Re: cryptohash: missing locking functions for OpenSSL <= 1.0.2?

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Jacob Champion <pchampion@vmware.com>
Cc: "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2021-03-10T08:21:53Z
Lists: pgsql-hackers

Attachments

On Mon, Mar 08, 2021 at 06:06:32PM +0000, Jacob Champion wrote:
> I had to convince myself that this logic is correct -- we set
> destroy_needed even if crypto is not enabled, but then check later to
> make sure that crypto_loaded is true before doing anything. What would
> you think about moving the conn->crypto_loaded check to the else
> branch, so that destroy_needed is only set if we actually need it?

Do you mean something like the attached?  If I recall my mood from the
moment, I think that I did that to be more careful with the case where
the client has its own set of callbacks set (pq_init_crypto_lib as
false) but that does not matter as this is double-checked in
destroy_ssl_system().  I have adjusted some comments after more
review.
--
Michael

Commits

  1. Set libcrypto callbacks for all connection threads in libpq