From e518b93e48fe9a14f5328e423e10e44b8c92b699 Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Wed, 9 Apr 2025 13:45:10 +0300 Subject: [PATCH v2 2/2] WIP: use 'uint8 *' in more places for byte arrays --- src/backend/libpq/auth-scram.c | 26 +++++++++++++------------- src/backend/libpq/auth.c | 4 ++-- src/backend/libpq/crypt.c | 6 +++--- src/common/md5_common.c | 4 ++-- src/include/common/md5.h | 4 ++-- src/include/libpq/auth.h | 2 +- src/include/libpq/crypt.h | 2 +- src/interfaces/libpq/fe-auth-scram.c | 2 +- src/interfaces/libpq/fe-auth.c | 8 ++++---- 9 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c index f80333bb533..6ba8212326d 100644 --- a/src/backend/libpq/auth-scram.c +++ b/src/backend/libpq/auth-scram.c @@ -158,7 +158,7 @@ typedef struct /* Fields from the last message from client */ char *client_final_message_without_proof; char *client_final_nonce; - char ClientProof[SCRAM_MAX_KEY_LEN]; + uint8 ClientProof[SCRAM_MAX_KEY_LEN]; /* Fields generated in the server */ char *server_first_message; @@ -186,7 +186,7 @@ static void mock_scram_secret(const char *username, pg_cryptohash_type *hash_typ static bool is_scram_printable(char *p); static char *sanitize_char(char c); static char *sanitize_str(const char *s); -static char *scram_mock_salt(const char *username, +static uint8 *scram_mock_salt(const char *username, pg_cryptohash_type hash_type, int key_length); @@ -524,7 +524,7 @@ scram_verify_plain_password(const char *username, const char *password, const char *secret) { char *encoded_salt; - char *salt; + uint8 *salt; int saltlen; int iterations; int key_length = 0; @@ -609,9 +609,9 @@ parse_scram_secret(const char *secret, int *iterations, char *storedkey_str; char *serverkey_str; int decoded_len; - char *decoded_salt_buf; - char *decoded_stored_buf; - char *decoded_server_buf; + uint8 *decoded_salt_buf; + uint8 *decoded_stored_buf; + uint8 *decoded_server_buf; /* * The secret is of form: @@ -698,7 +698,7 @@ mock_scram_secret(const char *username, pg_cryptohash_type *hash_type, int *iterations, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key) { - char *raw_salt; + uint8 *raw_salt; char *encoded_salt; int encoded_len; @@ -1231,7 +1231,7 @@ build_server_first_message(scram_state *state) * For convenience, however, we don't use the whole range available, * rather, we generate some random bytes, and base64 encode them. */ - char raw_nonce[SCRAM_RAW_NONCE_LEN]; + uint8 raw_nonce[SCRAM_RAW_NONCE_LEN]; int encoded_len; if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN)) @@ -1271,7 +1271,7 @@ read_client_final_message(scram_state *state, const char *input) char *begin, *proof; char *p; - char *client_proof; + uint8 *client_proof; int client_proof_len; begin = p = pstrdup(input); @@ -1340,7 +1340,7 @@ read_client_final_message(scram_state *state, const char *input) b64_message_len = pg_b64_enc_len(cbind_input_len); /* don't forget the zero-terminator */ b64_message = palloc(b64_message_len + 1); - b64_message_len = pg_b64_encode(cbind_input, cbind_input_len, + b64_message_len = pg_b64_encode((uint8 *) cbind_input, cbind_input_len, b64_message, b64_message_len); if (b64_message_len < 0) elog(ERROR, "could not encode channel binding data"); @@ -1440,7 +1440,7 @@ build_server_final_message(scram_state *state) siglen = pg_b64_enc_len(state->key_length); /* don't forget the zero-terminator */ server_signature_base64 = palloc(siglen + 1); - siglen = pg_b64_encode((const char *) ServerSignature, + siglen = pg_b64_encode(ServerSignature, state->key_length, server_signature_base64, siglen); if (siglen < 0) @@ -1467,7 +1467,7 @@ build_server_final_message(scram_state *state) * hash based on the username and a cluster-level secret key. Returns a * pointer to a static buffer of size SCRAM_DEFAULT_SALT_LEN, or NULL. */ -static char * +static uint8 * scram_mock_salt(const char *username, pg_cryptohash_type hash_type, int key_length) { @@ -1501,5 +1501,5 @@ scram_mock_salt(const char *username, pg_cryptohash_type hash_type, } pg_cryptohash_free(ctx); - return (char *) sha_digest; + return sha_digest; } diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index e18683c47e7..9f4d05ffbd4 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -666,7 +666,7 @@ ClientAuthentication(Port *port) * Send an authentication request packet to the frontend. */ void -sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, int extralen) +sendAuthRequest(Port *port, AuthRequest areq, const void *extradata, int extralen) { StringInfoData buf; @@ -874,7 +874,7 @@ CheckPWChallengeAuth(Port *port, const char **logdetail) static int CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail) { - char md5Salt[4]; /* Password salt */ + uint8 md5Salt[4]; /* Password salt */ char *passwd; int result; diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index cbb85a27cc1..f6b641e726e 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -136,7 +136,7 @@ encrypt_password(PasswordType target_type, const char *role, case PASSWORD_TYPE_MD5: encrypted_password = palloc(MD5_PASSWD_LEN + 1); - if (!pg_md5_encrypt(password, role, strlen(role), + if (!pg_md5_encrypt(password, (uint8 *) role, strlen(role), encrypted_password, &errstr)) elog(ERROR, "password encryption failed: %s", errstr); break; @@ -201,7 +201,7 @@ encrypt_password(PasswordType target_type, const char *role, int md5_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, - const char *md5_salt, int md5_salt_len, + const uint8 *md5_salt, int md5_salt_len, const char **logdetail) { int retval; @@ -284,7 +284,7 @@ plain_crypt_verify(const char *role, const char *shadow_pass, case PASSWORD_TYPE_MD5: if (!pg_md5_encrypt(client_pass, - role, + (uint8 *) role, strlen(role), crypt_client_pass, &errstr)) diff --git a/src/common/md5_common.c b/src/common/md5_common.c index 61e396b0bbf..057ae7a449f 100644 --- a/src/common/md5_common.c +++ b/src/common/md5_common.c @@ -105,7 +105,7 @@ pg_md5_hash(const void *buff, size_t len, char *hexsum, const char **errstr) * (of size MD5_DIGEST_LENGTH) rather than being converted to ASCII hex. */ bool -pg_md5_binary(const void *buff, size_t len, void *outbuf, const char **errstr) +pg_md5_binary(const void *buff, size_t len, uint8 *outbuf, const char **errstr) { pg_cryptohash_ctx *ctx; @@ -142,7 +142,7 @@ pg_md5_binary(const void *buff, size_t len, void *outbuf, const char **errstr) * error context. */ bool -pg_md5_encrypt(const char *passwd, const char *salt, size_t salt_len, +pg_md5_encrypt(const char *passwd, const uint8 *salt, size_t salt_len, char *buf, const char **errstr) { size_t passwd_len = strlen(passwd); diff --git a/src/include/common/md5.h b/src/include/common/md5.h index 18ffd998453..0c9ae4888f2 100644 --- a/src/include/common/md5.h +++ b/src/include/common/md5.h @@ -28,9 +28,9 @@ /* Utilities common to all the MD5 implementations, as of md5_common.c */ extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum, const char **errstr); -extern bool pg_md5_binary(const void *buff, size_t len, void *outbuf, +extern bool pg_md5_binary(const void *buff, size_t len, uint8 *outbuf, const char **errstr); -extern bool pg_md5_encrypt(const char *passwd, const char *salt, +extern bool pg_md5_encrypt(const char *passwd, const uint8 *salt, size_t salt_len, char *buf, const char **errstr); diff --git a/src/include/libpq/auth.h b/src/include/libpq/auth.h index 25b5742068f..cc9643cce2f 100644 --- a/src/include/libpq/auth.h +++ b/src/include/libpq/auth.h @@ -37,7 +37,7 @@ extern PGDLLIMPORT bool pg_krb_caseins_users; extern PGDLLIMPORT bool pg_gss_accept_delegation; extern void ClientAuthentication(Port *port); -extern void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, +extern void sendAuthRequest(Port *port, AuthRequest areq, const void *extradata, int extralen); extern void set_authn_id(Port *port, const char *id); diff --git a/src/include/libpq/crypt.h b/src/include/libpq/crypt.h index dee477428e4..a1b4b363143 100644 --- a/src/include/libpq/crypt.h +++ b/src/include/libpq/crypt.h @@ -51,7 +51,7 @@ extern char *encrypt_password(PasswordType target_type, const char *role, extern char *get_role_password(const char *role, const char **logdetail); extern int md5_crypt_verify(const char *role, const char *shadow_pass, - const char *client_pass, const char *md5_salt, + const char *client_pass, const uint8 *md5_salt, int md5_salt_len, const char **logdetail); extern int plain_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c index 3babbc8d522..807ee1f5d0d 100644 --- a/src/interfaces/libpq/fe-auth-scram.c +++ b/src/interfaces/libpq/fe-auth-scram.c @@ -77,7 +77,7 @@ typedef struct /* These come from the server-final message */ char *server_final_message; - char ServerSignature[SCRAM_MAX_KEY_LEN]; + uint8 ServerSignature[SCRAM_MAX_KEY_LEN]; } fe_scram_state; static bool read_server_first_message(fe_scram_state *state, char *input); diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index ec7a9236044..84a042269de 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -798,7 +798,7 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) int ret; char *crypt_pwd = NULL; const char *pwd_to_send; - char md5Salt[4]; + uint8 md5Salt[4]; /* Read the salt from the AuthenticationMD5Password message. */ if (areq == AUTH_REQ_MD5) @@ -829,7 +829,7 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) } crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1; - if (!pg_md5_encrypt(password, conn->pguser, + if (!pg_md5_encrypt(password, (uint8 *) conn->pguser, strlen(conn->pguser), crypt_pwd2, &errstr)) { @@ -1369,7 +1369,7 @@ PQencryptPassword(const char *passwd, const char *user) if (!crypt_pwd) return NULL; - if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr)) + if (!pg_md5_encrypt(passwd, (uint8 *) user, strlen(user), crypt_pwd, &errstr)) { free(crypt_pwd); return NULL; @@ -1482,7 +1482,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, { const char *errstr = NULL; - if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr)) + if (!pg_md5_encrypt(passwd, (uint8 *) user, strlen(user), crypt_pwd, &errstr)) { libpq_append_conn_error(conn, "could not encrypt password: %s", errstr); free(crypt_pwd); -- 2.39.5