From 33701a62b2446f3959c64de63ed1c5f24f2ae646 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 13 Apr 2021 21:28:38 +0200
Subject: [PATCH] mbedtls_mpi_random: document MBEDTLS_ERR_MPI_NOT_ACCEPTABLE

Note that this error has a negligible probability with a "crypto-sized"
bound, but macroscopic probability with a small bound.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/bignum.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 5c9250397e..f08703582d 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -896,6 +896,11 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
  *                 or if they are incompatible.
+ * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
+ *                 unable to find a suitable value within a limited number
+ *                 of attempts. This has a negligible probability if \p N
+ *                 is significantly larger than \p min, which is the case
+ *                 for all usual cryptographic applications.
  * \return         Another negative error code on failure.
  */
 int mbedtls_mpi_random( mbedtls_mpi *X,