From: Ondřej Surý Date: Wed, 18 Apr 2018 19:13:28 +0000 (-0700) Subject: Always use random data from the crypto provider X-Git-Tag: v9.13.0~36^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a3a257374a2fc6304db2f1cf2a3eeec530f927f;p=thirdparty%2Fbind9.git Always use random data from the crypto provider --- diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c index 21e59631ae3..ff899809694 100644 --- a/bin/confgen/keygen.c +++ b/bin/confgen/keygen.c @@ -154,11 +154,9 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg, DO("create entropy context", isc_entropy_create(mctx, &ectx)); -#ifdef ISC_PLATFORM_CRYPTORANDOM if (randomfile == NULL) { isc_entropy_usehook(ectx, ISC_TRUE); } -#endif if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) { randomfile = NULL; open_keyboard = ISC_ENTROPY_KEYBOARDYES; diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c index 3de034e45a6..9116c62cfd4 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -239,11 +239,9 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { ISC_LIST_INIT(sources); } -#ifdef ISC_PLATFORM_CRYPTORANDOM if (randomfile == NULL) { isc_entropy_usehook(*ectx, ISC_TRUE); } -#endif if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) { usekeyboard = ISC_ENTROPY_KEYBOARDYES; randomfile = NULL; diff --git a/bin/named/config.c b/bin/named/config.c index c2ff14a975a..e8ef5e3c826 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -89,11 +89,7 @@ options {\n\ # pid-file \"" NAMED_LOCALSTATEDIR "/run/named/named.pid\"; \n\ port 53;\n\ prefetch 2 9;\n" -#if defined(ISC_PLATFORM_CRYPTORANDOM) " random-device none;\n" -#elif defined(PATH_RANDOMDEV) -" random-device \"" PATH_RANDOMDEV "\";\n" -#endif " recursing-file \"named.recursing\";\n\ recursive-clients 1000;\n\ request-nsid false;\n\ diff --git a/bin/named/server.c b/bin/named/server.c index e037557f6c4..93611f2949d 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -8536,18 +8536,7 @@ load_configuration(const char *filename, named_server_t *server, } } if (randomdev == NULL) { -#ifdef ISC_PLATFORM_CRYPTORANDOM isc_entropy_usehook(named_g_entropy, ISC_TRUE); -#else - if ((obj != NULL) && !cfg_obj_isvoid(obj)) - level = ISC_LOG_INFO; - isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, - NAMED_LOGMODULE_SERVER, level, - "no source of entropy found"); - if ((obj == NULL) || cfg_obj_isvoid(obj)) { - CHECK(ISC_R_FAILURE); - } -#endif } else { result = isc_entropy_createfilesource(named_g_entropy, randomdev); diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 2c671edd400..3faf6d0f0ee 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -276,11 +276,9 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { randomfile = NULL; } -#ifdef ISC_PLATFORM_CRYPTORANDOM if (randomfile == NULL) { isc_entropy_usehook(*ectx, ISC_TRUE); } -#endif result = isc_entropy_usebestsource(*ectx, &source, randomfile, usekeyboard); diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c index 0a042fbcf5c..6f986c77c35 100644 --- a/bin/tests/system/pipelined/pipequeries.c +++ b/bin/tests/system/pipelined/pipequeries.c @@ -278,11 +278,9 @@ main(int argc, char *argv[]) { ectx = NULL; RUNCHECK(isc_entropy_create(mctx, &ectx)); -#ifdef ISC_PLATFORM_CRYPTORANDOM if (randomfile == NULL) { isc_entropy_usehook(ectx, ISC_TRUE); } -#endif if (randomfile != NULL) RUNCHECK(isc_entropy_createfilesource(ectx, randomfile)); diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c index d9dde40cd57..be043205787 100644 --- a/bin/tests/system/rsabigexponent/bigkey.c +++ b/bin/tests/system/rsabigexponent/bigkey.c @@ -185,9 +185,7 @@ main(int argc, char **argv) { CHECK(isc_mem_create(0, 0, &mctx), "isc_mem_create()"); CHECK(isc_entropy_create(mctx, &ectx), "isc_entropy_create()"); -#ifdef ISC_PLATFORM_CRYPTORANDOM isc_entropy_usehook(ectx, ISC_TRUE); -#endif CHECK(isc_entropy_usebestsource(ectx, &source, "../random.data", ISC_ENTROPY_KEYBOARDNO), diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c index 4bbc721aa17..7049f9f9ea4 100644 --- a/bin/tests/system/tkey/keycreate.c +++ b/bin/tests/system/tkey/keycreate.c @@ -252,13 +252,12 @@ main(int argc, char *argv[]) { ectx = NULL; RUNCHECK(isc_entropy_create(mctx, &ectx)); -#ifdef ISC_PLATFORM_CRYPTORANDOM if (randomfile == NULL) { isc_entropy_usehook(ectx, ISC_TRUE); } -#endif - if (randomfile != NULL) + if (randomfile != NULL) { RUNCHECK(isc_entropy_createfilesource(ectx, randomfile)); + } log = NULL; logconfig = NULL; diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c index b49c1711fb4..721ec3afbce 100644 --- a/bin/tests/system/tkey/keydelete.c +++ b/bin/tests/system/tkey/keydelete.c @@ -183,13 +183,12 @@ main(int argc, char **argv) { ectx = NULL; RUNCHECK(isc_entropy_create(mctx, &ectx)); -#ifdef ISC_PLATFORM_CRYPTORANDOM if (randomfile == NULL) { isc_entropy_usehook(ectx, ISC_TRUE); } -#endif - if (randomfile != NULL) + if (randomfile != NULL) { RUNCHECK(isc_entropy_createfilesource(ectx, randomfile)); + } log = NULL; logconfig = NULL; diff --git a/configure b/configure index ade0cdc0734..92341fa5fb8 100755 --- a/configure +++ b/configure @@ -797,7 +797,6 @@ XMLSTATS NZDTARGETS NZDSRCS NZD_TOOLS -ISC_PLATFORM_CRYPTORANDOM PKCS11_TEST PKCS11_ED25519 PKCS11_GOST @@ -1008,7 +1007,6 @@ with_eddsa with_aes with_cc_alg enable_openssl_hash -enable_crypto_rand with_lmdb with_libxml2 with_libjson @@ -1699,7 +1697,6 @@ Optional Features: --enable-threads enable multithreading --enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-openssl-hash use OpenSSL for hash functions [default=yes] - --enable-crypto-rand use the crypto provider for random [default=yes] --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace @@ -17379,86 +17376,6 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi -# -# Use the crypto provider (OpenSSL/PKCS#11) for random functions -# - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for using the crypto library (vs. builtin) for random functions" >&5 -$as_echo_n "checking for using the crypto library (vs. builtin) for random functions... " >&6; } -# Check whether --enable-crypto-rand was given. -if test "${enable_crypto_rand+set}" = set; then : - enableval=$enable_crypto_rand; want_crypto_rand="$enableval" -else - want_crypto_rand="auto" -fi - -if test "$want_crypto_rand" = "auto" -then - case "$CRYPTOLIB" in - "") - want_crypto_rand="no" - ;; - pkcs11) - want_crypto_rand="yes" - ;; - openssl) - saved_cflags="$CFLAGS" - saved_libs="$LIBS" - CFLAGS="$CFLAGS $DST_OPENSSL_INC" - LIBS="$LIBS $DST_OPENSSL_LIBS" - if test "$cross_compiling" = yes; then : - want_crypto_rand="yes" -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include - -unsigned char buf[128]; - -int main() -{ - if (RAND_bytes(buf, 128) != 1) - return (1); - return (0); -} - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - want_crypto_rand="yes" -else - want_crypto_rand="no" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - CFLAGS="$saved_cflags" - LIBS="$saved_libs" - ;; - *) - as_fn_error $? "Unknown crypto library define $CRYPTOLIB" "$LINENO" 5 - ;; - esac -fi -case $want_crypto_rand in - yes) - if test "$CRYPTOLIB" = "" - then - as_fn_error $? "No crypto library for random functions" "$LINENO" 5 - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$CRYPTOLIB\"" >&5 -$as_echo "\"$CRYPTOLIB\"" >&6; } - ISC_PLATFORM_CRYPTORANDOM="#define ISC_PLATFORM_CRYPTORANDOM \"$CRYPTOLIB\"" - ;; - no) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ISC_PLATFORM_CRYPTORANDOM="#undef ISC_PLATFORM_CRYPTORANDOM" - ;; -esac - - # # was --with-lmdb specified? # @@ -26455,8 +26372,6 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" - test "no" = "$want_crypto_rand" || \ - echo " Crypto provider entropy source (--enable-crypto-rand)" test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" @@ -26547,8 +26462,6 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" - test "yes" = "$want_crypto_rand" || \ - echo " Crypto provider entropy source (--enable-crypto-rand)" test "yes" = "$want_backtrace" || \ echo " Print backtrace on crash (--enable-backtrace)" diff --git a/configure.in b/configure.in index 7221a0ea86a..f930e709ae7 100644 --- a/configure.in +++ b/configure.in @@ -2324,68 +2324,6 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi -# -# Use the crypto provider (OpenSSL/PKCS#11) for random functions -# - -AC_MSG_CHECKING(for using the crypto library (vs. builtin) for random functions) -AC_ARG_ENABLE(crypto-rand, - AS_HELP_STRING([--enable-crypto-rand], - [use the crypto provider for random [default=yes]]), - want_crypto_rand="$enableval", want_crypto_rand="auto") -if test "$want_crypto_rand" = "auto" -then - case "$CRYPTOLIB" in - "") - want_crypto_rand="no" - ;; - pkcs11) - want_crypto_rand="yes" - ;; - openssl) - saved_cflags="$CFLAGS" - saved_libs="$LIBS" - CFLAGS="$CFLAGS $DST_OPENSSL_INC" - LIBS="$LIBS $DST_OPENSSL_LIBS" - AC_TRY_RUN([ -#include - -unsigned char buf[128]; - -int main() -{ - if (RAND_bytes(buf, 128) != 1) - return (1); - return (0); -} -], - [want_crypto_rand="yes"], - [want_crypto_rand="no"], - [want_crypto_rand="yes"]) - CFLAGS="$saved_cflags" - LIBS="$saved_libs" - ;; - *) - AC_MSG_ERROR([Unknown crypto library define $CRYPTOLIB]) - ;; - esac -fi -case $want_crypto_rand in - yes) - if test "$CRYPTOLIB" = "" - then - AC_MSG_ERROR([No crypto library for random functions]) - fi - AC_MSG_RESULT(["$CRYPTOLIB"]) - ISC_PLATFORM_CRYPTORANDOM="#define ISC_PLATFORM_CRYPTORANDOM \"$CRYPTOLIB\"" - ;; - no) - AC_MSG_RESULT(no) - ISC_PLATFORM_CRYPTORANDOM="#undef ISC_PLATFORM_CRYPTORANDOM" - ;; -esac -AC_SUBST(ISC_PLATFORM_CRYPTORANDOM) - # # was --with-lmdb specified? # @@ -5374,8 +5312,6 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" - test "no" = "$want_crypto_rand" || \ - echo " Crypto provider entropy source (--enable-crypto-rand)" test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" @@ -5466,8 +5402,6 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" - test "yes" = "$want_crypto_rand" || \ - echo " Crypto provider entropy source (--enable-crypto-rand)" test "yes" = "$want_backtrace" || \ echo " Print backtrace on crash (--enable-backtrace)" diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index 97340bcad2b..921ea48294b 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -266,11 +266,9 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI])); #endif #if defined(OPENSSL) || defined(PKCS11CRYPTO) -#ifdef ISC_PLATFORM_CRYPTORANDOM if (dst_entropy_pool != NULL) { isc_entropy_sethook(dst_random_getdata); } -#endif #endif /* defined(OPENSSL) || defined(PKCS11CRYPTO) */ dst_initialized = ISC_TRUE; return (ISC_R_SUCCESS); @@ -292,12 +290,10 @@ dst_lib_destroy(void) { if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL) dst_t_func[i]->cleanup(); #if defined(OPENSSL) || defined(PKCS11CRYPTO) -#ifdef ISC_PLATFORM_CRYPTORANDOM if (dst_entropy_pool != NULL) { isc_entropy_usehook(dst_entropy_pool, ISC_FALSE); isc_entropy_sethook(NULL); } -#endif #ifdef OPENSSL dst__openssl_destroy(); #elif PKCS11CRYPTO @@ -1965,44 +1961,15 @@ dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) { flags &= ~ISC_ENTROPY_GOODONLY; else flags |= ISC_ENTROPY_BLOCKING; -#ifdef ISC_PLATFORM_CRYPTORANDOM /* get entropy directly from crypto provider */ return (dst_random_getdata(buf, len, NULL, flags)); -#else - /* get entropy from entropy source or hook function */ - return (isc_entropy_getdata(dst_entropy_pool, buf, len, NULL, flags)); -#endif /* ISC_PLATFORM_CRYPTORANDOM */ #endif /* PKCS11CRYPTO */ } unsigned int dst__entropy_status(void) { -#if !defined(PKCS11CRYPTO) && !defined(ISC_PLATFORM_CRYPTORANDOM) -#ifdef GSSAPI - unsigned int flags = dst_entropy_flags; - isc_result_t ret; - unsigned char buf[32]; - static isc_boolean_t first = ISC_TRUE; - - if (dst_entropy_pool == NULL) - return (0); - - if (first) { - /* Someone believes RAND_status() initializes the PRNG */ - flags &= ~ISC_ENTROPY_GOODONLY; - ret = isc_entropy_getdata(dst_entropy_pool, buf, - sizeof(buf), NULL, flags); - INSIST(ret == ISC_R_SUCCESS); - isc_entropy_putdata(dst_entropy_pool, buf, - sizeof(buf), 2 * sizeof(buf)); - first = ISC_FALSE; - } -#endif - return (isc_entropy_status(dst_entropy_pool)); -#else /* Doesn't matter as it is not used in this case. */ return (0); -#endif } isc_buffer_t * diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index 0f3a679f032..4f1ff1c2593 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -59,56 +59,6 @@ static int nlocks; static ENGINE *e = NULL; #endif -#ifndef ISC_PLATFORM_CRYPTORANDOM -static RAND_METHOD *rm = NULL; - -static int -entropy_get(unsigned char *buf, int num) { - isc_result_t result; - if (num < 0) - return (-1); - result = dst__entropy_getdata(buf, (unsigned int) num, ISC_FALSE); - return (result == ISC_R_SUCCESS ? 1 : -1); -} - -static int -entropy_status(void) { - return (dst__entropy_status() > 32); -} - -static int -entropy_getpseudo(unsigned char *buf, int num) { - isc_result_t result; - if (num < 0) - return (-1); - result = dst__entropy_getdata(buf, (unsigned int) num, ISC_TRUE); - return (result == ISC_R_SUCCESS ? 1 : -1); -} - -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -static void -entropy_add(const void *buf, int num, double entropy) { - /* - * Do nothing. The only call to this provides no useful data anyway. - */ - UNUSED(buf); - UNUSED(num); - UNUSED(entropy); -} -#else -static int -entropy_add(const void *buf, int num, double entropy) { - /* - * Do nothing. The only call to this provides no useful data anyway. - */ - UNUSED(buf); - UNUSED(num); - UNUSED(entropy); - return (1); -} -#endif -#endif /* !ISC_PLATFORM_CRYPTORANDOM */ - #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) static void lock_callback(int mode, int type, const char *file, int line) { @@ -196,10 +146,8 @@ _set_thread_id(CRYPTO_THREADID *id) isc_result_t dst__openssl_init(const char *engine) { isc_result_t result; -#if defined(USE_ENGINE) && !defined(ISC_PLATFORM_CRYPTORANDOM) - ENGINE *re; -#else +#if !defined(USE_ENGINE) UNUSED(engine); #endif @@ -227,20 +175,6 @@ dst__openssl_init(const char *engine) { ERR_load_crypto_strings(); #endif -#ifndef ISC_PLATFORM_CRYPTORANDOM - rm = mem_alloc(sizeof(RAND_METHOD) FILELINE); - if (rm == NULL) { - result = ISC_R_NOMEMORY; - goto cleanup_mutexinit; - } - rm->seed = NULL; - rm->bytes = entropy_get; - rm->cleanup = NULL; - rm->add = entropy_add; - rm->pseudorand = entropy_getpseudo; - rm->status = entropy_status; -#endif - #ifdef USE_ENGINE #if !defined(CONF_MFLAGS_DEFAULT_SECTION) OPENSSL_config(NULL); @@ -273,27 +207,8 @@ dst__openssl_init(const char *engine) { } } -#ifndef ISC_PLATFORM_CRYPTORANDOM - re = ENGINE_get_default_RAND(); - if (re == NULL) { - re = ENGINE_new(); - if (re == NULL) { - result = ISC_R_NOMEMORY; - goto cleanup_rm; - } - ENGINE_set_RAND(re, rm); - ENGINE_set_default_RAND(re); - ENGINE_free(re); - } else - ENGINE_finish(re); -#endif -#else -#ifndef ISC_PLATFORM_CRYPTORANDOM - RAND_set_rand_method(rm); -#endif #endif /* USE_ENGINE */ -#ifdef ISC_PLATFORM_CRYPTORANDOM /* Protect ourselves against unseeded PRNG */ if (RAND_status() != 1) { FATAL_ERROR(__FILE__, __LINE__, @@ -301,7 +216,6 @@ dst__openssl_init(const char *engine) { "cannot be initialized (see the `PRNG not " "seeded' message in the OpenSSL FAQ)"); } -#endif return (ISC_R_SUCCESS); @@ -310,13 +224,6 @@ dst__openssl_init(const char *engine) { if (e != NULL) ENGINE_free(e); e = NULL; -#ifndef ISC_PLATFORM_CRYPTORANDOM - mem_free(rm FILELINE); - rm = NULL; -#endif -#endif -#ifndef ISC_PLATFORM_CRYPTORANDOM - cleanup_mutexinit: #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) CRYPTO_set_locking_callback(NULL); @@ -332,25 +239,10 @@ void dst__openssl_destroy(void) { #if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) OPENSSL_cleanup(); -#ifndef ISC_PLATFORM_CRYPTORANDOM - if (rm != NULL) { - mem_free(rm FILELINE); - rm = NULL; - } -#endif #else /* * Sequence taken from apps_shutdown() in . */ -#ifndef ISC_PLATFORM_CRYPTORANDOM - if (rm != NULL) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L - RAND_cleanup(); -#endif - mem_free(rm FILELINE); - rm = NULL; - } -#endif #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) CONF_modules_free(); #endif @@ -490,7 +382,6 @@ isc_result_t dst_random_getdata(void *data, unsigned int length, unsigned int *returned, unsigned int flags) { -#ifdef ISC_PLATFORM_CRYPTORANDOM #ifndef DONT_REQUIRE_DST_LIB_INIT INSIST(dst__memory_pool != NULL); #endif @@ -517,14 +408,6 @@ dst_random_getdata(void *data, unsigned int length, if (returned != NULL) *returned = length; return (ISC_R_SUCCESS); -#else - UNUSED(data); - UNUSED(length); - UNUSED(returned); - UNUSED(flags); - - return (ISC_R_NOTIMPLEMENTED); -#endif } #endif /* OPENSSL */ diff --git a/lib/dns/pkcs11.c b/lib/dns/pkcs11.c index 1b6dccc4fd7..67c7e4eb1d4 100644 --- a/lib/dns/pkcs11.c +++ b/lib/dns/pkcs11.c @@ -40,7 +40,6 @@ dst__pkcs11_toresult(const char *funcname, const char *file, int line, isc_result_t dst_random_getdata(void *data, unsigned int length, unsigned int *returned, unsigned int flags) { -#ifdef ISC_PLATFORM_CRYPTORANDOM isc_result_t ret; #ifndef DONT_REQUIRE_DST_LIB_INIT @@ -54,29 +53,6 @@ dst_random_getdata(void *data, unsigned int length, if ((ret == ISC_R_SUCCESS) && (returned != NULL)) *returned = length; return (ret); -#else - UNUSED(data); - UNUSED(length); - UNUSED(returned); - UNUSED(flags); - - return (ISC_R_NOTIMPLEMENTED); -#endif -} - -#else /* PKCS11CRYPTO */ - -#include - -isc_result_t -dst_random_getdata(void *data, unsigned int length, - unsigned int *returned, unsigned int flags) { - UNUSED(data); - UNUSED(length); - UNUSED(returned); - UNUSED(flags); - - return (ISC_R_NOTIMPLEMENTED); } #endif /* PKCS11CRYPTO */ diff --git a/lib/dns/tests/dstrandom_test.c b/lib/dns/tests/dstrandom_test.c index 55d1de66a37..b9e590488d8 100644 --- a/lib/dns/tests/dstrandom_test.c +++ b/lib/dns/tests/dstrandom_test.c @@ -51,7 +51,6 @@ ATF_TC_BODY(isc_entropy_getdata, tc) { result = dst_lib_init(mctx, ectx, NULL, 0); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); -#ifdef ISC_PLATFORM_CRYPTORANDOM isc_entropy_usehook(ectx, ISC_TRUE); returned = 0; @@ -64,7 +63,6 @@ ATF_TC_BODY(isc_entropy_getdata, tc) { ATF_REQUIRE_EQ(status, 0); isc_entropy_usehook(ectx, ISC_FALSE); -#endif ret = chdir(TESTS); ATF_REQUIRE_EQ(ret, 0); diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in index c511fa99f73..9a74ee64d53 100644 --- a/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in @@ -332,11 +332,6 @@ */ @ISC_PLATFORM_HAVESTRINGSH@ -/* - * Define if the random functions are provided by crypto. - */ -@ISC_PLATFORM_CRYPTORANDOM@ - /* * Define if the hash functions must be provided by OpenSSL. */ diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in index 2e79ae450bb..9cf466919a4 100644 --- a/lib/isc/win32/include/isc/platform.h.in +++ b/lib/isc/win32/include/isc/platform.h.in @@ -89,11 +89,6 @@ #define ISC_PLATFORM_NORETURN_PRE __declspec(noreturn) #define ISC_PLATFORM_NORETURN_POST -/* - * Define if the random functions are provided by crypto. - */ -@ISC_PLATFORM_CRYPTORANDOM@ - /* * Define if the hash functions must be provided by OpenSSL. */ diff --git a/win32utils/Configure b/win32utils/Configure index e4de0aeab3b..61bc4c0220e 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -232,7 +232,6 @@ my @substdefh = ("AES_CC", my %configdefp; my @substdefp = ("ISC_PLATFORM_BUSYWAITNOP", - "ISC_PLATFORM_CRYPTORANDOM", "ISC_PLATFORM_HAVEATOMICSTORE", "ISC_PLATFORM_HAVEATOMICSTOREQ", "ISC_PLATFORM_HAVECMPXCHG", @@ -2076,13 +2075,6 @@ if ($cookie_algorithm eq "sha1") { die "Unrecognized cookie algorithm: $cookie_algorithm\n"; } -# enable-crypto-rand -if ($enable_crypto_rand eq "yes") { - if (($use_openssl eq "no") && ($enable_native_pkcs11 eq "no")) { - die "No crypto provider for random functions\n"; - } - $configdefp{"ISC_PLATFORM_CRYPTORANDOM"} = "\"$cryptolib\""; -} print "Cryptographic library for DNSSEC: $cryptolib\n"; # enable-openssl-hash