summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorMiod Vallat <miod@cvs.openbsd.org>2014-07-09 17:36:59 +0000
committerMiod Vallat <miod@cvs.openbsd.org>2014-07-09 17:36:59 +0000
commit47e5bc95b140462d642af4aeec768154e1bdd5c5 (patch)
treef80ec12f2a67a99da8aef5176c53fbc82de08ad8 /lib/libssl
parentcaa5235235f2d6649e18ea5aa2971db9663734d0 (diff)
Remove mention that the PRNG needs to be seeded before invoking some
functions.
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/src/doc/crypto/BN_generate_prime.pod1
-rw-r--r--lib/libssl/src/doc/crypto/BN_rand.pod2
-rw-r--r--lib/libssl/src/doc/crypto/DES_set_key.pod4
-rw-r--r--lib/libssl/src/doc/crypto/DH_generate_parameters.pod3
-rw-r--r--lib/libssl/src/doc/crypto/DSA_generate_key.pod2
-rw-r--r--lib/libssl/src/doc/crypto/DSA_sign.pod3
-rw-r--r--lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod3
-rw-r--r--lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod3
-rw-r--r--lib/libssl/src/doc/crypto/EVP_SealInit.pod3
-rw-r--r--lib/libssl/src/doc/crypto/EVP_SignInit.pod4
-rw-r--r--lib/libssl/src/doc/crypto/RSA_blinding_on.pod3
-rw-r--r--lib/libssl/src/doc/crypto/RSA_generate_key.pod3
-rw-r--r--lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod3
-rw-r--r--lib/libssl/src/doc/crypto/RSA_public_encrypt.pod2
-rw-r--r--lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod3
15 files changed, 4 insertions, 38 deletions
diff --git a/lib/libssl/src/doc/crypto/BN_generate_prime.pod b/lib/libssl/src/doc/crypto/BN_generate_prime.pod
index 04fc80df9c7..2c5e6fae0f6 100644
--- a/lib/libssl/src/doc/crypto/BN_generate_prime.pod
+++ b/lib/libssl/src/doc/crypto/BN_generate_prime.pod
@@ -55,7 +55,6 @@ generator.
If B<safe> is true, it will be a safe prime (i.e. a prime p so
that (p-1)/2 is also prime).
-The PRNG must be seeded prior to calling BN_generate_prime().
The prime number generation has a negligible error probability.
BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is
diff --git a/lib/libssl/src/doc/crypto/BN_rand.pod b/lib/libssl/src/doc/crypto/BN_rand.pod
index 81f93c2eb3a..70f435b2030 100644
--- a/lib/libssl/src/doc/crypto/BN_rand.pod
+++ b/lib/libssl/src/doc/crypto/BN_rand.pod
@@ -36,8 +36,6 @@ number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
and hence numbers generated by it are not necessarily unpredictable.
-The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
-
=head1 RETURN VALUES
The functions return 1 on success, 0 on error.
diff --git a/lib/libssl/src/doc/crypto/DES_set_key.pod b/lib/libssl/src/doc/crypto/DES_set_key.pod
index b49545877ac..75638a149a8 100644
--- a/lib/libssl/src/doc/crypto/DES_set_key.pod
+++ b/lib/libssl/src/doc/crypto/DES_set_key.pod
@@ -114,9 +114,7 @@ consists of 8 bytes with odd parity. The least significant bit in
each byte is the parity bit. The key schedule is an expanded form of
the key; it is used to speed the encryption process.
-DES_random_key() generates a random key. The PRNG must be seeded
-prior to using this function (see L<rand(3)|rand(3)>). If the PRNG
-could not generate a secure key, 0 is returned.
+DES_random_key() generates a random key.
Before a DES key can be used, it must be converted into the
architecture dependent I<DES_key_schedule> via the
diff --git a/lib/libssl/src/doc/crypto/DH_generate_parameters.pod b/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
index d19e0217ee7..3832c25315a 100644
--- a/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
+++ b/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
@@ -17,8 +17,7 @@ DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
DH_generate_parameters() generates Diffie-Hellman parameters that can
be shared among a group of users, and returns them in a newly
-allocated B<DH> structure. The pseudo-random number generator must be
-seeded prior to calling DH_generate_parameters().
+allocated B<DH> structure.
B<prime_len> is the length in bits of the safe prime to be generated.
B<generator> is a small number E<gt> 1, typically 2 or 5.
diff --git a/lib/libssl/src/doc/crypto/DSA_generate_key.pod b/lib/libssl/src/doc/crypto/DSA_generate_key.pod
index af83ccfaa16..069a05767cb 100644
--- a/lib/libssl/src/doc/crypto/DSA_generate_key.pod
+++ b/lib/libssl/src/doc/crypto/DSA_generate_key.pod
@@ -15,8 +15,6 @@ DSA_generate_key - generate DSA key pair
DSA_generate_key() expects B<a> to contain DSA parameters. It generates
a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
-The PRNG must be seeded prior to calling DSA_generate_key().
-
=head1 RETURN VALUE
DSA_generate_key() returns 1 on success, 0 otherwise.
diff --git a/lib/libssl/src/doc/crypto/DSA_sign.pod b/lib/libssl/src/doc/crypto/DSA_sign.pod
index 97389e8ec88..4e78a713901 100644
--- a/lib/libssl/src/doc/crypto/DSA_sign.pod
+++ b/lib/libssl/src/doc/crypto/DSA_sign.pod
@@ -38,9 +38,6 @@ B<dsa> is the signer's public key.
The B<type> parameter is ignored.
-The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
-is called.
-
=head1 RETURN VALUES
DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
diff --git a/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod b/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
index 7aec6daeccd..e70b88a4a9a 100644
--- a/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
@@ -56,9 +56,6 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1()
needed to be used to sign using SHA1 and DSA. This is no longer necessary and
the use of clone digest is now discouraged.
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
-
The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
context. This means that calls to EVP_DigestSignUpdate() and
EVP_DigestSignFinal() can be called later to digest and sign additional data.
diff --git a/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod b/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
index 60666bfddc3..9eebb15d223 100644
--- a/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
@@ -56,9 +56,6 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1()
needed to be used to sign using SHA1 and DSA. This is no longer necessary and
the use of clone digest is now discouraged.
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
-
The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
be called later to digest and verify additional data.
diff --git a/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index 172f210c64f..ff73a04fd96 100644
--- a/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -55,9 +55,6 @@ failure.
=head1 NOTES
-Because a random secret key is generated the random number generator
-must be seeded before calling EVP_SealInit().
-
The public key must be RSA because it is the only OpenSSL public key
algorithm that supports key transport.
diff --git a/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index 682724b1577..6ea6df655e4 100644
--- a/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -60,10 +60,6 @@ digest algorithm must be used with the correct public key type. A list of
algorithms and associated public key algorithms appears in
L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
-When signing with DSA private keys the random number generator must be seeded
-or the operation will fail. The random number generator does not need to be
-seeded for RSA signatures.
-
The call to EVP_SignFinal() internally finalizes a copy of the digest context.
This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
later to digest and sign additional data.
diff --git a/lib/libssl/src/doc/crypto/RSA_blinding_on.pod b/lib/libssl/src/doc/crypto/RSA_blinding_on.pod
index e6af8d4355b..33990207f79 100644
--- a/lib/libssl/src/doc/crypto/RSA_blinding_on.pod
+++ b/lib/libssl/src/doc/crypto/RSA_blinding_on.pod
@@ -21,8 +21,7 @@ must be used to protect the RSA operation from that attack.
RSA_blinding_on() turns blinding on for key B<rsa> and generates a
random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
-initialized B<BN_CTX>. The random number generator must be seeded
-prior to calling RSA_blinding_on().
+initialized B<BN_CTX>.
RSA_blinding_off() turns blinding off and frees the memory used for
the blinding factor.
diff --git a/lib/libssl/src/doc/crypto/RSA_generate_key.pod b/lib/libssl/src/doc/crypto/RSA_generate_key.pod
index 52dbb14a537..867390884b4 100644
--- a/lib/libssl/src/doc/crypto/RSA_generate_key.pod
+++ b/lib/libssl/src/doc/crypto/RSA_generate_key.pod
@@ -14,8 +14,7 @@ RSA_generate_key - generate RSA key pair
=head1 DESCRIPTION
RSA_generate_key() generates a key pair and returns it in a newly
-allocated B<RSA> structure. The pseudo-random number generator must
-be seeded prior to calling RSA_generate_key().
+allocated B<RSA> structure.
The modulus size will be B<num> bits, and the public exponent will be
B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
diff --git a/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
index b8f678fe729..1c90b2b44d2 100644
--- a/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
+++ b/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -85,9 +85,6 @@ simply copy the data
=back
-The random number generator must be seeded prior to calling
-RSA_padding_add_xxx().
-
RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
a valid encoding for a B<rsa_len> byte RSA key in the respective
encoding method and stores the recovered data of at most B<tlen> bytes
diff --git a/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod b/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
index ab0fe3b2cd1..4bbee53f09b 100644
--- a/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
+++ b/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
@@ -49,8 +49,6 @@ Encrypting user data directly with RSA is insecure.
B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
based padding modes, less than RSA_size(B<rsa>) - 41 for
RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
-The random number generator must be seeded prior to calling
-RSA_public_encrypt().
RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
private key B<rsa> and stores the plaintext in B<to>. B<to> must point
diff --git a/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
index 315a9af9e88..664b46174bd 100644
--- a/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
@@ -26,9 +26,6 @@ memory.
B<dummy> is ignored.
-The random number generator must be seeded prior to calling
-RSA_sign_ASN1_OCTET_STRING().
-
RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
of size B<siglen> is the DER representation of a given octet string
B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's