if test "${enable_strong_random+set}" = set; then :

enableval=$enable_strong_random;

case $enableval in

yes)

:

;;

no)

:

;;

*)

as_fn_error $? "no argument expected for --enable-strong-random option" "$LINENO" 5

;;

esac

enable_strong_random=yes

if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then

if test x"$with_openssl" = x"yes" ; then

USE_OPENSSL_RANDOM=1

elif test "$PORTNAME" = x"win32" ; then

USE_WIN32_RANDOM=1

else

{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5

$as_echo_n "checking for /dev/urandom... " >&6; }

if ${ac_cv_file__dev_urandom+:} false; then :

$as_echo_n "(cached) " >&6

test "$cross_compiling" = yes &&

as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5

if test -r "/dev/urandom"; then

ac_cv_file__dev_urandom=yes

ac_cv_file__dev_urandom=no

{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__dev_urandom" >&5

$as_echo "$ac_cv_file__dev_urandom" >&6; }

if test "x$ac_cv_file__dev_urandom" = xyes; then :

if test x"$ac_cv_file__dev_urandom" = x"yes" ; then

USE_DEV_URANDOM=1

fi

fi

{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5

$as_echo_n "checking which random number source to use... " >&6; }

if test "$enable_strong_random" = yes ; then

if test x"$USE_OPENSSL_RANDOM" = x"1" ; then

$as_echo "#define USE_OPENSSL_RANDOM 1" >>confdefs.h

{ $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5

$as_echo "OpenSSL" >&6; }

elif test x"$USE_WIN32_RANDOM" = x"1" ; then

$as_echo "#define USE_WIN32_RANDOM 1" >>confdefs.h

{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Windows native" >&5

$as_echo "Windows native" >&6; }

elif test x"$USE_DEV_URANDOM" = x"1" ; then

$as_echo "#define USE_DEV_URANDOM 1" >>confdefs.h

{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /dev/urandom" >&5

$as_echo "/dev/urandom" >&6; }

else

as_fn_error $? "

pseudo random number generator, but that may be insecure." "$LINENO" 5

fi

$as_echo "#define HAVE_STRONG_RANDOM 1" >>confdefs.h

{ $as_echo "$as_me:${as_lineno-$LINENO}: result: weak builtin PRNG" >&5

$as_echo "weak builtin PRNG" >&6; }

{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:

*** Not using a strong random number source may be insecure." >&5

$as_echo "$as_me: WARNING:

*** Not using a strong random number source may be insecure." >&2;}

#

# Random number generation

#

PGAC_ARG_BOOL(enable, strong-random, yes,

[do not use a strong random number source])

AC_SUBST(enable_strong_random)

# Select random number source

#

# You can override this logic by setting the appropriate USE_*RANDOM flag to 1

# in the template or configure command line.

# If not selected manually, try to select a source automatically.

if test "$enable_strong_random" = "yes" && test x"$USE_OPENSSL_RANDOM" = x"" && test x"$USE_WIN32_RANDOM" = x"" && test x"$USE_DEV_URANDOM" = x"" ; then

if test x"$with_openssl" = x"yes" ; then

USE_OPENSSL_RANDOM=1

elif test "$PORTNAME" = x"win32" ; then

USE_WIN32_RANDOM=1

else

AC_CHECK_FILE([/dev/urandom], [], [])

if test x"$ac_cv_file__dev_urandom" = x"yes" ; then

USE_DEV_URANDOM=1

fi

fi

fi

AC_MSG_CHECKING([which random number source to use])

if test "$enable_strong_random" = yes ; then

if test x"$USE_OPENSSL_RANDOM" = x"1" ; then

AC_DEFINE(USE_OPENSSL_RANDOM, 1, [Define to use OpenSSL for random number generation])

AC_MSG_RESULT([OpenSSL])

elif test x"$USE_WIN32_RANDOM" = x"1" ; then

AC_DEFINE(USE_WIN32_RANDOM, 1, [Define to use native Windows API for random number generation])

AC_MSG_RESULT([Windows native])

elif test x"$USE_DEV_URANDOM" = x"1" ; then

AC_DEFINE(USE_DEV_URANDOM, 1, [Define to use /dev/urandom for random number generation])

AC_MSG_RESULT([/dev/urandom])

else

AC_MSG_ERROR([

no source of strong random numbers was found

PostgreSQL can use OpenSSL or /dev/urandom as a source of random numbers,

for authentication protocols. You can use --disable-strong-random to use of a built-in

pseudo random number generator, but that may be insecure.])

fi

AC_DEFINE(HAVE_STRONG_RANDOM, 1, [Define to use have a strong random number source])

else

AC_MSG_RESULT([weak builtin PRNG])

AC_MSG_WARN([

*** Not using a strong random number source may be insecure.])

fi

pgp-mpi-internal.c imath.c

--

-- PGP compression support

--

select pgp_sym_decrypt(dearmor('

-----BEGIN PGP MESSAGE-----

ww0ECQMCsci6AdHnELlh0kQB4jFcVwHMJg0Bulop7m3Mi36s15TAhBo0AnzIrRFrdLVCkKohsS6+

DMcmR53SXfLoDJOv/M8uKj3QSq7oWNIp95pxfA==

=tbSn

-----END PGP MESSAGE-----

'), 'key', 'expect-compress-algo=1');

pgp_sym_decrypt

-----------------

Secret message

(1 row)

select pgp_sym_decrypt(

pgp_sym_encrypt('Secret message', 'key', 'compress-algo=0'),

'key', 'expect-compress-algo=0');

ERROR: pg_random_bytes() is not supported by this build

DETAIL: This functionality requires a source of strong random numbers

HINT: You need to rebuild PostgreSQL using --enable-strong-random

select pgp_sym_decrypt(

pgp_sym_encrypt('Secret message', 'key', 'compress-algo=1'),

'key', 'expect-compress-algo=1');

ERROR: pg_random_bytes() is not supported by this build

DETAIL: This functionality requires a source of strong random numbers

HINT: You need to rebuild PostgreSQL using --enable-strong-random

select pgp_sym_decrypt(

pgp_sym_encrypt('Secret message', 'key', 'compress-algo=2'),

'key', 'expect-compress-algo=2');

ERROR: pg_random_bytes() is not supported by this build

DETAIL: This functionality requires a source of strong random numbers

HINT: You need to rebuild PostgreSQL using --enable-strong-random

-- level=0 should turn compression off

select pgp_sym_decrypt(

pgp_sym_encrypt('Secret message', 'key',

'compress-algo=2, compress-level=0'),

'key', 'expect-compress-algo=0');

ERROR: pg_random_bytes() is not supported by this build

DETAIL: This functionality requires a source of strong random numbers

HINT: You need to rebuild PostgreSQL using --enable-strong-random