[Development] Someone please fix the remaining qrand cases in SSL code

Giuseppe D'Angelo giuseppe.dangelo at kdab.com
Wed Jun 14 17:25:31 CEST 2017

Il 12/06/2017 22:45, Thiago Macieira ha scritto:
> I can't submit changes to SSL-related code, so can someone apply the
> equivalent ofhttps://codereview.qt-project.org/191738  to the files listed in
> that commit's message?

There are a couple of problems arising from there:

1) some place has a "TODO: use a CSPRNG". Given the current 
QRandomGenerator API, is there a way to know if a CSPRNG is actually 
being used or we're falling back to a plain PRNG?

2) a test wants to generate a few MB of random data. Ideally this would 
be a no-brainer -- QRandomGenerator plus an engine from the standard 
library, but we can't use those engines yet (or can we?). So those 
places will need to keep qrand()?

Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (UK) Ltd., a KDAB Group company | Tel: UK +44-1625-809908
KDAB - Qt, C++ and OpenGL Experts

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4007 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.qt-project.org/pipermail/development/attachments/20170614/ae86b651/attachment.bin>

More information about the Development mailing list