compile time warning of 128bit ctr_drbg keys and standardized warnings
a compile time print was added warning in case of 128bit ctr_drbg keys.
This was don't to avoid an actual warning in these cases
(making build with warnings as errors possible).
Additional warnings on the Changelog/headers were set to use the same phrasing
phrasing was approved by Gilles and Janos.
diff --git a/Makefile b/Makefile
index 78c1acb..f4c0a00 100644
--- a/Makefile
+++ b/Makefile
@@ -61,9 +61,21 @@
NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER)
+WARNING_BORDER_LONG =**********************************************************************************\n
+CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n
+CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n
+CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n
+
+CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG)
+
# Post build steps
post_build:
ifndef WINDOWS
+
+ # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
+ -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
+ echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
+
# If NULL Entropy is configured, display an appropriate warning
-scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
echo '$(NULL_ENTROPY_WARNING)'