The built-in SHA1 code is broken on 64 bit systems. Using a system library may be considered a good idea anyway. diff -ruNp ppp.orig/pppd/chap-md5.c ppp/pppd/chap-md5.c --- ppp.orig/pppd/chap-md5.c 2003-11-27 23:25:17.000000000 +0100 +++ ppp/pppd/chap-md5.c 2004-07-14 16:45:46.000000000 +0200 @@ -41,7 +41,14 @@ #include "chap-new.h" #include "chap-md5.h" #include "magic.h" +#ifdef USE_OPENSSL +#include +#define MD5Init MD5_Init +#define MD5Update MD5_Update +#define MD5Final MD5_Final +#else #include "md5.h" +#endif #define MD5_HASH_SIZE 16 #define MD5_MIN_CHALLENGE 16 diff -ruNp ppp.orig/pppd/chap_ms.c ppp/pppd/chap_ms.c --- ppp.orig/pppd/chap_ms.c 2004-04-14 04:40:21.000000000 +0200 +++ ppp/pppd/chap_ms.c 2004-07-14 16:46:03.000000000 +0200 @@ -89,8 +89,21 @@ #include "pppd.h" #include "chap-new.h" #include "chap_ms.h" +#ifdef USE_OPENSSL +#include +#define MD4Init MD4_Init +#define MD4Update MD4_Update +#define MD4Final MD4_Final +#else #include "md4.h" +#endif +#ifdef USE_OPENSSL +#include +#define SHA1_SIGNATURE_SIZE SHA_DIGEST_LENGTH +#define SHA1_CTX SHA_CTX +#else #include "sha1.h" +#endif #include "pppcrypt.h" #include "magic.h" @@ -513,7 +526,7 @@ ascii2unicode(char ascii[], int ascii_le static void NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) { -#ifdef __NetBSD__ +#if defined __NetBSD__ || defined USE_OPENSSL /* NetBSD uses the libc md4 routines which take bytes instead of bits */ int mdlen = secret_len; #else diff -ruNp ppp.orig/pppd/eap.c ppp/pppd/eap.c --- ppp.orig/pppd/eap.c 2003-06-12 02:01:21.000000000 +0200 +++ ppp/pppd/eap.c 2004-07-14 16:45:46.000000000 +0200 @@ -62,7 +62,14 @@ #include "pppd.h" #include "pathnames.h" +#ifdef USE_OPENSSL +#include +#define MD5Init MD5_Init +#define MD5Update MD5_Update +#define MD5Final MD5_Final +#else #include "md5.h" +#endif #include "eap.h" #ifdef USE_SRP diff -ruNp ppp.orig/pppd/Makefile.linux ppp/pppd/Makefile.linux --- ppp.orig/pppd/Makefile.linux 2004-07-14 16:46:44.000000000 +0200 +++ ppp/pppd/Makefile.linux 2004-07-14 16:45:46.000000000 +0200 @@ -10,7 +10,7 @@ INCDIR = $(DESTDIR)/usr/include TARGETS = pppd -PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c md5.c ccp.c \ +PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c ccp.c \ ecp.c ipxcp.c auth.c options.c sys-linux.c md4.c chap_ms.c \ demand.c utils.c tty.c eap.c chap-md5.c @@ -19,7 +19,7 @@ HEADERS = ccp.h chap-new.h ecp.h fsm.h i upap.h eap.h MANPAGES = pppd.8 -PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o \ +PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o ccp.o \ ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o \ eap.o chap-md5.o @@ -83,8 +83,14 @@ CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCL ifdef CHAPMS CFLAGS += -DCHAPMS=1 NEEDDES=y +ifdef USE_BUILTIN_CRYPTO PPPDOBJS += md4.o chap_ms.o -HEADERS += md4.h chap_ms.h +HEADERS += md4.h chap_ms.h +else +PPPDOBJS += chap_ms.o +HEADERS += chap_ms.h +NEED_OPENSSL=y +endif ifdef MSLANMAN CFLAGS += -DMSLANMAN=1 endif @@ -95,20 +101,36 @@ endif # EAP SRP-SHA1 ifdef USE_SRP -CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include -LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto +CFLAGS += -DUSE_SRP TARGETS += srp-entry EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry MANPAGES += srp-entry.8 EXTRACLEAN += srp-entry.o NEEDDES=y +NEED_OPENSSL=y else # OpenSSL has an integrated version of SHA-1, and its implementation # is incompatible with this local SHA-1 implementation. We must use # one or the other, not both. +ifdef USE_BUILTIN_CRYPTO PPPDSRCS += sha1.c HEADERS += sha1.h PPPDOBJS += sha1.o +else +NEED_OPENSSL=y +endif +endif + +ifdef USE_BUILTIN_CRYPTO +PPPDSRCS += md5.c +PPPDOBJS += md5.o +else +NEED_OPENSSL=y +endif + +ifdef NEED_OPENSSL +CFLAGS += -DUSE_OPENSSL +LIBS += -lcrypto endif ifdef HAS_SHADOW