diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2007-03-05 18:25:20 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2007-03-05 18:25:20 +1100 |
| commit | fd30986c927e66985ddc43b25794651c76ba477c (patch) | |
| tree | 16ef25a47e4eaa302bc4f54f930b802d3415ff41 | |
| parent | 9975e483498430b8fa75fccd2bad681781df24d1 (diff) | |
- (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
ciphers from working correctly (disconnects with "Bad packet length"
errors) as found by Ben Harris. ok djm@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | openbsd-compat/openssl-compat.h | 7 |
2 files changed, 11 insertions, 2 deletions
| @@ -2,6 +2,10 @@ | |||
| 2 | - (djm) [configure.ac] add a --without-openssl-header-check option to | 2 | - (djm) [configure.ac] add a --without-openssl-header-check option to |
| 3 | configure, as some platforms (OS X) ship OpenSSL headers whose version | 3 | configure, as some platforms (OS X) ship OpenSSL headers whose version |
| 4 | does not match that of the shipping library. ok dtucker@ | 4 | does not match that of the shipping library. ok dtucker@ |
| 5 | - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a | ||
| 6 | bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 | ||
| 7 | ciphers from working correctly (disconnects with "Bad packet length" | ||
| 8 | errors) as found by Ben Harris. ok djm@ | ||
| 5 | 9 | ||
| 6 | 20070303 | 10 | 20070303 |
| 7 | - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more | 11 | - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more |
| @@ -2799,4 +2803,4 @@ | |||
| 2799 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 2803 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 2800 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 2804 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 2801 | 2805 | ||
| 2802 | $Id: ChangeLog,v 1.4630 2007/03/05 00:51:27 djm Exp $ | 2806 | $Id: ChangeLog,v 1.4631 2007/03/05 07:25:20 dtucker Exp $ |
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index c582cd269..9b5ccff5f 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $Id: openssl-compat.h,v 1.6 2006/02/22 11:24:47 dtucker Exp $ */ | 1 | /* $Id: openssl-compat.h,v 1.7 2007/03/05 07:25:20 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
| @@ -46,6 +46,11 @@ extern const EVP_CIPHER *evp_acss(void); | |||
| 46 | # endif | 46 | # endif |
| 47 | #endif | 47 | #endif |
| 48 | 48 | ||
| 49 | /* OpenSSL 0.9.8e returns cipher key len not context key len */ | ||
| 50 | #if (OPENSSL_VERSION_NUMBER == 0x0090805fL) | ||
| 51 | # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) | ||
| 52 | #endif | ||
| 53 | |||
| 49 | /* | 54 | /* |
| 50 | * We overload some of the OpenSSL crypto functions with ssh_* equivalents | 55 | * We overload some of the OpenSSL crypto functions with ssh_* equivalents |
| 51 | * which cater for older and/or less featureful OpenSSL version. | 56 | * which cater for older and/or less featureful OpenSSL version. |