Building openssh-3.5p1 with new DES functions

Markus Friedl markus at
Wed Dec 11 00:28:51 EST 2002

On Tue, Dec 10, 2002 at 01:58:28PM +0100, Richard Levitte - VMS Whacker wrote:
> In message <20021210085038.GA166 at folly> on Tue, 10 Dec 2002 09:50:38 +0100, Markus Friedl <markus at> said:
> markus> > It's including all those headers because it used to, and people will
> markus> > complain if they don't get all those algorithms just by including
> markus> > evp.h.
> markus> 
> markus> evp.h is supposed to hide the details of the algorithms.
> I totally agree with the sentiment.  And we did remove those
> inclusions at one point in the 0.9.7 branch.  At some point (after
> another storm with Theo), I did a test compile of an old OpenSSH
> against whatever was in the HEAD fo OpenSSL development at that time.

no need to run old versions of OpenSSH. if i used the wrong interface
then it's my fault.

> It went *KABOOM*, and the single cause for that *KABOOM* was that
> evp.h didn't include all those algorithm headers any more.

then this was:
	1. a bug in the old openssh, misusing evp.h, my bad.
	2. a bug in older openssl, sucking in all includes.

> After I
> placed them back, I got just a couple of warnings that were a piec of
> cake to deal with.
> So, in light of a huge complaint from Theo that we're changing so damn
> much between versions and breaking compiles of old programs that used
> to work fine, I put those inclusions back.

I've been asking Theo about this serveral times and he agrees with
me, so i think this is some kind of miscommunication.

> I think that for 0.9.7, this part is staying as it is.

I don't think people should be encourage to only include "evp.h"
when they want "md5.h"

> markus> you should either use the EVP_ or the DES_ interface, but not
> markus> both.
> Quite true.


More information about the openssh-unix-dev mailing list