From fd30986c927e66985ddc43b25794651c76ba477c Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Mon, 5 Mar 2007 18:25:20 +1100
Subject:  - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around
 a    bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and
 arcfour256    ciphers from working correctly (disconnects with "Bad packet
 length"    errors) as found by Ben Harris.  ok djm@

---
 ChangeLog                       | 6 +++++-
 openbsd-compat/openssl-compat.h | 7 ++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3035eca05..188d04293 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,10 @@
  - (djm) [configure.ac] add a --without-openssl-header-check option to
    configure, as some platforms (OS X) ship OpenSSL headers whose version
    does not match that of the shipping library. ok dtucker@
+ - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
+   bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
+   ciphers from working correctly (disconnects with "Bad packet length"
+   errors) as found by Ben Harris.  ok djm@
 
 20070303
  - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
@@ -2799,4 +2803,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4630 2007/03/05 00:51:27 djm Exp $
+$Id: ChangeLog,v 1.4631 2007/03/05 07:25:20 dtucker Exp $
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index c582cd269..9b5ccff5f 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.6 2006/02/22 11:24:47 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.7 2007/03/05 07:25:20 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -46,6 +46,11 @@ extern const EVP_CIPHER *evp_acss(void);
 # endif
 #endif
 
+/* OpenSSL 0.9.8e returns cipher key len not context key len */
+#if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
+# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
+#endif
+
 /*
  * We overload some of the OpenSSL crypto functions with ssh_* equivalents
  * which cater for older and/or less featureful OpenSSL version.
-- 
cgit v1.2.3