diff -Naur shadow-4.1.2.1.orig/configure.in shadow-4.1.2.1/configure.in --- shadow-4.1.2.1.orig/configure.in 2008-06-23 23:53:43.000000000 +0000 +++ shadow-4.1.2.1/configure.in 2008-08-15 18:04:55.000000000 +0000 @@ -234,11 +234,18 @@ AC_ARG_WITH(sha-crypt, [AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])], [with_sha_crypt=$withval], [with_sha_crypt=yes]) +AC_ARG_WITH(openssl, + [AC_HELP_STRING([--with-openssl], [use OpenSSL libcrypto instead of libcrypt @<:@default=no@:>@])], + [with_openssl=$withval], [with_openssl=no]) AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes") if test "$with_sha_crypt" = "yes"; then AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms]) fi +AM_CONDITIONAL(USE_OPENSSL, test "x$with_openssl" = "xyes") +if test "$with_openssl" = "yes"; then + AC_DEFINE(USE_OPENSSL, 1, [Define to use OpenSSL for encryption algorithms]) +fi dnl Check for some functions in libc first, only if not found check for dnl other libraries. This should prevent linking libnsl if not really @@ -270,10 +277,6 @@ fi AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test x$enable_man != xno) -AC_SUBST(LIBCRYPT) -AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt], - [AC_MSG_ERROR([crypt() not found])]) - AC_SUBST(LIBAUDIT) if test "$with_audit" != "no"; then AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"]) @@ -308,6 +311,16 @@ AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.])) fi +AC_SUBST(OPENSSL) +if test "$with_openssl" = "yes"; then + AC_CHECK_LIB(crypto, DES_crypt, + [LIBCRYPT=-lcrypto AC_DEFINE(HAVE_OPENSSL, 1, [Defined if you have libcrypto.])]) + else + AC_SUBST(LIBCRYPT) + AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt], + [AC_MSG_ERROR([crypt() not found])]) +fi + AC_SUBST(LIBSELINUX) if test "$with_selinux" != "no"; then AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"]) @@ -427,4 +440,5 @@ echo " shadow group support: $enable_shadowgrp" echo " S/Key support: $with_skey" echo " SHA passwords encryption: $with_sha_crypt" +echo " OpenSSL encryption: $with_openssl" echo diff -Naur shadow-4.1.2.1.orig/lib/defines.h shadow-4.1.2.1/lib/defines.h --- shadow-4.1.2.1.orig/lib/defines.h 2008-06-23 23:53:13.000000000 +0000 +++ shadow-4.1.2.1/lib/defines.h 2008-08-15 18:11:56.000000000 +0000 @@ -314,6 +314,12 @@ #include #endif +#ifdef HAVE_OPENSSL +#define CRYPT DES_crypt +#else +#define CRYPT crypt +#endif + /* To be used for verified unused parameters */ #if defined(__GNUC__) && !defined(__STRICT_ANSI__) # define unused __attribute__((unused)) diff -Naur shadow-4.1.2.1.orig/lib/encrypt.c shadow-4.1.2.1/lib/encrypt.c --- shadow-4.1.2.1.orig/lib/encrypt.c 2008-06-23 23:53:13.000000000 +0000 +++ shadow-4.1.2.1/lib/encrypt.c 2008-08-15 18:12:47.000000000 +0000 @@ -45,7 +45,7 @@ static char cipher[128]; char *cp; - cp = crypt (clear, salt); + cp = CRYPT (clear, salt); if (!cp) { /* * Single Unix Spec: crypt() may return a null pointer,