Adds a check and warning for the null entropy option

If the option MBEDTLS_TEST_NULL_ENTROPY is enabled, the cmake generated makefile will generate an error unless a UNSAFE_BUILD switch is also enabled. Equally, a similar warning will always be generated if the Makefile is built, and another warning is generated on every compilation of entropy.c. This is to ensure the user is aware of what they're doing when they enable the null entropy option.
2025-12-21 21:36:21 +01:00 · 2016-06-21 10:14:00 +01:00 · 2016-06-21 10:14:00 +01:00 · 1ceab6e43a
commit 1ceab6e43a
parent 4ae869139a
3 changed files with 48 additions and 4 deletions
--- a/16
+++ b/16
@ -6,7 +6,7 @@ PREFIX=mbedtls_

 .PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean

-all: programs tests
+all: programs tests post_build

 no_test: programs

@ -53,6 +53,20 @@ uninstall:
 	done
 endif

+WARNING_BORDER      =*******************************************************\n
+NULL_ENTROPY_WARN_L1=****  WARNING!  MBEDTLS_TEST_NULL_ENTROPY defined! ****\n
+NULL_ENTROPY_WARN_L2=****  THIS BUILD HAS NO DEFINED ENTROPY SOURCES    ****\n
+NULL_ENTROPY_WARN_L3=****  AND IS *NOT* SUITABLE FOR PRODUCTION USE     ****\n
+
+NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER)
+
+# Post build steps
+post_build:
+	# If NULL Entropy is configured, display an appropriate warning
+	-scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
+	    echo '$(NULL_ENTROPY_WARNING)'
+
+
 clean:
 	$(MAKE) -C library clean
 	$(MAKE) -C programs clean