From 4229457068d6a28cc11b506f127a7bb650ab18c1 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Sat, 5 Oct 2013 17:36:33 -0400
Subject: Security: use a secure random number generator

If not available, give an error.  The user may also configure qpdf to
use an insecure random number generator.
---
 include/qpdf/QUtil.hh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'include')

diff --git a/include/qpdf/QUtil.hh b/include/qpdf/QUtil.hh
index 8bad535d..cbdc065c 100644
--- a/include/qpdf/QUtil.hh
+++ b/include/qpdf/QUtil.hh
@@ -108,12 +108,18 @@ namespace QUtil
     QPDF_DLL
     std::string toUTF8(unsigned long uval);
 
-    // Wrapper around random from stdlib.  Calls srandom automatically
-    // the first time it is called.
+    // If secure random number generation is supported on your
+    // platform and qpdf was not compiled with insecure random number
+    // generation, this returns a crytographically secure random
+    // number.  Otherwise it falls back to random from stdlib and
+    // calls srandom automatically the first time it is called.
     QPDF_DLL
     long random();
 
-    // Wrapper around srandom from stdlib.
+    // Wrapper around srandom from stdlib.  Seeds the standard library
+    // weak random number generator, which is not used if secure
+    // random number generation is being used.  You never need to call
+    // this method as it is called automatically if needed.
     QPDF_DLL
     void srandom(unsigned int seed);
 
-- 
cgit v1.2.3-54-g00ecf