From owner-svn-ports-branches@freebsd.org  Sat Oct 20 05:46:01 2018
Return-Path: <owner-svn-ports-branches@freebsd.org>
Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5AE2FF8D51;
 Sat, 20 Oct 2018 05:46:01 +0000 (UTC)
 (envelope-from antoine@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 69A5C7F934;
 Sat, 20 Oct 2018 05:46:01 +0000 (UTC)
 (envelope-from antoine@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6489A19FEE;
 Sat, 20 Oct 2018 05:46:01 +0000 (UTC)
 (envelope-from antoine@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w9K5k1DB032399;
 Sat, 20 Oct 2018 05:46:01 GMT (envelope-from antoine@FreeBSD.org)
Received: (from antoine@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w9K5k0aO032397;
 Sat, 20 Oct 2018 05:46:00 GMT (envelope-from antoine@FreeBSD.org)
Message-Id: <201810200546.w9K5k0aO032397@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: antoine set sender to
 antoine@FreeBSD.org using -f
From: Antoine Brodin <antoine@FreeBSD.org>
Date: Sat, 20 Oct 2018 05:46:00 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r482469 - in branches/2018Q4/sysutils/ipmitool: . files
X-SVN-Group: ports-branches
X-SVN-Commit-Author: antoine
X-SVN-Commit-Paths: in branches/2018Q4/sysutils/ipmitool: . files
X-SVN-Commit-Revision: 482469
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-branches@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for all the branches of the ports tree
 <svn-ports-branches.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-branches/>
List-Post: <mailto:svn-ports-branches@freebsd.org>
List-Help: <mailto:svn-ports-branches-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Oct 2018 05:46:02 -0000

Author: antoine
Date: Sat Oct 20 05:46:00 2018
New Revision: 482469
URL: https://svnweb.freebsd.org/changeset/ports/482469

Log:
  MFH: r481915 r481917
  
  sysutils/ipmitool:  unbreak with openssl 1.1.1 import
  - Only apply openssl patch if we are on a version of FreeBSD with openssl 1.1.1
  - Don't bump portrevision as we don't change anything except on broken systems
  
  It should be noted that this is a functional way to fix this port and is the method
  used upstream.  There are most likely better ways to do this.
  
  Reviewed by:    0mp (Makefile changes)
  Sponsored by:   Limelight Networks
  
  Setting DOCS=off will set EXTRA_PATCHES, so we need to append to this
  variable, not clear it.
  
  Submitted by:	tobik

Added:
  branches/2018Q4/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c
     - copied unchanged from r481915, head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c
Modified:
  branches/2018Q4/sysutils/ipmitool/Makefile
Directory Properties:
  branches/2018Q4/   (props changed)

Modified: branches/2018Q4/sysutils/ipmitool/Makefile
==============================================================================
--- branches/2018Q4/sysutils/ipmitool/Makefile	Sat Oct 20 05:43:38 2018	(r482468)
+++ branches/2018Q4/sysutils/ipmitool/Makefile	Sat Oct 20 05:46:00 2018	(r482469)
@@ -49,6 +49,12 @@ FREEIPMI_CPPFLAGS=	-I${LOCALBASE}/include
 FREEIPMI_LDFLAGS=	-L${LOCALBASE}/lib
 FREEIPMI_CONFIGURE_ENABLE=	intf-free
 
+.include <bsd.port.options.mk>
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200085
+EXTRA_PATCHES+=	${PATCHDIR}/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c
+.endif
+
 post-install:
 	@${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIR}
 	${INSTALL_SCRIPT} ${WRKDIR}/status-ipmi.sh ${STAGEDIR}${PREFIX}/${PERIODIC_DIR}/400.status-ipmi

Copied: branches/2018Q4/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c (from r481915, head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q4/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c	Sat Oct 20 05:46:00 2018	(r482469, copy of r481915, head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c)
@@ -0,0 +1,140 @@
+--- src/plugins/lanplus/lanplus_crypt_impl.c.orig	2016-05-28 08:20:20 UTC
++++ src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ 							uint8_t       * output,
+ 							uint32_t        * bytes_written)
+ {
+-	EVP_CIPHER_CTX ctx;
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-	
++	EVP_CIPHER_CTX *ctx = NULL;
+ 
+ 	*bytes_written = 0;
+ 
+@@ -182,6 +178,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ 		printbuf(input, input_length, "encrypting this data");
+ 	}
+ 
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++		return;
++	}
++	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++	EVP_CIPHER_CTX_set_padding(ctx, 0);
+ 
+ 	/*
+ 	 * The default implementation adds a whole block of padding if the input
+@@ -191,28 +194,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-	if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++	if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ 	{
+ 		/* Error */
+ 		*bytes_written = 0;
+-		return;
+ 	}
+ 	else
+ 	{
+ 		uint32_t tmplen;
+ 
+-		if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ 		{
++			/* Error */
+ 			*bytes_written = 0;
+-			return; /* Error */
+ 		}
+ 		else
+ 		{
+ 			/* Success */
+ 			*bytes_written += tmplen;
+-			EVP_CIPHER_CTX_cleanup(&ctx);
+ 		}
+ 	}
++	/* performs cleanup and free */
++	EVP_CIPHER_CTX_free(ctx);
+ }
+ 
+ 
+@@ -239,12 +242,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ 							uint8_t       * output,
+ 							uint32_t        * bytes_written)
+ {
+-	EVP_CIPHER_CTX ctx;
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
++	EVP_CIPHER_CTX *ctx;
+ 
+-
+ 	if (verbose >= 5)
+ 	{
+ 		printbuf(iv,  16, "decrypting with this IV");
+@@ -252,12 +251,19 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ 		printbuf(input, input_length, "decrypting this data");
+ 	}
+ 
+-
+ 	*bytes_written = 0;
+ 
+ 	if (input_length == 0)
+ 		return;
+ 
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		*bytes_written = 0;
++		return;
++	}
++	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++	EVP_CIPHER_CTX_set_padding(ctx, 0);
++
+ 	/*
+ 	 * The default implementation adds a whole block of padding if the input
+ 	 * data is perfectly aligned.  We would like to keep that from happening.
+@@ -266,31 +272,29 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-	if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++	if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ 	{
+ 		/* Error */
+ 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+ 		*bytes_written = 0;
+-		return;
+ 	}
+ 	else
+ 	{
+ 		uint32_t tmplen;
+ 
+-		if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ 		{
++			/* Error */
+ 			char buffer[1000];
+ 			ERR_error_string(ERR_get_error(), buffer);
+ 			lprintf(LOG_DEBUG, "the ERR error %s", buffer);
+ 			lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
+ 			*bytes_written = 0;
+-			return; /* Error */
+ 		}
+ 		else
+ 		{
+ 			/* Success */
+ 			*bytes_written += tmplen;
+-			EVP_CIPHER_CTX_cleanup(&ctx);
+ 		}
+ 	}
+ 
+@@ -299,4 +303,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ 		lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes", input_length);
+ 		printbuf(output, *bytes_written, "Decrypted this data");
+ 	}
++	/* performs cleanup and free */
++	EVP_CIPHER_CTX_free(ctx);
+ }