diff --git a/drbg/common_test.go b/drbg/common_test.go
index 548efd0..688e2d4 100644
--- a/drbg/common_test.go
+++ b/drbg/common_test.go
@@ -69,3 +69,14 @@ func TestNistHashDrbgPrng(t *testing.T) {
 		t.Errorf("not got enough random bytes")
 	}
 }
+
+func TestGMSecurityStrengthValidation(t *testing.T) {
+	_, err := NewGmHashDrbgPrng(nil, 24, SECURITY_LEVEL_TEST, nil)
+	if err == nil {
+		t.Fatalf("expected error here")
+	}
+	_, err = NewGmCtrDrbgPrng(nil, 24, SECURITY_LEVEL_TEST, nil)
+	if err == nil {
+		t.Fatalf("expected error here")
+	}
+}
diff --git a/drbg/ctr_drbg.go b/drbg/ctr_drbg.go
index 81c8255..c4254e8 100644
--- a/drbg/ctr_drbg.go
+++ b/drbg/ctr_drbg.go
@@ -30,7 +30,7 @@ func NewCtrDrbg(cipherProvider func(key []byte) (cipher.Block, error), keyLen in
 	}
 
 	// here for the min length, we just check <=0 now
-	if len(nonce) == 0 || (hd.gm && len(entropy) < 16) || len(nonce) >= MAX_BYTES>>1 {
+	if len(nonce) == 0 || (hd.gm && len(nonce) < 16) || len(nonce) >= MAX_BYTES>>1 {
 		return nil, errors.New("invalid nonce length")
 	}
 
diff --git a/drbg/ctr_drbg_test.go b/drbg/ctr_drbg_test.go
index aa85d6b..de268d3 100644
--- a/drbg/ctr_drbg_test.go
+++ b/drbg/ctr_drbg_test.go
@@ -283,3 +283,23 @@ func TestCtrDRBG(t *testing.T) {
 		}
 	}
 }
+
+func TestGmCtrDRBG_Validation(t *testing.T) {
+	entropyInput := make([]byte, 64)
+	_, err := NewCtrDrbg(sm4.NewCipher, 16, SECURITY_LEVEL_ONE, true, entropyInput[:16], entropyInput[16:24], nil)
+	if err == nil {
+		t.Fatalf("expected error here")
+	}
+	_, err = NewCtrDrbg(sm4.NewCipher, 16, SECURITY_LEVEL_ONE, true, entropyInput[:32], entropyInput[32:40], nil)
+	if err == nil {
+		t.Fatalf("expected error here")
+	}
+	hd, err := NewCtrDrbg(sm4.NewCipher, 16, SECURITY_LEVEL_ONE, true, entropyInput[:32], entropyInput[32:48], nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = hd.Reseed(entropyInput[:16], nil)
+	if err == nil {
+		t.Fatalf("expected error here")
+	}
+}
diff --git a/drbg/hash_drbg.go b/drbg/hash_drbg.go
index adb23dd..dd17893 100644
--- a/drbg/hash_drbg.go
+++ b/drbg/hash_drbg.go
@@ -32,7 +32,7 @@ func NewHashDrbg(md hash.Hash, securityLevel SecurityLevel, gm bool, entropy, no
 	}
 
 	// here for the min length, we just check <=0 now
-	if len(nonce) == 0 || (hd.gm && len(entropy) < hd.md.Size()/2) || len(nonce) >= MAX_BYTES>>1 {
+	if len(nonce) == 0 || (hd.gm && len(nonce) < hd.md.Size()/2) || len(nonce) >= MAX_BYTES>>1 {
 		return nil, errors.New("invalid nonce length")
 	}
 
diff --git a/drbg/hash_drbg_test.go b/drbg/hash_drbg_test.go
index c2107b9..684ba4a 100644
--- a/drbg/hash_drbg_test.go
+++ b/drbg/hash_drbg_test.go
@@ -229,3 +229,23 @@ func TestHashDRBG(t *testing.T) {
 		}
 	}
 }
+
+func TestGmHashDRBG_Validation(t *testing.T) {
+	entropyInput := make([]byte, 64)
+	_, err := NewHashDrbg(sm3.New(), SECURITY_LEVEL_ONE, true, entropyInput[:16], entropyInput[16:24], nil)
+	if err == nil {
+		t.Fatalf("expected error here")
+	}
+	_, err = NewHashDrbg(sm3.New(), SECURITY_LEVEL_ONE, true, entropyInput[:32], entropyInput[32:40], nil)
+	if err == nil {
+		t.Fatalf("expected error here")
+	}
+	hd, err := NewHashDrbg(sm3.New(), SECURITY_LEVEL_ONE, true, entropyInput[:32], entropyInput[32:48], nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = hd.Reseed(entropyInput[:16], nil)
+	if err == nil {
+		t.Fatalf("expected error here")
+	}
+}