Commit 0795dced authored by Evan Hunt's avatar Evan Hunt Committed by Ondřej Surý
Browse files

remove dangling references to --enable-crypto-rand in doc and comments

parent 9a3a2573
......@@ -4950,20 +4950,6 @@ badresp:1,adberr:0,findfail:0,valfail:0]
effect during the initial configuration load at server
startup time and is ignored on subsequent reloads.
</para>
<para>
If BIND is built with
<command>configure --disable-crypto-rand</command>, then
entropy is <emphasis>not</emphasis> sourced from the
cryptographic library. In this case, if
<command>random-device</command> is not specified, the
default value is the system random device,
<filename>/dev/random</filename> or the equivalent.
This default can be overridden with
<command>configure --with-randomdev</command>.
If no system random device exists, then no entropy source
will be configured, and <command>named</command> will only
be able to use pseudo-random numbers.
</para>
</listitem>
</varlistentry>
......
......@@ -158,7 +158,7 @@ dst_random_getdata(void *data, unsigned int length,
unsigned int *returned, unsigned int flags);
/*%<
* Gets random data from the random generator provided by the
* crypto library, if BIND was built with --enable-crypto-rand.
* crypto library.
*
* See isc_entropy_getdata() for parameter usage. Normally when
* this function is available, it will be set up as a hook in the
......@@ -167,7 +167,6 @@ dst_random_getdata(void *data, unsigned int length,
*
* Returns:
* \li ISC_R_SUCCESS on success
* \li ISC_R_NOTIMPLEMENTED if BIND is built with --disable-crypto-rand
* \li DST_R_OPENSSLFAILURE, DST_R_CRYPTOFAILURE, or other codes on error
*/
......
......@@ -361,8 +361,7 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
# enable-xxx/disable-xxx
my @enablelist = ("crypto-rand",
"developer",
my @enablelist = ("developer",
"fixed-rrset",
"intrinsics",
"isc-spnego",
......@@ -424,7 +423,6 @@ my @help = (
"\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
" enable-crypto-rand use crypto provider for random [default=yes]\n",
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-fixed-rrset enable fixed rrset ordering [default=no]\n",
......@@ -680,10 +678,6 @@ sub myenable {
if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes";
}
} elsif ($key =~ /^crypto-rand$/i) {
if ($val =~ /^no$/i) {
$enable_crypto_rand = "no";
}
} elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes";
......@@ -970,11 +964,6 @@ if ($verbose) {
} else {
print "native-pkcs11: disabled\n";
}
if ($enable_crypto_rand eq "yes") {
print "crypto-rand: enabled\n";
} else {
print "crypto-rand: disabled\n";
}
if ($enable_openssl_hash eq "yes") {
print "openssl-hash: enabled\n";
} else {
......@@ -3399,7 +3388,6 @@ exit 0;
# --enable-developer partially supported
# --enable-newstats (9.9/9.9sub only)
# --enable-native-pkcs11 supported
# --enable-crypto-rand supported
# --enable-openssl-version-check included without a way to disable it
# --enable-openssl-hash supported
# --enable-threads included without a way to disable it
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment