*/
 #ifndef FRONTEND
 #include "postgres.h"
-#include "utils/memutils.h"
 #else
 #include "postgres_fe.h"
 #endif
 
+/* for htonl */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
 #include "common/scram-common.h"
 
 #define HMAC_IPAD 0x36
 }
 
 /*
- * Normalize a password for SCRAM authentication.
+ * Encrypt password for SCRAM authentication. This basically applies the
+ * normalization of the password and a hash calculation using the salt
+ * value given by caller.
  */
 static void
-scram_Normalize(const char *password, char *result)
+scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
+                    uint8 *result)
 {
    /*
     * XXX: Here SASLprep should be applied on password. However, per RFC5802,
     * the frontend in order to be able to encode properly this string, and
     * then apply SASLprep on it.
     */
-   memcpy(result, password, strlen(password) + 1);
-}
-
-/*
- * Encrypt password for SCRAM authentication. This basically applies the
- * normalization of the password and a hash calculation using the salt
- * value given by caller.
- */
-static void
-scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
-                    uint8 *result)
-{
-   char       *pwbuf;
 
-   pwbuf = (char *) malloc(strlen(password) + 1);
-   scram_Normalize(password, pwbuf);
-   scram_Hi(pwbuf, salt, saltlen, iterations, result);
-   free(pwbuf);
+   scram_Hi(password, salt, saltlen, iterations, result);
 }
 
 /*
 
     */
    if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0)
    {
-       char       *password = conn->connhost[conn->whichhost].password;
+       char       *password;
 
+       conn->password_needed = true;
+       password = conn->connhost[conn->whichhost].password;
        if (password == NULL)
            password = conn->pgpass;
-       conn->password_needed = true;
-       if (password == NULL || password == '\0')
+       if (password == NULL || password[0] == '\0')
        {
            printfPQExpBuffer(&conn->errorMessage,
                              PQnoPasswordSupplied);