diff --git a/features/mbedtls/importer/adjust-config.sh b/features/mbedtls/importer/adjust-config.sh index 5e1039aa19..dc9478bd68 100755 --- a/features/mbedtls/importer/adjust-config.sh +++ b/features/mbedtls/importer/adjust-config.sh @@ -55,10 +55,21 @@ add_code "\n" \ "#else\n" -add_code \ - "#include \"check_config.h\"\n" \ - "\n" \ - "#endif \/* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY *\/" +add_code \ + "#include \"check_config.h\"\n" \ + "\n" \ + "#endif \/* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY *\/\n" \ + "\n" \ + "#if defined(MBEDTLS_TEST_NULL_ENTROPY)\n" \ + "#warning \"MBEDTLS_TEST_NULL_ENTROPY has been enabled. This \" \\\\\n" \ + " \"configuration is not secure and is not suitable for production use\"\n" \ + "#endif\n" \ + "\n" \ + "#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \\\\\n" \ + " !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)\n" \ + "#error \"No entropy source was found at build time, so TLS \" \\\\\n" \ + " \"functionality is not available\"\n" \ + "#endif\n" # not supported on mbed OS, nor used by mbed Client conf unset MBEDTLS_NET_C diff --git a/features/mbedtls/inc/mbedtls/config.h b/features/mbedtls/inc/mbedtls/config.h index 40fcf85b94..790e5e344b 100644 --- a/features/mbedtls/inc/mbedtls/config.h +++ b/features/mbedtls/inc/mbedtls/config.h @@ -2613,4 +2613,16 @@ #include "check_config.h" #endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY */ + +#if defined(MBEDTLS_TEST_NULL_ENTROPY) +#warning "MBEDTLS_TEST_NULL_ENTROPY has been enabled. This " \ + "configuration is not secure and is not suitable for production use" +#endif + +#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \ + !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +#error "No entropy source was found at build time, so TLS " \ + "functionality is not available" +#endif + #endif /* MBEDTLS_CONFIG_H */