svn commit: r481915 - in head/sysutils/ipmitool: . files
Sean Bruno
sbruno at FreeBSD.org
Fri Oct 12 17:51:38 UTC 2018
Author: sbruno
Date: Fri Oct 12 17:51:37 2018
New Revision: 481915
URL: https://svnweb.freebsd.org/changeset/ports/481915
Log:
sysutils/ipmitool: unbreak with openssl 1.1.1 import
- Only apply openssl patch if we are on a version of FreeBSD with openssl 1.1.1
- Don't bump portrevision as we don't change anything except on broken systems
It should be noted that this is a functional way to fix this port and is the method
used upstream. There are most likely better ways to do this.
Reviewed by: 0mp (Makefile changes)
Obtained from
Sponsored by: Limelight Networks
Added:
head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c (contents, props changed)
Modified:
head/sysutils/ipmitool/Makefile
Modified: head/sysutils/ipmitool/Makefile
==============================================================================
--- head/sysutils/ipmitool/Makefile Fri Oct 12 17:03:07 2018 (r481914)
+++ head/sysutils/ipmitool/Makefile Fri Oct 12 17:51:37 2018 (r481915)
@@ -49,6 +49,12 @@ FREEIPMI_CPPFLAGS= -I${LOCALBASE}/include
FREEIPMI_LDFLAGS= -L${LOCALBASE}/lib
FREEIPMI_CONFIGURE_ENABLE= intf-free
+.include <bsd.port.options.mk>
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200085
+EXTRA_PATCHES= ${PATCHDIR}/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c
+.endif
+
post-install:
@${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIR}
${INSTALL_SCRIPT} ${WRKDIR}/status-ipmi.sh ${STAGEDIR}${PREFIX}/${PERIODIC_DIR}/400.status-ipmi
Added: head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c Fri Oct 12 17:51:37 2018 (r481915)
@@ -0,0 +1,140 @@
+--- src/plugins/lanplus/lanplus_crypt_impl.c.orig 2016-05-28 08:20:20 UTC
++++ src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-
++ EVP_CIPHER_CTX *ctx = NULL;
+
+ *bytes_written = 0;
+
+@@ -182,6 +178,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ printbuf(input, input_length, "encrypting this data");
+ }
+
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++ return;
++ }
++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ /*
+ * The default implementation adds a whole block of padding if the input
+@@ -191,28 +194,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ {
+ /* Error */
+ *bytes_written = 0;
+- return;
+ }
+ else
+ {
+ uint32_t tmplen;
+
+- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
++ /* Error */
+ *bytes_written = 0;
+- return; /* Error */
+ }
+ else
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ }
++ /* performs cleanup and free */
++ EVP_CIPHER_CTX_free(ctx);
+ }
+
+
+@@ -239,12 +242,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
++ EVP_CIPHER_CTX *ctx;
+
+-
+ if (verbose >= 5)
+ {
+ printbuf(iv, 16, "decrypting with this IV");
+@@ -252,12 +251,19 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ printbuf(input, input_length, "decrypting this data");
+ }
+
+-
+ *bytes_written = 0;
+
+ if (input_length == 0)
+ return;
+
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ *bytes_written = 0;
++ return;
++ }
++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
++
+ /*
+ * The default implementation adds a whole block of padding if the input
+ * data is perfectly aligned. We would like to keep that from happening.
+@@ -266,31 +272,29 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ {
+ /* Error */
+ lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+ *bytes_written = 0;
+- return;
+ }
+ else
+ {
+ uint32_t tmplen;
+
+- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
++ /* Error */
+ char buffer[1000];
+ ERR_error_string(ERR_get_error(), buffer);
+ lprintf(LOG_DEBUG, "the ERR error %s", buffer);
+ lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
+ *bytes_written = 0;
+- return; /* Error */
+ }
+ else
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ }
+
+@@ -299,4 +303,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes", input_length);
+ printbuf(output, *bytes_written, "Decrypted this data");
+ }
++ /* performs cleanup and free */
++ EVP_CIPHER_CTX_free(ctx);
+ }
More information about the svn-ports-head
mailing list