4 files changed, 27 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 53c987f1b..78196a7c2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20110122
+ - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
+   RSA_get_default_method() for the benefit of openssl versions that don't
+   have it (at least openssl-engine-0.9.6b).  Found and tested by Kevin Brott,
+   ok djm@.
+
 20110119
  - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
    of RPM so build completes. Signatures were changed to .asc since 4.1p1.
diff --git a/configure.ac b/configure.ac
index 208896ed8..769e83594 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.468 2011/01/19 12:12:30 djm Exp $
+# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.468 $)
+AC_REVISION($Revision: 1.469 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 # local macros
@@ -2180,7 +2180,7 @@ int main(void) { SSLeay_add_all_algorithms(); }
         ]
 )
 
-AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex)
+AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method)
 
 AC_ARG_WITH(ssl-engine,
         [  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index eb5ae7f85..b617fdf19 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.12 2010/12/04 21:46:05 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.13 2011/01/21 22:37:06 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -26,6 +26,10 @@
 # include <openssl/conf.h>
 #endif
 
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+# include <openssl/rsa.h>
+#endif
+
 #include "log.h"
 
 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
@@ -120,6 +124,14 @@ DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed,
 }
 #endif
 
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+RSA_METHOD *
+RSA_get_default_method(void)
+{
+        return RSA_PKCS1_SSLeay();
+}
+#endif
+
 #ifdef  USE_OPENSSL_ENGINE
 void
 ssh_SSLeay_add_all_algorithms(void)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index c0ca20aaf..6d4f3f215 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.17 2010/12/04 12:20:50 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.18 2011/01/21 22:37:06 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -78,6 +78,10 @@ extern const EVP_CIPHER *evp_acss(void);
 # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
 #endif
 
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+RSA_METHOD *RSA_get_default_method(void);
+#endif
+
 /*
  * We overload some of the OpenSSL crypto functions with ssh_* equivalents
  * which cater for older and/or less featureful OpenSSL version.