Delegate random number generation to crypto provider (fixes #418)

1 files changed, 18 insertions, 19 deletions

diff --git a/manual/qpdf-manual.xml b/manual/qpdf-manual.xml
index e6eb55eb..5b57de9d 100644
--- a/manual/qpdf-manual.xml
+++ b/manual/qpdf-manual.xml
@@ -3914,25 +3914,16 @@ outfile.pdf</option>
    <title>Random Number Generation</title>
    <para>
     QPDF generates random numbers to support generation of encrypted
-    data.  Versions prior to 5.0.1 used <function>random</function> or
-    <function>rand</function> from <filename>stdlib</filename> to
-    generate random numbers.  Version 5.0.1, if available, used
-    operating system-provided secure random number generation instead,
-    enabling use of <filename>stdlib</filename> random number
-    generation only if enabled by a compile-time option.  Starting in
-    version 5.1.0, use of insecure random numbers was disabled unless
-    enabled at compile time.  Starting in version 5.1.0, it is also
-    possible for you to disable use of OS-provided secure random
-    numbers.  This is especially useful on Windows if you want to
-    avoid a dependency on Microsoft's cryptography API.  In this case,
-    you must provide your own random data provider.  Regardless of how
-    you compile qpdf, starting in version 5.1.0, it is possible for
-    you to provide your own random data provider at runtime.  This
-    would enable you to use some software-based secure pseudorandom
-    number generator and to avoid use of whatever the operating system
-    provides.  For details on how to do this, please refer to the
-    top-level README.md file in the source distribution and to comments
-    in <filename>QUtil.hh</filename>.
+    data. Starting in qpdf 10.0.0, qpdf uses the crypto provider as
+    its source of random numbers. Older versions used the OS-provided
+    source of secure random numbers or, if allowed at build time,
+    insecure random numbers from stdlib. Starting with version 5.1.0,
+    you can disable use of OS-provided secure random numbers at build
+    time. This is especially useful on Windows if you want to avoid a
+    dependency on Microsoft's cryptography API. You can also supply
+    your own random data provider. For details on how to do this,
+    please refer to the top-level README.md file in the source
+    distribution and to comments in <filename>QUtil.hh</filename>.
    </para>
   </sect1>
   <sect1 id="ref.adding-and-remove-pages">
@@ -4908,6 +4899,14 @@ print "\n";
        <itemizedlist>
         <listitem>
          <para>
+          Random number generation is now delegated to the crypto
+          provider. The old behavior is still used by the native
+          crypto provider. It is still possible to provide your own
+          random number generator.
+         </para>
+        </listitem>
+        <listitem>
+         <para>
           Add a new version of
           <function>QPDFObjectHandle::StreamDataProvider::provideStreamData</function>
           that accepts the <function>suppress_warnings</function> and