diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 3f025f15a7..835466269d 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -4950,20 +4950,6 @@ badresp:1,adberr:0,findfail:0,valfail:0] effect during the initial configuration load at server startup time and is ignored on subsequent reloads. - - If BIND is built with - configure --disable-crypto-rand, then - entropy is not sourced from the - cryptographic library. In this case, if - random-device is not specified, the - default value is the system random device, - /dev/random or the equivalent. - This default can be overridden with - configure --with-randomdev. - If no system random device exists, then no entropy source - will be configured, and named will only - be able to use pseudo-random numbers. - diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h index 2053ff8264..9d1524821f 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h @@ -158,7 +158,7 @@ dst_random_getdata(void *data, unsigned int length, unsigned int *returned, unsigned int flags); /*%< * Gets random data from the random generator provided by the - * crypto library, if BIND was built with --enable-crypto-rand. + * crypto library. * * See isc_entropy_getdata() for parameter usage. Normally when * this function is available, it will be set up as a hook in the @@ -167,7 +167,6 @@ dst_random_getdata(void *data, unsigned int length, * * Returns: * \li ISC_R_SUCCESS on success - * \li ISC_R_NOTIMPLEMENTED if BIND is built with --disable-crypto-rand * \li DST_R_OPENSSLFAILURE, DST_R_CRYPTOFAILURE, or other codes on error */ diff --git a/win32utils/Configure b/win32utils/Configure index 61bc4c0220..cf8cf891db 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -361,8 +361,7 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER"); # enable-xxx/disable-xxx -my @enablelist = ("crypto-rand", - "developer", +my @enablelist = ("developer", "fixed-rrset", "intrinsics", "isc-spnego", @@ -424,7 +423,6 @@ my @help = ( "\nOptional Features:\n", " enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", -" enable-crypto-rand use crypto provider for random [default=yes]\n", " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", " enable-fixed-rrset enable fixed rrset ordering [default=no]\n", @@ -680,10 +678,6 @@ sub myenable { if ($val =~ /^yes$/i) { $enable_native_pkcs11 = "yes"; } - } elsif ($key =~ /^crypto-rand$/i) { - if ($val =~ /^no$/i) { - $enable_crypto_rand = "no"; - } } elsif ($key =~ /^openssl-hash$/i) { if ($val =~ /^yes$/i) { $enable_openssl_hash = "yes"; @@ -970,11 +964,6 @@ if ($verbose) { } else { print "native-pkcs11: disabled\n"; } - if ($enable_crypto_rand eq "yes") { - print "crypto-rand: enabled\n"; - } else { - print "crypto-rand: disabled\n"; - } if ($enable_openssl_hash eq "yes") { print "openssl-hash: enabled\n"; } else { @@ -3399,7 +3388,6 @@ exit 0; # --enable-developer partially supported # --enable-newstats (9.9/9.9sub only) # --enable-native-pkcs11 supported -# --enable-crypto-rand supported # --enable-openssl-version-check included without a way to disable it # --enable-openssl-hash supported # --enable-threads included without a way to disable it