Description of problem: a powerdns users reported a missing feature in our builds for EL8 - see the story at https://github.com/PowerDNS/pdns/issues/12926 Apparently, some code from openssl3 was backported to 1.1.1, but never updated to incorporate fixes that were done after the backport. Version-Release number of selected component (if applicable): openssl-devel-1.1.1k-9.el8_7.x86_64 How reproducible: 100% Steps to Reproduce: 1. try to compile a C program that has #include <openssl/kdf.h> Actual results: /usr/include/openssl/kdf.h:33:46: error: unknown type name 'va_list' /usr/include/openssl/kdf.h:35:1: note: 'size_t' is defined in header '<stddef.h>'; did you forget to '#include <stddef.h>'? Expected results: successful compile Additional info: copied from the pdns ticket: As far as I can tell this does not match any released version of OpenSSL.. EVP_KDF_vctrl was added in openssl/openssl@5a285ad before openssl-3.0.0-alpha1 but the header issue was quickly fixed by openssl/openssl@0cf5c6a (also before 3.0.0-alpha1) and the function was completely removed by openssl/openssl@fb9e6dd (still before 3.0.0-alpha1). But the log is talking about openssl-1.1.1k-9.el8_7.x86_64.rpm..
The change is introduced in openssl-1.1.1-evp-kdf.patch As it's the only complaint during several years, it probably would be better to fix it in PowerDNS downstream. Unfortunately, we don't plan any changes in OpenSSL in 8.x beyond the CVE fixes. Sorry for inconvinience