On Wed, 13 Jul 2022 at 14:56, Damien Miller <djm@xxxxxxxxxxx> wrote: > On Tue, 12 Jul 2022, Darren Tucker wrote: > > This applies on top of my previous patch cleaning up libcrypt and stops > > linking scp, sftp and sftp-server against libcrypto. [...] > IIRC we linked libcrypto because some linkers were not smart enough to > elide references to libcrypto coming from unused functions in libssh > It's possible that I'm wrong/outdated though Having done some experimentation I now think our understanding of that was wrong. Instead, I think the differentiating factor was whether or not the platform depended on OpenSSL for getrandom and/or arc4random. scp, sftp and sftp-server call seed_rng() even though they don't actually use the RNG, and in doing so pull in dependencies on libcrypto via entropy.c and port-prngd.c. After removing those, this seems to work on all of the platforms in the test zoo (at least so far, the tests are still running on the slower ones) and the resulting binaries do not need to link libcrypto or libz against the scp, sftp and sftp-server binaries. https://github.com/openssh/openssh-portable/compare/master...daztucker:openssh-portable:master -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev