Re: Building openssh-3.5p1 with new DES functions
On Mon, Dec 09, 2002 at 05:45:47PM +0100, Richard Levitte - VMS Whacker wrote: In message 20021209122438.GB16737@folly on Mon, 9 Dec 2002 13:24:38 +0100, Markus Friedl [EMAIL PROTECTED] said: markus On Sun, Dec 08, 2002 at 12:39:04PM +0100, Martin MOKREJ? wrote: markus cc: Error: /usr/local/openssl/include/openssl/mdc2.h, line 79: Missing type specifier or type qualifier. (missingtype) markus DES_cblock h,hh; markus ^ markus markus i don't think openssl's evp.h should include mdc2.h It's including all those headers because it used to, and people will complain if they don't get all those algorithms just by including evp.h. evp.h is supposed to hide the details of the algorithms. you should either use the EVP_ or the DES_ interface, but not both. However, that's not the problem here. Rather, it would seem that for some reason, des.h isn't included, and it should, from mdc2.h for example. it's probably not included because some other des.h is already included. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Building openssh-3.5p1 with new DES functions
In message 20021210110227.GA10920@folly on Tue, 10 Dec 2002 12:02:27 +0100, Markus Friedl [EMAIL PROTECTED] said: markus hm, i think this happens if kerberos is included before evp.h Interesting. That would mean one of two things: 1. Kerberos (was that with the KTH-KRB and Heimdal implementations?) was built with it's own copy of libdes instead of OpenSSL's, and the header reinclusion protector is exactly the same (hindering the OpenSSL des.h being included). OpenSSH includes the kerberos headers, and thereby any des.h it happens to include. 2. Kerberos was built against an older version of OpenSSL, and again, we get an inclusion that excludes the new names. I think the best way to solve this is to change the name of the protecting macro in OpenSSL 0.9.7's des.h, and give it's des_old.h the same protecting macro name as older versions use (and presumably libdes as well). Does that sound like a good idea? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Building openssh-3.5p1 with new DES functions
In message 20021210085038.GA166@folly on Tue, 10 Dec 2002 09:50:38 +0100, Markus Friedl [EMAIL PROTECTED] said: markus It's including all those headers because it used to, and people will markus complain if they don't get all those algorithms just by including markus evp.h. markus markus evp.h is supposed to hide the details of the algorithms. I totally agree with the sentiment. And we did remove those inclusions at one point in the 0.9.7 branch. At some point (after another storm with Theo), I did a test compile of an old OpenSSH against whatever was in the HEAD fo OpenSSL development at that time. It went *KABOOM*, and the single cause for that *KABOOM* was that evp.h didn't include all those algorithm headers any more. After I placed them back, I got just a couple of warnings that were a piec of cake to deal with. So, in light of a huge complaint from Theo that we're changing so damn much between versions and breaking compiles of old programs that used to work fine, I put those inclusions back. I think that for 0.9.7, this part is staying as it is. markus you should either use the EVP_ or the DES_ interface, but not markus both. Quite true. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Building openssh-3.5p1 with new DES functions
In message [EMAIL PROTECTED] on Tue, 10 Dec 2002 13:57:13 +0100 (CET), Martin MOKREJŠ [EMAIL PROTECTED] said: mmokrejs KTH KRB4 supported openssl I think since 1.1 release. Even with newer mmokrejs version you canget libdes compiled and installed, you just say to mmokrejs configure --without-openssl ^H^H^H^H^H--disable-openssl. Hmm? I thought it was the other way around, that you had to configure with explicit use of OpenSSL, and the default being to use the bundled copy of libdes... Has that changed? mmokrejs That's what I've done this time to test, if this would be mmokrejs solution to get rid of des originating from openssl. ;) I think that's a bad solution, because then you're explicitely asking for a mix of the two des.h, with the consequences that has. mmokrejs If you plan to rename des.h to des_old.h, fine for me, then only one mmokrejs des.h will be present. As I'm not a programmer, I can't comment the rest. Not the files, but the macros in them that are protecting them from duplicate inclusion. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Building openssh-3.5p1 with new DES functions
On Tue, Dec 10, 2002 at 01:58:28PM +0100, Richard Levitte - VMS Whacker wrote: In message 20021210085038.GA166@folly on Tue, 10 Dec 2002 09:50:38 +0100, Markus Friedl [EMAIL PROTECTED] said: markus It's including all those headers because it used to, and people will markus complain if they don't get all those algorithms just by including markus evp.h. markus markus evp.h is supposed to hide the details of the algorithms. I totally agree with the sentiment. And we did remove those inclusions at one point in the 0.9.7 branch. At some point (after another storm with Theo), I did a test compile of an old OpenSSH against whatever was in the HEAD fo OpenSSL development at that time. no need to run old versions of OpenSSH. if i used the wrong interface then it's my fault. It went *KABOOM*, and the single cause for that *KABOOM* was that evp.h didn't include all those algorithm headers any more. then this was: 1. a bug in the old openssh, misusing evp.h, my bad. 2. a bug in older openssl, sucking in all includes. After I placed them back, I got just a couple of warnings that were a piec of cake to deal with. So, in light of a huge complaint from Theo that we're changing so damn much between versions and breaking compiles of old programs that used to work fine, I put those inclusions back. I've been asking Theo about this serveral times and he agrees with me, so i think this is some kind of miscommunication. I think that for 0.9.7, this part is staying as it is. I don't think people should be encourage to only include evp.h when they want md5.h markus you should either use the EVP_ or the DES_ interface, but not markus both. Quite true. -m __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Building openssh-3.5p1 with new DES functions
On Tue, Dec 10, 2002 at 01:38:03PM +0100, Richard Levitte - VMS Whacker wrote: I think the best way to solve this is to change the name of the protecting macro in OpenSSL 0.9.7's des.h, and give it's des_old.h the same protecting macro name as older versions use (and presumably libdes as well). Does that sound like a good idea? yes, i think that des_old should use the same protecting macros as the old libdes/openssl, and the DES_ file something completely different. -m __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Building openssh-3.5p1 with new DES functions
In message 20021210133035.GC31780@folly on Tue, 10 Dec 2002 14:30:35 +0100, Markus Friedl [EMAIL PROTECTED] said: markus yes, i think that des_old should use the same protecting macros as markus the old libdes/openssl, and the DES_ file something completely markus different. I'll commit that change as soon as I can. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Building openssh-3.5p1 with new DES functions
On Sun, Dec 08, 2002 at 12:39:04PM +0100, Martin MOKREJ? wrote: cc: Error: /usr/local/openssl/include/openssl/mdc2.h, line 79: Missing type specifier or type qualifier. (missingtype) DES_cblock h,hh; ^ i don't think openssl's evp.h should include mdc2.h __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Building openssh-3.5p1 with new DES functions
In message 20021209122438.GB16737@folly on Mon, 9 Dec 2002 13:24:38 +0100, Markus Friedl [EMAIL PROTECTED] said: markus On Sun, Dec 08, 2002 at 12:39:04PM +0100, Martin MOKREJ? wrote: markus cc: Error: /usr/local/openssl/include/openssl/mdc2.h, line 79: Missing type specifier or type qualifier. (missingtype) markus DES_cblock h,hh; markus ^ markus markus i don't think openssl's evp.h should include mdc2.h It's including all those headers because it used to, and people will complain if they don't get all those algorithms just by including evp.h. However, that's not the problem here. Rather, it would seem that for some reason, des.h isn't included, and it should, from mdc2.h for example. Could you investigate to see what's really happening? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Building openssh-3.5p1 with new DES functions
Hi, I've seen that openssh will have different function names for des, I think thats great. As kerberos4 nor kerbero5 from KTH in Sweden support those new calls yet, I thought it would be best for me to switch back to the old behaviour, i.e. have kerberized libkrb and other libs with disabled support for openssl (which means libdes is compiled). Then, compile openssh-3.5p1 with kerberos4 and afs support. That properly picks up -lkrb -ldes etc. Unfortunately, with this untested setup I got (i'm not sure if this is a openssh or openssl problem): Manpage format: man PAM support: no KerberosIV support: yes KerberosV support: no Smartcard support: no AFS support: yes S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: alphaev67-dec-osf5.1 Compiler: cc Compiler flags: -I/software/@sys/usr/include -I/usr/local/include Preprocessor flags: -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/athena-1.2.1-no-openssl/include -I/usr/afsws/include Linker flags: -L/usr/local/openssl/lib -Lyes -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/athena-1.2.1-no-openssl/lib -L/usr/afsws/lib Libraries: -lwrap -lkafs -lresolv -ldes -lkrb -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -ldes I hope, that there will be no symbol clashes between ldes and lcrypto anymore. ;-) $ CC=cc CFLAGS=-I/software/@sys/usr/include -I/usr/local/include CPPFLAGS=-I/software/@sys/usr/include -I/usr/local/include LDFLAGS=-L/usr/local/lib -L/software/@sys/usr/lib ./configure --prefix=/usr/local --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --with-prngd-socket=/var/run/egd-pool --with-default-path=/usr/bin:/bin:/sbin:/usr/local/bin:/usr/local/sbin:/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/bin/X11:/usr/afs/bin:/usr/athena/bin:/usr/local/openssl/bin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin --with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia --with-login=/usr/bin/login --without-privsep --with-afs=/usr/afsws --with-kerberos4=/usr/athena-1.2.1-no-openssl [...] cc -I/software/@sys/usr/include -I/usr/local/include -I. -I. -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/athena-1.2.1-no-openssl/include -I/usr/afsws/include -DSSHDIR=\/usr/local/etc\ -D_PATH_SSH_PROGRAM=\/usr/local/bin/ssh\ -D_PATH_SSH_ASKPASS_DEFAULT=\/usr/local/libexec/ssh-askpass\ -D_PATH_SFTP_SERVER=\/usr/local/libexec/sftp-server\ -D_PATH_SSH_KEY_SIGN=\/usr/local/libexec/ssh-keysign\ -D_PATH_SSH_PIDDIR=\/var/run\ -D_PATH_PRIVSEP_CHROOT_DIR=\/var/empty\ -DSSH_RAND_HELPER=\/usr/local/libexec/ssh-rand-helper\ -DHAVE_CONFIG_H -c sshconnect1.c cc: Error: /usr/local/openssl/include/openssl/mdc2.h, line 79: Missing type specifier or type qualifier. (missingtype) DES_cblock h,hh; ^ make: *** [sshconnect1.o] Error 1 -- Martin Mokrejs [EMAIL PROTECTED], [EMAIL PROTECTED] PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs MIPS / Institute for Bioinformatics http://mips.gsf.de GSF - National Research Center for Environment and Health Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany tel.: +49-89-3187 3683 , fax:+49-89-3187 3585 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]