Re: __pg_log_level in anonynous enum should be initialized? (Was: pgsql: Change SHA2 implementation based on OpenSSL to use EVP digest ro)

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: __pg_log_level in anonynous enum should be initialized? (Was: pgsql: Change SHA2 implementation based on OpenSSL to use EVP digest ro)
Date: 2020-09-29 02:03:12
Message-ID: 20200929020312.GA10200@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers pgsql-hackers

On Mon, Sep 28, 2020 at 12:49:29PM -0400, Tom Lane wrote:
> I experimented and confirmed that explicitly initializing __pg_log_level
> would suppress this build error on prairiedog. However, I'm not sure
> that doing so is a good idea, because it seems to me that this animal
> has accidentally saved us from a serious design error. IMO it is quite
> unacceptable for libpq to contain either a forced write to stderr or a
> forced exit(1). It should be reporting the failure back to the calling
> application, instead. So the error handling in this patch needs to be
> reconsidered.

Yeah, I have arrived at the same conclusion after a night of sleep and
after looking at the OpenSSL code for a couple of hours to see if it
would be possible to use a static state of EVP and not have to do all
this error handling. But, we are going to need much more than that,
so I have reverted the patch:
- Any allocation done with EVP is going to need a callback for the
cleanup in the backend, because we basically have to do the allocation
directly in OpenSSL. Not only for the higher EVP structure we get to
use in sha2_openssl.c, but also for some other parts at lower level,
like MD with EVP_MD_CTX_FLAG_NO_INIT.
- It will be better to have those routines return a status and just
let the caller handle the error. This impacts the internals of SCRAM,
particularly for the secret and internal HMAC implementations. And
this needs a change in the fallback implementation.
- We will most likely need to split the existing init and destroy
routines so as the initial allocation and final free happen in
different paths, even for the fallback implementation so as we have a
1:1 mapping with what OpenSSL does.

> Since prairiedog is not likely to be around forever, I propose that
> we ought to enforce this going forward by arranging for common/logging.c
> to not get built into the libpgcommon_shlib library variant.

Agreed. This makes sense in the long term, so attached is a proposal
of patch. I did not really see the point in complicating the MSVC
scripts for that though. The new variable names look natural to me
like that, the new comment may need some tweaks.
--
Michael

Attachment Content-Type Size
common-shlib-split.patch text/x-diff 1.4 KB

In response to

Responses

Browse pgsql-committers by date

  From Date Subject
Next Message Michael Paquier 2020-09-29 05:19:56 pgsql: Fix progress reporting of REINDEX CONCURRENTLY
Previous Message Tom Lane 2020-09-29 00:33:40 pgsql: Add for_each_from, to simplify loops starting from non-first lis

Browse pgsql-hackers by date

  From Date Subject
Next Message Masahiro Ikeda 2020-09-29 02:09:10 Re: New statistics for tuning WAL buffer size
Previous Message David Rowley 2020-09-29 01:52:00 Re: Planner making bad choice in alternative subplan decision