From patchwork Wed Aug 11 22:53:00 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 1910
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director11.mail.ord1d.rsapps.net ([172.31.255.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id UI0xI8DhFGHIdgAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 12 Aug 2021 04:54:24 -0400
Received: from proxy18.mail.iad3b.rsapps.net ([172.31.255.6])
	by director11.mail.ord1d.rsapps.net with LMTP
	id UH/gIsDhFGEuPAAAvGGmqA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 12 Aug 2021 04:54:24 -0400
Received: from smtp18.gate.iad3b ([172.31.255.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy18.mail.iad3b.rsapps.net with LMTPS
	id YC+MG8DhFGFRPwAA3NpJmQ
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 12 Aug 2021 04:54:24 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp18.gate.iad3b.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Suspicious-Flag: YES
X-Classification-ID: e3a65966-fb4a-11eb-bb22-5254009ad1d4-1-1
Received: from [216.105.38.7] ([216.105.38.7:44686]
 helo=lists.sourceforge.net)
	by smtp18.gate.iad3b.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 6B/E6-09097-FB1E4116; Thu, 12 Aug 2021 04:54:23 -0400
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1mE6Sr-0002ON-S0; Thu, 12 Aug 2021 08:53:25 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3)
 (envelope-from <a@unstable.cc>) id 1mE6So-0002OE-VW
 for openvpn-devel@lists.sourceforge.net; Thu, 12 Aug 2021 08:53:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=oQvMX8wTgDaWILgwMVGUg1ClZqt1NxboqPQHr29yQbU=; b=bbwKOZmrV7Ia4Ognuu9gbmbK20
 W84zrKWW0sl0K09FfzdDq+rfsBXJ/0IBSiCgLq76ufXFb/0nVE2ZZuxkn8tDyMOJTVM9AHI5pPLAq
 dSkTc4H7u6105X3dQRSeTCBuVVplh5oV2vc5Q9Y1xwZG8ib82hQWKHOu2MKi6rYsoR1Q=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=oQvMX8wTgDaWILgwMVGUg1ClZqt1NxboqPQHr29yQbU=; b=aoxtyzOUJV4p6YBWTy1maQgdWn
 Oxdk7sAgMl1zSymqQzizxFKbZJ/dUE+h/JP6OzgpNoweeuGt6wWrcTBveK8ervEnpZhUw7i7fxxRJ
 FMi4Qni7qA+YFEPV+Nazpk7DiSJyPd7hHq5uf/KdKBSmTUbT0hh1qkZ+4ed0qC4XJ8VY=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3)
 id 1mE6Si-003uhm-Lp
 for openvpn-devel@lists.sourceforge.net; Thu, 12 Aug 2021 08:53:22 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Thu, 12 Aug 2021 10:53:00 +0200
Message-Id: <20210812085300.4738-1-a@unstable.cc>
In-Reply-To: <20210812075757.31759-1-a@unstable.cc>
References: <20210812075757.31759-1-a@unstable.cc>
MIME-Version: 1.0
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
 See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: configure.ac]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1mE6Si-003uhm-Lp
Subject: [Openvpn-devel] [PATCH v2] mbedtls: do not define
 mbedtls_ctr_drbg_update_ret when not needed
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

The mbedtls_ctr_drbg_update_ret() function was backported to various
older branches, including 2.14 and 2.7.
To aqvoid making the if guard too complex, let's detect if this function
exist at configure time.
All versions not having this function, will use our compat code.

Cc: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
---

Compile tests:
* Testing mbedtls-2.7.19...
* mbedtls-2.7.19 OK
* Testing mbedtls-2.10.0...
* mbedtls-2.10.0 OK
* Testing mbedtls-2.14.1...
* mbedtls-2.14.1 OK
* Testing mbedtls-2.16.11...
* mbedtls-2.16.11 OK
* Testing mbedtls-2.20.0...
* mbedtls-2.20.0 OK
* Testing mbedtls-2.26.0...
* mbedtls-2.26.0 OK
* Testing mbedtls-2.27.0...
* mbedtls-2.27.0 OK

 configure.ac              | 6 ++++++
 src/openvpn/ssl_mbedtls.c | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 56b536dc..5d378962 100644
--- a/configure.ac
+++ b/configure.ac
@@ -891,6 +891,12 @@ elif test "${with_crypto_library}" = "mbedtls"; then
 		[have_export_keying_material="no"]
 	)
 
+	AC_CHECK_FUNC(
+		[mbedtls_ctr_drbg_update_ret],
+		AC_DEFINE([HAVE_CTR_DRBG_UPDATE_RET], [1],
+			  [Use mbedtls_ctr_drbg_update_ret from mbed TLS]),
+	)
+
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
 	AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 1853335e..cea88f41 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -66,8 +66,11 @@
  * Compatibility: mbedtls_ctr_drbg_update was deprecated in mbedtls 2.16 and
  * replaced with mbedtls_ctr_drbg_update_ret, which returns an error code.
  * For older versions, we call mbedtls_ctr_drbg_update and return 0 (success).
+ *
+ * Note: this change was backported to other mbedTLS branches, therefore we
+ * rely on function detection at configure time.
  */
-#if MBEDTLS_VERSION_NUMBER < 0x02100000
+#ifndef HAVE_CTR_DRBG_UPDATE_RET
 static int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,
                                        const unsigned char *additional,
                                        size_t add_len)