Hello, With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT are not defined. It seems to me this is regression introduced with implementation of configure options --with-openssl. Impacted code is in xcrypt.c: ... # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) # include <openssl/des.h> # define crypt DES_crypt # endif ... Only above preprocessor statement use defines HAVE_CRYPT and HAVE_DES_CRYPT. Configure script look like ( if with OpenSSL then .... else ... AC_CHECK_FUNCS([crypt DES_crypt]) fi Proposed patch restore previous behavior. Regards, Roumen Petrov -- Get SSH with X.509 certificate support http://roumenpetrov.info/openssh/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-configure.ac-rewrite-check-for-functions-crypt-and-D.patch Type: text/x-diff Size: 971 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150303/62b8fd22/attachment.bin>
On Tue, 3 Mar 2015, Roumen Petrov wrote:> Hello, > > With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT are not > defined. > It seems to me this is regression introduced with implementation of configure > options --with-openssl....> Proposed patch restore previous behavior.I think that might break some systems that configure --without-openssl, so it probably better to move the test out of the if-else entirely. diff --git a/configure.ac b/configure.ac index 2ef9db6..9a22539 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,9 +2710,10 @@ if test "x$openssl" = "xyes" ; then AC_SUBST([COMMENT_OUT_ECC]) else AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) - AC_CHECK_FUNCS([crypt DES_crypt]) fi +AC_CHECK_FUNCS([crypt DES_crypt]) + AC_CHECK_FUNCS([ \ arc4random \ arc4random_buf \
Damien Miller wrote:> On Tue, 3 Mar 2015, Roumen Petrov wrote: > >> Hello, >> >> With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT are not >> defined. >> It seems to me this is regression introduced with implementation of configure >> options --with-openssl. > ... >> Proposed patch restore previous behavior. > I think that might break some systems that configure --without-openssl, > so it probably better to move the test out of the if-else entirely.I take this into account. This is reason to point to code where is used - only lines # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) # include <openssl/des.h> # define crypt DES_crypt # endif Build without openssl should not be impacted. On those system SSH cannot be build without libcrypto. Regards, Roumen Petrov -- Get SSH with X.509 certificate support http://roumenpetrov.info/openssh/