On Thu, Nov 05, 2020 at 10:49:45AM +0100, Daniel Gustafsson wrote:
> This must check for USE_OPENSSL as well as per my original patch, since we'd
> otherwise fail to perform post-fork initialization in case one use OpenSSL with
> anothe PRNG for pg_strong_random. That might be theoretical at this point, but
> if we ever support that and miss updating this it would be problematic.
That's actually the same point I tried to make at the end of my last
email, but worded differently, isn't it? In short we have
USE_OPENSSL, but !USE_OPENSSL_RANDOM and we still need an
initialization. We could just do something like the following:
#ifdef USE_OPENSSL
RAND_poll();
#endif
#if defined(USE_OPENSSL_RANDOM)
/* OpenSSL is done above, because blah.. */
#elif etc..
[...]
#error missing an init, pal.
#endif
Or do you jave something else in mind?
> +#if defined(USE_OPENSSL_RANDOM)
>
> I'm not sure this comment adds any value, we currently have two non-TLS library
> PRNGs in pg_strong_random, so even if we add NSS it will at best be 50%:
I don't mind removing this part, the compilation hint may be enough,
indeed.
--
Michael