effect during the initial configuration load at server
startup time and is ignored on subsequent reloads.
</para>
- <para>
- If BIND is built with
- <command>configure --disable-crypto-rand</command>, then
- entropy is <emphasis>not</emphasis> sourced from the
- cryptographic library. In this case, if
- <command>random-device</command> is not specified, the
- default value is the system random device,
- <filename>/dev/random</filename> or the equivalent.
- This default can be overridden with
- <command>configure --with-randomdev</command>.
- If no system random device exists, then no entropy source
- will be configured, and <command>named</command> will only
- be able to use pseudo-random numbers.
- </para>
</listitem>
</varlistentry>
unsigned int *returned, unsigned int flags);
/*%<
* Gets random data from the random generator provided by the
- * crypto library, if BIND was built with --enable-crypto-rand.
+ * crypto library.
*
* See isc_entropy_getdata() for parameter usage. Normally when
* this function is available, it will be set up as a hook in the
*
* Returns:
* \li ISC_R_SUCCESS on success
- * \li ISC_R_NOTIMPLEMENTED if BIND is built with --disable-crypto-rand
* \li DST_R_OPENSSLFAILURE, DST_R_CRYPTOFAILURE, or other codes on error
*/
# enable-xxx/disable-xxx
-my @enablelist = ("crypto-rand",
- "developer",
+my @enablelist = ("developer",
"fixed-rrset",
"intrinsics",
"isc-spnego",
"\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
-" enable-crypto-rand use crypto provider for random [default=yes]\n",
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-fixed-rrset enable fixed rrset ordering [default=no]\n",
if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes";
}
- } elsif ($key =~ /^crypto-rand$/i) {
- if ($val =~ /^no$/i) {
- $enable_crypto_rand = "no";
- }
} elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes";
} else {
print "native-pkcs11: disabled\n";
}
- if ($enable_crypto_rand eq "yes") {
- print "crypto-rand: enabled\n";
- } else {
- print "crypto-rand: disabled\n";
- }
if ($enable_openssl_hash eq "yes") {
print "openssl-hash: enabled\n";
} else {
# --enable-developer partially supported
# --enable-newstats (9.9/9.9sub only)
# --enable-native-pkcs11 supported
-# --enable-crypto-rand supported
# --enable-openssl-version-check included without a way to disable it
# --enable-openssl-hash supported
# --enable-threads included without a way to disable it
projects / thirdparty / bind9.git / commitdiff
