From ee966c4ae4afea6ce1e5b107001d1205cad7acae Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 13 Apr 2021 19:59:21 +0200
Subject: [PATCH] Contextualize comment about mbedtls_mpi_random retries

This comment is no longer in the specific context of generating a
random point on an elliptic curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/bignum.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/library/bignum.c b/library/bignum.c
index 25fb9ae54e..b504752e65 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2498,9 +2498,11 @@ int mbedtls_mpi_random( mbedtls_mpi *X,
          * a probability 1/2 of being 0, and then the result will be < N),
          * so after 30 tries failure probability is a most 2**(-30).
          *
-         * For most curves, 1 try is enough with overwhelming probability,
-         * since N starts with a lot of 1s in binary, but some curves
-         * such as secp224k1 are actually very close to the worst case.
+         * When N is just below a power of 2, as is the case when generating
+         * a random point on most elliptic curves, 1 try is enough with
+         * overwhelming probability. When N is just above a power of 2,
+         * as when generating a random point on secp224k1, each try has
+         * a probability of failing that is almost 1/2.
          */
         if( ++count > 30 )
         {