> Am 02.04.21 um 15:26 schrieb Max Fillinger: > > From: Uipko Berghuis <uipko.bergh...@fox-it.com> > > > > In mbedtls 2.16.0 mbedtls_ctr_drbg_update() changed to > > mbedtls_ctr_drbg_update_ret(). Change the function name and handle the > > new return value error code. > > --- > > src/openvpn/ssl_mbedtls.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c > > index 5d7af351..56e9f045 100644 > > --- a/src/openvpn/ssl_mbedtls.c > > +++ b/src/openvpn/ssl_mbedtls.c > > @@ -950,7 +950,10 @@ tls_ctx_personalise_random(struct tls_root_ctx > > *ctx) > > > > if (0 != memcmp(old_sha256_hash, sha256_hash, > sizeof(sha256_hash))) > > { > > - mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32); > > + if (!mbed_ok(mbedtls_ctr_drbg_update_ret(cd_ctx, > sha256_hash, 32))) > > + { > > + msg(M_WARN, "WARNING: failed to personalise random, > could not update CTR_DRBG"); > > + } > > memcpy(old_sha256_hash, sha256_hash, > sizeof(old_sha256_hash)); > > } > > } > > > > This change will break compilation with anything that is < 2.16.0.
This function is deprecated in 2.16. I don't mind keeping this change to OpenVPN-NL for now, but for future reference, what's the best solution when a new version of mbedtls removes the function? _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel