[Git][NTPsec/ntpsec][master] Fix to work with ancient versions of OpenSSL
Hal Murray (@hal.murray)
gitlab at mg.gitlab.com
Thu Dec 19 08:30:24 UTC 2024
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
fdfa84de by Hal Murray at 2024-12-19T00:27:46-08:00
Fix to work with ancient versions of OpenSSL
- - - - -
8 changed files:
- + include/hack-ancient-openssl.h
- libntp/authreadkeys.c
- libntp/macencrypt.c
- libntp/pymodule-mac.c
- libntp/ssl_init.c
- ntpd/ntp_control.c
- ntpd/ntp_leapsec.c
- wscript
Changes:
=====================================
include/hack-ancient-openssl.h
=====================================
@@ -0,0 +1,28 @@
+/*
+ * hack-ancient-openssl.h - hack to run on ancient versions of OpenSSL
+ * Copyright the NTPsec project contributors
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * This is needed only on ancient systems that
+ * are using OpenSSL older than OpenSSL 1.1.0.
+ *
+ * From the man page:
+ * The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed
+ * to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0,
+ * respectively.
+ *
+ * See:
+ * https://lists.ntpsec.org/pipermail/devel/2024-December/010502.html
+ * https://lists.ntpsec.org/pipermail/devel/2024-June/010451.html
+ */
+
+#ifndef GUARD_HACK_ANCIENT_OPENSSL_H
+#define GUARD_HACK_ANCIENT_OPENSSL_H
+
+#ifndef HAVE_EVP_MD_CTX_NEW
+ #define EVP_MD_CTX_create() EVP_MD_CTX_new()
+ #define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx))
+ #define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
+#endif
+
+#endif /* GUARD_HACK_ANCIENT_OPENSSL_H */
=====================================
libntp/authreadkeys.c
=====================================
@@ -22,6 +22,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/err.h>
+#include "hack-ancient-openssl.h"
#if OPENSSL_VERSION_NUMBER < 0x20000000L
#include <openssl/cmac.h>
=====================================
libntp/macencrypt.c
=====================================
@@ -52,6 +52,7 @@
#include <openssl/err.h>
#include <openssl/evp.h> /* provides OpenSSL digest API */
#include <openssl/md5.h>
+#include "hack-ancient-openssl.h"
#include "ntp_fp.h"
#include "ntp_stdlib.h"
=====================================
libntp/pymodule-mac.c
=====================================
@@ -13,6 +13,7 @@
#include "ntp_stdlib.h"
#include "pymodule-mac.h"
+#include "hack-ancient-openssl.h"
// Don't include Python.h
=====================================
libntp/ssl_init.c
=====================================
@@ -9,6 +9,7 @@
#include <stdbool.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
+#include "hack-ancient-openssl.h"
#if OPENSSL_VERSION_NUMBER > 0x20000000L
#include <openssl/params.h>
=====================================
ntpd/ntp_control.c
=====================================
@@ -14,6 +14,7 @@
#include <stdbool.h>
#include <openssl/evp.h> /* provides OpenSSL digest API */
+#include "hack-ancient-openssl.h"
#include "ntpd.h"
#include "ntp_io.h"
=====================================
ntpd/ntp_leapsec.c
=====================================
@@ -29,6 +29,7 @@
#include "lib_strbuf.h"
#include <openssl/evp.h>
+#include "hack-ancient-openssl.h"
#define ISC_SHA1_DIGESTLENGTH 20U
=====================================
wscript
=====================================
@@ -660,6 +660,8 @@ int main(int argc, char **argv) {
# Sanity checks to give a sensible error message
required_functions = (
+ # Check for ancient version of OpenSSL.
+ ('EVP_MD_CTX_new', ["openssl/evp.h"], "CRYPTO", False),
# MacOS doesn't have timer_create ??
('timer_create', ["signal.h", "time.h"], "RT", False),
# Very old versions of OpenSSL don't have cmac.h
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/fdfa84dec3d3153f35af9b565f59fb3f6043fb3f
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/fdfa84dec3d3153f35af9b565f59fb3f6043fb3f
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20241219/63f711ba/attachment-0001.htm>
More information about the vc
mailing list