SOURCE_OPENSSL
 
 #include <openssl/rand.h>
 
@@ -92,7 +92,7 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#elif WIN32
+#elif WIN32						/* STRONG_RANDOM_SOURCE_SYSTEM and WIN32 */
 
 #include <wincrypt.h>
 /*
@@ -134,7 +134,7 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* not USE_OPENSSL or WIN32 */
+#else							/* STRONG_RANDOM_SOURCE_SYSTEM and not WIN32 */
 
 /*
  * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
-- 
2.47.3

From a65ac70e886bf3573483709bcb248b2328e7b32a Mon Sep 17 00:00:00 2001
From: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Tue, 21 Oct 2025 17:35:15 -0700
Subject: [PATCH v3 2/2] Support getrandom() as random source where available.

Use glibc's getrandom() function when strong_random_source is set to
'system' on Linux and Unix-like operating systems. This method is much
faster than reading from /dev/urandom. In particular, recent Linux
kernels support a vDSO implementation of getrandom(), which our
performance tests showed to be approximately 10x faster.

Reviewed-by:
Discussion: https://postgr.es/m/
---
 configure                   |  7 +++++--
 configure.ac                |  5 ++++-
 meson.build                 |  1 +
 src/include/pg_config.h.in  |  3 +++
 src/port/pg_strong_random.c | 41 ++++++++++++++++++++++++++++++++-----
 5 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/configure b/configure
index 28df8d20139..91135999d9d 100755
--- a/configure
+++ b/configure
@@ -15576,7 +15576,7 @@ fi
 LIBS_including_readline="$LIBS"
 LIBS=`echo "$LIBS" | sed -e 's/-ledit//g' -e 's/-lreadline//g'`
 
-for ac_func in backtrace_symbols copyfile copy_file_range elf_aux_info getauxval getifaddrs getpeerucred inet_pton kqueue localeconv_l mbstowcs_l posix_fallocate ppoll pthread_is_threaded_np setproctitle setproctitle_fast strsignal syncfs sync_file_range uselocale wcstombs_l
+for ac_func in backtrace_symbols copyfile copy_file_range elf_aux_info getauxval getifaddrs getpeerucred getrandom inet_pton kqueue localeconv_l mbstowcs_l posix_fallocate ppoll pthread_is_threaded_np setproctitle setproctitle_fast strsignal syncfs sync_file_range uselocale wcstombs_l
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -18459,6 +18459,9 @@ else
   if test x"$PORTNAME" = x"win32" ; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5
 $as_echo "Windows native" >&6; }
+  elif test x"$ac_cv_func_getrandom" = x"yes" ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: getrandom" >&5
+$as_echo "getrandom" >&6; }
   elif test x"$cross_compiling" = x"yes"; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming /dev/urandom" >&5
 $as_echo "assuming /dev/urandom" >&6; }
@@ -18488,7 +18491,7 @@ fi
     if test x"$ac_cv_file__dev_urandom" = x"no" ; then
       as_fn_error $? "
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers." "$LINENO" 5
+PostgreSQL can use OpenSSL, native Windows API, getrandom, or /dev/urandom as a source of random numbers." "$LINENO" 5
     fi
   fi
 
diff --git a/configure.ac b/configure.ac
index c86083b2c74..8adc8bc0f66 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1781,6 +1781,7 @@ AC_CHECK_FUNCS(m4_normalize([
 	getauxval
 	getifaddrs
 	getpeerucred
+	getrandom
 	inet_pton
 	kqueue
 	localeconv_l
@@ -2319,6 +2320,8 @@ else
   # be used.
   if test x"$PORTNAME" = x"win32" ; then
     AC_MSG_RESULT([Windows native])
+  elif test x"$ac_cv_func_getrandom" = x"yes" ; then
+    AC_MSG_RESULT(getrandom)
   elif test x"$cross_compiling" = x"yes"; then
     AC_MSG_RESULT([assuming /dev/urandom])
   else
@@ -2328,7 +2331,7 @@ else
     if test x"$ac_cv_file__dev_urandom" = x"no" ; then
       AC_MSG_ERROR([
 no source of strong random numbers was found
-PostgreSQL can use OpenSSL, native Windows API or /dev/urandom as a source of random numbers.])
+PostgreSQL can use OpenSSL, native Windows API, getrandom, or /dev/urandom as a source of random numbers.])
     fi
   fi
   AC_DEFINE([STRONG_RANDOM_SOURCE_SYSTEM], 1, [Define to 1 to use system native source for strong random number generation])
diff --git a/meson.build b/meson.build
index ce28ac4c616..d835e338917 100644
--- a/meson.build
+++ b/meson.build
@@ -2911,6 +2911,7 @@ func_checks = [
   ['getopt_long', {'dependencies': [getopt_dep, gnugetopt_dep], 'skip': always_replace_getopt_long}],
   ['getpeereid'],
   ['getpeerucred'],
+  ['getrandom'],
   ['inet_aton'],
   ['inet_pton'],
   ['kqueue'],
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 9bcc9c54ff8..bd658364253 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -179,6 +179,9 @@
 /* Define to 1 if you have the `getpeerucred' function. */
 #undef HAVE_GETPEERUCRED
 
+/* Define to 1 if you have the `getrandom' function. */
+#undef HAVE_GETRANDOM
+
 /* Define to 1 if you have the <gssapi_ext.h> header file. */
 #undef HAVE_GSSAPI_EXT_H
 
diff --git a/src/port/pg_strong_random.c b/src/port/pg_strong_random.c
index cc6f598ac67..817ff6388bf 100644
--- a/src/port/pg_strong_random.c
+++ b/src/port/pg_strong_random.c
@@ -40,7 +40,8 @@
  *
  * 1. OpenSSL's RAND_bytes()
  * 2. Windows' CryptGenRandom() function
- * 3. /dev/urandom
+ * 3. glibc's getrandom() function
+ * 4. /dev/urandom
  *
  * Returns true on success, and false if none of the sources
  * were available. NB: It is important to check the return value!
@@ -134,12 +135,42 @@ pg_strong_random(void *buf, size_t len)
 	return false;
 }
 
-#else							/* STRONG_RANDOM_SOURCE_SYSTEM and not WIN32 */
+#elif HAVE_GETRANDOM			/* STRONG_RANDOM_SOURCE_SYSTEM and
+								 * HAVE_GETRANDOM */
+#include <sys/random.h>
 
-/*
- * Without OpenSSL or Win32 support, just read /dev/urandom ourselves.
- */
+void
+pg_strong_random_init(void)
+{
+	/* No initialization needed */
+}
+
+bool
+pg_strong_random(void *buf, size_t len)
+{
+	char	   *p = buf;
+	ssize_t		res;
+
+	while (len)
+	{
+		/* Get random data from the urandom source in blocking mode */
+		res = getrandom(p, len, 0);
+		if (res <= 0)
+		{
+			if (errno == EINTR)
+				continue;		/* interrupted by signal, just retry */
+
+			return false;
+		}
+
+		p += res;
+		len -= res;
+	}
+
+	return true;
+}
 
+#else							/* not OpenSSL, WIN32, or HAVE_GETRANDOM */
 void
 pg_strong_random_init(void)
 {
-- 
2.47.3