From: Miod Vallat Date: Fri, 12 Dec 2025 13:40:42 +0000 (+0100) Subject: Remove use of rng and entropy-source parameters. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=951b242c7c580bf35015c15a237ac1f11b114593;p=thirdparty%2Fpdns.git Remove use of rng and entropy-source parameters. Document them as having been removed. Fixes: #16554 Signed-off-by: Miod Vallat --- diff --git a/docs/settings.rst b/docs/settings.rst index bc23926b36..b600683fc7 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -785,6 +785,10 @@ To use shared LUA states, set this to ``shared``, see :ref:`lua-records-shared-s ``entropy-source`` ------------------ +.. versionchanged:: 4.9.0 + +This setting is no longer used from 4.9.0 onwards. + - Path - Default: /dev/urandom @@ -1648,6 +1652,10 @@ it is disabled by default. ``rng`` ------- +.. versionchanged:: 4.9.0 + +This setting is no longer used from 4.9.0 onwards. + - String - Default: auto diff --git a/pdns/auth-main.cc b/pdns/auth-main.cc index 517a0e311e..a264e41399 100644 --- a/pdns/auth-main.cc +++ b/pdns/auth-main.cc @@ -289,7 +289,6 @@ static void declareArguments() ::arg().set("max-packet-cache-entries", "Maximum number of entries in the packet cache") = "1000000"; ::arg().set("max-signature-cache-entries", "Maximum number of signatures cache entries") = ""; ::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a zone") = "100000"; - ::arg().set("entropy-source", "If set, read entropy from this file") = "/dev/urandom"; ::arg().set("lua-prequery-script", "Lua script with prequery handler (DO NOT USE)") = ""; ::arg().set("lua-dnsupdate-policy-script", "Lua script with DNS update policy handler") = ""; @@ -337,8 +336,6 @@ static void declareArguments() ::arg().setSwitch("consistent-backends", "Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups") = "yes"; - ::arg().set("rng", "Specify the random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.") = "auto"; - ::arg().set("default-catalog-zone", "Catalog zone to assign newly created primary zones (via the API) to") = ""; #ifdef ENABLE_GSS_TSIG diff --git a/pdns/dnsbulktest.cc b/pdns/dnsbulktest.cc index 49794828b3..2ee0c3db1d 100644 --- a/pdns/dnsbulktest.cc +++ b/pdns/dnsbulktest.cc @@ -231,9 +231,6 @@ static void usage(po::options_description &desc) { int main(int argc, char** argv) try { - ::arg().set("rng", "Specify random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.")="auto"; - ::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom"; - po::options_description desc("Allowed options"); desc.add_options() ("help,h", "produce help message") diff --git a/pdns/notify.cc b/pdns/notify.cc index e3fd5d3378..bde994a4bd 100644 --- a/pdns/notify.cc +++ b/pdns/notify.cc @@ -59,8 +59,6 @@ int main(int argc, char** argv) try { set addrs; - ::arg().set("rng")="auto"; - ::arg().set("entropy-source")="/dev/urandom"; for(int n=1 ; n < argc; ++n) { if ((string) argv[n] == "--help") { diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index ef3aab0649..1e4c1b87a5 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -637,13 +637,11 @@ static void loadMainConfig(const std::string& configdir) ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")=""; ::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a zone")="100000"; ::arg().set("module-dir","Default directory for modules")=PKGLIBDIR; - ::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom"; ::arg().setSwitch("query-logging","Hint backends that queries should be logged")="no"; ::arg().set("loglevel","Amount of logging. Higher is more.")="3"; ::arg().setSwitch("direct-dnskey","Fetch DNSKEY, CDS and CDNSKEY RRs from backend during DNSKEY or CDS/CDNSKEY synthesis")="no"; ::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3 ::arg().set("max-signature-cache-entries", "Maximum number of signatures cache entries")=""; - ::arg().set("rng", "Specify random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.")="auto"; ::arg().set("max-generate-steps", "Maximum number of $GENERATE steps when loading a zone from a file")="0"; ::arg().set("max-include-depth", "Maximum nested $INCLUDE depth when loading a zone from a file")="20"; ::arg().setSwitch("upgrade-unknown-types","Transparently upgrade known TYPExxx records. Recommended to keep off, except for PowerDNS upgrades until data sources are cleaned up")="no"; diff --git a/pdns/speedtest.cc b/pdns/speedtest.cc index 5b7a4a14d9..6837f1dce7 100644 --- a/pdns/speedtest.cc +++ b/pdns/speedtest.cc @@ -1082,21 +1082,15 @@ private: struct RndSpeedTest { - explicit RndSpeedTest(std::string which) : name(which){ - ::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom"; - ::arg().set("rng", "") = which; - } string getName() const { - return "Random test " + name; + return "Random test arc4random"; } void operator()() const { dns_random_uint16(); } - - const std::string name; }; struct CredentialsVerifyTest @@ -1331,19 +1325,7 @@ int main() doRun(UUIDGenTest()); -#if defined(HAVE_GETRANDOM) - doRun(RndSpeedTest("getrandom")); -#endif -#if defined(HAVE_ARC4RANDOM) - doRun(RndSpeedTest("arc4random")); -#endif -#if defined(HAVE_RANDOMBYTES_STIR) - doRun(RndSpeedTest("sodium")); -#endif -#if defined(HAVE_RAND_BYTES) - doRun(RndSpeedTest("openssl")); -#endif - doRun(RndSpeedTest("urandom")); + doRun(RndSpeedTest()); doRun(NSEC3HashTest(1, "ABCD")); doRun(NSEC3HashTest(10, "ABCD")); diff --git a/pdns/test-dns_random_hh.cc b/pdns/test-dns_random_hh.cc index 8d52542446..3415bf04a1 100644 --- a/pdns/test-dns_random_hh.cc +++ b/pdns/test-dns_random_hh.cc @@ -28,37 +28,8 @@ using acc_t = accumulator_set rndSources = { - "auto", - "urandom", -#if defined(HAVE_GETRANDOM) - "getrandom", -#endif -#if defined(HAVE_ARC4RANDOM) - "arc4random", -#endif -#if defined(HAVE_RANDOMBYTES_STIR) - "sodium", -#endif -#if defined(HAVE_RAND_BYTES) - "openssl", -#endif -#if defined(HAVE_KISS_RNG) - "kiss", -#endif -}; - -BOOST_AUTO_TEST_CASE(test_dns_random_garbage) -{ - ::arg().set("rng") = "garbage"; - ::arg().set("entropy-source") = "/dev/urandom"; -} - BOOST_AUTO_TEST_CASE(test_dns_random_upper_bound) { - ::arg().set("rng") = "auto"; - ::arg().set("entropy-source") = "/dev/urandom"; - map seen; for (unsigned int iteration = 0; iteration < 100000; ++iteration) { seen[dns_random(10)] = true; @@ -77,11 +48,8 @@ BOOST_AUTO_TEST_CASE(test_dns_random_upper_bound) BOOST_CHECK_EQUAL(seen[10], false); } -static void test_dns_random_avg(const string& source) +BOOST_AUTO_TEST_CASE(test_dns_random_average) { - ::arg().set("rng") = source; - ::arg().set("entropy-source") = "/dev/urandom"; - acc_t acc; for (unsigned int iteration = 0; iteration < 100000; ++iteration) { @@ -93,11 +61,8 @@ static void test_dns_random_avg(const string& source) // please add covariance tests, chi-square, Kolmogorov-Smirnov } -static void test_dns_random_uint32_avg(const string& source) +BOOST_AUTO_TEST_CASE(test_dns_random_uint32_average) { - ::arg().set("rng") = source; - ::arg().set("entropy-source") = "/dev/urandom"; - acc_t acc; for (unsigned int iteration = 0; iteration < 100000; ++iteration) { @@ -109,18 +74,4 @@ static void test_dns_random_uint32_avg(const string& source) // please add covariance tests, chi-square, Kolmogorov-Smirnov } -BOOST_AUTO_TEST_CASE(test_dns_random_average) -{ - for (const auto& source : rndSources) { - test_dns_random_avg(source); - } -} - -BOOST_AUTO_TEST_CASE(test_dns_random_uint32_average) -{ - for (const auto& source : rndSources) { - test_dns_random_uint32_avg(source); - } -} - BOOST_AUTO_TEST_SUITE_END()