Re: Thread-unsafe MD5 on big-endian systems with no OpenSSL

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2024-08-06T14:04:58Z
Lists: pgsql-hackers
On Tue, Aug 6, 2024 at 8:23 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> While browsing through all our global variables for the multithreading
> effort, I noticed that our MD5 implementation in src/common/md5.c uses a
> static buffer on big-endian systems, which makes it not thread-safe.
> That's a bug because that function is also used in libpq.
>
> This was introduced in commit b67b57a966, which replaced the old MD5
> fallback implementation with the one from pgcrypto. The thread-safety
> didn't matter for pgcrypto, but for libpq it does.
>
> This only affects big-endian systems that are compiled without OpenSSL.

LGTM.

-- 
Robert Haas
EDB: http://www.enterprisedb.com



Commits

  1. Make fallback MD5 implementation thread-safe on big-endian systems

  2. Refactor MD5 implementations according to new cryptohash infrastructure