> It used to be possible to build with --disable-nts when a sufficiently > new OpenSSL wasn't available, but commit 7c8b5fe20 broke that. I'm not > sure why cryptographic functions are needed at all with --disable-nts, > but even if they are, the compatibility definitions could have been in a > single header instead of replicated all over the place.
7c8b5fe20 was just cleaning up some thought to be no longer needed cruft. >From the man page: The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively. What system do you have that is now causing troubles? Do we want to be supporting systems that old and/or does anybody running stuff that old want to run our code? OpenSSL 1.x.x is no longer freely supported. https://endoflife.date/openssl Do we have an official support policy? I'm expecting something like "runs on supported versions of most Unix like OSes with ntp_adjtime". Should we add "using supported versions of OpenSSL"? We need crypto for hashing IPv6 addresses, shared key authentication, the cookies that mode6 uses, and checking the leapsecond file. There was some maybe related discussion a while ago for FIPS mode. It would be not-too-hard to recover the old stand-alone MD5 code. I think that covers the IPv6, cookie, and leapsecond usage. We would have to add an ifdef to skip the shared key code which might be useful anyway. The cleanest fix I can think of right now would be something like #ifndef HAVE_EVP_MD_CTX_new #define EVP_MD_CTX_new EVP_MD_CTX_create $define EVP_MD_CTX_free EVP_MD_CTX_destroy #endif I don't see a good header file to put that in so I would make a new one and include it where needed. Modern header files have this: # define EVP_MD_CTX_create() EVP_MD_CTX_new() # define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) # define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) I don't see any ifdef around that. That's also in 1.1.0. So I think it would work if we hacked our code to use the old names. But that is pretty ugly to me and could get confusing if somebody was trying to use man pages to understand the code. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
