2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 10:58:58 +00:00

Remove QUtil::srandom

This commit is contained in:
Jay Berkenbilt 2020-04-06 09:49:02 -04:00
parent 1360b530ec
commit 619d294e9d
5 changed files with 36 additions and 26 deletions

View File

@ -1,5 +1,11 @@
2020-04-06 Jay Berkenbilt <ejb@ql.org>
* Source-level incompatibility: remove QUtil::srandom. There was
no reason to ever call this, and it didn't do anything unless
insecure random number generation was compiled in, which it is not
by default. If you were calling this, just remove the call because
it wasn't doing anything anyway.
* Add openssl crypto provider, contributed by Dean Scarff. This
provider is implemented using OpenSSL and also works with
BoringSSL.

View File

@ -271,13 +271,6 @@ namespace QUtil
QPDF_DLL
long random();
// Wrapper around srandom from stdlib. Seeds the standard library
// weak random number generator, which is not used if secure
// random number generation is being used. You never need to call
// this method as it is called automatically if needed.
QPDF_DLL
void srandom(unsigned int seed);
// Initialize a buffer with random bytes. By default, qpdf tries
// to use a secure random number source. It can be configured at
// compile time to use an insecure random number source (from

View File

@ -30,8 +30,13 @@ InsecureRandomDataProvider::random()
// Seed the random number generator with something simple, but
// just to be interesting, don't use the unmodified current
// time. It would be better if this were a more secure seed.
QUtil::srandom(static_cast<unsigned int>(
QUtil::get_current_time() ^ 0xcccc));
unsigned int seed = static_cast<unsigned int>(
QUtil::get_current_time() ^ 0xcccc);
#ifdef HAVE_RANDOM
::srandom(seed);
#else
srand(seed);
#endif
this->seeded_random = true;
}

View File

@ -878,16 +878,6 @@ QUtil::toUTF16(unsigned long uval)
// Random data support
long
QUtil::random()
{
long result = 0L;
initializeWithRandomBytes(
reinterpret_cast<unsigned char*>(&result),
sizeof(result));
return result;
}
static RandomDataProvider* random_data_provider = 0;
#ifdef USE_INSECURE_RANDOM
@ -941,14 +931,14 @@ QUtil::initializeWithRandomBytes(unsigned char* data, size_t len)
random_data_provider->provideRandomData(data, len);
}
void
QUtil::srandom(unsigned int seed)
long
QUtil::random()
{
#ifdef HAVE_RANDOM
::srandom(seed);
#else
srand(seed);
#endif
long result = 0L;
initializeWithRandomBytes(
reinterpret_cast<unsigned char*>(&result),
sizeof(result));
return result;
}
bool

View File

@ -4798,6 +4798,22 @@ print "\n";
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Incompatible API (source-level) Changes (minor)
</para>
<itemizedlist>
<listitem>
<para>
The <function>QUtil::srandom</function> method was removed.
It didn't do anything unless insecure random numbers were
compiled in, and they have been off by default for a long
time. If you were calling it, just remove the call since it
wasn't doing anything anyway.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Build/Packaging Changes