openssh unix dev - Sep 2011 - cipher_get_keycontext() and cipher_set_keycontext() copying OpenSSL RC4 cryptographic state

These two functions in cipher.c (I have looked at openssh5.8p1 &
openssh5.9p1) copy the internal cryptographic state of an OpenSSL RC4
encryption/decryption context using simple memcpy().
This code also copies the state when evptype is EVP_acss, which I am unfamiliar
with.
This code appears to works fine when using the builtin crypto of OpenSSL 1.0.0d.
However, I have been doing some work to make OpenSSH use alternative crypto
engines and it appears to me that this code may not work correctly when using an
OpenSSL engine.
The cipher_data could contain pointers to other data objects so just copying the
cipher_data is not going to work correctly.

OpenSSL provides EVP_CIPHER_CTX_copy() which can be used to safely copy the
cryptographic state of an EVP_CIPHER_CTX.
This API will call an engine specific interface to perform the copy, if required
by the engine, ensuring that the cipher_data is copied correctly.
It's unclear exactly how EVP_CIPHER_CTX_copy() can be used in the OpenSSH
code.

It's unclear to me exactly under which situations cipher_get_keycontext()
and cipher_set_keycontext() will be called.
Can someone provide me with some instructions on how I could configure an
OpenSSH linux installation to verify this will be an issue when using an engine?
Once I have verified this is an issue I will file a bug.

Thanks
Rob

-- 
Robert Dugal	Team Lead SSL & PKI Group
Certicom Corp.	A Subsidiary of Research In Motion
                  4701 Tahoe Blvd., Building A
                  Mississauga, ON
                  L4W 0B5

rdugal at certicom.com
direct       	+1.289.261.4148
mobile      	+1.416.276.8062
main         	+1.905.507.4220
fax             	+1.905.507.4230
www.certicom.com

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error, please
immediately reply to the sender and delete this information from your system.
Use, dissemination, distribution, or reproduction of this transmission by
unintended recipients is not authorized and may be unlawful.