diff --git a/ChangeLog b/ChangeLog
index b5812cc7d..868158cfc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,9 @@
      [myproposal.h packet.c ssh_config.5 sshd_config.5]
      support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
      ok and feedback djm@
+ - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
+   Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
+   cipher compat code to openssl-compat.h
 
 20121217
  - (dtucker) [Makefile.in] Add some scaffolding so that the new regress
diff --git a/cipher.c b/cipher.c
index cad8a2f36..e137f359b 100644
--- a/cipher.c
+++ b/cipher.c
@@ -54,25 +54,18 @@
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
-#ifndef OPENSSL_HAVE_EVPCTR
-#define EVP_aes_128_ctr evp_aes_128_ctr
-#define EVP_aes_192_ctr evp_aes_128_ctr
-#define EVP_aes_256_ctr evp_aes_128_ctr
-extern const EVP_CIPHER *evp_aes_128_ctr(void);
-extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
-#endif
 
 struct Cipher {
 	char	*name;
 	int	number;		/* for ssh1 only */
 	u_int	block_size;
 	u_int	key_len;
+	u_int	iv_len;		/* defaults to block_size */
+	u_int	auth_len;
 	u_int	discard_len;
 	u_int	cbc_mode;
 	const EVP_CIPHER	*(*evptype)(void);
 } ciphers[] = {
-	{ NULL,			SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
-
 	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
 	{ "des",	SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
 	{ "3des",	SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
@@ -94,10 +87,12 @@ struct Cipher {
 	{ "aes128-ctr",	SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
 	{ "aes192-ctr",	SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
 	{ "aes256-ctr",	SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
+#ifdef OPENSSL_HAVE_EVPGCM
 	{ "aes128-gcm@openssh.com",
 			SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
 	{ "aes256-gcm@openssh.com",
 			SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
+#endif
 #ifdef USE_CIPHER_ACSS
 	{ "acss@openssh.org",
 			SSH_CIPHER_SSH2, 16, 5, 0, 0, 0, 0, EVP_acss },
@@ -473,14 +468,6 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
 	}
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-#define EVP_X_STATE(evp)	&(evp).c
-#define EVP_X_STATE_LEN(evp)	sizeof((evp).c)
-#else
-#define EVP_X_STATE(evp)	(evp).cipher_data
-#define EVP_X_STATE_LEN(evp)	(evp).cipher->ctx_size
-#endif
-
 int
 cipher_get_keycontext(const CipherContext *cc, u_char *dat)
 {
diff --git a/configure.ac b/configure.ac
index 64c231b7e..36761233c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.499 2012/12/12 21:18:56 djm Exp $
+# $Id: configure.ac,v 1.500 2013/01/09 05:42:47 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.499 $)
+AC_REVISION($Revision: 1.500 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
 
@@ -2320,6 +2320,26 @@ AC_LINK_IFELSE(
 	]
 )
 
+# Check for OpenSSL with EVP_aes_*gcm
+AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
+AC_LINK_IFELSE(
+	[AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/evp.h>
+	]], [[
+	exit(EVP_aes_128_gcm() == NULL ||
+	    EVP_aes_256_gcm() == NULL);
+	]])],
+	[
+		AC_MSG_RESULT([yes])
+		AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
+		    [libcrypto has EVP AES GCM])
+	],
+	[
+		AC_MSG_RESULT([no])
+	]
+)
+
 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
 AC_LINK_IFELSE(
 	[AC_LANG_PROGRAM([[
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index a151eff38..28da3be2d 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.20 2012/01/17 03:03:39 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.21 2013/01/09 05:42:49 djm Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -63,6 +63,30 @@ extern const EVP_CIPHER *evp_rijndael(void);
 extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
 #endif
 
+#ifndef OPENSSL_HAVE_EVPCTR
+#define EVP_aes_128_ctr evp_aes_128_ctr
+#define EVP_aes_192_ctr evp_aes_128_ctr
+#define EVP_aes_256_ctr evp_aes_128_ctr
+extern const EVP_CIPHER *evp_aes_128_ctr(void);
+extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+#endif
+
+/* Avoid some #ifdef. Code that uses these is unreachable without GCM */
+#if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED)
+# define EVP_CTRL_GCM_SET_IV_FIXED -1
+# define EVP_CTRL_GCM_IV_GEN -1
+# define EVP_CTRL_GCM_SET_TAG -1
+# define EVP_CTRL_GCM_GET_TAG -1
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+#define EVP_X_STATE(evp)	&(evp).c
+#define EVP_X_STATE_LEN(evp)	sizeof((evp).c)
+#else
+#define EVP_X_STATE(evp)	(evp).cipher_data
+#define EVP_X_STATE_LEN(evp)	(evp).cipher->ctx_size
+#endif
+
 #if !defined(EVP_CTRL_SET_ACSS_MODE)
 # if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 #  define USE_CIPHER_ACSS 1