| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Move OpenSSL random under USE_OPENSSL_RANDOM |
| Date: | 2020-08-26 12:19:04 |
| Message-ID: | D86E0846-6730-442A-9846-B1FB9F1369FE@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 26 Aug 2020, at 09:56, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Tue, Aug 25, 2020 at 03:52:14PM +0200, Daniel Gustafsson wrote:
>> The attached moves all invocations under the correct guards. RAND_poll() in
>> fork_process.c needs to happen for both OpenSSL and OpenSSL random, thus the
>> check for both.
>
> Yeah, it could be possible that somebody still calls RAND_bytes() or
> similar without going through pg_strong_random(), so we still need to
> use USE_OPENSSL after forking. Per this argument, I am not sure I see
> the point of the change in fork_process.c as it seems to me that
> USE_OPENSSL_RANDOM should only be tied to pg_strong_random.c, and
> you'd still get a compilation failure if trying to use
> USE_OPENSSL_RANDOM without --with-openssl.
That's certainly true. The intention though is to make the code easier to
follow (more explicit/discoverable) for anyone trying to implement support for
TLS backends. It's a very git grep intense process already as it is.
cheers ./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sait Talha Nisanci | 2020-08-26 13:13:41 | RE: [EXTERNAL] Re: WIP: WAL prefetch (another approach) |
| Previous Message | Tom Lane | 2020-08-26 12:18:49 | Re: Strange behavior with polygon and NaN |