[openssh-commits] [openssh] 01/01: Remove special casing of crypt().
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Jul 13 18:43:29 AEST 2022
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit f40b52f21fbc52eb513279168a49d3285c65256c
Author: Darren Tucker <dtucker at dtucker.net>
Date: Tue Jul 12 19:48:44 2022 +1000
Remove special casing of crypt().
Configure goes to some lengths to pick crypt() from either libcrypt
or OpenSSL's libcrypto because they can more or less featureful (eg
supporting md5-style passwords).
OpenSSL removed its crypt() interface in 2002:
https://github.com/openssl/openssl/commit/69deec58 so these hijinks
should no longer be necessary. This also only links sshd with libcrypt
which is the only thing that needs it. ok djm@
---
configure.ac | 35 +++++++++++------------------------
1 file changed, 11 insertions(+), 24 deletions(-)
diff --git a/configure.ac b/configure.ac
index 0c6a57eb..0241fe89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -674,7 +674,6 @@ case "$host" in
AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
;;
*-*-cygwin*)
- check_for_libcrypt_later=1
LIBS="$LIBS /usr/lib/textreadmode.o"
AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
@@ -753,7 +752,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
[System poll(2) implementation is broken])
;;
*-*-dragonfly*)
- SSHDLIBS="$SSHDLIBS -lcrypt"
+ SSHDLIBS="$SSHDLIBS"
TEST_MALLOC_OPTIONS="AFGJPRX"
;;
*-*-haiku*)
@@ -844,7 +843,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
;;
*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
- check_for_libcrypt_later=1
AC_DEFINE([PAM_TTY_KLUDGE])
AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
@@ -854,7 +852,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
*-*-linux*)
no_dev_ptmx=1
use_pie=auto
- check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
@@ -994,7 +991,6 @@ mips-sony-bsd|mips-sony-newsos4)
SONY=1
;;
*-*-netbsd*)
- check_for_libcrypt_before=1
if test "x$withval" != "xno" ; then
rpath_opt="-R"
fi
@@ -1009,7 +1005,6 @@ mips-sony-bsd|mips-sony-newsos4)
[NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
;;
*-*-freebsd*)
- check_for_libcrypt_later=1
AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
AC_CHECK_HEADER([net/if_tap.h], ,
@@ -1182,7 +1177,6 @@ mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE([PASSWD_NEEDS_USERNAME])
AC_DEFINE([BROKEN_TCGETATTR_ICANON])
TEST_SHELL=$SHELL # let configure find us a capable shell
- check_for_libcrypt_later=1
case "$host" in
*-*-sysv5SCO_SV*) # SCO OpenServer 6.x
maildir=/var/spool/mail
@@ -2893,6 +2887,7 @@ if test "x$openssl" = "xyes" ; then
AC_CHECK_FUNCS([ \
BN_is_prime_ex \
+ DES_crypt \
DSA_generate_parameters_ex \
EVP_CIPHER_CTX_ctrl \
EVP_DigestFinal_ex \
@@ -3060,19 +3055,6 @@ if test "x$openssl" = "xyes" ; then
]
)
- # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
- # because the system crypt() is more featureful.
- if test "x$check_for_libcrypt_before" = "x1"; then
- AC_CHECK_LIB([crypt], [crypt])
- fi
-
- # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
- # version in OpenSSL.
- if test "x$check_for_libcrypt_later" = "x1"; then
- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
- fi
- AC_CHECK_FUNCS([crypt DES_crypt])
-
# Check for SHA256, SHA384 and SHA512 support in OpenSSL
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
@@ -3184,10 +3166,6 @@ if test "x$openssl" = "xyes" ; then
ecdsa-sha2-nistp521 \
ecdsa-sha2-nistp521-cert-v01 at openssh.com"
fi
-
-else
- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
- AC_CHECK_FUNCS([crypt])
fi
# PKCS11/U2F depend on OpenSSL and dlopen().
@@ -3303,6 +3281,15 @@ AC_CHECK_LIB([iaf], [ia_openinfo], [
])
LIBS="$saved_LIBS"
+# Check for crypt() in libcrypt. If we have it, we only need it for sshd.
+saved_LIBS="$LIBS"
+AC_CHECK_LIB([crypt], [crypt], [
+ LIBS="-lcrypt $LIBS"
+ SSHDLIBS="-lcrypt $SSHDLIBS"
+])
+AC_CHECK_FUNCS([crypt])
+LIBS="$saved_LIBS"
+
### Configure cryptographic random number support
# Check whether OpenSSL seeds itself
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list