cannot make openvpn 2.3.2 with polarssl 1.3.1

[klook]

Hi,
i was trying to compile openvpn 2.3.2 with polarssl 1.3.1 library and make fails in this way:

gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat -g -O2 -MT crypto_polarssl.o -MD -MP -MF .deps/crypto_polarssl.Tpo -c -o crypto_polarssl.o crypto_polarssl.c
crypto_polarssl.c: In function ‘cipher_ctx_reset’:
crypto_polarssl.c:469:3: error: too many arguments to function ‘cipher_reset’
return 0 == cipher_reset(ctx, iv_buf);

^{In file included from crypto_polarssl.h:33:0,
from crypto_backend.h:37,
from crypto_polarssl.c:44:
/usr/local/include/polarssl/cipher.h:510:5: note: declared here
int cipher_reset( cipher_context_t *ctx );}

make[3]: * [crypto_polarssl.o] Erreur 1

It seems that cipher_reset() method has been modified in polarssl 1.3 (2nd argument iv_buf has been removed).

Does someone already encountered this issue?
Is there a known temporary fix?

Regards
klook

[JoshC]

After some discussion with the upstream policy on point-releases, the PolarSSL is not stable between various point-release versions. This means you must use a 1.2 release, and 1.2.10 is the only proper choice at present (<1.2.9 has a CVE out, and 1.2.10 fixes a memory leak in 1.2.9.)

If you have other applications that need a 1.3 API version, you'll need to install both SO versions side-by-side. If it's just OpenVPN you're building, keep PolarSSL at 1.2 for now.

We'll be updating autoconf shortly to explicitly fail the configure script when the required PolarSSL version is unavailable.

[Gert Döring]

Syzzer mentioned that he has a prototype for OpenVPN with PolarSSL 1.3 and EC support... so "something will be coming".

But for now, stay at 1.2.10

[Steffan Karger]

PolarSSL 1.3 support has been merged into the master branch (OpenVPN 2.4+), see ​https://github.com/OpenVPN/openvpn/commit/03df3a990f71b3d02653eba364ac89f8400611c3.