Replace PostmasterRandom() with a stronger way of generating randomness.

This adds a new routine, pg_strong_random() for generating random bytes,
for use in both frontend and backend. At the moment, it's only used in
the backend, but the upcoming SCRAM authentication patches need strong
random numbers in libpq as well.

pg_strong_random() is based on, and replaces, the existing implementation
in pgcrypto. It can acquire strong random numbers from a number of sources,
depending on what's available:
- OpenSSL RAND_bytes(), if built with OpenSSL
- On Windows, the native cryptographic functions are used
- /dev/urandom
- /dev/random

Original patch by Magnus Hagander, with further work by Michael Paquier
and me.

Discussion: <CAB7nPqRy3krN8quR9XujMVVHYtXJ0_60nqgVc6oUk8ygyVkZsA@mail.gmail.com>

Author: hlinnaka

contrib/pgcrypto/Makefile

@@ -1,7 +1,7 @@
 # contrib/pgcrypto/Makefile
 
 INT_SRCS = md5.c sha1.c sha2.c internal.c internal-sha2.c blf.c rijndael.c \
-		fortuna.c random.c pgp-mpi-internal.c imath.c
+		fortuna.c pgp-mpi-internal.c imath.c
 INT_TESTS = sha2
 
 OSSL_SRCS = openssl.c pgp-mpi-openssl.c

contrib/pgcrypto/internal.c

@@ -626,8 +626,6 @@ static time_t check_time = 0;
 static void
 system_reseed(void)
 {
-	uint8		buf[1024];
-	int			n;
 	time_t		t;
 	int			skip = 1;
 
@@ -642,24 +640,34 @@ system_reseed(void)
 	else if (check_time == 0 ||
 			 (t - check_time) > SYSTEM_RESEED_CHECK_TIME)
 	{
+		uint8		buf;
+
 		check_time = t;
 
 		/* roll dice */
-		px_get_random_bytes(buf, 1);
-		skip = buf[0] >= SYSTEM_RESEED_CHANCE;
-	}
-	/* clear 1 byte */
-	px_memset(buf, 0, sizeof(buf));
-
-	if (skip)
-		return;
-
-	n = px_acquire_system_randomness(buf);
-	if (n > 0)
-		fortuna_add_entropy(buf, n);
+		px_get_random_bytes(&buf, 1);
+		skip = (buf >= SYSTEM_RESEED_CHANCE);
 
-	seed_time = t;
-	px_memset(buf, 0, sizeof(buf));
+		/* clear 1 byte */
+		px_memset(&buf, 0, sizeof(buf));
+	}
+	if (!skip)
+	{
+		/*
+		 * fortuna_add_entropy passes the input to SHA-256, so there's no
+		 * point in giving it more than 256 bits of input to begin with.
+		 */
+		uint8		buf[32];
+
+		if (!pg_strong_random(buf, sizeof(buf)))
+			ereport(ERROR,
+					(errcode(ERRCODE_INTERNAL_ERROR),
+					 errmsg("could not acquire random data")));
+		fortuna_add_entropy(buf, sizeof(buf));
+
+		seed_time = t;
+		px_memset(buf, 0, sizeof(buf));
+	}
 }
 
 int

contrib/pgcrypto/random.c

@@ -45,6 +45,12 @@ static void auth_failed(Port *port, int status, char *logdetail);
 static char *recv_password_packet(Port *port);
 static int	recv_and_check_password_packet(Port *port, char **logdetail);
 
+/*----------------------------------------------------------------
+ * MD5 authentication
+ *----------------------------------------------------------------
+ */
+static int	CheckMD5Auth(Port *port, char **logdetail);
+
 
 /*----------------------------------------------------------------
  * Ident authentication
@@ -535,9 +541,7 @@ ClientAuthentication(Port *port)
 				ereport(FATAL,
 						(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
 						 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
-			/* include the salt to use for computing the response */
-			sendAuthRequest(port, AUTH_REQ_MD5, port->md5Salt, 4);
-			status = recv_and_check_password_packet(port, &logdetail);
+			status = CheckMD5Auth(port, &logdetail);
 			break;
 
 		case uaPassword:
@@ -692,10 +696,25 @@ recv_password_packet(Port *port)
 
 
 /*----------------------------------------------------------------
- * MD5 authentication
+ * MD5 and password authentication
  *----------------------------------------------------------------
  */
 
+static int
+CheckMD5Auth(Port *port, char **logdetail)
+{
+	/* include the salt to use for computing the response */
+	if (!pg_strong_random(port->md5Salt, sizeof(port->md5Salt)))
+	{
+		*logdetail = psprintf(_("Could not generate random salt"));
+		return STATUS_ERROR;
+	}
+
+	sendAuthRequest(port, AUTH_REQ_MD5, port->md5Salt, 4);
+	return recv_and_check_password_packet(port, logdetail);
+}
+
+
 /*
  * Called when we have sent an authorization request for a password.
  * Get the response and check it.