Browse Source

ipmitool: add openssl 1.1.0 compatibility

The patches have been merged upstream.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
lilik-openwrt-22.03
Eneas U de Queiroz 7 years ago
committed by Alexander Couzens
parent
commit
774f617d27
5 changed files with 338 additions and 1 deletions
  1. +1
    -1
      admin/ipmitool/Makefile
  2. +104
    -0
      admin/ipmitool/patches/0001-ID-461-OpenSSL-1.1-compatibility-error-storage-size-.patch
  3. +36
    -0
      admin/ipmitool/patches/0002-ID-461-Make-compiler-happier-about-changes-related-t.patch
  4. +53
    -0
      admin/ipmitool/patches/0003-ID-480-ipmitool-coredumps-in-EVP_CIPHER_CTX_init.patch
  5. +144
    -0
      admin/ipmitool/patches/0004-ID-480-Call-EVP_CIPHER_CTX_free-instead-of-EVP_CIPHE.patch

+ 1
- 1
admin/ipmitool/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ipmitool
PKG_VERSION:=1.8.18
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/$(PKG_NAME)


+ 104
- 0
admin/ipmitool/patches/0001-ID-461-OpenSSL-1.1-compatibility-error-storage-size-.patch View File

@ -0,0 +1,104 @@
From b57487e360916ab3eaa50aa6d021c73b6337a4a0 Mon Sep 17 00:00:00 2001
From: Dennis Schridde <dennis.schridde@uni-heidelberg.de>
Date: Wed, 30 Nov 2016 17:33:00 +0100
Subject: [PATCH 1/4] ID:461 - OpenSSL 1.1 compatibility - "error: storage size
of 'ctx' isn't known"
In OpenSSL 1.1 EVP_CIPHER_CTX became opaque, cf. `man 3ssl EVP_EncryptInit`
Fixes: ID:461
---
src/plugins/lanplus/lanplus_crypt_impl.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index d5fac37..3c0df23 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX* ctx;
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
*bytes_written = 0;
@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
{
/* Error */
*bytes_written = 0;
@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
{
uint32_t tmplen;
- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
*bytes_written = 0;
return; /* Error */
@@ -210,7 +210,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_cleanup(ctx);
}
}
}
@@ -239,10 +239,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX* ctx;
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
if (verbose >= 5)
@@ -266,7 +266,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
{
/* Error */
lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
@@ -277,7 +277,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
{
uint32_t tmplen;
- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
char buffer[1000];
ERR_error_string(ERR_get_error(), buffer);
@@ -290,7 +290,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_cleanup(ctx);
}
}
--
2.16.1

+ 36
- 0
admin/ipmitool/patches/0002-ID-461-Make-compiler-happier-about-changes-related-t.patch View File

@ -0,0 +1,36 @@
From 77fe5635037ebaf411cae46cf5045ca819b5c145 Mon Sep 17 00:00:00 2001
From: Zdenek Styblik <stybla@turnovfree.net>
Date: Sun, 15 Jan 2017 15:11:25 +0100
Subject: [PATCH 2/4] ID:461 - Make compiler happier about changes related to
OpenSSL 1.1
Complaint was that ctx isn't initialized.
---
src/plugins/lanplus/lanplus_crypt_impl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index 3c0df23..d12d0e3 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -164,7 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX* ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER_CTX_init(ctx);
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -239,7 +239,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX* ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER_CTX_init(ctx);
EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
EVP_CIPHER_CTX_set_padding(ctx, 0);
--
2.16.1

+ 53
- 0
admin/ipmitool/patches/0003-ID-480-ipmitool-coredumps-in-EVP_CIPHER_CTX_init.patch View File

@ -0,0 +1,53 @@
From f004b4b7197fc83e7d47ec8cbcaefffa9a922717 Mon Sep 17 00:00:00 2001
From: Zdenek Styblik <stybla@turnovfree.net>
Date: Sun, 12 Mar 2017 14:00:35 +0100
Subject: [PATCH 3/4] ID:480 - ipmitool coredumps in EVP_CIPHER_CTX_init
IPMI tool coredumps due to changes introduced in ID:461. This shouldn't be
surprise as a NULL pointer is passed to init. Commit addresses this issue by
calling EVP_CIPHER_CTX_new() instead of EVP_CIPHER_CTX_init(), which is
deprecated, and by checking return value of call to former function.
---
src/plugins/lanplus/lanplus_crypt_impl.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index d12d0e3..0e330c1 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -165,10 +165,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
uint32_t * bytes_written)
{
EVP_CIPHER_CTX *ctx = NULL;
- EVP_CIPHER_CTX_init(ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ *bytes_written = 0;
+ return;
+ }
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
EVP_CIPHER_CTX_set_padding(ctx, 0);
-
*bytes_written = 0;
@@ -240,11 +243,14 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
uint32_t * bytes_written)
{
EVP_CIPHER_CTX *ctx = NULL;
- EVP_CIPHER_CTX_init(ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ *bytes_written = 0;
+ return;
+ }
EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
EVP_CIPHER_CTX_set_padding(ctx, 0);
-
if (verbose >= 5)
{
printbuf(iv, 16, "decrypting with this IV");
--
2.16.1

+ 144
- 0
admin/ipmitool/patches/0004-ID-480-Call-EVP_CIPHER_CTX_free-instead-of-EVP_CIPHE.patch View File

@ -0,0 +1,144 @@
From 1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1 Mon Sep 17 00:00:00 2001
From: Holger Liebig <holger.liebig@ts.fujitsu.com>
Date: Tue, 4 Apr 2017 20:43:05 +0200
Subject: [PATCH 4/4] ID:480 - Call EVP_CIPHER_CTX_free() instead of
EVP_CIPHER_CTX_cleanup()
Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup() to fix memory
leak.
---
src/plugins/lanplus/lanplus_crypt_impl.c | 44 +++++++++++++++++---------------
1 file changed, 23 insertions(+), 21 deletions(-)
diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index 0e330c1..9652a5e 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -165,13 +165,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
uint32_t * bytes_written)
{
EVP_CIPHER_CTX *ctx = NULL;
- ctx = EVP_CIPHER_CTX_new();
- if (ctx == NULL) {
- *bytes_written = 0;
- return;
- }
- EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(ctx, 0);
*bytes_written = 0;
@@ -185,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
printbuf(input, input_length, "encrypting this data");
}
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
+ return;
+ }
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
/*
* The default implementation adds a whole block of padding if the input
@@ -198,7 +199,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
{
/* Error */
*bytes_written = 0;
- return;
}
else
{
@@ -206,16 +206,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
+ /* Error */
*bytes_written = 0;
- return; /* Error */
}
else
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(ctx);
}
}
+ /* performs cleanup and free */
+ EVP_CIPHER_CTX_free(ctx);
}
@@ -243,13 +244,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
uint32_t * bytes_written)
{
EVP_CIPHER_CTX *ctx = NULL;
- ctx = EVP_CIPHER_CTX_new();
- if (ctx == NULL) {
- *bytes_written = 0;
- return;
- }
- EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(ctx, 0);
if (verbose >= 5)
{
@@ -258,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
printbuf(input, input_length, "decrypting this data");
}
-
*bytes_written = 0;
if (input_length == 0)
return;
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
+ return;
+ }
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
/*
* The default implementation adds a whole block of padding if the input
* data is perfectly aligned. We would like to keep that from happening.
@@ -277,7 +279,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
/* Error */
lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
*bytes_written = 0;
- return;
}
else
{
@@ -285,20 +286,21 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
+ /* Error */
char buffer[1000];
ERR_error_string(ERR_get_error(), buffer);
lprintf(LOG_DEBUG, "the ERR error %s", buffer);
lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
*bytes_written = 0;
- return; /* Error */
}
else
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(ctx);
}
}
+ /* performs cleanup and free */
+ EVP_CIPHER_CTX_free(ctx);
if (verbose >= 5)
{
--
2.16.1

Loading…
Cancel
Save