diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2007-03-05 18:25:20 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2007-03-05 18:25:20 +1100 |
| commit | fd30986c927e66985ddc43b25794651c76ba477c (patch) | |
| tree | 16ef25a47e4eaa302bc4f54f930b802d3415ff41 | |
| parent | 9975e483498430b8fa75fccd2bad681781df24d1 (diff) | |
- (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
ciphers from working correctly (disconnects with "Bad packet length"
errors) as found by Ben Harris. ok djm@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | openbsd-compat/openssl-compat.h | 7 |
2 files changed, 11 insertions, 2 deletions
@@ -2,6 +2,10 @@ - (djm) [configure.ac] add a --without-openssl-header-check option to configure, as some platforms (OS X) ship OpenSSL headers whose version does not match that of the shipping library. ok dtucker@ + - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a + bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 + ciphers from working correctly (disconnects with "Bad packet length" + errors) as found by Ben Harris. ok djm@ 20070303 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more @@ -2799,4 +2803,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4630 2007/03/05 00:51:27 djm Exp $ +$Id: ChangeLog,v 1.4631 2007/03/05 07:25:20 dtucker Exp $ diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index c582cd26..9b5ccff5 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.6 2006/02/22 11:24:47 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.7 2007/03/05 07:25:20 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> @@ -46,6 +46,11 @@ extern const EVP_CIPHER *evp_acss(void); # endif #endif +/* OpenSSL 0.9.8e returns cipher key len not context key len */ +#if (OPENSSL_VERSION_NUMBER == 0x0090805fL) +# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) +#endif + /* * We overload some of the OpenSSL crypto functions with ssh_* equivalents * which cater for older and/or less featureful OpenSSL version. |