| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Move OpenSSL random under USE_OPENSSL_RANDOM |
| Date: | 2020-11-05 12:12:53 |
| Message-ID: | 20201105121253.GA17513@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Nov 05, 2020 at 10:49:45AM +0100, Daniel Gustafsson wrote:
> This must check for USE_OPENSSL as well as per my original patch, since we'd
> otherwise fail to perform post-fork initialization in case one use OpenSSL with
> anothe PRNG for pg_strong_random. That might be theoretical at this point, but
> if we ever support that and miss updating this it would be problematic.
That's actually the same point I tried to make at the end of my last
email, but worded differently, isn't it? In short we have
USE_OPENSSL, but !USE_OPENSSL_RANDOM and we still need an
initialization. We could just do something like the following:
#ifdef USE_OPENSSL
RAND_poll();
#endif
#if defined(USE_OPENSSL_RANDOM)
/* OpenSSL is done above, because blah.. */
#elif etc..
[...]
#error missing an init, pal.
#endif
Or do you jave something else in mind?
> +#if defined(USE_OPENSSL_RANDOM)
>
> I'm not sure this comment adds any value, we currently have two non-TLS library
> PRNGs in pg_strong_random, so even if we add NSS it will at best be 50%:
I don't mind removing this part, the compilation hint may be enough,
indeed.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2020-11-05 12:18:15 | Re: Move OpenSSL random under USE_OPENSSL_RANDOM |
| Previous Message | John Naylor | 2020-11-05 11:59:03 | Re: Move catalog toast table and index declarations |