Message ID | 20210812075757.31759-1-a@unstable.cc |
---|---|
State | Superseded |
Headers | show |
Series | [Openvpn-devel] mbedtls: do not define mbedtls_ctr_drbg_update_ret for mbedtls <2.15 and >=2.14.1 | expand |
Hi, On 12/08/2021 09:57, Antonio Quartulli wrote: > The mbedtls_ctr_drbg_update_ret() function was backported to the 2.14 > branch of mbedtls since 2.14.1. For this reason, we must exclude the > definition of our compat function for mbedtls >=2.14.1 but <2.15 > > Cc: Max Fillinger <maximilian.fillinger@foxcrypto.com> > Signed-off-by: Antonio Quartulli <a@unstable.cc> > --- > > Successfully compiled tested on mbedTLS: > * 2.10.0 > * 2.14.1 > * 2.20.0 > * 2.26.0 compilation fails against 2.7.18 as this function was also backported in 2.7.8. Since we still want to support the 2.7 branch, as some distros are shipping this, we need to further extend the ifdef. v2 is coming. Cheers,
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 1853335e..a2ed59ac 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -66,8 +66,13 @@ * Compatibility: mbedtls_ctr_drbg_update was deprecated in mbedtls 2.16 and * replaced with mbedtls_ctr_drbg_update_ret, which returns an error code. * For older versions, we call mbedtls_ctr_drbg_update and return 0 (success). + * + * Note: mbedtls_ctr_drbg_update_ret was backported to the mbedtls 2.14 branch + * since 2.14.1. For this reason, the definition of this function has to be + * excluded for any mbedtls going from 2.14.1 (included) to 2.15 (excluded) */ -#if MBEDTLS_VERSION_NUMBER < 0x02100000 +#if MBEDTLS_VERSION_NUMBER < 0x02100000 && \ + !(MBEDTLS_VERSION_NUMBER > 0x020E0000 && MBEDTLS_VERSION_NUMBER < 0x020F0000) static int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
The mbedtls_ctr_drbg_update_ret() function was backported to the 2.14 branch of mbedtls since 2.14.1. For this reason, we must exclude the definition of our compat function for mbedtls >=2.14.1 but <2.15 Cc: Max Fillinger <maximilian.fillinger@foxcrypto.com> Signed-off-by: Antonio Quartulli <a@unstable.cc> --- Successfully compiled tested on mbedTLS: * 2.10.0 * 2.14.1 * 2.20.0 * 2.26.0 src/openvpn/ssl_mbedtls.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)