Fix & update documentation about RAND_priv_bytes()

[openssl.git] / doc / man7 / RAND.pod

diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod
index 578018feabc9c01326b3bb74c0442edd64e588fa..971b3cdb161287a62c6b64191da579ddc8fa53d6 100644 (file)
--- a/doc/man7/RAND.pod
+++ b/doc/man7/RAND.pod
@@ -24,16 +24,19 @@ to be initialized ('seeded') explicitly.
 It seeds and reseeds itself automatically using trusted random sources
 provided by the operating system.
 
 It seeds and reseeds itself automatically using trusted random sources
 provided by the operating system.
 

-As a normal application developer, you don't have to worry about any details,
+As a normal application developer, you do not have to worry about any details,

 just use L<RAND_bytes(3)> to obtain random data.
 Having said that, there is one important rule to obey: Always check the error
 just use L<RAND_bytes(3)> to obtain random data.
 Having said that, there is one important rule to obey: Always check the error

-return value of L<RAND_bytes(3)> and don't take randomness for granted.
+return value of L<RAND_bytes(3)> and do not take randomness for granted.

 
 

-For long-term secrets, you can use L<RAND_priv_bytes(3)> instead.
+For values that should remain secret, you can use L<RAND_priv_bytes(3)>
+instead.

 This method does not provide 'better' randomness, it uses the same type of CSPRNG.
 This method does not provide 'better' randomness, it uses the same type of CSPRNG.

-The intention behind using a dedicated CSPRNG exclusively for long-term secrets is
-that none of its output should be visible to an attacker (e.g used as salt value),
-in order to reveal as little information as possible about its internal state.
+The intention behind using a dedicated CSPRNG exclusively for private
+values is that none of its output should be visible to an attacker (e.g.,
+used as salt value), in order to reveal as little information as
+possible about its internal state, and that a compromise of the "public"
+CSPRNG instance will not affect the secrecy of these private values.

 
 In the rare case where the default implementation does not satisfy your special
 requirements, there are two options:
 
 In the rare case where the default implementation does not satisfy your special
 requirements, there are two options:


@@ -61,10 +64,10 @@ of cryptographic principles and understand the implications of your changes.
 L<RAND_add(3)>,
 L<RAND_bytes(3)>,
 L<RAND_priv_bytes(3)>,
 L<RAND_add(3)>,
 L<RAND_bytes(3)>,
 L<RAND_priv_bytes(3)>,

-L<RAND_get_rand_method(3)>
-L<RAND_set_rand_method(3)>
+L<RAND_get_rand_method(3)>,
+L<RAND_set_rand_method(3)>,

 L<RAND_OpenSSL(3)>,
 L<RAND_OpenSSL(3)>,

-L<RAND_DRBG(7)>,
+L<RAND_DRBG(7)>

 
 =head1 COPYRIGHT
 
 
 =head1 COPYRIGHT