From: Antonio Quartulli <a@unstable.cc>
Date: Thu, 12 Aug 2021 08:53:00 +0000 (+0200)
Subject: mbedtls: do not define mbedtls_ctr_drbg_update_ret when not needed
X-Git-Tag: v2.6_beta1~449
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2b9bbaadf44d4978c07abfdb5cce147c71cd9e8d;p=thirdparty%2Fopenvpn.git

mbedtls: do not define mbedtls_ctr_drbg_update_ret when not needed

The mbedtls_ctr_drbg_update_ret() function was backported to various
older branches, including 2.14 and 2.7.
To avoid making the #if guard too complex, let's detect if this function
exist at configure time.
All versions not having this function, will use our compat code.

Cc: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Message-Id: <20210812085300.4738-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22734.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/configure.ac b/configure.ac
index 640ab6faa..aa632005b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -898,6 +898,12 @@ elif test "${with_crypto_library}" = "mbedtls"; then
 		[have_export_keying_material="no"]
 	)
 
+	AC_CHECK_FUNC(
+		[mbedtls_ctr_drbg_update_ret],
+		AC_DEFINE([HAVE_CTR_DRBG_UPDATE_RET], [1],
+			  [Use mbedtls_ctr_drbg_update_ret from mbed TLS]),
+	)
+
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
 	AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 1853335e6..cea88f41e 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -66,8 +66,11 @@
  * Compatibility: mbedtls_ctr_drbg_update was deprecated in mbedtls 2.16 and
  * replaced with mbedtls_ctr_drbg_update_ret, which returns an error code.
  * For older versions, we call mbedtls_ctr_drbg_update and return 0 (success).
+ *
+ * Note: this change was backported to other mbedTLS branches, therefore we
+ * rely on function detection at configure time.
  */
-#if MBEDTLS_VERSION_NUMBER < 0x02100000
+#ifndef HAVE_CTR_DRBG_UPDATE_RET
 static int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,
                                        const unsigned char *additional,
                                        size_t add_len)