Remove mention that the PRNG needs to be seeded before invoking some

functions.

28 files changed, 8 insertions, 73 deletions

diff --git a/src/lib/libcrypto/doc/DES_set_key.pod b/src/lib/libcrypto/doc/DES_set_key.pod
index b49545877a..75638a149a 100644
--- a/src/lib/libcrypto/doc/DES_set_key.pod
+++ b/src/lib/libcrypto/doc/DES_set_key.pod
@@ -114,9 +114,7 @@ consists of 8 bytes with odd parity.  The least significant bit in
 each byte is the parity bit.  The key schedule is an expanded form of
 the key; it is used to speed the encryption process.
 
-DES_random_key() generates a random key.  The PRNG must be seeded
-prior to using this function (see L<rand(3)|rand(3)>).  If the PRNG
-could not generate a secure key, 0 is returned.
+DES_random_key() generates a random key.
 
 Before a DES key can be used, it must be converted into the
 architecture dependent I<DES_key_schedule> via the
diff --git a/src/lib/libcrypto/doc/DH_generate_parameters.pod b/src/lib/libcrypto/doc/DH_generate_parameters.pod
index d19e0217ee..3832c25315 100644
--- a/src/lib/libcrypto/doc/DH_generate_parameters.pod
+++ b/src/lib/libcrypto/doc/DH_generate_parameters.pod
@@ -17,8 +17,7 @@ DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
 
 DH_generate_parameters() generates Diffie-Hellman parameters that can
 be shared among a group of users, and returns them in a newly
-allocated B<DH> structure. The pseudo-random number generator must be
-seeded prior to calling DH_generate_parameters().
+allocated B<DH> structure.
 
 B<prime_len> is the length in bits of the safe prime to be generated.
 B<generator> is a small number E<gt> 1, typically 2 or 5.
diff --git a/src/lib/libcrypto/doc/DSA_generate_key.pod b/src/lib/libcrypto/doc/DSA_generate_key.pod
index af83ccfaa1..069a05767c 100644
--- a/src/lib/libcrypto/doc/DSA_generate_key.pod
+++ b/src/lib/libcrypto/doc/DSA_generate_key.pod
@@ -15,8 +15,6 @@ DSA_generate_key - generate DSA key pair
 DSA_generate_key() expects B<a> to contain DSA parameters. It generates
 a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
 
-The PRNG must be seeded prior to calling DSA_generate_key().
-
 =head1 RETURN VALUE
 
 DSA_generate_key() returns 1 on success, 0 otherwise.
diff --git a/src/lib/libcrypto/doc/DSA_sign.pod b/src/lib/libcrypto/doc/DSA_sign.pod
index 97389e8ec8..4e78a71390 100644
--- a/src/lib/libcrypto/doc/DSA_sign.pod
+++ b/src/lib/libcrypto/doc/DSA_sign.pod
@@ -38,9 +38,6 @@ B<dsa> is the signer's public key.
 
 The B<type> parameter is ignored.
 
-The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
-is called.
-
 =head1 RETURN VALUES
 
 DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
diff --git a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
index 7aec6daecc..e70b88a4a9 100644
--- a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
@@ -56,9 +56,6 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1()
 needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
 
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
-
 The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_DigestSignUpdate() and
 EVP_DigestSignFinal() can be called later to digest and sign additional data.
diff --git a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
index 60666bfddc..9eebb15d22 100644
--- a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
@@ -56,9 +56,6 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1()
 needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
 
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
-
 The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
 be called later to digest and verify additional data.
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
index 172f210c64..ff73a04fd9 100644
--- a/src/lib/libcrypto/doc/EVP_SealInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -55,9 +55,6 @@ failure.
 
 =head1 NOTES
 
-Because a random secret key is generated the random number generator
-must be seeded before calling EVP_SealInit().
-
 The public key must be RSA because it is the only OpenSSL public key
 algorithm that supports key transport.
 
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index 682724b157..6ea6df655e 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -60,10 +60,6 @@ digest algorithm must be used with the correct public key type. A list of
 algorithms and associated public key algorithms appears in
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
 
-When signing with DSA private keys the random number generator must be seeded
-or the operation will fail. The random number generator does not need to be
-seeded for RSA signatures.
-
 The call to EVP_SignFinal() internally finalizes a copy of the digest context.
 This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
 later to digest and sign additional data.
diff --git a/src/lib/libcrypto/doc/RSA_blinding_on.pod b/src/lib/libcrypto/doc/RSA_blinding_on.pod
index e6af8d4355..33990207f7 100644
--- a/src/lib/libcrypto/doc/RSA_blinding_on.pod
+++ b/src/lib/libcrypto/doc/RSA_blinding_on.pod
@@ -21,8 +21,7 @@ must be used to protect the RSA operation from that attack.
 
 RSA_blinding_on() turns blinding on for key B<rsa> and generates a
 random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
-initialized B<BN_CTX>. The random number generator must be seeded
-prior to calling RSA_blinding_on().
+initialized B<BN_CTX>.
 
 RSA_blinding_off() turns blinding off and frees the memory used for
 the blinding factor.
diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod
index 52dbb14a53..867390884b 100644
--- a/src/lib/libcrypto/doc/RSA_generate_key.pod
+++ b/src/lib/libcrypto/doc/RSA_generate_key.pod
@@ -14,8 +14,7 @@ RSA_generate_key - generate RSA key pair
 =head1 DESCRIPTION
 
 RSA_generate_key() generates a key pair and returns it in a newly
-allocated B<RSA> structure. The pseudo-random number generator must
-be seeded prior to calling RSA_generate_key().
+allocated B<RSA> structure.
 
 The modulus size will be B<num> bits, and the public exponent will be
 B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
diff --git a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
index b8f678fe72..1c90b2b44d 100644
--- a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
+++ b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
@@ -85,9 +85,6 @@ simply copy the data
 
 =back
 
-The random number generator must be seeded prior to calling
-RSA_padding_add_xxx().
-
 RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
 a valid encoding for a B<rsa_len> byte RSA key in the respective
 encoding method and stores the recovered data of at most B<tlen> bytes
diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
index ab0fe3b2cd..4bbee53f09 100644
--- a/src/lib/libcrypto/doc/RSA_public_encrypt.pod
+++ b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
@@ -49,8 +49,6 @@ Encrypting user data directly with RSA is insecure.
 B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
 based padding modes, less than RSA_size(B<rsa>) - 41 for
 RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
-The random number generator must be seeded prior to calling
-RSA_public_encrypt().
 
 RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
 private key B<rsa> and stores the plaintext in B<to>. B<to> must point
diff --git a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
index 315a9af9e8..664b46174b 100644
--- a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
@@ -26,9 +26,6 @@ memory.
 
 B<dummy> is ignored.
 
-The random number generator must be seeded prior to calling
-RSA_sign_ASN1_OCTET_STRING().
-
 RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
 of size B<siglen> is the DER representation of a given octet string
 B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
diff --git a/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod b/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod
index 04fc80df9c..2c5e6fae0f 100644
--- a/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod
@@ -55,7 +55,6 @@ generator.
 If B<safe> is true, it will be a safe prime (i.e. a prime p so
 that (p-1)/2 is also prime).
 
-The PRNG must be seeded prior to calling BN_generate_prime().
 The prime number generation has a negligible error probability.
 
 BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is
diff --git a/src/lib/libssl/src/doc/crypto/BN_rand.pod b/src/lib/libssl/src/doc/crypto/BN_rand.pod
index 81f93c2eb3..70f435b203 100644
--- a/src/lib/libssl/src/doc/crypto/BN_rand.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_rand.pod
@@ -36,8 +36,6 @@ number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
 BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
 and hence numbers generated by it are not necessarily unpredictable.
 
-The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
-
 =head1 RETURN VALUES
 
 The functions return 1 on success, 0 on error.
diff --git a/src/lib/libssl/src/doc/crypto/DES_set_key.pod b/src/lib/libssl/src/doc/crypto/DES_set_key.pod
index b49545877a..75638a149a 100644
--- a/src/lib/libssl/src/doc/crypto/DES_set_key.pod
+++ b/src/lib/libssl/src/doc/crypto/DES_set_key.pod
@@ -114,9 +114,7 @@ consists of 8 bytes with odd parity.  The least significant bit in
 each byte is the parity bit.  The key schedule is an expanded form of
 the key; it is used to speed the encryption process.
 
-DES_random_key() generates a random key.  The PRNG must be seeded
-prior to using this function (see L<rand(3)|rand(3)>).  If the PRNG
-could not generate a secure key, 0 is returned.
+DES_random_key() generates a random key.
 
 Before a DES key can be used, it must be converted into the
 architecture dependent I<DES_key_schedule> via the
diff --git a/src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod b/src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
index d19e0217ee..3832c25315 100644
--- a/src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
+++ b/src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
@@ -17,8 +17,7 @@ DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
 
 DH_generate_parameters() generates Diffie-Hellman parameters that can
 be shared among a group of users, and returns them in a newly
-allocated B<DH> structure. The pseudo-random number generator must be
-seeded prior to calling DH_generate_parameters().
+allocated B<DH> structure.
 
 B<prime_len> is the length in bits of the safe prime to be generated.
 B<generator> is a small number E<gt> 1, typically 2 or 5.
diff --git a/src/lib/libssl/src/doc/crypto/DSA_generate_key.pod b/src/lib/libssl/src/doc/crypto/DSA_generate_key.pod
index af83ccfaa1..069a05767c 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_generate_key.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_generate_key.pod
@@ -15,8 +15,6 @@ DSA_generate_key - generate DSA key pair
 DSA_generate_key() expects B<a> to contain DSA parameters. It generates
 a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
 
-The PRNG must be seeded prior to calling DSA_generate_key().
-
 =head1 RETURN VALUE
 
 DSA_generate_key() returns 1 on success, 0 otherwise.
diff --git a/src/lib/libssl/src/doc/crypto/DSA_sign.pod b/src/lib/libssl/src/doc/crypto/DSA_sign.pod
index 97389e8ec8..4e78a71390 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_sign.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_sign.pod
@@ -38,9 +38,6 @@ B<dsa> is the signer's public key.
 
 The B<type> parameter is ignored.
 
-The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
-is called.
-
 =head1 RETURN VALUES
 
 DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
index 7aec6daecc..e70b88a4a9 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
@@ -56,9 +56,6 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1()
 needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
 
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
-
 The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_DigestSignUpdate() and
 EVP_DigestSignFinal() can be called later to digest and sign additional data.
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
index 60666bfddc..9eebb15d22 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
@@ -56,9 +56,6 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1()
 needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
 
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
-
 The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
 be called later to digest and verify additional data.
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index 172f210c64..ff73a04fd9 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -55,9 +55,6 @@ failure.
 
 =head1 NOTES
 
-Because a random secret key is generated the random number generator
-must be seeded before calling EVP_SealInit().
-
 The public key must be RSA because it is the only OpenSSL public key
 algorithm that supports key transport.
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index 682724b157..6ea6df655e 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -60,10 +60,6 @@ digest algorithm must be used with the correct public key type. A list of
 algorithms and associated public key algorithms appears in
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
 
-When signing with DSA private keys the random number generator must be seeded
-or the operation will fail. The random number generator does not need to be
-seeded for RSA signatures.
-
 The call to EVP_SignFinal() internally finalizes a copy of the digest context.
 This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
 later to digest and sign additional data.
diff --git a/src/lib/libssl/src/doc/crypto/RSA_blinding_on.pod b/src/lib/libssl/src/doc/crypto/RSA_blinding_on.pod
index e6af8d4355..33990207f7 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_blinding_on.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_blinding_on.pod
@@ -21,8 +21,7 @@ must be used to protect the RSA operation from that attack.
 
 RSA_blinding_on() turns blinding on for key B<rsa> and generates a
 random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
-initialized B<BN_CTX>. The random number generator must be seeded
-prior to calling RSA_blinding_on().
+initialized B<BN_CTX>.
 
 RSA_blinding_off() turns blinding off and frees the memory used for
 the blinding factor.
diff --git a/src/lib/libssl/src/doc/crypto/RSA_generate_key.pod b/src/lib/libssl/src/doc/crypto/RSA_generate_key.pod
index 52dbb14a53..867390884b 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_generate_key.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_generate_key.pod
@@ -14,8 +14,7 @@ RSA_generate_key - generate RSA key pair
 =head1 DESCRIPTION
 
 RSA_generate_key() generates a key pair and returns it in a newly
-allocated B<RSA> structure. The pseudo-random number generator must
-be seeded prior to calling RSA_generate_key().
+allocated B<RSA> structure.
 
 The modulus size will be B<num> bits, and the public exponent will be
 B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
diff --git a/src/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/src/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
index b8f678fe72..1c90b2b44d 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -85,9 +85,6 @@ simply copy the data
 
 =back
 
-The random number generator must be seeded prior to calling
-RSA_padding_add_xxx().
-
 RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
 a valid encoding for a B<rsa_len> byte RSA key in the respective
 encoding method and stores the recovered data of at most B<tlen> bytes
diff --git a/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod b/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
index ab0fe3b2cd..4bbee53f09 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
@@ -49,8 +49,6 @@ Encrypting user data directly with RSA is insecure.
 B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
 based padding modes, less than RSA_size(B<rsa>) - 41 for
 RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
-The random number generator must be seeded prior to calling
-RSA_public_encrypt().
 
 RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
 private key B<rsa> and stores the plaintext in B<to>. B<to> must point
diff --git a/src/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/src/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
index 315a9af9e8..664b46174b 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
@@ -26,9 +26,6 @@ memory.
 
 B<dummy> is ignored.
 
-The random number generator must be seeded prior to calling
-RSA_sign_ASN1_OCTET_STRING().
-
 RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
 of size B<siglen> is the DER representation of a given octet string
 B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's