mbedtls_config.h: add description for CTR_DRBG about AES-128 only Signed-off-by: Yanray Wang <yanray.wang@arm.com>

commit: 55ef22c2cb1bc16113da98eb9b2f924a6a3e91cb [log] [tgz]
author: Yanray Wang <yanray.wang@arm.com> Thu Jun 15 09:57:06 2023 +0800
committer: Yanray Wang <yanray.wang@arm.com> Thu Jun 15 10:05:27 2023 +0800
tree: c21ab7b61cbb9593c4b410513a794652c2b7b1ba
parent: 4292441a42bc24ee8198667571232348790db6d6 [diff] [blame]
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 09ca072..c9955d1 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -655,7 +655,8 @@
 /** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
  *
  * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
- * By default, CTR_DRBG uses a 256-bit key.
+ * Without this, CTR_DRBG uses a 256-bit key
+ * unless \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
  */
 //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
 
@@ -2428,6 +2429,8 @@
  * The CTR_DRBG generator uses AES-256 by default.
  * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
  *
+ * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
+ *
  * \note To achieve a 256-bit security strength with CTR_DRBG,
  *       you must use AES-256 *and* use sufficient entropy.
  *       See ctr_drbg.h for more details.
commit	55ef22c2cb1bc16113da98eb9b2f924a6a3e91cb	[log] [tgz]
author	Yanray Wang <yanray.wang@arm.com>	Thu Jun 15 09:57:06 2023 +0800
committer	Yanray Wang <yanray.wang@arm.com>	Thu Jun 15 10:05:27 2023 +0800
tree	c21ab7b61cbb9593c4b410513a794652c2b7b1ba
parent	4292441a42bc24ee8198667571232348790db6d6 [diff] [blame]