From: Arne Schwabe <arne@rfc2549.org>
Date: Tue, 25 Aug 2020 04:16:47 +0000 (+0200)
Subject: Fix compilation with older mbed TLS versions (mbedtls_tls_prf_types undefined)
X-Git-Tag: v2.6_beta1~714
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=136c5f015c3e7eceecc07a45655d5da5616e9131;p=thirdparty%2Fopenvpn.git

Fix compilation with older mbed TLS versions (mbedtls_tls_prf_types undefined)

The usage of the new keying material methods was not properly guarded.

To avoid a number of ifdefs this commit uses a dummy struct and function.
When we eventually drop support for non-EKM mbed TLS version we can remove
these.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200825041647.26235-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20812.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 4287b59e2..4ec355a90 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -253,6 +253,16 @@ key_state_export_keying_material(struct tls_session *session,
         return  NULL;
     }
 }
+#else
+unsigned char*
+key_state_export_keying_material(struct tls_session *session,
+                                 const char* label, size_t label_size,
+                                 size_t ekm_size,
+                                 struct gc_arena *gc)
+{
+    /* Dummy function to avoid ifdefs in the common code */
+    return NULL;
+}
 #endif /* HAVE_EXPORT_KEYING_MATERIAL */
 
 bool
diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h
index 17aae5516..ff64e17c0 100644
--- a/src/openvpn/ssl_mbedtls.h
+++ b/src/openvpn/ssl_mbedtls.h
@@ -82,6 +82,7 @@ struct external_context {
     void *sign_ctx;
 };
 
+#ifdef HAVE_EXPORT_KEYING_MATERIAL
 /** struct to cache TLS secrets for keying material exporter (RFC 5705).
  * The constants (64 and 48) are inherent to TLS version and
  * the whole keying material export will likely change when they change */
@@ -90,6 +91,9 @@ struct tls_key_cache {
     mbedtls_tls_prf_types tls_prf_type;
     unsigned char master_secret[48];
 };
+#else
+struct tls_key_cache { };
+#endif
 
 /**
  * Structure that wraps the TLS context. Contents differ depending on the
@@ -124,7 +128,6 @@ struct key_state_ssl {
     bio_ctx *bio_ctx;
 
     struct tls_key_cache tls_key_cache;
-
 };
 
 /**