diff options
| author | Jay Berkenbilt <ejb@ql.org> | 2020-04-06 16:19:37 +0200 |
|---|---|---|
| committer | Jay Berkenbilt <ejb@ql.org> | 2020-04-06 17:23:02 +0200 |
| commit | 77198d5310d961ba3605db74fe1d213bb5d19f34 (patch) | |
| tree | a92ae4e8056d6a8a5bf284c78460a6112710424e /README.md | |
| parent | 52749b85df2e25c5ca35d5e0d07fbe4248b6f99b (diff) | |
| download | qpdf-77198d5310d961ba3605db74fe1d213bb5d19f34.tar.zst | |
Delegate random number generation to crypto provider (fixes #418)
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -111,7 +111,9 @@ If you are packaging qpdf for a distribution and preparing a build that is run b # Random Number Generation -By default, when `qpdf` detects either the Windows cryptography API or the existence of `/dev/urandom`, `/dev/arandom`, or `/dev/random`, it uses them to generate cryptography secure random numbers. If none of these conditions are true, the build will fail with an error. This behavior can be modified in several ways: +By default, qpdf uses the crypto provider for generating random numbers. The rest of this applies only if you are using the native crypto provider. + +If the native crypto provider is in use, then, when `qpdf` detects either the Windows cryptography API or the existence of `/dev/urandom`, `/dev/arandom`, or `/dev/random`, it uses them to generate cryptographically secure random numbers. If none of these conditions are true, the build will fail with an error. This behavior can be modified in several ways: * If you configure with `--disable-os-secure-random` or define `SKIP_OS_SECURE_RANDOM`, qpdf will not attempt to use Windows cryptography or the random device. You must either supply your own random data provider or allow use of insecure random numbers. * If you configure qpdf with the `--enable-insecure-random` option or define `USE_INSECURE_RANDOM`, qpdf will try insecure random numbers if OS-provided secure random numbers are disabled. This is not a fallback. In order for insecure random numbers to be used, you must also disable OS secure random numbers since, otherwise, failure to find OS secure random numbers is a compile error. The insecure random number source is stdlib's `random()` or `rand()` calls. These random numbers are not cryptography secure, but the qpdf library is fully functional using them. Using non-secure random numbers means that it's easier in some cases to guess encryption keys. If you're not generating encrypted files, there's no advantage to using secure random numbers. * In all cases, you may supply your own random data provider. To do this, derive a class from `qpdf/RandomDataProvider` (since version 5.1.0) and call `QUtil::setRandomDataProvider` before you create any `QPDF` objects. If you supply your own random data provider, it will always be used even if support for one of the other random data providers is compiled in. If you wish to avoid any possibility of your build of qpdf from using anything but a user-supplied random data provider, you can define `SKIP_OS_SECURE_RANDOM` and not `USE_INSECURE_RANDOM`. In this case, qpdf will throw a runtime error if any attempt is made to generate random numbers and no random data provider has been supplied. |