Use 'void *' for arbitrary buffers, 'uint8 *' for byte arrays

A 'void *' argument suggests that the caller might pass an arbitrary struct, which is appropriate for functions like libc's read/write, or pq_sendbytes(). 'uint8 *' is more appropriate for byte arrays that have no structure, like the cancellation keys or SCRAM tokens. Some places used 'char *', but 'uint8 *' is better because 'char *' is commonly used for null-terminated strings. Change code around SCRAM, MD5 authentication, and cancellation key handling to follow these conventions. Discussion: https://www.postgresql.org/message-id/61be9e31-7b7d-49d5-bc11-721800d89d64@eisentraut.org
2 months ago · b28c59a6cd
parent 965213d9c5
commit b28c59a6cd
24 changed files with 80 additions and 80 deletions
--- a/contrib/dblink/dblink.c
+++ b/contrib/dblink/dblink.c
@ -3218,7 +3218,7 @@ appendSCRAMKeysInfo(StringInfo buf)
 	len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey));
 	/* don't forget the zero-terminator */
 	client_key = palloc0(len + 1);
-	encoded_len = pg_b64_encode((const char *) MyProcPort->scram_ClientKey,
+	encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey,
 								sizeof(MyProcPort->scram_ClientKey),
 								client_key, len);
 	if (encoded_len < 0)
@ -3227,7 +3227,7 @@ appendSCRAMKeysInfo(StringInfo buf)
 	len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey));
 	/* don't forget the zero-terminator */
 	server_key = palloc0(len + 1);
-	encoded_len = pg_b64_encode((const char *) MyProcPort->scram_ServerKey,
+	encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey,
 								sizeof(MyProcPort->scram_ServerKey),
 								server_key, len);
 	if (encoded_len < 0)
--- a/contrib/postgres_fdw/connection.c
+++ b/contrib/postgres_fdw/connection.c
@ -577,7 +577,7 @@ connect_pg_server(ForeignServer *server, UserMapping *user)
 			len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey));
 			/* don't forget the zero-terminator */
 			values[n] = palloc0(len + 1);
-			encoded_len = pg_b64_encode((const char *) MyProcPort->scram_ClientKey,
+			encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey,
 										sizeof(MyProcPort->scram_ClientKey),
 										(char *) values[n], len);
 			if (encoded_len < 0)
@ -588,7 +588,7 @@ connect_pg_server(ForeignServer *server, UserMapping *user)
 			len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey));
 			/* don't forget the zero-terminator */
 			values[n] = palloc0(len + 1);
-			encoded_len = pg_b64_encode((const char *) MyProcPort->scram_ServerKey,
+			encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey,
 										sizeof(MyProcPort->scram_ServerKey),
 										(char *) values[n], len);
 			if (encoded_len < 0)
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@ -158,7 +158,7 @@ typedef struct
 	/* Fields from the last message from client */
 	char	   *client_final_message_without_proof;
 	char	   *client_final_nonce;
-	char		ClientProof[SCRAM_MAX_KEY_LEN];
+	uint8		ClientProof[SCRAM_MAX_KEY_LEN];

 	/* Fields generated in the server */
 	char	   *server_first_message;
@ -186,9 +186,9 @@ static void mock_scram_secret(const char *username, pg_cryptohash_type *hash_typ
 static bool is_scram_printable(char *p);
 static char *sanitize_char(char c);
 static char *sanitize_str(const char *s);
-static char *scram_mock_salt(const char *username,
-							 pg_cryptohash_type hash_type,
-							 int key_length);
+static uint8 *scram_mock_salt(const char *username,
+							  pg_cryptohash_type hash_type,
+							  int key_length);

 /*
 * The number of iterations to use when generating new secrets.
@ -484,7 +484,7 @@ pg_be_scram_build_secret(const char *password)
 {
 	char	   *prep_password;
 	pg_saslprep_rc rc;
-	char		saltbuf[SCRAM_DEFAULT_SALT_LEN];
+	uint8		saltbuf[SCRAM_DEFAULT_SALT_LEN];
 	char	   *result;
 	const char *errstr = NULL;

@ -524,7 +524,7 @@ scram_verify_plain_password(const char *username, const char *password,
 							const char *secret)
 {
 	char	   *encoded_salt;
-	char	   *salt;
+	uint8	   *salt;
 	int			saltlen;
 	int			iterations;
 	int			key_length = 0;
@ -609,9 +609,9 @@ parse_scram_secret(const char *secret, int *iterations,
 	char	   *storedkey_str;
 	char	   *serverkey_str;
 	int			decoded_len;
-	char	   *decoded_salt_buf;
-	char	   *decoded_stored_buf;
-	char	   *decoded_server_buf;
+	uint8	   *decoded_salt_buf;
+	uint8	   *decoded_stored_buf;
+	uint8	   *decoded_server_buf;

 	/*
 	 * The secret is of form:
@ -698,7 +698,7 @@ mock_scram_secret(const char *username, pg_cryptohash_type *hash_type,
 				  int *iterations, int *key_length, char **salt,
 				  uint8 *stored_key, uint8 *server_key)
 {
-	char	   *raw_salt;
+	uint8	   *raw_salt;
 	char	   *encoded_salt;
 	int			encoded_len;

@ -1231,7 +1231,7 @@ build_server_first_message(scram_state *state)
 	 * For convenience, however, we don't use the whole range available,
 	 * rather, we generate some random bytes, and base64 encode them.
 	 */
-	char		raw_nonce[SCRAM_RAW_NONCE_LEN];
+	uint8		raw_nonce[SCRAM_RAW_NONCE_LEN];
 	int			encoded_len;

 	if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
@ -1271,7 +1271,7 @@ read_client_final_message(scram_state *state, const char *input)
 	char	   *begin,
 			   *proof;
 	char	   *p;
-	char	   *client_proof;
+	uint8	   *client_proof;
 	int			client_proof_len;

 	begin = p = pstrdup(input);
@ -1340,7 +1340,7 @@ read_client_final_message(scram_state *state, const char *input)
 		b64_message_len = pg_b64_enc_len(cbind_input_len);
 		/* don't forget the zero-terminator */
 		b64_message = palloc(b64_message_len + 1);
-		b64_message_len = pg_b64_encode(cbind_input, cbind_input_len,
+		b64_message_len = pg_b64_encode((uint8 *) cbind_input, cbind_input_len,
 										b64_message, b64_message_len);
 		if (b64_message_len < 0)
 			elog(ERROR, "could not encode channel binding data");
@ -1440,7 +1440,7 @@ build_server_final_message(scram_state *state)
 	siglen = pg_b64_enc_len(state->key_length);
 	/* don't forget the zero-terminator */
 	server_signature_base64 = palloc(siglen + 1);
-	siglen = pg_b64_encode((const char *) ServerSignature,
+	siglen = pg_b64_encode(ServerSignature,
 						   state->key_length, server_signature_base64,
 						   siglen);
 	if (siglen < 0)
@ -1467,7 +1467,7 @@ build_server_final_message(scram_state *state)
 * hash based on the username and a cluster-level secret key.  Returns a
 * pointer to a static buffer of size SCRAM_DEFAULT_SALT_LEN, or NULL.
 */
-static char *
+static uint8 *
 scram_mock_salt(const char *username, pg_cryptohash_type hash_type,
 				int key_length)
 {
@ -1501,5 +1501,5 @@ scram_mock_salt(const char *username, pg_cryptohash_type hash_type,
 	}
 	pg_cryptohash_free(ctx);

-	return (char *) sha_digest;
+	return sha_digest;
 }
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@ -666,7 +666,7 @@ ClientAuthentication(Port *port)
 * Send an authentication request packet to the frontend.
 */
 void
-sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, int extralen)
+sendAuthRequest(Port *port, AuthRequest areq, const void *extradata, int extralen)
 {
 	StringInfoData buf;

@ -874,7 +874,7 @@ CheckPWChallengeAuth(Port *port, const char **logdetail)
 static int
 CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail)
 {
-	char		md5Salt[4];		/* Password salt */
+	uint8		md5Salt[4];		/* Password salt */
 	char	   *passwd;
 	int			result;

--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@ -136,7 +136,7 @@ encrypt_password(PasswordType target_type, const char *role,
 			case PASSWORD_TYPE_MD5:
 				encrypted_password = palloc(MD5_PASSWD_LEN + 1);

-				if (!pg_md5_encrypt(password, role, strlen(role),
+				if (!pg_md5_encrypt(password, (uint8 *) role, strlen(role),
 									encrypted_password, &errstr))
 					elog(ERROR, "password encryption failed: %s", errstr);
 				break;
@ -201,7 +201,7 @@ encrypt_password(PasswordType target_type, const char *role,
 int
 md5_crypt_verify(const char *role, const char *shadow_pass,
 				 const char *client_pass,
-				 const char *md5_salt, int md5_salt_len,
+				 const uint8 *md5_salt, int md5_salt_len,
 				 const char **logdetail)
 {
 	int			retval;
@ -284,7 +284,7 @@ plain_crypt_verify(const char *role, const char *shadow_pass,

 		case PASSWORD_TYPE_MD5:
 			if (!pg_md5_encrypt(client_pass,
-								role,
+								(uint8 *) role,
 								strlen(role),
 								crypt_client_pass,
 								&errstr))
--- a/src/backend/storage/ipc/procsignal.c
+++ b/src/backend/storage/ipc/procsignal.c
@ -64,7 +64,7 @@ typedef struct
 {
 	pg_atomic_uint32 pss_pid;
 	int			pss_cancel_key_len; /* 0 means no cancellation is possible */
-	char		pss_cancel_key[MAX_CANCEL_KEY_LENGTH];
+	uint8		pss_cancel_key[MAX_CANCEL_KEY_LENGTH];
 	volatile sig_atomic_t pss_signalFlags[NUM_PROCSIGNALS];
 	slock_t		pss_mutex;		/* protects the above fields */

@ -163,7 +163,7 @@ ProcSignalShmemInit(void)
 *		Register the current process in the ProcSignal array
 */
 void
-ProcSignalInit(char *cancel_key, int cancel_key_len)
+ProcSignalInit(const uint8 *cancel_key, int cancel_key_len)
 {
 	ProcSignalSlot *slot;
 	uint64		barrier_generation;
@ -729,7 +729,7 @@ procsignal_sigusr1_handler(SIGNAL_ARGS)
 * fields in the ProcSignal slots.
 */
 void
-SendCancelRequest(int backendPID, char *cancel_key, int cancel_key_len)
+SendCancelRequest(int backendPID, const uint8 *cancel_key, int cancel_key_len)
 {
 	Assert(backendPID != 0);

--- a/src/backend/utils/init/globals.c
+++ b/src/backend/utils/init/globals.c
@ -50,7 +50,7 @@ pg_time_t	MyStartTime;
 TimestampTz MyStartTimestamp;
 struct ClientSocket *MyClientSocket;
 struct Port *MyProcPort;
-char		MyCancelKey[MAX_CANCEL_KEY_LENGTH];
+uint8		MyCancelKey[MAX_CANCEL_KEY_LENGTH];
 int			MyCancelKeyLength = 0;
 int			MyPMChildSlot;

--- a/src/common/base64.c
+++ b/src/common/base64.c
@ -41,15 +41,15 @@ static const int8 b64lookup[128] = {
 /*
 * pg_b64_encode
 *
- * Encode into base64 the given string.  Returns the length of the encoded
- * string, and -1 in the event of an error with the result buffer zeroed
- * for safety.
+ * Encode the 'src' byte array into base64.  Returns the length of the encoded
+ * string, and -1 in the event of an error with the result buffer zeroed for
+ * safety.
 */
 int
-pg_b64_encode(const char *src, int len, char *dst, int dstlen)
+pg_b64_encode(const uint8 *src, int len, char *dst, int dstlen)
 {
 	char	   *p;
-	const char *s,
+	const uint8 *s,
 			   *end = src + len;
 	int			pos = 2;
 	uint32		buf = 0;
@ -59,7 +59,7 @@ pg_b64_encode(const char *src, int len, char *dst, int dstlen)

 	while (s < end)
 	{
-		buf |= (unsigned char) *s << (pos << 3);
+		buf |= *s << (pos << 3);
 		pos--;
 		s++;

@ -113,11 +113,11 @@ error:
 * buffer zeroed for safety.
 */
 int
-pg_b64_decode(const char *src, int len, char *dst, int dstlen)
+pg_b64_decode(const char *src, int len, uint8 *dst, int dstlen)
 {
 	const char *srcend = src + len,
 			   *s = src;
-	char	   *p = dst;
+	uint8	   *p = dst;
 	char		c;
 	int			b = 0;
 	uint32		buf = 0;
--- a/src/common/md5_common.c
+++ b/src/common/md5_common.c
@ -105,7 +105,7 @@ pg_md5_hash(const void *buff, size_t len, char *hexsum, const char **errstr)
 * (of size MD5_DIGEST_LENGTH) rather than being converted to ASCII hex.
 */
 bool
-pg_md5_binary(const void *buff, size_t len, void *outbuf, const char **errstr)
+pg_md5_binary(const void *buff, size_t len, uint8 *outbuf, const char **errstr)
 {
 	pg_cryptohash_ctx *ctx;

@ -142,7 +142,7 @@ pg_md5_binary(const void *buff, size_t len, void *outbuf, const char **errstr)
 * error context.
 */
 bool
-pg_md5_encrypt(const char *passwd, const char *salt, size_t salt_len,
+pg_md5_encrypt(const char *passwd, const uint8 *salt, size_t salt_len,
 			   char *buf, const char **errstr)
 {
 	size_t		passwd_len = strlen(passwd);
--- a/src/common/scram-common.c
+++ b/src/common/scram-common.c
@ -37,7 +37,7 @@
 int
 scram_SaltedPassword(const char *password,
 					 pg_cryptohash_type hash_type, int key_length,
-					 const char *salt, int saltlen, int iterations,
+					 const uint8 *salt, int saltlen, int iterations,
 					 uint8 *result, const char **errstr)
 {
 	int			password_len = strlen(password);
@ -62,7 +62,7 @@ scram_SaltedPassword(const char *password,

 	/* First iteration */
 	if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
-		pg_hmac_update(hmac_ctx, (uint8 *) salt, saltlen) < 0 ||
+		pg_hmac_update(hmac_ctx, salt, saltlen) < 0 ||
 		pg_hmac_update(hmac_ctx, (uint8 *) &one, sizeof(uint32)) < 0 ||
 		pg_hmac_final(hmac_ctx, Ui_prev, key_length) < 0)
 	{
@ -207,7 +207,7 @@ scram_ServerKey(const uint8 *salted_password,
 */
 char *
 scram_build_secret(pg_cryptohash_type hash_type, int key_length,
-				   const char *salt, int saltlen, int iterations,
+				   const uint8 *salt, int saltlen, int iterations,
 				   const char *password, const char **errstr)
 {
 	uint8		salted_password[SCRAM_MAX_KEY_LEN];
@ -290,7 +290,7 @@ scram_build_secret(pg_cryptohash_type hash_type, int key_length,
 	*(p++) = '$';

 	/* stored key */
-	encoded_result = pg_b64_encode((char *) stored_key, key_length, p,
+	encoded_result = pg_b64_encode(stored_key, key_length, p,
 								   encoded_stored_len);
 	if (encoded_result < 0)
 	{
@ -307,7 +307,7 @@ scram_build_secret(pg_cryptohash_type hash_type, int key_length,
 	*(p++) = ':';

 	/* server key */
-	encoded_result = pg_b64_encode((char *) server_key, key_length, p,
+	encoded_result = pg_b64_encode(server_key, key_length, p,
 								   encoded_server_len);
 	if (encoded_result < 0)
 	{
--- a/src/include/common/base64.h
+++ b/src/include/common/base64.h
@ -11,8 +11,8 @@
 #define BASE64_H

 /* base 64 */
-pg_nodiscard extern int pg_b64_encode(const char *src, int len, char *dst, int dstlen);
-pg_nodiscard extern int pg_b64_decode(const char *src, int len, char *dst, int dstlen);
+pg_nodiscard extern int pg_b64_encode(const uint8 *src, int len, char *dst, int dstlen);
+pg_nodiscard extern int pg_b64_decode(const char *src, int len, uint8 *dst, int dstlen);
 extern int	pg_b64_enc_len(int srclen);
 extern int	pg_b64_dec_len(int srclen);

--- a/src/include/common/md5.h
+++ b/src/include/common/md5.h
@ -28,9 +28,9 @@
 /* Utilities common to all the MD5 implementations, as of md5_common.c */
 extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum,
 						const char **errstr);
-extern bool pg_md5_binary(const void *buff, size_t len, void *outbuf,
+extern bool pg_md5_binary(const void *buff, size_t len, uint8 *outbuf,
 						  const char **errstr);
-extern bool pg_md5_encrypt(const char *passwd, const char *salt,
+extern bool pg_md5_encrypt(const char *passwd, const uint8 *salt,
 						   size_t salt_len, char *buf,
 						   const char **errstr);

--- a/src/include/common/scram-common.h
+++ b/src/include/common/scram-common.h
@ -51,7 +51,7 @@

 extern int	scram_SaltedPassword(const char *password,
 								 pg_cryptohash_type hash_type, int key_length,
-								 const char *salt, int saltlen, int iterations,
+								 const uint8 *salt, int saltlen, int iterations,
 								 uint8 *result, const char **errstr);
 extern int	scram_H(const uint8 *input, pg_cryptohash_type hash_type,
 					int key_length, uint8 *result,
@ -64,7 +64,7 @@ extern int	scram_ServerKey(const uint8 *salted_password,
 							uint8 *result, const char **errstr);

 extern char *scram_build_secret(pg_cryptohash_type hash_type, int key_length,
-								const char *salt, int saltlen, int iterations,
+								const uint8 *salt, int saltlen, int iterations,
 								const char *password, const char **errstr);

 #endif							/* SCRAM_COMMON_H */
--- a/src/include/libpq/auth.h
+++ b/src/include/libpq/auth.h
@ -37,7 +37,7 @@ extern PGDLLIMPORT bool pg_krb_caseins_users;
 extern PGDLLIMPORT bool pg_gss_accept_delegation;

 extern void ClientAuthentication(Port *port);
-extern void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata,
+extern void sendAuthRequest(Port *port, AuthRequest areq, const void *extradata,
 							int extralen);
 extern void set_authn_id(Port *port, const char *id);

--- a/src/include/libpq/crypt.h
+++ b/src/include/libpq/crypt.h
@ -51,7 +51,7 @@ extern char *encrypt_password(PasswordType target_type, const char *role,
 extern char *get_role_password(const char *role, const char **logdetail);

 extern int	md5_crypt_verify(const char *role, const char *shadow_pass,
-							 const char *client_pass, const char *md5_salt,
+							 const char *client_pass, const uint8 *md5_salt,
 							 int md5_salt_len, const char **logdetail);
 extern int	plain_crypt_verify(const char *role, const char *shadow_pass,
 							   const char *client_pass,
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@ -141,7 +141,7 @@ typedef struct CancelRequestPacket
 	/* Note that each field is stored in network byte order! */
 	MsgType		cancelRequestCode;	/* code to identify a cancel request */
 	uint32		backendPID;		/* PID of client's backend */
-	char		cancelAuthCode[FLEXIBLE_ARRAY_MEMBER];	/* secret key to
+	uint8		cancelAuthCode[FLEXIBLE_ARRAY_MEMBER];	/* secret key to
 														 * authorize cancel */
 } CancelRequestPacket;

--- a/src/include/miscadmin.h
+++ b/src/include/miscadmin.h
@ -192,7 +192,7 @@ extern PGDLLIMPORT pg_time_t MyStartTime;
 extern PGDLLIMPORT TimestampTz MyStartTimestamp;
 extern PGDLLIMPORT struct Port *MyProcPort;
 extern PGDLLIMPORT struct Latch *MyLatch;
-extern PGDLLIMPORT char MyCancelKey[];
+extern PGDLLIMPORT uint8 MyCancelKey[];
 extern PGDLLIMPORT int MyCancelKeyLength;
 extern PGDLLIMPORT int MyPMChildSlot;

--- a/src/include/storage/procsignal.h
+++ b/src/include/storage/procsignal.h
@ -73,10 +73,10 @@ typedef enum
 extern Size ProcSignalShmemSize(void);
 extern void ProcSignalShmemInit(void);

-extern void ProcSignalInit(char *cancel_key, int cancel_key_len);
+extern void ProcSignalInit(const uint8 *cancel_key, int cancel_key_len);
 extern int	SendProcSignal(pid_t pid, ProcSignalReason reason,
 						   ProcNumber procNumber);
-extern void SendCancelRequest(int backendPID, char *cancel_key, int cancel_key_len);
+extern void SendCancelRequest(int backendPID, const uint8 *cancel_key, int cancel_key_len);

 extern uint64 EmitProcSignalBarrier(ProcSignalBarrierType type);
 extern void WaitForProcSignalBarrier(uint64 generation);
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@ -70,14 +70,14 @@ typedef struct

 	/* These come from the server-first message */
 	char	   *server_first_message;
-	char	   *salt;
+	uint8	   *salt;
 	int			saltlen;
 	int			iterations;
 	char	   *nonce;

 	/* These come from the server-final message */
 	char	   *server_final_message;
-	char		ServerSignature[SCRAM_MAX_KEY_LEN];
+	uint8		ServerSignature[SCRAM_MAX_KEY_LEN];
 } fe_scram_state;

 static bool read_server_first_message(fe_scram_state *state, char *input);
@ -350,7 +350,7 @@ static char *
 build_client_first_message(fe_scram_state *state)
 {
 	PGconn	   *conn = state->conn;
-	char		raw_nonce[SCRAM_RAW_NONCE_LEN + 1];
+	uint8		raw_nonce[SCRAM_RAW_NONCE_LEN + 1];
 	char	   *result;
 	int			channel_info_len;
 	int			encoded_len;
@ -513,7 +513,7 @@ build_client_final_message(fe_scram_state *state)
 			free(cbind_input);
 			goto oom_error;
 		}
-		encoded_cbind_len = pg_b64_encode(cbind_input, cbind_input_len,
+		encoded_cbind_len = pg_b64_encode((uint8 *) cbind_input, cbind_input_len,
 										  buf.data + buf.len,
 										  encoded_cbind_len);
 		if (encoded_cbind_len < 0)
@ -574,7 +574,7 @@ build_client_final_message(fe_scram_state *state)
 	encoded_len = pg_b64_enc_len(state->key_length);
 	if (!enlargePQExpBuffer(&buf, encoded_len))
 		goto oom_error;
-	encoded_len = pg_b64_encode((char *) client_proof,
+	encoded_len = pg_b64_encode(client_proof,
 								state->key_length,
 								buf.data + buf.len,
 								encoded_len);
@ -694,7 +694,7 @@ read_server_final_message(fe_scram_state *state, char *input)
 {
 	PGconn	   *conn = state->conn;
 	char	   *encoded_server_signature;
-	char	   *decoded_server_signature;
+	uint8	   *decoded_server_signature;
 	int			server_signature_len;

 	state->server_final_message = strdup(input);
@ -916,7 +916,7 @@ pg_fe_scram_build_secret(const char *password, int iterations, const char **errs
 {
 	char	   *prep_password;
 	pg_saslprep_rc rc;
-	char		saltbuf[SCRAM_DEFAULT_SALT_LEN];
+	uint8		saltbuf[SCRAM_DEFAULT_SALT_LEN];
 	char	   *result;

 	/*
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@ -798,7 +798,7 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
 	int			ret;
 	char	   *crypt_pwd = NULL;
 	const char *pwd_to_send;
-	char		md5Salt[4];
+	uint8		md5Salt[4];

 	/* Read the salt from the AuthenticationMD5Password message. */
 	if (areq == AUTH_REQ_MD5)
@ -829,7 +829,7 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
 				}

 				crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1;
-				if (!pg_md5_encrypt(password, conn->pguser,
+				if (!pg_md5_encrypt(password, (uint8 *) conn->pguser,
 									strlen(conn->pguser), crypt_pwd2,
 									&errstr))
 				{
@ -1369,7 +1369,7 @@ PQencryptPassword(const char *passwd, const char *user)
 	if (!crypt_pwd)
 		return NULL;

-	if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr))
+	if (!pg_md5_encrypt(passwd, (uint8 *) user, strlen(user), crypt_pwd, &errstr))
 	{
 		free(crypt_pwd);
 		return NULL;
@ -1482,7 +1482,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 		{
 			const char *errstr = NULL;

-			if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr))
+			if (!pg_md5_encrypt(passwd, (uint8 *) user, strlen(user), crypt_pwd, &errstr))
 			{
 				libpq_append_conn_error(conn, "could not encrypt password: %s", errstr);
 				free(crypt_pwd);
--- a/src/interfaces/libpq/fe-cancel.c
+++ b/src/interfaces/libpq/fe-cancel.c
@ -463,7 +463,7 @@ PQsendCancelRequest(PGconn *cancelConn)
 	memset(&req, 0, offsetof(CancelRequestPacket, cancelAuthCode));
 	req.cancelRequestCode = (MsgType) pg_hton32(CANCEL_REQUEST_CODE);
 	req.backendPID = pg_hton32(cancelConn->be_pid);
-	if (pqPutnchar((char *) &req, offsetof(CancelRequestPacket, cancelAuthCode), cancelConn))
+	if (pqPutnchar(&req, offsetof(CancelRequestPacket, cancelAuthCode), cancelConn))
 		return STATUS_ERROR;
 	if (pqPutnchar(cancelConn->be_cancel_key, cancelConn->be_cancel_key_len, cancelConn))
 		return STATUS_ERROR;
--- a/src/interfaces/libpq/fe-misc.c
+++ b/src/interfaces/libpq/fe-misc.c
@ -67,7 +67,7 @@ PQlibVersion(void)


 /*
- * pqGetc: get 1 character from the connection
+ * pqGetc: read 1 character from the connection
 *
 *	All these routines return 0 on success, EOF on error.
 *	Note that for the Get routines, EOF only means there is not enough
@ -100,7 +100,7 @@ pqPutc(char c, PGconn *conn)

 /*
 * pqGets[_append]:
- * get a null-terminated string from the connection,
+ * read a null-terminated string from the connection,
 * and store it in an expansible PQExpBuffer.
 * If we run out of memory, all of the string is still read,
 * but the excess characters are silently discarded.
@ -159,10 +159,10 @@ pqPuts(const char *s, PGconn *conn)

 /*
 * pqGetnchar:
- *	get a string of exactly len bytes in buffer s, no null termination
+ *	read exactly len bytes in buffer s, no null termination
 */
 int
-pqGetnchar(char *s, size_t len, PGconn *conn)
+pqGetnchar(void *s, size_t len, PGconn *conn)
 {
 	if (len > (size_t) (conn->inEnd - conn->inCursor))
 		return EOF;
@ -199,7 +199,7 @@ pqSkipnchar(size_t len, PGconn *conn)
 *	write exactly len bytes to the current message
 */
 int
-pqPutnchar(const char *s, size_t len, PGconn *conn)
+pqPutnchar(const void *s, size_t len, PGconn *conn)
 {
 	if (pqPutMsgBytes(s, len, conn))
 		return EOF;
--- a/src/interfaces/libpq/fe-protocol3.c
+++ b/src/interfaces/libpq/fe-protocol3.c
@ -2121,7 +2121,7 @@ pqFunctionCall3(PGconn *conn, Oid fnid,
 		}
 		else
 		{
-			if (pqPutnchar((char *) args[i].u.ptr, args[i].len, conn))
+			if (pqPutnchar(args[i].u.ptr, args[i].len, conn))
 				return NULL;
 		}
 	}
@ -2215,7 +2215,7 @@ pqFunctionCall3(PGconn *conn, Oid fnid,
 					}
 					else
 					{
-						if (pqGetnchar((char *) result_buf,
+						if (pqGetnchar(result_buf,
 									   *actual_result_len,
 									   conn))
 							continue;
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@ -539,16 +539,16 @@ struct pg_conn
 								 * tried host */
 	bool		send_appname;	/* okay to send application_name? */
 	size_t		scram_client_key_len;
-	void	   *scram_client_key_binary;	/* binary SCRAM client key */
+	uint8	   *scram_client_key_binary;	/* binary SCRAM client key */
 	size_t		scram_server_key_len;
-	void	   *scram_server_key_binary;	/* binary SCRAM server key */
+	uint8	   *scram_server_key_binary;	/* binary SCRAM server key */
 	ProtocolVersion min_pversion;	/* protocol version to request */
 	ProtocolVersion max_pversion;	/* protocol version to request */

 	/* Miscellaneous stuff */
 	int			be_pid;			/* PID of backend --- needed for cancels */
 	int			be_cancel_key_len;
-	char	   *be_cancel_key;	/* query cancellation key and its length */
+	uint8	   *be_cancel_key;	/* query cancellation key */
 	pgParameterStatus *pstatus; /* ParameterStatus data */
 	int			client_encoding;	/* encoding id */
 	bool		std_strings;	/* standard_conforming_strings */
@ -787,9 +787,9 @@ extern int	pqPutc(char c, PGconn *conn);
 extern int	pqGets(PQExpBuffer buf, PGconn *conn);
 extern int	pqGets_append(PQExpBuffer buf, PGconn *conn);
 extern int	pqPuts(const char *s, PGconn *conn);
-extern int	pqGetnchar(char *s, size_t len, PGconn *conn);
+extern int	pqGetnchar(void *s, size_t len, PGconn *conn);
 extern int	pqSkipnchar(size_t len, PGconn *conn);
-extern int	pqPutnchar(const char *s, size_t len, PGconn *conn);
+extern int	pqPutnchar(const void *s, size_t len, PGconn *conn);
 extern int	pqGetInt(int *result, size_t bytes, PGconn *conn);
 extern int	pqPutInt(int value, size_t bytes, PGconn *conn);
 extern int	pqPutMsgStart(char msg_type, PGconn *conn);