mbedtls: do not define mbedtls_ctr_drbg_update_ret when not needed

The mbedtls_ctr_drbg_update_ret() function was backported to various
older branches, including 2.14 and 2.7.
To avoid making the #if guard too complex, let's detect if this function
exist at configure time.
All versions not having this function, will use our compat code.

Cc: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Message-Id: <20210812085300.4738-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22734.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

configure.ac

@@ -898,6 +898,12 @@ elif test "${with_crypto_library}" = "mbedtls"; then
 		[have_export_keying_material="no"]
 	)
 
+	AC_CHECK_FUNC(
+		[mbedtls_ctr_drbg_update_ret],
+		AC_DEFINE([HAVE_CTR_DRBG_UPDATE_RET], [1],
+			  [Use mbedtls_ctr_drbg_update_ret from mbed TLS]),
+	)
+
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
 	AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])

src/openvpn/ssl_mbedtls.c

@@ -66,8 +66,11 @@
  * Compatibility: mbedtls_ctr_drbg_update was deprecated in mbedtls 2.16 and
  * replaced with mbedtls_ctr_drbg_update_ret, which returns an error code.
  * For older versions, we call mbedtls_ctr_drbg_update and return 0 (success).
+ *
+ * Note: this change was backported to other mbedTLS branches, therefore we
+ * rely on function detection at configure time.
  */
-#if MBEDTLS_VERSION_NUMBER < 0x02100000
+#ifndef HAVE_CTR_DRBG_UPDATE_RET
 static int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,
                                        const unsigned char *additional,
                                        size_t add_len)