From patchwork Wed Aug 11 22:53:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1910 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id UI0xI8DhFGHIdgAAIUCqbw (envelope-from ) for ; Thu, 12 Aug 2021 04:54:24 -0400 Received: from proxy18.mail.iad3b.rsapps.net ([172.31.255.6]) by director11.mail.ord1d.rsapps.net with LMTP id UH/gIsDhFGEuPAAAvGGmqA (envelope-from ) for ; Thu, 12 Aug 2021 04:54:24 -0400 Received: from smtp18.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.iad3b.rsapps.net with LMTPS id YC+MG8DhFGFRPwAA3NpJmQ (envelope-from ) for ; Thu, 12 Aug 2021 04:54:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: e3a65966-fb4a-11eb-bb22-5254009ad1d4-1-1 Received: from [216.105.38.7] ([216.105.38.7:44686] helo=lists.sourceforge.net) by smtp18.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6B/E6-09097-FB1E4116; Thu, 12 Aug 2021 04:54:23 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mE6Sr-0002ON-S0; Thu, 12 Aug 2021 08:53:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mE6So-0002OE-VW for openvpn-devel@lists.sourceforge.net; Thu, 12 Aug 2021 08:53:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=oQvMX8wTgDaWILgwMVGUg1ClZqt1NxboqPQHr29yQbU=; b=bbwKOZmrV7Ia4Ognuu9gbmbK20 W84zrKWW0sl0K09FfzdDq+rfsBXJ/0IBSiCgLq76ufXFb/0nVE2ZZuxkn8tDyMOJTVM9AHI5pPLAq dSkTc4H7u6105X3dQRSeTCBuVVplh5oV2vc5Q9Y1xwZG8ib82hQWKHOu2MKi6rYsoR1Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oQvMX8wTgDaWILgwMVGUg1ClZqt1NxboqPQHr29yQbU=; b=aoxtyzOUJV4p6YBWTy1maQgdWn Oxdk7sAgMl1zSymqQzizxFKbZJ/dUE+h/JP6OzgpNoweeuGt6wWrcTBveK8ervEnpZhUw7i7fxxRJ FMi4Qni7qA+YFEPV+Nazpk7DiSJyPd7hHq5uf/KdKBSmTUbT0hh1qkZ+4ed0qC4XJ8VY=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mE6Si-003uhm-Lp for openvpn-devel@lists.sourceforge.net; Thu, 12 Aug 2021 08:53:22 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Thu, 12 Aug 2021 10:53:00 +0200 Message-Id: <20210812085300.4738-1-a@unstable.cc> In-Reply-To: <20210812075757.31759-1-a@unstable.cc> References: <20210812075757.31759-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: configure.ac] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1mE6Si-003uhm-Lp Subject: [Openvpn-devel] [PATCH v2] mbedtls: do not define mbedtls_ctr_drbg_update_ret when not needed X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The mbedtls_ctr_drbg_update_ret() function was backported to various older branches, including 2.14 and 2.7. To aqvoid making the if guard too complex, let's detect if this function exist at configure time. All versions not having this function, will use our compat code. Cc: Max Fillinger Signed-off-by: Antonio Quartulli Acked-by: Max Fillinger --- Compile tests: * Testing mbedtls-2.7.19... * mbedtls-2.7.19 OK * Testing mbedtls-2.10.0... * mbedtls-2.10.0 OK * Testing mbedtls-2.14.1... * mbedtls-2.14.1 OK * Testing mbedtls-2.16.11... * mbedtls-2.16.11 OK * Testing mbedtls-2.20.0... * mbedtls-2.20.0 OK * Testing mbedtls-2.26.0... * mbedtls-2.26.0 OK * Testing mbedtls-2.27.0... * mbedtls-2.27.0 OK configure.ac | 6 ++++++ src/openvpn/ssl_mbedtls.c | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 56b536dc..5d378962 100644 --- a/configure.ac +++ b/configure.ac @@ -891,6 +891,12 @@ elif test "${with_crypto_library}" = "mbedtls"; then [have_export_keying_material="no"] ) + AC_CHECK_FUNC( + [mbedtls_ctr_drbg_update_ret], + AC_DEFINE([HAVE_CTR_DRBG_UPDATE_RET], [1], + [Use mbedtls_ctr_drbg_update_ret from mbed TLS]), + ) + CFLAGS="${saved_CFLAGS}" LIBS="${saved_LIBS}" AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library]) diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 1853335e..cea88f41 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -66,8 +66,11 @@ * Compatibility: mbedtls_ctr_drbg_update was deprecated in mbedtls 2.16 and * replaced with mbedtls_ctr_drbg_update_ret, which returns an error code. * For older versions, we call mbedtls_ctr_drbg_update and return 0 (success). + * + * Note: this change was backported to other mbedTLS branches, therefore we + * rely on function detection at configure time. */ -#if MBEDTLS_VERSION_NUMBER < 0x02100000 +#ifndef HAVE_CTR_DRBG_UPDATE_RET static int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)