> Am 02.04.21 um 15:26 schrieb Max Fillinger:
> > From: Uipko Berghuis <uipko.bergh...@fox-it.com>
> >
> > In mbedtls 2.16.0 mbedtls_ctr_drbg_update() changed to
> > mbedtls_ctr_drbg_update_ret(). Change the function name and handle the
> > new return value error code.
> > ---
> > src/openvpn/ssl_mbedtls.c | 5 ++++-
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
> > index 5d7af351..56e9f045 100644
> > --- a/src/openvpn/ssl_mbedtls.c
> > +++ b/src/openvpn/ssl_mbedtls.c
> > @@ -950,7 +950,10 @@ tls_ctx_personalise_random(struct tls_root_ctx
> > *ctx)
> >
> > if (0 != memcmp(old_sha256_hash, sha256_hash,
> sizeof(sha256_hash)))
> > {
> > - mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);
> > + if (!mbed_ok(mbedtls_ctr_drbg_update_ret(cd_ctx,
> sha256_hash, 32)))
> > + {
> > + msg(M_WARN, "WARNING: failed to personalise random,
> could not update CTR_DRBG");
> > + }
> > memcpy(old_sha256_hash, sha256_hash,
> sizeof(old_sha256_hash));
> > }
> > }
> >
>
> This change will break compilation with anything that is < 2.16.0.
This function is deprecated in 2.16. I don't mind keeping this change to
OpenVPN-NL for now, but for future reference, what's the best solution
when a new version of mbedtls removes the function?
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
