From a988a2702ab402e119502f9759347b12d91c0ee4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 7 Sep 2017 11:32:04 +0100
Subject: [PATCH] Emit deprecation warning if MBEDTLS_RSA_FORCE_BLINDING is not
 set

---
 library/rsa.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/rsa.c b/library/rsa.c
index 680df0d8e..88257aa57 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -66,6 +66,13 @@
 #define mbedtls_free   free
 #endif
 
+#if !defined(MBEDTLS_RSA_FORCE_BLINDING) && \
+     defined(MBEDTLS_DEPRECATED_WARNING)
+#warning Not enforcing blinding checks for RSA private key operations\
+    is deprecated. Please uncomment MBEDTLS_RSA_FORCE_BLINDING\
+    in config.h to enforce blinding checks.
+#endif
+
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
     volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;