Clean up KeyringGenerateNewKey()

Instead of returning NULL when we failed the generate a key we throw an
error like all other places where random fails. Additionally we stop
hardcoding 32 in the assertion.

Author: jeltz

contrib/pg_tde/src/keyring/keyring_api.c

@@ -10,6 +10,7 @@
 
 #include <assert.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 
 typedef struct RegisteredKeyProviderType
 {
@@ -127,15 +128,15 @@ KeyringGenerateNewKey(const char *key_name, unsigned key_len)
 {
 	KeyInfo    *key;
 
-	Assert(key_len <= 32);
+	Assert(key_len <= sizeof(key->data));
 	/* Struct will be saved to disk so keep clean */
 	key = palloc0_object(KeyInfo);
 	key->data.len = key_len;
 	if (!RAND_bytes(key->data.data, key_len))
-	{
-		pfree(key);
-		return NULL;			/* openssl error */
-	}
+		ereport(ERROR,
+				errcode(ERRCODE_INTERNAL_ERROR),
+				errmsg("could not generate new principal key: %s",
+					   ERR_error_string(ERR_get_error(), NULL)));
 	strlcpy(key->name, key_name, sizeof(key->name));
 	return key;
 }