SUMMARY The function `opensslProvider::init()` in `qca-ossl.cpp` attempts to seed OpenSSL's RNG with 128 bytes of pseudo-random data, generated by the C standard library's `rand()` function, which in turn is seeded with `srand(time(nullptr))` [1]. Because `time()` has only one-second resolution, the resulting generated sequence is easily predictable, and the generated seed has very low entropy. This low-entropy seed is then fed to OpenSSL via `RAND_seed()`, violating the OpenSSL API recommendation [2]. `RAND_seed()` is intended for high-entropy input only. OpenSSL provides the `RAND_add()` function specifically for incorporating low-entropy randomness. While OpenSSL wisely supplements this initial seed with high-quality random data from the kernel (obtained with the `getrandom()` syscall), mitigating potential consequences, the current implementation is, at best, ineffective, and, at worst, weakens OpenSSL's internal RNG. I suggest replacing the current code with `RAND_poll()`: > RAND_poll() uses the system's capabilities to seed the random generator using > random input obtained from polling various trusted entropy sources. [1] <https://invent.kde.org/libraries/qca/-/blob/b786c71a2bfe47082aff51901fd37195a3da3541/plugins/qca-ossl/qca-ossl.cpp?page=7#L6652> [2] <https://docs.openssl.org/master/man3/RAND_add/>
We are in the slow process of phasing out QCA, so unless there is a real real real problem we're not going to touch it much/make new releases https://invent.kde.org/libraries/qca/-/issues/18
(In reply to Albert Astals Cid from comment #1) > We are in the slow process of phasing out QCA, so unless there is a real > real real problem we're not going to touch it much/make new releases > > https://invent.kde.org/libraries/qca/-/issues/18 Thanks for the clarification. In that case it doesn't make much sense to pursue this further, since OpenSSL mitigates the problem.