The patches have been merged upstream.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
PKG_NAME:=ipmitool
PKG_VERSION:=1.8.18
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/$(PKG_NAME)
--- /dev/null
+From b57487e360916ab3eaa50aa6d021c73b6337a4a0 Mon Sep 17 00:00:00 2001
+From: Dennis Schridde <dennis.schridde@uni-heidelberg.de>
+Date: Wed, 30 Nov 2016 17:33:00 +0100
+Subject: [PATCH 1/4] ID:461 - OpenSSL 1.1 compatibility - "error: storage size
+ of 'ctx' isn't known"
+
+In OpenSSL 1.1 EVP_CIPHER_CTX became opaque, cf. `man 3ssl EVP_EncryptInit`
+
+Fixes: ID:461
+---
+ src/plugins/lanplus/lanplus_crypt_impl.c | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
+index d5fac37..3c0df23 100644
+--- a/src/plugins/lanplus/lanplus_crypt_impl.c
++++ b/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
++ EVP_CIPHER_CTX* ctx;
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+
+ *bytes_written = 0;
+@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ {
+ /* Error */
+ *bytes_written = 0;
+@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ {
+ uint32_t tmplen;
+
+- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
+ *bytes_written = 0;
+ return; /* Error */
+@@ -210,7 +210,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
++ EVP_CIPHER_CTX_cleanup(ctx);
+ }
+ }
+ }
+@@ -239,10 +239,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
++ EVP_CIPHER_CTX* ctx;
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+
+ if (verbose >= 5)
+@@ -266,7 +266,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ {
+ /* Error */
+ lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+@@ -277,7 +277,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ {
+ uint32_t tmplen;
+
+- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
+ char buffer[1000];
+ ERR_error_string(ERR_get_error(), buffer);
+@@ -290,7 +290,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
++ EVP_CIPHER_CTX_cleanup(ctx);
+ }
+ }
+
+--
+2.16.1
+
--- /dev/null
+From 77fe5635037ebaf411cae46cf5045ca819b5c145 Mon Sep 17 00:00:00 2001
+From: Zdenek Styblik <stybla@turnovfree.net>
+Date: Sun, 15 Jan 2017 15:11:25 +0100
+Subject: [PATCH 2/4] ID:461 - Make compiler happier about changes related to
+ OpenSSL 1.1
+
+Complaint was that ctx isn't initialized.
+---
+ src/plugins/lanplus/lanplus_crypt_impl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
+index 3c0df23..d12d0e3 100644
+--- a/src/plugins/lanplus/lanplus_crypt_impl.c
++++ b/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,7 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX* ctx;
++ EVP_CIPHER_CTX *ctx = NULL;
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+@@ -239,7 +239,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX* ctx;
++ EVP_CIPHER_CTX *ctx = NULL;
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+--
+2.16.1
+
--- /dev/null
+From f004b4b7197fc83e7d47ec8cbcaefffa9a922717 Mon Sep 17 00:00:00 2001
+From: Zdenek Styblik <stybla@turnovfree.net>
+Date: Sun, 12 Mar 2017 14:00:35 +0100
+Subject: [PATCH 3/4] ID:480 - ipmitool coredumps in EVP_CIPHER_CTX_init
+
+IPMI tool coredumps due to changes introduced in ID:461. This shouldn't be
+surprise as a NULL pointer is passed to init. Commit addresses this issue by
+calling EVP_CIPHER_CTX_new() instead of EVP_CIPHER_CTX_init(), which is
+deprecated, and by checking return value of call to former function.
+---
+ src/plugins/lanplus/lanplus_crypt_impl.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
+index d12d0e3..0e330c1 100644
+--- a/src/plugins/lanplus/lanplus_crypt_impl.c
++++ b/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -165,10 +165,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ uint32_t * bytes_written)
+ {
+ EVP_CIPHER_CTX *ctx = NULL;
+- EVP_CIPHER_CTX_init(ctx);
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ *bytes_written = 0;
++ return;
++ }
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+-
+
+ *bytes_written = 0;
+
+@@ -240,11 +243,14 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ uint32_t * bytes_written)
+ {
+ EVP_CIPHER_CTX *ctx = NULL;
+- EVP_CIPHER_CTX_init(ctx);
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ *bytes_written = 0;
++ return;
++ }
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+-
+ if (verbose >= 5)
+ {
+ printbuf(iv, 16, "decrypting with this IV");
+--
+2.16.1
+
--- /dev/null
+From 1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1 Mon Sep 17 00:00:00 2001
+From: Holger Liebig <holger.liebig@ts.fujitsu.com>
+Date: Tue, 4 Apr 2017 20:43:05 +0200
+Subject: [PATCH 4/4] ID:480 - Call EVP_CIPHER_CTX_free() instead of
+ EVP_CIPHER_CTX_cleanup()
+
+Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup() to fix memory
+leak.
+---
+ src/plugins/lanplus/lanplus_crypt_impl.c | 44 +++++++++++++++++---------------
+ 1 file changed, 23 insertions(+), 21 deletions(-)
+
+diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
+index 0e330c1..9652a5e 100644
+--- a/src/plugins/lanplus/lanplus_crypt_impl.c
++++ b/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -165,13 +165,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ uint32_t * bytes_written)
+ {
+ EVP_CIPHER_CTX *ctx = NULL;
+- ctx = EVP_CIPHER_CTX_new();
+- if (ctx == NULL) {
+- *bytes_written = 0;
+- return;
+- }
+- EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ *bytes_written = 0;
+
+@@ -185,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ printbuf(input, input_length, "encrypting this data");
+ }
+
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++ return;
++ }
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ /*
+ * The default implementation adds a whole block of padding if the input
+@@ -198,7 +199,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ {
+ /* Error */
+ *bytes_written = 0;
+- return;
+ }
+ else
+ {
+@@ -206,16 +206,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+
+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
++ /* Error */
+ *bytes_written = 0;
+- return; /* Error */
+ }
+ else
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(ctx);
+ }
+ }
++ /* performs cleanup and free */
++ EVP_CIPHER_CTX_free(ctx);
+ }
+
+
+@@ -243,13 +244,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ uint32_t * bytes_written)
+ {
+ EVP_CIPHER_CTX *ctx = NULL;
+- ctx = EVP_CIPHER_CTX_new();
+- if (ctx == NULL) {
+- *bytes_written = 0;
+- return;
+- }
+- EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ if (verbose >= 5)
+ {
+@@ -258,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ printbuf(input, input_length, "decrypting this data");
+ }
+
+-
+ *bytes_written = 0;
+
+ if (input_length == 0)
+ return;
+
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++ return;
++ }
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
++
+ /*
+ * The default implementation adds a whole block of padding if the input
+ * data is perfectly aligned. We would like to keep that from happening.
+@@ -277,7 +279,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ /* Error */
+ lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+ *bytes_written = 0;
+- return;
+ }
+ else
+ {
+@@ -285,20 +286,21 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+
+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
++ /* Error */
+ char buffer[1000];
+ ERR_error_string(ERR_get_error(), buffer);
+ lprintf(LOG_DEBUG, "the ERR error %s", buffer);
+ lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
+ *bytes_written = 0;
+- return; /* Error */
+ }
+ else
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(ctx);
+ }
+ }
++ /* performs cleanup and free */
++ EVP_CIPHER_CTX_free(ctx);
+
+ if (verbose >= 5)
+ {
+--
+2.16.1
+