On Sat, 12 Jul 2014, Hanno B?ck wrote: > Hi, > > Yesterday I tried to replace the system openssl in a gentoo system with > libressl. > > With openssh an interesting issue popped up: > * RAND_bytes in libressl calls arc4random > * arc4random is a compat function both in openssh and libressl > * arc4random from openssh uses RAND_bytes Right, I think we should just delay the checks for arc4random. I'd like to sync arc4random.c, but that's a separate issue. Can you tell me if this works for you? Index: configure.ac =================================================================== RCS file: /var/cvs/openssh/configure.ac,v retrieving revision 1.577 diff -u -p -r1.577 configure.ac --- configure.ac 3 Jul 2014 01:54:19 -0000 1.577 +++ configure.ac 13 Jul 2014 23:34:33 -0000 @@ -1575,10 +1575,6 @@ AC_CHECK_FUNCS([ \ Blowfish_expandstate \ Blowfish_expand0state \ Blowfish_stream2word \ - arc4random \ - arc4random_buf \ - arc4random_stir \ - arc4random_uniform \ asprintf \ b64_ntop \ __b64_ntop \ @@ -2639,6 +2635,13 @@ fi AC_SUBST([TEST_SSH_ECC]) AC_SUBST([COMMENT_OUT_ECC]) + +AC_CHECK_FUNCS([ \ + arc4random \ + arc4random_buf \ + arc4random_stir \ + arc4random_uniform \ +]) saved_LIBS="$LIBS" AC_CHECK_LIB([iaf], [ia_openinfo], [ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev