Re: pgsql: Make cancel request keys longer

Heikki Linnakangas <hlinnaka@iki.fi>

From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Peter Eisentraut <peter@eisentraut.org>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2025-05-08T19:11:07Z
Lists: pgsql-hackers
On 09/04/2025 13:46, Heikki Linnakangas wrote:
> On 09/04/2025 13:28, Heikki Linnakangas wrote:
>> On 09/04/2025 12:39, Peter Eisentraut wrote:
>>> On 09.04.25 10:53, Heikki Linnakangas wrote:
>>>> On 08/04/2025 22:41, Heikki Linnakangas wrote:
>>>>> On 08/04/2025 20:06, Peter Eisentraut wrote:
>>>>>> While I was looking at this, I suggest to make the first argument 
>>>>>> void *.  This is consistent for passing binary data.
>>>>>
>>>>> Ok, sure.
>>>>
>>>> On second thoughts, -1 on that. 'void *' is appropriate for 
>>>> functions like libc's read() or pq_sendbytes(), where the buffer can 
>>>> point to anything. In other words, the caller is expected to have a 
>>>> pointer like 'foobar *', and it gets cast to 'void *' when you call 
>>>> the function. That's not the case with the cancellation key. The 
>>>> cancellation key is just an array of bytes, the caller is expected 
>>>> to pass an array of bytes, not a struct.
>>>>
>>>> The right precedent for that are e.g. SCRAM functions in scram- 
>>>> common.h, for example. They use "const uint8 *" for the hashes.
>>>>
>>>> I'll switch to "const uint *" everywhere that deals with cancel 
>>>> keys. There are a few more variables elsewhere in the backend and in 
>>>> libpq.
>>>
>>> I was having the same second thoughts overnight.  I agree with your 
>>> conclusion.
>>
>> Here's a patch to change cancellation keys to "uint8 *". I did the 
>> same for a few other places, namely the new scram_client_key_binary 
>> and scram_server_key_binary fields in pg_conn, and a few libpq 
>> functions that started to give compiler warnings after that. There 
>> probably would be more code that could be changed to follow this 
>> convention, but I didn't look hard. What do you think?
>>
>> I'm on the edge with the pg_b64_encode/decode functions, whether they 
>> should work on "uint8 *" or "void *". On one hand, you do base64 
>> encoding on a byte array, which would support "uint8 *". But on the 
>> other hand, you might use it for encoding things with more structure, 
>> which would support "void *". I went with "void *", mostly out of 
>> convenience as many of the SCRAM functions that currently use 
>> pg_b64_encode/decode, use "char *" to represent byte arrays. But 
>> arguably those should be changed to use "uint8 *" too.
> 
> I went around looking a bit more anyway. Here's a patch to change more 
> places to use 'uint8' for byte arrays, in SCRAM and MD5 salts and 
> digests and such. It's a bit of code churn, but I think it improves 
> readability. Especially the SCRAM code sometimes deals with base64- 
> encoded string representations of digests and sometimes with decoded 
> byte arrays, and it's helpful to use different datatypes for them.

Polished this up a tiny bit, and committed.

-- 
Heikki Linnakangas
Neon (https://neon.tech)



Commits

  1. Use 'void *' for arbitrary buffers, 'uint8 *' for byte arrays

  2. Use more mundane 'int' type for cancel key lengths in libpq

  3. Fix a few oversights in the longer cancel keys patch

  4. Make cancel request keys longer