mbedtls_ctr_drbg_update_ret: correct doc for input length limit

Unlike mbedtls_ctr_drbg_update, this function returns an error if the length limit is exceeded, rather than silently truncating the input.
2024-10-18 12:31:05 +00:00 · 2018-09-12 19:15:53 +02:00 · 2018-09-12 19:15:53 +02:00 · c4a8017e3e
parent 5da0505842
commit c4a8017e3e
1 changed files with 5 additions and 6 deletions
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@ -239,16 +239,15 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
 /**
 * \brief              This function updates the state of the CTR_DRBG context.
 *
- * \note               If \p add_len is greater than
- *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
- *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
- *                     The remaining Bytes are silently discarded.
- *
 * \param ctx          The CTR_DRBG context.
 * \param additional   The data to update the state with.
- * \param add_len      Length of \p additional data.
+ * \param add_len      Length of \p additional in bytes. This must be at
+ *                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
 *
 * \return             \c 0 on success.
+ * \return             #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
+ *                     \p add_len is more than
+ *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
 * \return             An error from the underlying AES cipher on failure.
 */
 int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,