Building openssh-3.5p1 with new DES functions

Martin MOKREJŠ mmokrejs at
Tue Dec 10 23:57:13 EST 2002

On Tue, 10 Dec 2002, Richard Levitte - VMS Whacker wrote:

> In message <20021210110227.GA10920 at folly> on Tue, 10 Dec 2002 12:02:27 +0100, Markus Friedl <markus at> said:
> markus> hm, i think this happens if kerberos is included before evp.h
> Interesting.  That would mean one of two things:
> 1. Kerberos (was that with the KTH-KRB and Heimdal implementations?)


>    was built with it's own copy of libdes instead of OpenSSL's, and

All older versions of krb4 before 1.1 or /usr/athena directories, which
where not cleaned up have /usr/athena/lib/lides.(a|so) lying there, same
with header file. The administrator has to delete them manually, after
installing newer krb4 version with openssl "support".

>    the header reinclusion protector is exactly the same (hindering the
>    OpenSSL des.h being included).  OpenSSH includes the kerberos
>    headers, and thereby any des.h it happens to include.
> 2. Kerberos was built against an older version of OpenSSL, and again,
>    we get an inclusion that excludes the new names.

KTH KRB4 supported openssl I think since 1.1 release. Even with newer
version you canget libdes compiled and installed, you just say to
configure --without-openssl ^H^H^H^H^H--disable-openssl.

That's what I've done this time to test, if this would be solution to get
rid of des originating from openssl. ;)

> I think the best way to solve this is to change the name of the
> protecting macro in OpenSSL 0.9.7's des.h, and give it's des_old.h the
> same protecting macro name as older versions use (and presumably
> libdes as well).
> Does that sound like a good idea?

If you plan to rename des.h to des_old.h, fine for me, then only one
des.h will be present. As I'm not a programmer, I can't comment the rest.

Martin Mokrejs <mmokrejs at>, <m.mokrejs at>
PGP5.0i key is at
MIPS / Institute for Bioinformatics <>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585

More information about the openssh-unix-dev mailing list