Am 02.04.21 um 15:26 schrieb Max Fillinger:
> From: Uipko Berghuis <uipko.bergh...@fox-it.com>
>
> In mbedtls 2.16.0 mbedtls_ctr_drbg_update() changed to
> mbedtls_ctr_drbg_update_ret(). Change the function name and handle
> the new return value error code.
> ---
> src/openvpn/ssl_mbedtls.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
> index 5d7af351..56e9f045 100644
> --- a/src/openvpn/ssl_mbedtls.c
> +++ b/src/openvpn/ssl_mbedtls.c
> @@ -950,7 +950,10 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx)
>
> if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
> {
> - mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);
> + if (!mbed_ok(mbedtls_ctr_drbg_update_ret(cd_ctx, sha256_hash,
> 32)))
> + {
> + msg(M_WARN, "WARNING: failed to personalise random, could
> not update CTR_DRBG");
> + }
> memcpy(old_sha256_hash, sha256_hash, sizeof(old_sha256_hash));
> }
> }
>
This change will break compilation with anything that is < 2.16.0.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
