HMAC_DRBG: note that the initial seeding grabs entropy for the nonce

2026-04-05 06:26:52 +00:00 · 2019-10-01 18:41:12 +02:00 · 2019-10-01 18:41:12 +02:00 · 5d9fd07938
commit 5d9fd07938
parent 217b8159da
1 changed files with 3 additions and 0 deletions
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@ -224,6 +224,9 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx
 * \brief               This function sets the amount of entropy grabbed on each
 *                      seed or reseed.
 *
+ * During the initial seeding, mbedtls_hmac_drbg_seed() additionally grabs
+ * half this amount to create the nonce.
+ *
 * The default value is given by the security strength, which depends on the
 * hash used. See the documentation of mbedtls_hmac_drbg_seed() for details.
 *