2 files changed, 155 insertions, 1 deletions
diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch b/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch
new file mode 100644
index 0000000000..394aa16adc
--- /dev/null
+++ b/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch
@@ -0,0 +1,152 @@
+From c9dcb6afef9c343d070aaff208d11a997a45a105 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 5 Sep 2018 22:19:38 -0700
+Subject: [PATCH] Migrate to openssl 1.1
+Upstream-Status: Backport [https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/plugins/lanplus/lanplus_crypt_impl.c | 50 ++++++++++++++----------
+ 1 file changed, 29 insertions(+), 21 deletions(-)
+diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
+index d5fac37..9652a5e 100644
+--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+                                                        uint8_t       * output,
+                                                        uint32_t        * bytes_written)
+ {
+-       EVP_CIPHER_CTX ctx;
+-       EVP_CIPHER_CTX_init(&ctx);
+-       EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-       EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-       
+       EVP_CIPHER_CTX *ctx = NULL;
+ 
+        *bytes_written = 0;
+ 
+@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+                printbuf(input, input_length, "encrypting this data");
+        }
+ 
+       ctx = EVP_CIPHER_CTX_new();
+       if (ctx == NULL) {
+               lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
+               return;
+       }
+       EVP_CIPHER_CTX_init(ctx);
+       EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+       EVP_CIPHER_CTX_set_padding(ctx, 0);
+ 
+        /*
+         * The default implementation adds a whole block of padding if the input
+@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+        assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-       if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+       if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+        {
+                /* Error */
+                *bytes_written = 0;
+-               return;
+        }
+        else
+        {
+                uint32_t tmplen;
+ 
+-               if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+               if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+                {
+                       /* Error */
+                        *bytes_written = 0;
+-                       return; /* Error */
+                }
+                else
+                {
+                        /* Success */
+                        *bytes_written += tmplen;
+-                       EVP_CIPHER_CTX_cleanup(&ctx);
+                }
+        }
+       /* performs cleanup and free */
+       EVP_CIPHER_CTX_free(ctx);
+ }
+ 
+ 
+@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+                                                        uint8_t       * output,
+                                                        uint32_t        * bytes_written)
+ {
+-       EVP_CIPHER_CTX ctx;
+-       EVP_CIPHER_CTX_init(&ctx);
+-       EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-       EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-
+       EVP_CIPHER_CTX *ctx = NULL;
+ 
+        if (verbose >= 5)
+        {
+@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+                printbuf(input, input_length, "decrypting this data");
+        }
+ 
+-
+        *bytes_written = 0;
+ 
+        if (input_length == 0)
+                return;
+ 
+       ctx = EVP_CIPHER_CTX_new();
+       if (ctx == NULL) {
+               lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
+               return;
+       }
+       EVP_CIPHER_CTX_init(ctx);
+       EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+       EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+        /*
+         * The default implementation adds a whole block of padding if the input
+         * data is perfectly aligned.  We would like to keep that from happening.
+@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+        assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-       if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+       if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+        {
+                /* Error */
+                lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+                *bytes_written = 0;
+-               return;
+        }
+        else
+        {
+                uint32_t tmplen;
+ 
+-               if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+               if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+                {
+                       /* Error */
+                        char buffer[1000];
+                        ERR_error_string(ERR_get_error(), buffer);
+                        lprintf(LOG_DEBUG, "the ERR error %s", buffer);
+                        lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
+                        *bytes_written = 0;
+-                       return; /* Error */
+                }
+                else
+                {
+                        /* Success */
+                        *bytes_written += tmplen;
+-                       EVP_CIPHER_CTX_cleanup(&ctx);
+                }
+        }
+       /* performs cleanup and free */
+       EVP_CIPHER_CTX_free(ctx);
+ 
+        if (verbose >= 5)
+        {
diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb b/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
index 9f73d2799b..b7f1aa9145 100644
--- a/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
+++ b/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
@@ -22,7 +22,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=9aa91e13d644326bf281924212862184"
 DEPENDS = "openssl readline ncurses"
-SRC_URI = "${SOURCEFORGE_MIRROR}/ipmitool/ipmitool-${PV}.tar.bz2"
+SRC_URI = "${SOURCEFORGE_MIRROR}/ipmitool/ipmitool-${PV}.tar.bz2 \
+           file://0001-Migrate-to-openssl-1.1.patch \
+           "
 SRC_URI[md5sum] = "bab7ea104c7b85529c3ef65c54427aa3"
 SRC_URI[sha256sum] = "0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01"

diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch b/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch new file mode 100644 index 0000000000..394aa16adc --- /dev/null +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch
@@ -0,0 +1,152 @@
		1	From c9dcb6afef9c343d070aaff208d11a997a45a105 Mon Sep 17 00:00:00 2001
		2	From: Khem Raj <raj.khem@gmail.com>
		3	Date: Wed, 5 Sep 2018 22:19:38 -0700
		4	Subject: [PATCH] Migrate to openssl 1.1
		5
		6	Upstream-Status: Backport [https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/]
		7
		8	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		9	---
		10	src/plugins/lanplus/lanplus_crypt_impl.c \| 50 ++++++++++++++----------
		11	1 file changed, 29 insertions(+), 21 deletions(-)
		12
		13	diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
		14	index d5fac37..9652a5e 100644
		15	--- a/src/plugins/lanplus/lanplus_crypt_impl.c
		16	+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
		17	@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
		18	uint8_t * output,
		19	uint32_t * bytes_written)
		20	{
		21	- EVP_CIPHER_CTX ctx;
		22	- EVP_CIPHER_CTX_init(&ctx);
		23	- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
		24	- EVP_CIPHER_CTX_set_padding(&ctx, 0);
		25	-
		26	+ EVP_CIPHER_CTX *ctx = NULL;
		27
		28	*bytes_written = 0;
		29
		30	@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
		31	printbuf(input, input_length, "encrypting this data");
		32	}
		33
		34	+ ctx = EVP_CIPHER_CTX_new();
		35	+ if (ctx == NULL) {
		36	+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
		37	+ return;
		38	+ }
		39	+ EVP_CIPHER_CTX_init(ctx);
		40	+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
		41	+ EVP_CIPHER_CTX_set_padding(ctx, 0);
		42
		43	/*
		44	* The default implementation adds a whole block of padding if the input
		45	@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
		46	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
		47
		48
		49	- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
		50	+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
		51	{
		52	/* Error */
		53	*bytes_written = 0;
		54	- return;
		55	}
		56	else
		57	{
		58	uint32_t tmplen;
		59
		60	- if(!EVP_EncryptFinal_ex(&ctx, output + bytes_written, (int )&tmplen))
		61	+ if(!EVP_EncryptFinal_ex(ctx, output + bytes_written, (int )&tmplen))
		62	{
		63	+ /* Error */
		64	*bytes_written = 0;
		65	- return; /* Error */
		66	}
		67	else
		68	{
		69	/* Success */
		70	*bytes_written += tmplen;
		71	- EVP_CIPHER_CTX_cleanup(&ctx);
		72	}
		73	}
		74	+ /* performs cleanup and free */
		75	+ EVP_CIPHER_CTX_free(ctx);
		76	}
		77
		78
		79	@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
		80	uint8_t * output,
		81	uint32_t * bytes_written)
		82	{
		83	- EVP_CIPHER_CTX ctx;
		84	- EVP_CIPHER_CTX_init(&ctx);
		85	- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
		86	- EVP_CIPHER_CTX_set_padding(&ctx, 0);
		87	-
		88	+ EVP_CIPHER_CTX *ctx = NULL;
		89
		90	if (verbose >= 5)
		91	{
		92	@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
		93	printbuf(input, input_length, "decrypting this data");
		94	}
		95
		96	-
		97	*bytes_written = 0;
		98
		99	if (input_length == 0)
		100	return;
		101
		102	+ ctx = EVP_CIPHER_CTX_new();
		103	+ if (ctx == NULL) {
		104	+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
		105	+ return;
		106	+ }
		107	+ EVP_CIPHER_CTX_init(ctx);
		108	+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
		109	+ EVP_CIPHER_CTX_set_padding(ctx, 0);
		110	+
		111	/*
		112	* The default implementation adds a whole block of padding if the input
		113	* data is perfectly aligned. We would like to keep that from happening.
		114	@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
		115	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
		116
		117
		118	- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
		119	+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
		120	{
		121	/* Error */
		122	lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
		123	*bytes_written = 0;
		124	- return;
		125	}
		126	else
		127	{
		128	uint32_t tmplen;
		129
		130	- if (!EVP_DecryptFinal_ex(&ctx, output + bytes_written, (int )&tmplen))
		131	+ if (!EVP_DecryptFinal_ex(ctx, output + bytes_written, (int )&tmplen))
		132	{
		133	+ /* Error */
		134	char buffer[1000];
		135	ERR_error_string(ERR_get_error(), buffer);
		136	lprintf(LOG_DEBUG, "the ERR error %s", buffer);
		137	lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
		138	*bytes_written = 0;
		139	- return; /* Error */
		140	}
		141	else
		142	{
		143	/* Success */
		144	*bytes_written += tmplen;
		145	- EVP_CIPHER_CTX_cleanup(&ctx);
		146	}
		147	}
		148	+ /* performs cleanup and free */
		149	+ EVP_CIPHER_CTX_free(ctx);
		150
		151	if (verbose >= 5)
		152	{


diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb b/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb index 9f73d2799b..b7f1aa9145 100644 --- a/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
@@ -22,7 +22,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=9aa91e13d644326bf281924212862184"
22		22
23	DEPENDS = "openssl readline ncurses"	23	DEPENDS = "openssl readline ncurses"
24		24
25	SRC_URI = "${SOURCEFORGE_MIRROR}/ipmitool/ipmitool-${PV}.tar.bz2"	25	SRC_URI = "${SOURCEFORGE_MIRROR}/ipmitool/ipmitool-${PV}.tar.bz2 \
		26	file://0001-Migrate-to-openssl-1.1.patch \
		27	"
26	SRC_URI[md5sum] = "bab7ea104c7b85529c3ef65c54427aa3"	28	SRC_URI[md5sum] = "bab7ea104c7b85529c3ef65c54427aa3"
27	SRC_URI[sha256sum] = "0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01"	29	SRC_URI[sha256sum] = "0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01"
28		30