Issue #12049: Document errors cases of ssl.RAND_bytes() and
ssl.RAND_pseudo_bytes(). Add also links to RAND_status and RAND_add.
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 295d007..ca71d20 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -164,10 +164,14 @@
.. function:: RAND_bytes(num)
- Returns *num* cryptographically strong pseudo-random bytes.
+ Returns *num* cryptographically strong pseudo-random bytes. Raises an
+ :class:`SSLError` if the PRNG has not been seeded with enough data or if the
+ operation is not supported by the current RAND method. :func:`RAND_status`
+ can be used to check the status of the PRNG and :func:`RAND_add` can be used
+ to seed the PRNG.
Read the Wikipedia article, `Cryptographically secure pseudorandom number
- generator
+ generator (CSPRNG)
<http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator>`_,
to get the requirements of a cryptographically generator.
@@ -177,7 +181,8 @@
Returns (bytes, is_cryptographic): bytes are *num* pseudo-random bytes,
is_cryptographic is True if the bytes generated are cryptographically
- strong.
+ strong. Raises an :class:`SSLError` if the operation is not supported by the
+ current RAND method.
Generated pseudo-random byte sequences will be unique if they are of
sufficient length, but are not necessarily unpredictable. They can be used