diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index d383168d2..5c5509c79 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -1108,16 +1108,13 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function (for signature, see note) + * \param f_rng RNG function. This must not be \c NULL. * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code * - * \note f_rng may be NULL if RSA is used for signature and the - * signature is made offline (otherwise f_rng is desirable - * for countermeasures against timing attacks). - * ECDSA signatures always require a non-NULL f_rng. + * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), @@ -1130,15 +1127,12 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function (for signature, see note) + * \param f_rng RNG function. This must not be \c NULL. * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note f_rng may be NULL if RSA is used for signature and the - * signature is made offline (otherwise f_rng is desirable - * for countermeasures against timing attacks). - * ECDSA signatures always require a non-NULL f_rng. + * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 0a069df93..a0f1278e2 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -264,16 +264,13 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ); * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function (for signature, see note) + * \param f_rng RNG function. This must not be \c NULL. * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code * - * \note f_rng may be NULL if RSA is used for signature and the - * signature is made offline (otherwise f_rng is desirable - * for countermeasures against timing attacks). - * ECDSA signatures always require a non-NULL f_rng. + * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), @@ -287,15 +284,12 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function (for signature, see note) + * \param f_rng RNG function. This must not be \c NULL. * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note f_rng may be NULL if RSA is used for signature and the - * signature is made offline (otherwise f_rng is desirable - * for countermeasures against timing attacks). - * ECDSA signatures always require a non-NULL f_rng. + * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t),