Add a note about CTR_DRBG security strength to config.h

commit: f6c2061af2a13b1430daf132fe04e1e4af7b5b48 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Oct 03 14:21:39 2019 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Fri Oct 04 11:21:25 2019 +0200
tree: b9fb978d76babcab7f7865493826a5a5652a23dd
parent: 19892184567dd3ae908000220c68f6e29a613dee [diff]
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 085f40a..834cced 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -2158,6 +2158,10 @@
  * The CTR_DRBG generator uses AES-256 by default.
  * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
  *
+ * \note To achieve a 256-bit security strength with CTR_DRBG,
+ *       you must use AES-256 *and* use sufficient entropy.
+ *       See ctr_drbg.h for more details.
+ *
  * Module:  library/ctr_drbg.c
  * Caller:
  *
commit	f6c2061af2a13b1430daf132fe04e1e4af7b5b48	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Oct 03 14:21:39 2019 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Oct 04 11:21:25 2019 +0200
tree	b9fb978d76babcab7f7865493826a5a5652a23dd
parent	19892184567dd3ae908000220c68f6e29a613dee [diff]