Building openssh-3.5p1 with new DES functions

Richard Levitte - VMS Whacker levitte at
Tue Dec 10 23:38:03 EST 2002

In message <20021210110227.GA10920 at folly> on Tue, 10 Dec 2002 12:02:27 +0100, Markus Friedl <markus at> said:

markus> hm, i think this happens if kerberos is included before evp.h

Interesting.  That would mean one of two things:

1. Kerberos (was that with the KTH-KRB and Heimdal implementations?)
   was built with it's own copy of libdes instead of OpenSSL's, and
   the header reinclusion protector is exactly the same (hindering the
   OpenSSL des.h being included).  OpenSSH includes the kerberos
   headers, and thereby any des.h it happens to include.
2. Kerberos was built against an older version of OpenSSL, and again,
   we get an inclusion that excludes the new names.

I think the best way to solve this is to change the name of the
protecting macro in OpenSSL 0.9.7's des.h, and give it's des_old.h the
same protecting macro name as older versions use (and presumably
libdes as well).

Does that sound like a good idea?

Richard Levitte   \ Spannvägen 38, II \ LeViMS at
Redakteur at Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- poei at
Member of the OpenSSL development team:

Unsolicited commercial email is subject to an archival fee of $400.
See <> for more info.

More information about the openssh-unix-dev mailing list