From f948e2fa52397c90c52dc1706b63df08aab6f0c8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2024 14:54:04 +0200 Subject: [PATCH] Warn if mbedtls_config.h is included manually Some projects using Mbed TLS have migrated their configuration file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS 2.x, and kept including check_config.h. This is unnecessary since Mbed TLS 3.0, and increasingly in 3.x it may report spurious errors because the configuration adjustments have not been done yet. Signed-off-by: Gilles Peskine --- include/mbedtls/check_config.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 9c33faeb9a..67a05f83b8 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -19,6 +19,13 @@ #define MBEDTLS_CHECK_CONFIG_H /* *INDENT-OFF* */ + +#if !defined(MBEDTLS_CONFIG_IS_FINALIZED) +#warning "Do not include mbedtls/check_config.h manually! " \ + "This may cause spurious errors. " \ + "It is included automatically at the right point since Mbed TLS 3.0." +#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */ + /* * We assume CHAR_BIT is 8 in many places. In practice, this is true on our * target platforms, so not an issue, but let's just be extra sure.