diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 6e70e5c54..e2a1105dc 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -65,6 +65,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
  * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
  * in Algebraic Computational Number Theory", algorithm 1.5.1).
  * 'p' must be prime!
+ * If 'a' is not a square, this is not necessarily detected by
+ * the algorithms; a bogus result must be expected in this case.
  */
 	{
 	BIGNUM *ret = in;