From fabdb6c29022846ed10fde235db0a7c53f21a6b1 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Mon, 20 Feb 2006 20:17:35 +1100
Subject:  - (dtucker) [INSTALL configure.ac
 openbsd-compat/openssl-compat.{c,h}]    Add optional enabling of OpenSSL's
 (hardware) Engine support, via    configure --with-ssl-engine.  Based in part
 on a diff by michal at    logix.cz.

---
 openbsd-compat/openssl-compat.h | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'openbsd-compat/openssl-compat.h')

diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 8a015ec43..1196d71ea 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.4 2006/02/20 09:17:36 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -54,21 +54,22 @@ extern const EVP_CIPHER *evp_acss(void);
  * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
  * implement the ssh_* equivalents.
  */
-#ifdef SSH_OLD_EVP
-
-# ifndef SSH_DONT_REDEF_EVP
+#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS
 
+# ifdef SSH_OLD_EVP
 #  ifdef EVP_Cipher
 #   undef EVP_Cipher
 #  endif
-
 #  define EVP_CipherInit(a,b,c,d,e)	ssh_EVP_CipherInit((a),(b),(c),(d),(e))
 #  define EVP_Cipher(a,b,c,d)		ssh_EVP_Cipher((a),(b),(c),(d))
 #  define EVP_CIPHER_CTX_cleanup(a)	ssh_EVP_CIPHER_CTX_cleanup((a))
-# endif
+# endif /* SSH_OLD_EVP */
+
+# define SSLeay_add_all_algorithms()	ssh_SSLeay_add_all_algorithms()
+void ssh_SSLeay_add_all_algorithms(void);
 
 int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
     unsigned char *, int);
 int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
 int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
-#endif
+#endif	/* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
-- 
cgit v1.2.3


From 3322e0d421676a6931fe01efdd5e0f34af8e5da2 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Wed, 22 Feb 2006 00:00:27 +1100
Subject:  - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about 
   redefinition of SSLeay_add_all_algorithms.

---
 ChangeLog                       | 6 +++++-
 openbsd-compat/openssl-compat.h | 9 +++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

(limited to 'openbsd-compat/openssl-compat.h')

diff --git a/ChangeLog b/ChangeLog
index 2c0bd1e9d..43d09104f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20060221
+ - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
+   redefinition of SSLeay_add_all_algorithms.
+
 20060220
  - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
    Add optional enabling of OpenSSL's (hardware) Engine support, via
@@ -3869,4 +3873,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4131 2006/02/20 09:17:35 dtucker Exp $
+$Id: ChangeLog,v 1.4132 2006/02/21 13:00:27 dtucker Exp $
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 1196d71ea..01fc41e3a 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.4 2006/02/20 09:17:36 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.5 2006/02/21 13:00:28 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -65,8 +65,13 @@ extern const EVP_CIPHER *evp_acss(void);
 #  define EVP_CIPHER_CTX_cleanup(a)	ssh_EVP_CIPHER_CTX_cleanup((a))
 # endif /* SSH_OLD_EVP */
 
-# define SSLeay_add_all_algorithms()	ssh_SSLeay_add_all_algorithms()
+# ifdef USE_OPENSSL_ENGINE
+#  ifdef SSLeay_add_all_algorithms
+#   undef SSLeay_add_all_algorithms
+#  endif
+#  define SSLeay_add_all_algorithms()	ssh_SSLeay_add_all_algorithms()
 void ssh_SSLeay_add_all_algorithms(void);
+#endif
 
 int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
     unsigned char *, int);
-- 
cgit v1.2.3


From 94413cf32ba932537ef215b07eb1833e297fcae5 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Wed, 22 Feb 2006 22:24:47 +1100
Subject:  - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up:
 only    compile in compat code if required.

---
 ChangeLog                       | 6 +++++-
 openbsd-compat/openssl-compat.c | 6 +++---
 openbsd-compat/openssl-compat.h | 4 ++--
 3 files changed, 10 insertions(+), 6 deletions(-)

(limited to 'openbsd-compat/openssl-compat.h')

diff --git a/ChangeLog b/ChangeLog
index 43d09104f..f942c2453 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2006022
+ - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
+   compile in compat code if required.
+
 20060221
  - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
    redefinition of SSLeay_add_all_algorithms.
@@ -3873,4 +3877,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4132 2006/02/21 13:00:27 dtucker Exp $
+$Id: ChangeLog,v 1.4133 2006/02/22 11:24:47 dtucker Exp $
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 763f84734..45ebd3f66 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.3 2006/02/20 09:17:36 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.4 2006/02/22 11:24:47 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -49,14 +49,14 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
 }
 #endif
 
+#ifdef	USE_OPENSSL_ENGINE
 void
 ssh_SSLeay_add_all_algorithms(void)
 {
 	SSLeay_add_all_algorithms();
 
-#ifdef	USE_OPENSSL_ENGINE
 	/* Enable use of crypto hardware */
 	ENGINE_load_builtin_engines();
 	ENGINE_register_all_complete();
-#endif
 }
+#endif
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 01fc41e3a..c582cd269 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.5 2006/02/21 13:00:28 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.6 2006/02/22 11:24:47 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -70,11 +70,11 @@ extern const EVP_CIPHER *evp_acss(void);
 #   undef SSLeay_add_all_algorithms
 #  endif
 #  define SSLeay_add_all_algorithms()	ssh_SSLeay_add_all_algorithms()
-void ssh_SSLeay_add_all_algorithms(void);
 #endif
 
 int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
     unsigned char *, int);
 int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
 int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
+void ssh_SSLeay_add_all_algorithms(void);
 #endif	/* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
-- 
cgit v1.2.3


From fd30986c927e66985ddc43b25794651c76ba477c Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Mon, 5 Mar 2007 18:25:20 +1100
Subject:  - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around
 a    bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and
 arcfour256    ciphers from working correctly (disconnects with "Bad packet
 length"    errors) as found by Ben Harris.  ok djm@

---
 ChangeLog                       | 6 +++++-
 openbsd-compat/openssl-compat.h | 7 ++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'openbsd-compat/openssl-compat.h')

diff --git a/ChangeLog b/ChangeLog
index 3035eca05..188d04293 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,10 @@
  - (djm) [configure.ac] add a --without-openssl-header-check option to
    configure, as some platforms (OS X) ship OpenSSL headers whose version
    does not match that of the shipping library. ok dtucker@
+ - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
+   bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
+   ciphers from working correctly (disconnects with "Bad packet length"
+   errors) as found by Ben Harris.  ok djm@
 
 20070303
  - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
@@ -2799,4 +2803,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4630 2007/03/05 00:51:27 djm Exp $
+$Id: ChangeLog,v 1.4631 2007/03/05 07:25:20 dtucker Exp $
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index c582cd269..9b5ccff5f 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.6 2006/02/22 11:24:47 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.7 2007/03/05 07:25:20 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -46,6 +46,11 @@ extern const EVP_CIPHER *evp_acss(void);
 # endif
 #endif
 
+/* OpenSSL 0.9.8e returns cipher key len not context key len */
+#if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
+# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
+#endif
+
 /*
  * We overload some of the OpenSSL crypto functions with ssh_* equivalents
  * which cater for older and/or less featureful OpenSSL version.
-- 
cgit v1.2.3