From: Pauli <ppzgs1@gmail.com>
Date: Thu, 5 Jun 2025 02:03:50 +0000 (+1000)
Subject: rand: document the EVP_RAND_nonce() return correctly
X-Git-Tag: openssl-3.0.17~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0a414ab2245aa6d3a2ce8262b55dd37bd8c0bf0;p=thirdparty%2Fopenssl.git

rand: document the EVP_RAND_nonce() return correctly

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27767)
---

diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod
index e5f75010499..9881eaaeb5f 100644
--- a/doc/man3/EVP_RAND.pod
+++ b/doc/man3/EVP_RAND.pod
@@ -151,11 +151,8 @@ operating system.  If I<prediction_resistance> is specified, fresh entropy
 from a live source will be sought.  This call operates as per NIST SP 800-90A
 and SP 800-90C.
 
-EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
-bytes from the RAND I<ctx>. The function returns the length of the generated
-nonce. If I<out> is NULL, the length is still returned but no generation
-takes place. This allows a caller to dynamically allocate a buffer of the
-appropriate size.
+EVP_RAND_nonce() creates a nonce in I<out> of length I<outlen>
+bytes from the RAND I<ctx>.
 
 EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
 its parents.  After this I<ctx> will operate in a thread safe manner, albeit
@@ -376,7 +373,7 @@ B<EVP_RAND_CTX> structure or NULL if an error occurred.
 
 EVP_RAND_CTX_free() does not return a value.
 
-EVP_RAND_nonce() returns the length of the nonce.
+EVP_RAND_nonce() returns 1 on success, 0 on error.
 
 EVP_RAND_get_strength() returns the strength of the random number generator
 in bits.