Fix documentation for crypto_rand*

author Nick Mathewson <nickm@torproject.org>

Wed, 25 Nov 2015 17:28:20 +0000 (12:28 -0500)

committer Nick Mathewson <nickm@torproject.org>

Thu, 26 Nov 2015 03:29:59 +0000 (22:29 -0500)
author Nick Mathewson <nickm@torproject.org>
Wed, 25 Nov 2015 17:28:20 +0000 (12:28 -0500)
committer Nick Mathewson <nickm@torproject.org>
Thu, 26 Nov 2015 03:29:59 +0000 (22:29 -0500)
diff --git a/src/common/crypto.c b/src/common/crypto.c

index 9e27ad30c483e65147baf411c6f9f111554a7433..9669493a83e260d8ae33d89f000d51919e61e389 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2364,8 +2364,11 @@ crypto_seed_rng(void)
      return -1;
  }
  
-/** Write <b>n</b> bytes of strong random data to <b>to</b>. Return 0 on
- * success, -1 on failure, with support for mocking for unit tests.
+/** Write <b>n</b> bytes of strong random data to <b>to</b>. Supports mocking
+ * for unit tests.
+ *
+ * This function is not allowed to fail; if it would fail to generate strong
+ * entropy, it must terminate the process instead.
   */
  MOCK_IMPL(void,
  crypto_rand, (char *to, size_t n))
@@ -2373,8 +2376,11 @@ crypto_rand, (char *to, size_t n))
    crypto_rand_unmocked(to, n);
  }
  
-/** Write <b>n</b> bytes of strong random data to <b>to</b>. Return 0 on
- * success, -1 on failure.  Most callers will want crypto_rand instead.
+/** Write <b>n</b> bytes of strong random data to <b>to</b>.  Most callers
+ * will want crypto_rand instead.
+ *
+ * This function is not allowed to fail; if it would fail to generate strong
+ * entropy, it must terminate the process instead.
   */
  void
  crypto_rand_unmocked(char *to, size_t n)
author	Nick Mathewson <nickm@torproject.org>
	Wed, 25 Nov 2015 17:28:20 +0000 (12:28 -0500)
committer	Nick Mathewson <nickm@torproject.org>
	Thu, 26 Nov 2015 03:29:59 +0000 (22:29 -0500)