Re: pgsql: Make cancel request keys longer

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Peter Eisentraut <peter(at)eisentraut(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pgsql: Make cancel request keys longer
Date: 2025-04-09 10:46:57
Message-ID: 9399dc5d-5575-483e-8e23-af6be79385c8@iki.fi
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers pgsql-hackers

On 09/04/2025 13:28, Heikki Linnakangas wrote:
> On 09/04/2025 12:39, Peter Eisentraut wrote:
>> On 09.04.25 10:53, Heikki Linnakangas wrote:
>>> On 08/04/2025 22:41, Heikki Linnakangas wrote:
>>>> On 08/04/2025 20:06, Peter Eisentraut wrote:
>>>>> While I was looking at this, I suggest to make the first argument
>>>>> void *.  This is consistent for passing binary data.
>>>>
>>>> Ok, sure.
>>>
>>> On second thoughts, -1 on that. 'void *' is appropriate for functions
>>> like libc's read() or pq_sendbytes(), where the buffer can point to
>>> anything. In other words, the caller is expected to have a pointer
>>> like 'foobar *', and it gets cast to 'void *' when you call the
>>> function. That's not the case with the cancellation key. The
>>> cancellation key is just an array of bytes, the caller is expected to
>>> pass an array of bytes, not a struct.
>>>
>>> The right precedent for that are e.g. SCRAM functions in scram-
>>> common.h, for example. They use "const uint8 *" for the hashes.
>>>
>>> I'll switch to "const uint *" everywhere that deals with cancel keys.
>>> There are a few more variables elsewhere in the backend and in libpq.
>>
>> I was having the same second thoughts overnight.  I agree with your
>> conclusion.
>
> Here's a patch to change cancellation keys to "uint8 *". I did the same
> for a few other places, namely the new scram_client_key_binary and
> scram_server_key_binary fields in pg_conn, and a few libpq functions
> that started to give compiler warnings after that. There probably would
> be more code that could be changed to follow this convention, but I
> didn't look hard. What do you think?
>
> I'm on the edge with the pg_b64_encode/decode functions, whether they
> should work on "uint8 *" or "void *". On one hand, you do base64
> encoding on a byte array, which would support "uint8 *". But on the
> other hand, you might use it for encoding things with more structure,
> which would support "void *". I went with "void *", mostly out of
> convenience as many of the SCRAM functions that currently use
> pg_b64_encode/decode, use "char *" to represent byte arrays. But
> arguably those should be changed to use "uint8 *" too.

I went around looking a bit more anyway. Here's a patch to change more
places to use 'uint8' for byte arrays, in SCRAM and MD5 salts and
digests and such. It's a bit of code churn, but I think it improves
readability. Especially the SCRAM code sometimes deals with
base64-encoded string representations of digests and sometimes with
decoded byte arrays, and it's helpful to use different datatypes for them.

--
Heikki Linnakangas
Neon (https://neon.tech)

Attachment Content-Type Size
v2-0001-Use-void-for-arbitrary-buffers-uint8-for-byte-arr.patch text/x-patch 16.9 KB
v2-0002-WIP-use-uint8-in-more-places-for-byte-arrays.patch text/x-patch 11.2 KB

In response to

Browse pgsql-committers by date

  From Date Subject
Next Message Noah Misch 2025-04-09 14:25:15 pgsql: Fix test races between syscache-update-pruned.spec and autovacuu
Previous Message Peter Eisentraut 2025-04-09 10:43:24 pgsql: Update config.guess and config.sub

Browse pgsql-hackers by date

  From Date Subject
Next Message Kirill Reshke 2025-04-09 10:48:08 Re: Parallel CREATE INDEX for GIN indexes
Previous Message Amit Kapila 2025-04-09 10:44:51 Re: Feature Recommendations for Logical Subscriptions