Remove QUtil::srandom

ChangeLog

@@ -1,5 +1,11 @@
 2020-04-06  Jay Berkenbilt  <ejb@ql.org>
 
+	* Source-level incompatibility: remove QUtil::srandom. There was
+	no reason to ever call this, and it didn't do anything unless
+	insecure random number generation was compiled in, which it is not
+	by default. If you were calling this, just remove the call because
+	it wasn't doing anything anyway.
+
 	* Add openssl crypto provider, contributed by Dean Scarff. This
 	provider is implemented using OpenSSL and also works with
 	BoringSSL.

include/qpdf/QUtil.hh

@@ -271,13 +271,6 @@ namespace QUtil
     QPDF_DLL
     long random();
 
-    // Wrapper around srandom from stdlib.  Seeds the standard library
-    // weak random number generator, which is not used if secure
-    // random number generation is being used.  You never need to call
-    // this method as it is called automatically if needed.
-    QPDF_DLL
-    void srandom(unsigned int seed);
-
     // Initialize a buffer with random bytes.  By default, qpdf tries
     // to use a secure random number source.  It can be configured at
     // compile time to use an insecure random number source (from

libqpdf/InsecureRandomDataProvider.cc

@@ -30,8 +30,13 @@ InsecureRandomDataProvider::random()
 	// Seed the random number generator with something simple, but
 	// just to be interesting, don't use the unmodified current
 	// time.  It would be better if this were a more secure seed.
-        QUtil::srandom(static_cast<unsigned int>(
+        unsigned int seed = static_cast<unsigned int>(
-                           QUtil::get_current_time() ^ 0xcccc));
+            QUtil::get_current_time() ^ 0xcccc);
+#ifdef HAVE_RANDOM
+        ::srandom(seed);
+#else
+        srand(seed);
+#endif
 	this->seeded_random = true;
     }
 

libqpdf/QUtil.cc

@@ -878,16 +878,6 @@ QUtil::toUTF16(unsigned long uval)
 
 // Random data support
 
-long
-QUtil::random()
-{
-    long result = 0L;
-    initializeWithRandomBytes(
-        reinterpret_cast<unsigned char*>(&result),
-        sizeof(result));
-    return result;
-}
-
 static RandomDataProvider* random_data_provider = 0;
 
 #ifdef USE_INSECURE_RANDOM
@@ -941,14 +931,14 @@ QUtil::initializeWithRandomBytes(unsigned char* data, size_t len)
     random_data_provider->provideRandomData(data, len);
 }
 
-void
+long
-QUtil::srandom(unsigned int seed)
+QUtil::random()
 {
-#ifdef HAVE_RANDOM
+    long result = 0L;
-    ::srandom(seed);
+    initializeWithRandomBytes(
-#else
+        reinterpret_cast<unsigned char*>(&result),
-    srand(seed);
+        sizeof(result));
-#endif
+    return result;
 }
 
 bool

manual/qpdf-manual.xml

@@ -4798,6 +4798,22 @@ print "\n";
         </listitem>
        </itemizedlist>
       </listitem>
+      <listitem>
+       <para>
+        Incompatible API (source-level) Changes (minor)
+       </para>
+       <itemizedlist>
+        <listitem>
+         <para>
+          The <function>QUtil::srandom</function> method was removed.
+          It didn't do anything unless insecure random numbers were
+          compiled in, and they have been off by default for a long
+          time. If you were calling it, just remove the call since it
+          wasn't doing anything anyway.
+         </para>
+        </listitem>
+       </itemizedlist>
+      </listitem>
       <listitem>
        <para>
         Build/Packaging Changes