Further cleanup from the strong-random patch.

Also use the new facility for generating RADIUS authenticator requests,
and salt in chkpass extension.

Reword the error messages to be nicer. Fix bogus error code used in the
message in BackendStartup.

3 files changed, 13 insertions, 17 deletions

diff --git a/contrib/chkpass/chkpass.c b/contrib/chkpass/chkpass.c
index 9425c089b5b..3803ccff9ac 100644
--- a/contrib/chkpass/chkpass.c
+++ b/contrib/chkpass/chkpass.c
@@ -17,6 +17,7 @@
 #endif
 
 #include "fmgr.h"
+#include "utils/backend_random.h"
 #include "utils/builtins.h"
 
 PG_MODULE_MAGIC;
@@ -77,8 +78,12 @@ chkpass_in(PG_FUNCTION_ARGS)
 
 	result = (chkpass *) palloc0(sizeof(chkpass));
 
-	mysalt[0] = salt_chars[random() & 0x3f];
-	mysalt[1] = salt_chars[random() & 0x3f];
+	if (!pg_backend_random(mysalt, 2))
+		ereport(ERROR,
+				(errmsg("could not generate random salt")));
+
+	mysalt[0] = salt_chars[mysalt[0] & 0x3f];
+	mysalt[1] = salt_chars[mysalt[1] & 0x3f];
 	mysalt[2] = 0;				/* technically the terminator is not necessary
 								 * but I like to play safe */
 
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 2b1841fb9bb..9b79dc517da 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -194,9 +194,6 @@ static int pg_SSPI_make_upn(char *accountname,
  * RADIUS Authentication
  *----------------------------------------------------------------
  */
-#ifdef USE_OPENSSL
-#include <openssl/rand.h>
-#endif
 static int	CheckRADIUSAuth(Port *port);
 
 
@@ -718,7 +715,7 @@ CheckMD5Auth(Port *port, char **logdetail)
 	if (!pg_backend_random(md5Salt, 4))
 	{
 		ereport(LOG,
-				(errmsg("could not acquire random number for MD5 salt.")));
+				(errmsg("could not generate random MD5 salt.")));
 		return STATUS_ERROR;
 	}
 
@@ -2550,18 +2547,12 @@ CheckRADIUSAuth(Port *port)
 	/* Construct RADIUS packet */
 	packet->code = RADIUS_ACCESS_REQUEST;
 	packet->length = RADIUS_HEADER_LENGTH;
-#ifdef USE_OPENSSL
-	if (RAND_bytes(packet->vector, RADIUS_VECTOR_LENGTH) != 1)
+	if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH))
 	{
 		ereport(LOG,
 				(errmsg("could not generate random encryption vector")));
 		return STATUS_ERROR;
 	}
-#else
-	for (i = 0; i < RADIUS_VECTOR_LENGTH; i++)
-		/* Use a lower strengh random number of OpenSSL is not available */
-		packet->vector[i] = random() % 255;
-#endif
 	packet->id = packet->vector[0];
 	radius_add_attribute(packet, RADIUS_SERVICE_TYPE, (unsigned char *) &service, sizeof(service));
 	radius_add_attribute(packet, RADIUS_USER_NAME, (unsigned char *) port->user_name, strlen(port->user_name));
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 09884b31325..16dc075a3a1 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -3903,8 +3903,8 @@ BackendStartup(Port *port)
 	{
 		free(bn);
 		ereport(LOG,
-				(errcode(ERRCODE_OUT_OF_MEMORY),
-				 errmsg("could not acquire random number")));
+				(errcode(ERRCODE_INTERNAL_ERROR),
+				 errmsg("could not generate random cancel key")));
 		return STATUS_ERROR;
 	}
 
@@ -5288,7 +5288,7 @@ StartAutovacuumWorker(void)
 		{
 			ereport(LOG,
 					(errcode(ERRCODE_INTERNAL_ERROR),
-					 errmsg("could not acquire random number")));
+					 errmsg("could not generate random cancel key")));
 			return;
 		}
 
@@ -5594,7 +5594,7 @@ assign_backendlist_entry(RegisteredBgWorker *rw)
 	{
 		ereport(LOG,
 				(errcode(ERRCODE_INTERNAL_ERROR),
-				 errmsg("could not acquire random number")));
+				 errmsg("could not generate random cancel key")));
 
 		rw->rw_crashed_at = GetCurrentTimestamp();
 		return false;