agl-basesystem

author: ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> 2020-03-30 09:24:26 +0900
committer: ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> 2020-03-30 09:24:26 +0900
commit: 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch)
tree: b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/meta-openembedded/meta-oe/recipes-kernel/ipmitool
parent: 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff)
2 files changed, 190 insertions, 0 deletions
diff --git a/external/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch b/external/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch
new file mode 100644
index 00000000..394aa16a
--- /dev/null
+++ b/external/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch
@@ -0,0 +1,152 @@
+From c9dcb6afef9c343d070aaff208d11a997a45a105 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 5 Sep 2018 22:19:38 -0700
+Subject: [PATCH] Migrate to openssl 1.1
+
+Upstream-Status: Backport [https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/plugins/lanplus/lanplus_crypt_impl.c | 50 ++++++++++++++----------
+ 1 file changed, 29 insertions(+), 21 deletions(-)
+
+diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
+index d5fac37..9652a5e 100644
+--- a/src/plugins/lanplus/lanplus_crypt_impl.c
++++ b/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ 							uint8_t       * output,
+ 							uint32_t        * bytes_written)
+ {
+-	EVP_CIPHER_CTX ctx;
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-	
++	EVP_CIPHER_CTX *ctx = NULL;
+ 
+ 	*bytes_written = 0;
+ 
+@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ 		printbuf(input, input_length, "encrypting this data");
+ 	}
+ 
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++		return;
++	}
++	EVP_CIPHER_CTX_init(ctx);
++	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++	EVP_CIPHER_CTX_set_padding(ctx, 0);
+ 
+ 	/*
+ 	 * The default implementation adds a whole block of padding if the input
+@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-	if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++	if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ 	{
+ 		/* Error */
+ 		*bytes_written = 0;
+-		return;
+ 	}
+ 	else
+ 	{
+ 		uint32_t tmplen;
+ 
+-		if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ 		{
++			/* Error */
+ 			*bytes_written = 0;
+-			return; /* Error */
+ 		}
+ 		else
+ 		{
+ 			/* Success */
+ 			*bytes_written += tmplen;
+-			EVP_CIPHER_CTX_cleanup(&ctx);
+ 		}
+ 	}
++	/* performs cleanup and free */
++	EVP_CIPHER_CTX_free(ctx);
+ }
+ 
+ 
+@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ 							uint8_t       * output,
+ 							uint32_t        * bytes_written)
+ {
+-	EVP_CIPHER_CTX ctx;
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-
++	EVP_CIPHER_CTX *ctx = NULL;
+ 
+ 	if (verbose >= 5)
+ 	{
+@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ 		printbuf(input, input_length, "decrypting this data");
+ 	}
+ 
+-
+ 	*bytes_written = 0;
+ 
+ 	if (input_length == 0)
+ 		return;
+ 
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++		return;
++	}
++	EVP_CIPHER_CTX_init(ctx);
++	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++	EVP_CIPHER_CTX_set_padding(ctx, 0);
++
+ 	/*
+ 	 * The default implementation adds a whole block of padding if the input
+ 	 * data is perfectly aligned.  We would like to keep that from happening.
+@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-	if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++	if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ 	{
+ 		/* Error */
+ 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+ 		*bytes_written = 0;
+-		return;
+ 	}
+ 	else
+ 	{
+ 		uint32_t tmplen;
+ 
+-		if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ 		{
++			/* Error */
+ 			char buffer[1000];
+ 			ERR_error_string(ERR_get_error(), buffer);
+ 			lprintf(LOG_DEBUG, "the ERR error %s", buffer);
+ 			lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
+ 			*bytes_written = 0;
+-			return; /* Error */
+ 		}
+ 		else
+ 		{
+ 			/* Success */
+ 			*bytes_written += tmplen;
+-			EVP_CIPHER_CTX_cleanup(&ctx);
+ 		}
+ 	}
++	/* performs cleanup and free */
++	EVP_CIPHER_CTX_free(ctx);
+ 
+ 	if (verbose >= 5)
+ 	{
diff --git a/external/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb b/external/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
new file mode 100644
index 00000000..b7f1aa91
--- /dev/null
+++ b/external/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
@@ -0,0 +1,38 @@
+SUMMARY = "Utility for IPMI control"
+DESCRIPTION = "This package contains a utility for interfacing with devices that support \
+the Intelligent Platform Management Interface specification. IPMI is \
+an open standard for machine health, inventory, and remote power control. \
+\
+This utility can communicate with IPMI-enabled devices through either a \
+kernel driver such as OpenIPMI or over the RMCP LAN protocol defined in \
+the IPMI specification. IPMIv2 adds support for encrypted LAN \
+communications and remote Serial-over-LAN functionality. \
+\
+It provides commands for reading the Sensor Data Repository (SDR) and \
+displaying sensor values, displaying the contents of the System Event \
+Log (SEL), printing Field Replaceable Unit (FRU) information, reading and \
+setting LAN configuration, and chassis power control. \
+"
+
+HOMEPAGE = "http://ipmitool.sourceforge.net/"
+SECTION = "kernel/userland"
+
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=9aa91e13d644326bf281924212862184"
+
+DEPENDS = "openssl readline ncurses"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/ipmitool/ipmitool-${PV}.tar.bz2 \
+           file://0001-Migrate-to-openssl-1.1.patch \
+           "
+SRC_URI[md5sum] = "bab7ea104c7b85529c3ef65c54427aa3"
+SRC_URI[sha256sum] = "0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01"
+
+inherit autotools
+
+# --disable-dependency-tracking speeds up the build
+# --enable-file-security adds some security checks
+# --disable-intf-free disables FreeIPMI support - we don't want to depend on
+#   FreeIPMI libraries, FreeIPMI has its own ipmitoool-like utility.
+#
+EXTRA_OECONF = "--disable-dependency-tracking --enable-file-security --disable-intf-free"
author	ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp>	2020-03-30 09:24:26 +0900
committer	ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp>	2020-03-30 09:24:26 +0900
commit	5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch)
tree	b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/meta-openembedded/meta-oe/recipes-kernel/ipmitool
parent	706ad73eb02caf8532deaf5d38995bd258725cb8 (diff)