From owner-svn-ports-all@freebsd.org Fri Oct 12 17:51:38 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B33010C5451; Fri, 12 Oct 2018 17:51:38 +0000 (UTC) (envelope-from sbruno@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E554F8E165; Fri, 12 Oct 2018 17:51:37 +0000 (UTC) (envelope-from sbruno@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E04E722AF5; Fri, 12 Oct 2018 17:51:37 +0000 (UTC) (envelope-from sbruno@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w9CHpbTu070989; Fri, 12 Oct 2018 17:51:37 GMT (envelope-from sbruno@FreeBSD.org) Received: (from sbruno@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w9CHpbfM070987; Fri, 12 Oct 2018 17:51:37 GMT (envelope-from sbruno@FreeBSD.org) Message-Id: <201810121751.w9CHpbfM070987@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: sbruno set sender to sbruno@FreeBSD.org using -f From: Sean Bruno Date: Fri, 12 Oct 2018 17:51:37 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r481915 - in head/sysutils/ipmitool: . files X-SVN-Group: ports-head X-SVN-Commit-Author: sbruno X-SVN-Commit-Paths: in head/sysutils/ipmitool: . files X-SVN-Commit-Revision: 481915 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2018 17:51:38 -0000 Author: sbruno Date: Fri Oct 12 17:51:37 2018 New Revision: 481915 URL: https://svnweb.freebsd.org/changeset/ports/481915 Log: sysutils/ipmitool: unbreak with openssl 1.1.1 import - Only apply openssl patch if we are on a version of FreeBSD with openssl 1.1.1 - Don't bump portrevision as we don't change anything except on broken systems It should be noted that this is a functional way to fix this port and is the method used upstream. There are most likely better ways to do this. Reviewed by: 0mp (Makefile changes) Obtained from Sponsored by: Limelight Networks Added: head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c (contents, props changed) Modified: head/sysutils/ipmitool/Makefile Modified: head/sysutils/ipmitool/Makefile ============================================================================== --- head/sysutils/ipmitool/Makefile Fri Oct 12 17:03:07 2018 (r481914) +++ head/sysutils/ipmitool/Makefile Fri Oct 12 17:51:37 2018 (r481915) @@ -49,6 +49,12 @@ FREEIPMI_CPPFLAGS= -I${LOCALBASE}/include FREEIPMI_LDFLAGS= -L${LOCALBASE}/lib FREEIPMI_CONFIGURE_ENABLE= intf-free +.include + +.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200085 +EXTRA_PATCHES= ${PATCHDIR}/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c +.endif + post-install: @${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIR} ${INSTALL_SCRIPT} ${WRKDIR}/status-ipmi.sh ${STAGEDIR}${PREFIX}/${PERIODIC_DIR}/400.status-ipmi Added: head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/ipmitool/files/extra-patch-src_plugins_lanplus_lanplus__crypt__impl.c Fri Oct 12 17:51:37 2018 (r481915) @@ -0,0 +1,140 @@ +--- src/plugins/lanplus/lanplus_crypt_impl.c.orig 2016-05-28 08:20:20 UTC ++++ src/plugins/lanplus/lanplus_crypt_impl.c +@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); +- ++ EVP_CIPHER_CTX *ctx = NULL; + + *bytes_written = 0; + +@@ -182,6 +178,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, + printbuf(input, input_length, "encrypting this data"); + } + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); ++ return; ++ } ++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); + + /* + * The default implementation adds a whole block of padding if the input +@@ -191,28 +194,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + } + + +@@ -239,12 +242,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); ++ EVP_CIPHER_CTX *ctx; + +- + if (verbose >= 5) + { + printbuf(iv, 16, "decrypting with this IV"); +@@ -252,12 +251,19 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, + printbuf(input, input_length, "decrypting this data"); + } + +- + *bytes_written = 0; + + if (input_length == 0) + return; + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ *bytes_written = 0; ++ return; ++ } ++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); ++ + /* + * The default implementation adds a whole block of padding if the input + * data is perfectly aligned. We would like to keep that from happening. +@@ -266,31 +272,29 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + char buffer[1000]; + ERR_error_string(ERR_get_error(), buffer); + lprintf(LOG_DEBUG, "the ERR error %s", buffer); + lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } + +@@ -299,4 +303,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, + lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes", input_length); + printbuf(output, *bytes_written, "Decrypted this data"); + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + }