rand: update comment on Curl_rand_bytes weak random

From what I understand both rustls and mbedTLS expose a strong random
function, so as long as you have a TLS library random will be strong.

Followup 89728451234a "vtls/rustls: support strong CSRNG data"
Followup a90a5bccd47b "mbedtls: implement CTR-DRBG and HAVEGE random generators"

Closes #16965

diff --git a/lib/rand.c b/lib/rand.c
index 8d55e260a4bed6672f5ab72f343db87c7adf561e..bf81af0948ec3f0e7464c115aaac9c024cb7ff9c 100644 (file)
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -191,12 +191,11 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd,
  * Curl_rand() stores 'num' number of random unsigned characters in the buffer
  * 'rnd' points to.
  *
- * If libcurl is built without TLS support or with a TLS backend that lacks a
- * proper random API (Rustls or mbedTLS), this function will use "weak"
- * random.
+ * If libcurl is built without TLS support or arc4random, this function will
+ * use "weak" random.
  *
- * When built *with* TLS support and a backend that offers strong random, it
- * will return error if it cannot provide strong random values.
+ * When built *with* TLS support, it will return error if it cannot provide
+ * strong random values.
  *
  * NOTE: 'data' may be passed in as NULL when coming from external API without
  * easy handle!