Thread-unsafe MD5 on big-endian systems with no OpenSSL
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2024-08-06T12:23:26Z
Lists: pgsql-hackers
Attachments
- 0001-Make-fallback-MD5-implementation-thread-safe-on-big-.patch (text/x-patch) patch 0001
While browsing through all our global variables for the multithreading effort, I noticed that our MD5 implementation in src/common/md5.c uses a static buffer on big-endian systems, which makes it not thread-safe. That's a bug because that function is also used in libpq. This was introduced in commit b67b57a966, which replaced the old MD5 fallback implementation with the one from pgcrypto. The thread-safety didn't matter for pgcrypto, but for libpq it does. This only affects big-endian systems that are compiled without OpenSSL. -- Heikki Linnakangas Neon (https://neon.tech)
Commits
-
Make fallback MD5 implementation thread-safe on big-endian systems
- 7696b2ea5241 14.14 landed
- a38f5f880d1e 15.9 landed
- 0583863e9e6e 16.5 landed
- ffac8ac48e40 17.0 landed
- 2676040df0b2 18.0 landed
-
Refactor MD5 implementations according to new cryptohash infrastructure
- b67b57a966af 14.0 cited