From 190d9b26d35953b13a58b89f44a0fef5b3cd1dab Mon Sep 17 00:00:00 2001 From: dtucker Date: Mon, 5 Mar 2007 07:25:20 +0000 Subject: [PATCH] - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 ciphers from working correctly (disconnects with "Bad packet length" errors) as found by Ben Harris. ok djm@ --- ChangeLog | 4 ++++ openbsd-compat/openssl-compat.h | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index 06172d61..3b175540 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ - (djm) [configure.ac] add a --without-openssl-header-check option to configure, as some platforms (OS X) ship OpenSSL headers whose version does not match that of the shipping library. ok dtucker@ + - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a + bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 + ciphers from working correctly (disconnects with "Bad packet length" + errors) as found by Ben Harris. ok djm@ 20070303 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 36a09f6b..a37f1473 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -46,6 +46,11 @@ extern const EVP_CIPHER *evp_acss(void); # endif #endif +/* OpenSSL 0.9.8e returns cipher key len not context key len */ +#if (OPENSSL_VERSION_NUMBER == 0x0090805fL) +# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) +#endif + /* * We overload some of the OpenSSL crypto functions with ssh_* equivalents * which cater for older and/or less featureful OpenSSL version. -- 2.45.2