In the ctr_drbg.h discussion of mbedtls_ctr_drbg_seed() it says that MBEDTLS_CTR_DRBG_ENTROPY_LEN must be at least 1.5 x the key size to achieve security strength equivalent to key size.
However, in discussion of mbedtls_ctr_drbg_set_entropy_len() it says:
When using AES-128
(\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
\p len must be at least 16 (in bytes)
to achieve a 128-bit strength.
In my reading of NIST SP800-90Ar1, it seems like the second statement is correct. Where does the 1.5x come from? I wonder, does it only apply to 256-bit key, i.e., where the blocksize < keysize?