- (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits

needed to build AES CTR mode against OpenSSL 0.9.8f and above.  ok djm

ChangeLog

@@ -1,3 +1,7 @@
+20140721
+ - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
+   needed to build AES CTR mode against OpenSSL 0.9.8f and above.  ok djm
+
 20140719
  - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used
    in servconf.h.

cipher.c

@@ -49,6 +49,8 @@
 #include "ssherr.h"
 #include "digest.h"
 
+#include "openbsd-compat/openssl-compat.h"
+
 #ifdef WITH_SSH1
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
@@ -545,6 +547,11 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
 			return SSH_ERR_LIBCRYPTO_ERROR;
 		if ((u_int)evplen != len)
 			return SSH_ERR_INVALID_ARGUMENT;
+#ifndef OPENSSL_HAVE_EVPCTR
+		if (c->evptype == evp_aes_128_ctr)
+			ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
+		else
+#endif
 		if (cipher_authlen(c)) {
 			if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,
 			   len, iv))

openbsd-compat/openssl-compat.h

@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.28 2014/07/02 05:28:07 djm Exp $ */
+/* $Id: openssl-compat.h,v 1.29 2014/07/20 16:24:59 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -34,6 +34,14 @@ int ssh_compatible_openssl(long, long);
 # define LIBCRYPTO_EVP_INL_TYPE size_t
 #endif
 
+#ifndef OPENSSL_HAVE_EVPCTR
+#define EVP_aes_128_ctr evp_aes_128_ctr
+#define EVP_aes_192_ctr evp_aes_128_ctr
+#define EVP_aes_256_ctr evp_aes_128_ctr
+const EVP_CIPHER *evp_aes_128_ctr(void);
+void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
+#endif
+
 /* Avoid some #ifdef. Code that uses these is unreachable without GCM */
 #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED)
 # define EVP_CTRL_GCM_SET_IV_FIXED -1