Bug#828469: openipmi: diff for NMU version 2.0.22-1.1

Wed, 14 Dec 2016 13:24:24 -0800 

Control: tags 828469 + patch
Control: tags 828469 + pending

Dear maintainer,

I've prepared an NMU for openipmi (versioned as 2.0.22-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.
Sebastian

diff -Nru openipmi-2.0.22/debian/changelog openipmi-2.0.22/debian/changelog
--- openipmi-2.0.22/debian/changelog	2016-07-03 20:09:46.000000000 +0200
+++ openipmi-2.0.22/debian/changelog	2016-12-14 22:19:50.000000000 +0100
@@ -1,3 +1,10 @@
+openipmi (2.0.22-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add OpenSSL 1.1.0 support (Closes: #828469).
+
+ -- Sebastian Andrzej Siewior <[email protected]>  Wed, 14 Dec 2016 22:19:50 +0100
+
 openipmi (2.0.22-1) unstable; urgency=medium
 
   * new upstream release from 2016-06-01
diff -Nru openipmi-2.0.22/debian/patches/0001-Add-openssl-1.1.0-support.patch openipmi-2.0.22/debian/patches/0001-Add-openssl-1.1.0-support.patch
--- openipmi-2.0.22/debian/patches/0001-Add-openssl-1.1.0-support.patch	1970-01-01 01:00:00.000000000 +0100
+++ openipmi-2.0.22/debian/patches/0001-Add-openssl-1.1.0-support.patch	2016-12-14 22:12:49.000000000 +0100
@@ -0,0 +1,184 @@
+From eeacbf0c675b61881fc00539cb365de084950ceb Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <[email protected]>
+Date: Sun, 25 Sep 2016 23:45:12 +0200
+Subject: [PATCH] Add openssl 1.1.0 support
+
+while keeping work under openssl 1.0.2.
+
+Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
+Signed-off-by: Corey Minyard <[email protected]>
+---
+ lanserv/lanserv_ipmi.c | 34 +++++++++++++++++++++-------------
+ lib/aes_cbc.c          | 34 +++++++++++++++++++++-------------
+ 2 files changed, 42 insertions(+), 26 deletions(-)
+
+diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
+index b0a2431f1322..67bf74a5e697 100644
+--- a/lanserv/lanserv_ipmi.c
++++ b/lanserv/lanserv_ipmi.c
+@@ -2217,7 +2217,7 @@ aes_cbc_encrypt(lanserv_data_t *lan, session_t *session,
+     unsigned char  *d;
+     unsigned char  *iv;
+     unsigned int   i;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int            rv;
+     int            outlen;
+     int            tmplen;
+@@ -2264,14 +2264,18 @@ aes_cbc_encrypt(lanserv_data_t *lan, session_t *session,
+     *data_size += 16;
+ 
+     /* Ok, we're set to do the crypt operation. */
+-    EVP_CIPHER_CTX_init(&ctx);
+-    EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, a->ckey, iv);
+-    EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-    if (!EVP_EncryptUpdate(&ctx, *pos, &outlen, d, l)) {
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++	    rv = ENOMEM;
++	    goto out_cleanup;
++    }
++    EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, a->ckey, iv);
++    EVP_CIPHER_CTX_set_padding(ctx, 0);
++    if (!EVP_EncryptUpdate(ctx, *pos, &outlen, d, l)) {
+ 	rv = ENOMEM;
+ 	goto out_cleanup;
+     }
+-    if (!EVP_EncryptFinal_ex(&ctx, (*pos) + outlen, &tmplen)) {
++    if (!EVP_EncryptFinal_ex(ctx, (*pos) + outlen, &tmplen)) {
+ 	rv = ENOMEM; /* right? */
+ 	goto out_cleanup;
+     }
+@@ -2281,7 +2285,7 @@ aes_cbc_encrypt(lanserv_data_t *lan, session_t *session,
+     *data_len = outlen + 16;
+ 
+  out_cleanup:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    EVP_CIPHER_CTX_free(ctx);
+     free(d);
+     return rv;
+ }
+@@ -2292,7 +2296,7 @@ aes_cbc_decrypt(lanserv_data_t *lan, session_t *session, msg_t *msg)
+     auth_data_t    *a = &session->auth_data;
+     unsigned int   l = msg->len;
+     unsigned char  *d;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int            outlen;
+     unsigned char  *pad;
+     int            padlen;
+@@ -2312,10 +2316,14 @@ aes_cbc_decrypt(lanserv_data_t *lan, session_t *session, msg_t *msg)
+     memcpy(d, msg->data+16, l);
+ 
+     /* Ok, we're set to do the decrypt operation. */
+-    EVP_CIPHER_CTX_init(&ctx);
+-    EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, a->k2, msg->data);
+-    EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-    if (!EVP_DecryptUpdate(&ctx, msg->data+16, &outlen, d, l)) {
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++	    rv = ENOMEM;
++	    goto out_cleanup;
++    }
++    EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, a->k2, msg->data);
++    EVP_CIPHER_CTX_set_padding(ctx, 0);
++    if (!EVP_DecryptUpdate(ctx, msg->data+16, &outlen, d, l)) {
+ 	rv = EINVAL;
+ 	goto out_cleanup;
+     }
+@@ -2348,7 +2356,7 @@ aes_cbc_decrypt(lanserv_data_t *lan, session_t *session, msg_t *msg)
+     msg->len = outlen;
+ 
+  out_cleanup:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    EVP_CIPHER_CTX_free(ctx);
+     free(d);
+     return rv;
+ }
+diff --git a/lib/aes_cbc.c b/lib/aes_cbc.c
+index 483cdfbc521b..f20d69b8b1b3 100644
+--- a/lib/aes_cbc.c
++++ b/lib/aes_cbc.c
+@@ -86,7 +86,7 @@ aes_cbc_encrypt(ipmi_con_t    *ipmi,
+     unsigned int   l = *payload_len;
+     unsigned int   i;
+     unsigned char  *d;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int            rv;
+     int            outlen;
+     int            tmplen;
+@@ -133,15 +133,19 @@ aes_cbc_encrypt(ipmi_con_t    *ipmi,
+     *header_len -= 16;
+     *max_payload_len += 16;
+ 
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++	    rv = ENOMEM;
++	    goto out_cleanup;
++    }
+     /* Ok, we're set to do the crypt operation. */
+-    EVP_CIPHER_CTX_init(&ctx);
+-    EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, info->k2, iv);
+-    EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-    if (!EVP_EncryptUpdate(&ctx, *payload, &outlen, d, l)) {
++    EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, info->k2, iv);
++    EVP_CIPHER_CTX_set_padding(ctx, 0);
++    if (!EVP_EncryptUpdate(ctx, *payload, &outlen, d, l)) {
+ 	rv = ENOMEM; /* right? */
+ 	goto out_cleanup;
+     }
+-    if (!EVP_EncryptFinal_ex(&ctx, (*payload) + outlen, &tmplen)) {
++    if (!EVP_EncryptFinal_ex(ctx, (*payload) + outlen, &tmplen)) {
+ 	rv = ENOMEM; /* right? */
+ 	goto out_cleanup;
+     }
+@@ -154,7 +158,7 @@ aes_cbc_encrypt(ipmi_con_t    *ipmi,
+     *payload_len = outlen + 16;
+ 
+  out_cleanup:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    EVP_CIPHER_CTX_free(ctx);
+     ipmi_mem_free(d);
+ 
+     return rv;
+@@ -170,7 +174,7 @@ aes_cbc_decrypt(ipmi_con_t    *ipmi,
+     unsigned int   l = *payload_len;
+     unsigned char  *d;
+     unsigned char  *p;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int            outlen;
+     int            rv = 0;
+     unsigned char  *pad;
+@@ -195,10 +199,14 @@ aes_cbc_decrypt(ipmi_con_t    *ipmi,
+     memcpy(d, p, l);
+ 
+     /* Ok, we're set to do the decrypt operation. */
+-    EVP_CIPHER_CTX_init(&ctx);
+-    EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, info->k2, *payload);
+-    EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-    if (!EVP_DecryptUpdate(&ctx, p, &outlen, d, l)) {
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++	    rv = ENOMEM;
++	    goto out_cleanup;
++    }
++    EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, info->k2, *payload);
++    EVP_CIPHER_CTX_set_padding(ctx, 0);
++    if (!EVP_DecryptUpdate(ctx, p, &outlen, d, l)) {
+ 	rv = EINVAL;
+ 	goto out_cleanup;
+     }
+@@ -231,7 +239,7 @@ aes_cbc_decrypt(ipmi_con_t    *ipmi,
+     *payload_len = outlen;
+ 
+  out_cleanup:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    EVP_CIPHER_CTX_free(ctx);
+     ipmi_mem_free(d);
+     return rv;
+ }
+-- 
+2.11.0
+
diff -Nru openipmi-2.0.22/debian/patches/series openipmi-2.0.22/debian/patches/series
--- openipmi-2.0.22/debian/patches/series	2016-07-03 19:08:45.000000000 +0200
+++ openipmi-2.0.22/debian/patches/series	2016-12-14 22:13:51.000000000 +0100
@@ -0,0 +1 @@
+0001-Add-openssl-1.1.0-support.patch

Reply via email to