dst_api.c revision 65d148653577aec0bd9eadaac9d2a063922e0cf0
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * Portions Copyright (C) 1999-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Permission to use, copy, modify, and/or distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * purpose with or without fee is hereby granted, provided that the above
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * copyright notice and this permission notice appear in all copies.
28a8f5b0de57d269cf2845c69cb6abe18cbd3b3aMark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
f1788d67add6bf3d301e91b3f54fa3c90a87328eBrian Wellington * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * Permission to use, copy, modify, and/or distribute this software for any
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * purpose with or without fee is hereby granted, provided that the above
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * copyright notice and this permission notice appear in all copies.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
c1ee8bb4ba3e9ab1463403ed685729631de406b1Mark Andrews * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * Principal Author: Brian Wellington
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * $Id: dst_api.c,v 1.49 2010/01/11 23:48:37 tbox Exp $
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley#define DST_AS_STR(t) ((t).value.as_textregion.base)
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleystatic unsigned int dst_entropy_flags = 0;
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleyvoid gss_log(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * Static functions.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleystatic dst_key_t * get_key_struct(dns_name_t *name,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley unsigned int alg,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley unsigned int flags,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley unsigned int protocol,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley unsigned int bits,
7cd4c3ddd1baf5f2b204562fdba3da37c716cc78Andreas Gustafssonstatic isc_result_t write_public_key(const dst_key_t *key, int type,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley const char *directory);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrewsstatic isc_result_t buildfilename(dns_name_t *name,
48019314431389cca5f8eba7ee9aa5bc08a67f4eMark Andrews unsigned int alg,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews unsigned int type,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrewsstatic isc_result_t frombuffer(dns_name_t *name,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews unsigned int alg,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews unsigned int flags,
48019314431389cca5f8eba7ee9aa5bc08a67f4eMark Andrews unsigned int protocol,
48019314431389cca5f8eba7ee9aa5bc08a67f4eMark Andrewsstatic isc_result_t algorithm_status(unsigned int alg);
48019314431389cca5f8eba7ee9aa5bc08a67f4eMark Andrewsstatic isc_result_t addsuffix(char *filename, int len,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley const char *suffix);
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley return (_r); \
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley } while (0); \
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halleystatic void *
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrewsdst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews return (dst_lib_init2(mctx, ectx, NULL, eflags));
66b2f0d4bfa342770aa5e26a005a0c0ec5071231Bob Halleydst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * When using --with-openssl, there seems to be no good way of not
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * leaking memory due to the openssl error handling mechanism.
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * Avoid assertions by using a local memory context and not checking
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * for leaks on exit. Note: as there are leaks we cannot use
66b2f0d4bfa342770aa5e26a005a0c0ec5071231Bob Halley * ISC_MEMFLAG_INTERNAL as it will free up memory still being used
66b2f0d4bfa342770aa5e26a005a0c0ec5071231Bob Halley * by libcrypto.
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley result = isc_mem_createx2(0, 0, default_memalloc, default_memfree,
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley isc_mem_setdestroycheck(dst__memory_pool, ISC_FALSE);
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5],
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256],
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512],
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_NSEC3DSA]));
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley#endif /* OPENSSL */
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
55254a46f91419b92eee0d20dfb958e8dd52526cBob Halley /* avoid immediate crash! */
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley for (i = 0; i < DST_MAX_ALGS; i++)
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL)
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL)
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsdst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp) {
569d094440399b000e059d4cb3434391c2c4d330Michael Graff dctx = isc_mem_get(mctx, sizeof(dst_context_t));
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews isc_mem_put(mctx, dctx, sizeof(dst_context_t));
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley isc_mem_put(dctx->mctx, dctx, sizeof(dst_context_t));
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halleydst_context_adddata(dst_context_t *dctx, const isc_region_t *data) {
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halleydst_context_sign(dst_context_t *dctx, isc_buffer_t *sig) {
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halleydst_context_verify(dst_context_t *dctx, isc_region_t *sig) {
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halleydst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley if (pub->keydata.generic == NULL || priv->keydata.generic == NULL)
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews return (pub->func->computesecret(pub, priv, secret));
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halleydst_key_tofile(const dst_key_t *key, int type, const char *directory) {
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews (key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrewsdst_key_fromfile(dns_name_t *name, dns_keytag_t id,
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews unsigned int alg, int type, const char *directory,
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews isc_buffer_init(&b, filename, sizeof(filename));
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews result = buildfilename(name, id, alg, type, directory, &b);
80b782f356f0692c11b4e52e8dd46ec41704e5a2Mark Andrews result = dst_key_fromnamedfile(filename, NULL, type, mctx, &key);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews if (!dns_name_equal(name, key->key_name) || id != key->key_id ||
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrewsdst_key_fromnamedfile(const char *filename, const char *dirname,
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews /* If an absolute path is specified, don't use the key directory */
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews#else /* WIN32 */
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews newfilename = isc_mem_get(mctx, newfilenamelen);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews result = addsuffix(newfilename, newfilenamelen,
7ac0df532272d803c3f72ff7a109587e92622f5aMark Andrews result = dst_key_read_public(newfilename, type, mctx, &pubkey);
7ac0df532272d803c3f72ff7a109587e92622f5aMark Andrews isc_mem_put(mctx, newfilename, newfilenamelen);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC ||
0cae66577c69c89086cd065bb297690072b471b4Mark Andrews (pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews key = get_key_struct(pubkey->key_name, pubkey->key_alg,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews newfilename = isc_mem_get(mctx, newfilenamelen);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews result = addsuffix(newfilename, newfilenamelen,
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews isc_mem_put(mctx, newfilename, newfilenamelen);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews isc_mem_put(mctx, newfilename, newfilenamelen);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrewsdst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews isc_buffer_putuint16(target, (isc_uint16_t)(key->key_flags & 0xffff));
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews isc_buffer_putuint8(target, (isc_uint8_t)key->key_proto);
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews isc_buffer_putuint8(target, (isc_uint8_t)key->key_alg);
cccfafa31131844c3b82e4c92f87f243d7ca3287Mark Andrews if (key->keydata.generic == NULL) /*%< NULL KEY */
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrewsdst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews result = frombuffer(name, alg, flags, proto, rdclass, source,
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrewsdst_key_frombuffer(dns_name_t *name, unsigned int alg,
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews result = frombuffer(name, alg, flags, protocol, rdclass, source,
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrewsdst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrewsdst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) {
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrewsdst_key_fromgssapi(dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx,
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews key = get_key_struct(name, DST_ALG_GSSAPI, 0, DNS_KEYPROTO_DNSSEC,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrewsdst_key_fromlabel(dns_name_t *name, int alg, unsigned int flags,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews unsigned int protocol, dns_rdataclass_t rdclass,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews const char *engine, const char *label, const char *pin,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews result = key->func->fromlabel(key, engine, label, pin);
return (result);
return (result);
return (ISC_R_SUCCESS);
void (*callback)(int))
return (ISC_R_NOMEMORY);
return (ISC_R_SUCCESS);
return (DST_R_UNSUPPORTEDALG);
return (ret);
return (ret);
return (ISC_R_SUCCESS);
return (ISC_R_NOTFOUND);
return (ISC_R_SUCCESS);
return (ISC_R_NOTFOUND);
return (ISC_R_SUCCESS);
return (ISC_R_SUCCESS);
static isc_boolean_t
return (ISC_TRUE);
return (ISC_FALSE);
return (ISC_FALSE);
if (!match_revoked_key)
return (ISC_FALSE);
return (ISC_FALSE);
return (ISC_FALSE);
return (ISC_FALSE);
return (ISC_FALSE);
return (ISC_FALSE);
static isc_boolean_t
return (ISC_FALSE);
return (ISC_FALSE);
return (ISC_TRUE);
return (ISC_FALSE);
return (ISC_TRUE);
return (ISC_FALSE);
type == 0);
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
case DST_ALG_DSA:
case DST_ALG_NSEC3DSA:
*n = DNS_SIG_DSASIGSIZE;
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA1:
*n = ISC_SHA1_DIGESTLENGTH;
case DST_ALG_HMACSHA224:
*n = ISC_SHA224_DIGESTLENGTH;
case DST_ALG_HMACSHA256:
*n = ISC_SHA256_DIGESTLENGTH;
case DST_ALG_HMACSHA384:
*n = ISC_SHA384_DIGESTLENGTH;
case DST_ALG_HMACSHA512:
*n = ISC_SHA512_DIGESTLENGTH;
case DST_ALG_GSSAPI:
case DST_ALG_DH:
return (DST_R_UNSUPPORTEDALG);
return (ISC_R_SUCCESS);
return (DST_R_UNSUPPORTEDALG);
return (ISC_R_SUCCESS);
sizeof(algstr));
static dst_key_t *
return (NULL);
return (NULL);
return (NULL);
return (key);
isc_buffer_t b;
goto cleanup;
goto cleanup;
goto cleanup; \
#define BADTOKEN() { \
goto cleanup; \
BADTOKEN();
BADTOKEN();
0, NULL);
goto cleanup;
BADTOKEN();
BADTOKEN();
BADTOKEN();
BADTOKEN();
goto cleanup;
goto cleanup;
keyp);
goto cleanup;
return (ret);
static isc_boolean_t
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
case DST_ALG_DSA:
case DST_ALG_NSEC3DSA:
case DST_ALG_DH:
return (ISC_FALSE);
case DST_ALG_HMACMD5:
case DST_ALG_GSSAPI:
return (ISC_TRUE);
return (ISC_FALSE);
const char *output;
time_t t;
t = when;
static isc_result_t
isc_region_t r;
return (ret);
return (DST_R_INVALIDPUBLICKEY);
return (DST_R_INVALIDPUBLICKEY);
return (ret);
return (DST_R_WRITEERROR);
access = 0;
&access);
return (ret);
return (ret);
static isc_result_t
unsigned int len;
return (ISC_R_NOSPACE);
return (ISC_R_NOSPACE);
return (result);
return (ISC_R_NOSPACE);
suffix);
return (ISC_R_SUCCESS);
static isc_result_t
isc_region_t r;
return (ret);
return (ISC_R_SUCCESS);
static isc_result_t
return (ISC_R_NOMEMORY);
return (ret);
return (DST_R_UNSUPPORTEDALG);
return (ret);
return (ISC_R_SUCCESS);
static isc_result_t
return (ISC_R_SUCCESS);
#ifndef OPENSSL
return (DST_R_NOCRYPTO);
return (DST_R_UNSUPPORTEDALG);
static isc_result_t
return (ISC_R_FAILURE);
if (n >= len)
return (ISC_R_NOSPACE);
return (ISC_R_SUCCESS);
#ifdef BIND9
if (len == 0)
return (ISC_R_SUCCESS);
if (pseudo)
return (ISC_R_NOTIMPLEMENTED);
dst__entropy_status(void) {
#ifdef BIND9
#ifdef GSSAPI
if (first) {