Add deprecation warnings
At this point in time, Mbed Crypto has no known security issues. But
in the future, it will not be updated if security issues are discovered.
So add warnings about the migration to Mbed TLS, but don't break the build yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 31b4040..f9ba53f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -241,3 +241,10 @@
${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
endif()
endif()
+
+message(WARNING "\
+\n ****************************************************************\
+\n **** Mbed Crypto is no longer being updated. *******************\
+\n **** Please use Mbed TLS instead. See README.md. ***************\
+\n ****************************************************************\
+")
diff --git a/Makefile b/Makefile
index 4fd7f8e..c5b42a5 100644
--- a/Makefile
+++ b/Makefile
@@ -77,6 +77,10 @@
-scripts/config.py get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
echo '$(NULL_ENTROPY_WARNING)'
endif
+ -echo "****************************************************************"
+ -echo "**** Mbed Crypto is no longer being updated. *******************"
+ -echo "**** Please use Mbed TLS instead. See README.md. ***************"
+ -echo "****************************************************************"
clean:
$(MAKE) -C library clean
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index c3a3830..df35a16 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -30,6 +30,10 @@
#ifndef MBEDTLS_CHECK_CONFIG_H
#define MBEDTLS_CHECK_CONFIG_H
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Mbed Crypto is no longer being updated. Please use Mbed TLS instead. See README.md."
+#endif
+
/*
* We assume CHAR_BIT is 8 in many places. In practice, this is true on our
* target platforms, so not an issue, but let's just be extra sure.