From 56f628ca26206b8901ba0ead3599046c22e0e3d1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 1 Oct 2019 18:41:12 +0200 Subject: [PATCH] HMAC_DRBG: note that the initial seeding grabs entropy for the nonce --- include/mbedtls/hmac_drbg.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 88bfbba1a..8b4be8756 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -224,6 +224,9 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx * \brief This function sets the amount of entropy grabbed on each * seed or reseed. * + * During the initial seeding, mbedtls_hmac_drbg_seed() additionally grabs + * half this amount to create the nonce. + * * The default value is given by the security strength, which depends on the * hash used. See the documentation of mbedtls_hmac_drbg_seed() for details. *