From owner-svn-ports-all@freebsd.org Sat Oct 20 05:46:01 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5AE2FF8D51; Sat, 20 Oct 2018 05:46:01 +0000 (UTC) (envelope-from antoine@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 69A5C7F934; Sat, 20 Oct 2018 05:46:01 +0000 (UTC) (envelope-from antoine@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6489A19FEE; Sat, 20 Oct 2018 05:46:01 +0000 (UTC) (envelope-from antoine@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w9K5k1DB032399; Sat, 20 Oct 2018 05:46:01 GMT (envelope-from antoine@FreeBSD.org) Received: (from antoine@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w9K5k0aO032397; Sat, 20 Oct 2018 05:46:00 GMT (envelope-from antoine@FreeBSD.org) Message-Id: <201810200546.w9K5k0aO032397@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: antoine set sender to antoine@FreeBSD.org using -f From: Antoine Brodin Date: Sat, 20 Oct 2018 05:46:00 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r482469 - in branches/2018Q4/sysutils/ipmitool: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: antoine X-SVN-Commit-Paths: in branches/2018Q4/sysutils/ipmitool: . files X-SVN-Commit-Revision: 482469 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Oct 2018 05:46:02 -0000 Author: antoine Date: Sat Oct 20 05:46:00 2018 New Revision: 482469 URL: https://svnweb.freebsd.org/changeset/ports/482469 Log: MFH: r481915 r481917 sysutils/ipmitool: unbreak with openssl 1.1.1 import - Only apply openssl patch if we are on a version of FreeBSD with openssl 1.1.1 - Don't bump portrevision as we don't change anything except on broken systems It should be noted that this is a functional way to fix this port and is the method used upstream. There are most likely better ways to do this. Reviewed by: 0mp (Makefile changes) Sponsored by: Limelight Networks Setting DOCS=off will set EXTRA_PATCHES, so we need to append to this variable, not clear it. Submitted by: tobik Added: branches/2018Q4/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c - copied unchanged from r481915, head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c Modified: branches/2018Q4/sysutils/ipmitool/Makefile Directory Properties: branches/2018Q4/ (props changed) Modified: branches/2018Q4/sysutils/ipmitool/Makefile ============================================================================== --- branches/2018Q4/sysutils/ipmitool/Makefile Sat Oct 20 05:43:38 2018 (r482468) +++ branches/2018Q4/sysutils/ipmitool/Makefile Sat Oct 20 05:46:00 2018 (r482469) @@ -49,6 +49,12 @@ FREEIPMI_CPPFLAGS= -I${LOCALBASE}/include FREEIPMI_LDFLAGS= -L${LOCALBASE}/lib FREEIPMI_CONFIGURE_ENABLE= intf-free +.include + +.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200085 +EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c +.endif + post-install: @${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIR} ${INSTALL_SCRIPT} ${WRKDIR}/status-ipmi.sh ${STAGEDIR}${PREFIX}/${PERIODIC_DIR}/400.status-ipmi Copied: branches/2018Q4/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c (from r481915, head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q4/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c Sat Oct 20 05:46:00 2018 (r482469, copy of r481915, head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c) @@ -0,0 +1,140 @@ +--- src/plugins/lanplus/lanplus_crypt_impl.c.orig 2016-05-28 08:20:20 UTC ++++ src/plugins/lanplus/lanplus_crypt_impl.c +@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); +- ++ EVP_CIPHER_CTX *ctx = NULL; + + *bytes_written = 0; + +@@ -182,6 +178,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, + printbuf(input, input_length, "encrypting this data"); + } + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); ++ return; ++ } ++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); + + /* + * The default implementation adds a whole block of padding if the input +@@ -191,28 +194,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + } + + +@@ -239,12 +242,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); ++ EVP_CIPHER_CTX *ctx; + +- + if (verbose >= 5) + { + printbuf(iv, 16, "decrypting with this IV"); +@@ -252,12 +251,19 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, + printbuf(input, input_length, "decrypting this data"); + } + +- + *bytes_written = 0; + + if (input_length == 0) + return; + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ *bytes_written = 0; ++ return; ++ } ++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); ++ + /* + * The default implementation adds a whole block of padding if the input + * data is perfectly aligned. We would like to keep that from happening. +@@ -266,31 +272,29 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + char buffer[1000]; + ERR_error_string(ERR_get_error(), buffer); + lprintf(LOG_DEBUG, "the ERR error %s", buffer); + lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } + +@@ -299,4 +303,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, + lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes", input_length); + printbuf(output, *bytes_written, "Decrypted this data"); + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + }