diff --git a/ChangeLog b/ChangeLog
index f44c4f1ca..2c6da413f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,12 @@
      reset incoming_packet buffer for each new packet in EtM-case, too;
      this happens if packets are parsed only parially (e.g. ignore
      messages sent when su/sudo turn off echo); noted by sthen/millert
+   - naddy@cvs.openbsd.org 2012/12/12 16:46:10
+     [cipher.c]
+     use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
+     counter mode code; ok djm@
+ - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
+   compat code for older OpenSSL
 
 20121212
  - (djm) OpenBSD CVS Sync
diff --git a/cipher-ctr.c b/cipher-ctr.c
index 04975b4b6..f053abe2e 100644
--- a/cipher-ctr.c
+++ b/cipher-ctr.c
@@ -16,6 +16,7 @@
  */
 #include "includes.h"
 
+#ifndef OPENSSL_HAVE_EVPCTR
 #include <sys/types.h>
 
 #include <stdarg.h>
@@ -144,3 +145,5 @@ evp_aes_128_ctr(void)
 #endif
 	return (&aes_ctr);
 }
+
+#endif /* OPENSSL_HAVE_EVPCTR */
diff --git a/cipher.c b/cipher.c
index 2116b55b1..d15c226ae 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.83 2012/12/11 22:31:18 markus Exp $ */
+/* $OpenBSD: cipher.c,v 1.84 2012/12/12 16:46:10 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -54,8 +54,12 @@
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
-extern const EVP_CIPHER *evp_aes_128_ctr(void);
+#ifndef OPENSSL_HAVE_EVPCTR
+#define EVP_aes_128_ctr evp_aes_128_ctr
+#define EVP_aes_192_ctr evp_aes_128_ctr
+#define EVP_aes_256_ctr evp_aes_128_ctr
 extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+#endif
 
 struct Cipher {
 	char	*name;
@@ -82,9 +86,9 @@ struct Cipher {
 	{ "aes256-cbc",		SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
 	{ "rijndael-cbc@lysator.liu.se",
 				SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
-	{ "aes128-ctr",		SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
-	{ "aes192-ctr",		SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
-	{ "aes256-ctr",		SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
+	{ "aes128-ctr",		SSH_CIPHER_SSH2, 16, 16, 0, 0, EVP_aes_128_ctr },
+	{ "aes192-ctr",		SSH_CIPHER_SSH2, 16, 24, 0, 0, EVP_aes_192_ctr },
+	{ "aes256-ctr",		SSH_CIPHER_SSH2, 16, 32, 0, 0, EVP_aes_256_ctr },
 #ifdef USE_CIPHER_ACSS
 	{ "acss@openssh.org",	SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
 #endif
@@ -363,10 +367,12 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
 			ssh_rijndael_iv(&cc->evp, 0, iv, len);
 		else
 #endif
+#ifndef OPENSSL_HAVE_EVPCTR
 		if (c->evptype == evp_aes_128_ctr)
 			ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
 		else
-			memcpy(iv, cc->evp.iv, len);
+#endif
+		memcpy(iv, cc->evp.iv, len);
 		break;
 	case SSH_CIPHER_3DES:
 		ssh1_3des_iv(&cc->evp, 0, iv, 24);
@@ -394,10 +400,12 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
 			ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
 		else
 #endif
+#ifndef OPENSSL_HAVE_EVPCTR
 		if (c->evptype == evp_aes_128_ctr)
 			ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen);
 		else
-			memcpy(cc->evp.iv, iv, evplen);
+#endif
+		memcpy(cc->evp.iv, iv, evplen);
 		break;
 	case SSH_CIPHER_3DES:
 		ssh1_3des_iv(&cc->evp, 1, iv, 24);
diff --git a/configure.ac b/configure.ac
index 8b32e40c9..64c231b7e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.498 2012/12/03 01:35:55 djm Exp $
+# $Id: configure.ac,v 1.499 2012/12/12 21:18:56 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.498 $)
+AC_REVISION($Revision: 1.499 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
 
@@ -2299,6 +2299,27 @@ AC_LINK_IFELSE(
 	]
 )
 
+# Check for OpenSSL with EVP_aes_*ctr
+AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
+AC_LINK_IFELSE(
+	[AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/evp.h>
+	]], [[
+	exit(EVP_aes_128_ctr() == NULL ||
+	    EVP_aes_192_cbc() == NULL ||
+	    EVP_aes_256_cbc() == NULL);
+	]])],
+	[
+		AC_MSG_RESULT([yes])
+		AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
+		    [libcrypto has EVP AES CTR])
+	],
+	[
+		AC_MSG_RESULT([no])
+	]
+)
+
 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
 AC_LINK_IFELSE(
 	[AC_LANG_PROGRAM([[