Remove mention that the PRNG needs to be seeded before invoking some

functions.
author: miod <> 2014-07-09 17:36:58 +0000
committer: miod <> 2014-07-09 17:36:58 +0000
commit: 911cfe3475e21a780d5ce6cc6eda37cd34760fdd (patch)
tree: 5ca70911551fb5fc0dd2488879e16bf54a97ac1c /src/lib/libc
parent: 779b5068291411d30276f703b7aec8f8636c2a40 (diff)
download: openbsd-911cfe3475e21a780d5ce6cc6eda37cd34760fdd.tar.gz
openbsd-911cfe3475e21a780d5ce6cc6eda37cd34760fdd.tar.bz2
openbsd-911cfe3475e21a780d5ce6cc6eda37cd34760fdd.zip
13 files changed, 4 insertions, 35 deletions
diff --git a/src/lib/libcrypto/doc/DES_set_key.pod b/src/lib/libcrypto/doc/DES_set_key.pod
index b49545877a..75638a149a 100644
--- a/src/lib/libcrypto/doc/DES_set_key.pod
+++ b/src/lib/libcrypto/doc/DES_set_key.pod
@@ -114,9 +114,7 @@ consists of 8 bytes with odd parity.  The least significant bit in
 each byte is the parity bit.  The key schedule is an expanded form of
 the key; it is used to speed the encryption process.
-DES_random_key() generates a random key.  The PRNG must be seeded
+DES_random_key() generates a random key.
-prior to using this function (see L<rand(3)|rand(3)>).  If the PRNG
-could not generate a secure key, 0 is returned.
 Before a DES key can be used, it must be converted into the
 architecture dependent I<DES_key_schedule> via the
diff --git a/src/lib/libcrypto/doc/DH_generate_parameters.pod b/src/lib/libcrypto/doc/DH_generate_parameters.pod
index d19e0217ee..3832c25315 100644
--- a/src/lib/libcrypto/doc/DH_generate_parameters.pod
+++ b/src/lib/libcrypto/doc/DH_generate_parameters.pod
@@ -17,8 +17,7 @@ DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
 DH_generate_parameters() generates Diffie-Hellman parameters that can
 be shared among a group of users, and returns them in a newly
-allocated B<DH> structure. The pseudo-random number generator must be
+allocated B<DH> structure.
-seeded prior to calling DH_generate_parameters().
 B<prime_len> is the length in bits of the safe prime to be generated.
 B<generator> is a small number E<gt> 1, typically 2 or 5.
diff --git a/src/lib/libcrypto/doc/DSA_generate_key.pod b/src/lib/libcrypto/doc/DSA_generate_key.pod
index af83ccfaa1..069a05767c 100644
--- a/src/lib/libcrypto/doc/DSA_generate_key.pod
+++ b/src/lib/libcrypto/doc/DSA_generate_key.pod
@@ -15,8 +15,6 @@ DSA_generate_key - generate DSA key pair
 DSA_generate_key() expects B<a> to contain DSA parameters. It generates
 a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
-The PRNG must be seeded prior to calling DSA_generate_key().
 =head1 RETURN VALUE
 DSA_generate_key() returns 1 on success, 0 otherwise.
diff --git a/src/lib/libcrypto/doc/DSA_sign.pod b/src/lib/libcrypto/doc/DSA_sign.pod
index 97389e8ec8..4e78a71390 100644
--- a/src/lib/libcrypto/doc/DSA_sign.pod
+++ b/src/lib/libcrypto/doc/DSA_sign.pod
@@ -38,9 +38,6 @@ B<dsa> is the signer's public key.
 The B<type> parameter is ignored.
-The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
-is called.
 =head1 RETURN VALUES
 DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
diff --git a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
index 7aec6daecc..e70b88a4a9 100644
--- a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
@@ -56,9 +56,6 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1()
 needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
 The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_DigestSignUpdate() and
 EVP_DigestSignFinal() can be called later to digest and sign additional data.
diff --git a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
index 60666bfddc..9eebb15d22 100644
--- a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
@@ -56,9 +56,6 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1()
 needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
 The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
 be called later to digest and verify additional data.
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
index 172f210c64..ff73a04fd9 100644
--- a/src/lib/libcrypto/doc/EVP_SealInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -55,9 +55,6 @@ failure.
 =head1 NOTES
-Because a random secret key is generated the random number generator
-must be seeded before calling EVP_SealInit().
 The public key must be RSA because it is the only OpenSSL public key
 algorithm that supports key transport.
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index 682724b157..6ea6df655e 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -60,10 +60,6 @@ digest algorithm must be used with the correct public key type. A list of
 algorithms and associated public key algorithms appears in
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
-When signing with DSA private keys the random number generator must be seeded
-or the operation will fail. The random number generator does not need to be
-seeded for RSA signatures.
 The call to EVP_SignFinal() internally finalizes a copy of the digest context.
 This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
 later to digest and sign additional data.
diff --git a/src/lib/libcrypto/doc/RSA_blinding_on.pod b/src/lib/libcrypto/doc/RSA_blinding_on.pod
index e6af8d4355..33990207f7 100644
--- a/src/lib/libcrypto/doc/RSA_blinding_on.pod
+++ b/src/lib/libcrypto/doc/RSA_blinding_on.pod
@@ -21,8 +21,7 @@ must be used to protect the RSA operation from that attack.
 RSA_blinding_on() turns blinding on for key B<rsa> and generates a
 random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
-initialized B<BN_CTX>. The random number generator must be seeded
+initialized B<BN_CTX>.
-prior to calling RSA_blinding_on().
 RSA_blinding_off() turns blinding off and frees the memory used for
 the blinding factor.
diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod
index 52dbb14a53..867390884b 100644
--- a/src/lib/libcrypto/doc/RSA_generate_key.pod
+++ b/src/lib/libcrypto/doc/RSA_generate_key.pod
@@ -14,8 +14,7 @@ RSA_generate_key - generate RSA key pair
 =head1 DESCRIPTION
 RSA_generate_key() generates a key pair and returns it in a newly
-allocated B<RSA> structure. The pseudo-random number generator must
+allocated B<RSA> structure.
-be seeded prior to calling RSA_generate_key().
 The modulus size will be B<num> bits, and the public exponent will be
 B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
diff --git a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
index b8f678fe72..1c90b2b44d 100644
--- a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
+++ b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
@@ -85,9 +85,6 @@ simply copy the data
 =back
-The random number generator must be seeded prior to calling
-RSA_padding_add_xxx().
 RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
 a valid encoding for a B<rsa_len> byte RSA key in the respective
 encoding method and stores the recovered data of at most B<tlen> bytes
diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
index ab0fe3b2cd..4bbee53f09 100644
--- a/src/lib/libcrypto/doc/RSA_public_encrypt.pod
+++ b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
@@ -49,8 +49,6 @@ Encrypting user data directly with RSA is insecure.
 B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
 based padding modes, less than RSA_size(B<rsa>) - 41 for
 RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
-The random number generator must be seeded prior to calling
-RSA_public_encrypt().
 RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
 private key B<rsa> and stores the plaintext in B<to>. B<to> must point
diff --git a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
index 315a9af9e8..664b46174b 100644
--- a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
@@ -26,9 +26,6 @@ memory.
 B<dummy> is ignored.
-The random number generator must be seeded prior to calling
-RSA_sign_ASN1_OCTET_STRING().
 RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
 of size B<siglen> is the DER representation of a given octet string
 B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
author	miod <>	2014-07-09 17:36:58 +0000
committer	miod <>	2014-07-09 17:36:58 +0000
commit	911cfe3475e21a780d5ce6cc6eda37cd34760fdd (patch)
tree	5ca70911551fb5fc0dd2488879e16bf54a97ac1c /src/lib/libc
parent	779b5068291411d30276f703b7aec8f8636c2a40 (diff)
download	openbsd-911cfe3475e21a780d5ce6cc6eda37cd34760fdd.tar.gz openbsd-911cfe3475e21a780d5ce6cc6eda37cd34760fdd.tar.bz2 openbsd-911cfe3475e21a780d5ce6cc6eda37cd34760fdd.zip