From b6f73b3af6fa14df1306d763dd7ec38f68de6f79 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 11 Feb 2013 10:39:12 +1100
Subject: [PATCH]  - (djm) [configure.ac openbsd-compat/openssl-compat.h]
 Repair build on old    libcrypto that lacks EVP_CIPHER_CTX_ctrl

---
 ChangeLog                       |  4 ++++
 configure.ac                    | 15 ++++++++++++---
 openbsd-compat/openssl-compat.h | 11 ++++++++++-
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5e832e7d5..798f5452e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20130211
+ - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
+   libcrypto that lacks EVP_CIPHER_CTX_ctrl
+
 20130208
  - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
    patch from Iain Morgan in bz#2059
diff --git a/configure.ac b/configure.ac
index 6df09e210..e96e81e64 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.502 2013/02/08 00:50:09 dtucker Exp $
+# $Id: configure.ac,v 1.503 2013/02/10 23:39:13 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.502 $)
+AC_REVISION($Revision: 1.503 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
 
@@ -2339,7 +2339,12 @@ AC_LINK_IFELSE(
 #include <openssl/evp.h>
 	]], [[
 	exit(EVP_aes_128_gcm() == NULL ||
-	    EVP_aes_256_gcm() == NULL);
+	    EVP_aes_256_gcm() == NULL ||
+	    EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
+	    EVP_CTRL_GCM_IV_GEN == 0 ||
+	    EVP_CTRL_GCM_SET_TAG == 0 ||
+	    EVP_CTRL_GCM_GET_TAG == 0 ||
+	    EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
 	]])],
 	[
 		AC_MSG_RESULT([yes])
@@ -2351,6 +2356,10 @@ AC_LINK_IFELSE(
 	]
 )
 
+AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
+	[AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
+	    [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
+
 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
 AC_LINK_IFELSE(
 	[AC_LANG_PROGRAM([[
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index eca62769e..6c4d68def 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.22 2013/01/20 11:31:37 djm Exp $ */
+/* $Id: openssl-compat.h,v 1.23 2013/02/10 23:39:15 djm Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -79,6 +79,15 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
 # define EVP_CTRL_GCM_GET_TAG -1
 #endif
 
+/* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */
+#ifndef HAVE_EVP_CIPHER_CTX_CTRL
+# ifdef OPENSSL_HAVE_EVPGCM
+#  error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */
+# else
+# define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0)
+# endif
+#endif
+
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
 #define EVP_X_STATE(evp)	&(evp).c
 #define EVP_X_STATE_LEN(evp)	sizeof((evp).c)