In-Reply-To: <rt-4.4.1-76225-1506447380-162.46047-0-0@isc.org>
Message-ID: <rt-4.4.1-30085-1506523119-919.46047-0-0@isc.org>
X-Mailer: MIME-tools 5.508 (Entity 5.508)
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Type: text/plain; charset="utf-8"
X-RT-Interface: Web
Content-Disposition: inline
References: <rt-4.4.1-49214-1505851568-605.0-0-0@isc.org>
 <RT-Ticket-46047@isc.org>
 <rt-4.4.1-76225-1506447380-162.46047-0-0@isc.org>
MIME-Version: 1.0
RT-Send-CC:
Content-Length: 1014

On Tue Sep 26 17:36:20 2017, each wrote:
> Francis, can you please review this?

=> yes. Some comments:
 - in confgen/keygen.c a -r keyboard is handled
  before the crypto hook, in dnssec/dnssectool.c
  it is handled after. This is not consistent and
  IMHO after is better so I changed keygen.c in
  940fd79ba238c9c08e80a236cfcfdcec1ebcc732

 - in the named "Open the source of entropy" code
  in server.c cfg_obj_isvoid can be called on NULL.
  Fixed in 27790304792fee1fc19dd03de3b6de0eef0c7a46

 - it is a matter of taste but IMHO in generate_salt
  i and n should be size_t (or at least unsigned).

 - you removed the ifdef SC_PLATFORM_CRYPTORANDOM
  in dst__entropy_getdata. Please put it back as it simplifies
  the code and makes sure that dst library never uses a
  not crypto library PNRG. BTW don't confuse
  isc_entropy_usehook and isc_entropy_sethook, only
  the first changes the source of entropy.

At the exception of the last point the code is good.
I am testing it to check if I missed something.