class Ipmitool < Formula desc "Utility for IPMI control with kernel driver or LAN interface" homepage "https://github.com/ipmitool/ipmitool" url "https://downloads.sourceforge.net/project/ipmitool/ipmitool/1.8.18/ipmitool-1.8.18.tar.bz2" mirror "https://deb.debian.org/debian/pool/main/i/ipmitool/ipmitool_1.8.18.orig.tar.bz2" sha256 "0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01" revision 3 bottle do cellar :any sha256 "3bf8d00d62c2e1dc781493d448062ad365ac8e7c73010ee37ba2040a48513c10" => :mojave sha256 "04462f0b4129d34cbf7e8e5c72591360e89dd6d6cef20008567015d57ab611c4" => :high_sierra sha256 "f08f0e5717ff8ccf031ca738eb4995b39db5d37b802800b6e0b6c154f6fed830" => :sierra end depends_on "openssl@1.1" # https://sourceforge.net/p/ipmitool/bugs/433/#89ea and # https://sourceforge.net/p/ipmitool/bugs/436/ (prematurely closed): # Fix segfault when prompting for password # Re-reported 12 July 2017 https://sourceforge.net/p/ipmitool/mailman/message/35942072/ patch do url "https://gist.githubusercontent.com/adaugherity/87f1466b3c93d5aed205a636169d1c58/raw/29880afac214c1821e34479dad50dca58a0951ef/ipmitool-getpass-segfault.patch" sha256 "fc1cff11aa4af974a3be191857baeaf5753d853024923b55c720eac56f424038" end # Patch for compatibility with OpenSSL 1.1.1 # https://reviews.freebsd.org/D17527 patch :p0, :DATA def install # Fix ipmi_cfgp.c:33:10: fatal error: 'malloc.h' file not found # Upstream issue from 8 Nov 2016 https://sourceforge.net/p/ipmitool/bugs/474/ inreplace "lib/ipmi_cfgp.c", "#include ", "" args = %W[ --disable-dependency-tracking --prefix=#{prefix} --mandir=#{man} --disable-intf-usb ] system "./configure", *args system "make", "check" system "make", "install" end test do # Test version print out system bin/"ipmitool", "-V" end end __END__ --- src/plugins/lanplus/lanplus_crypt_impl.c.orig 2016-05-28 08:20:20 UTC +++ src/plugins/lanplus/lanplus_crypt_impl.c @@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - + EVP_CIPHER_CTX *ctx = NULL; *bytes_written = 0; @@ -182,6 +178,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, printbuf(input, input_length, "encrypting this data"); } + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); + return; + } + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); /* * The default implementation adds a whole block of padding if the input @@ -191,28 +194,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) + if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ *bytes_written = 0; - return; } else { uint32_t tmplen; - if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) + if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) { + /* Error */ *bytes_written = 0; - return; /* Error */ } else { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); } } + /* performs cleanup and free */ + EVP_CIPHER_CTX_free(ctx); } @@ -239,12 +242,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); + EVP_CIPHER_CTX *ctx; - if (verbose >= 5) { printbuf(iv, 16, "decrypting with this IV"); @@ -252,12 +251,19 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, printbuf(input, input_length, "decrypting this data"); } - *bytes_written = 0; if (input_length == 0) return; + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + *bytes_written = 0; + return; + } + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); + /* * The default implementation adds a whole block of padding if the input * data is perfectly aligned. We would like to keep that from happening. @@ -266,31 +272,29 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) + if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); *bytes_written = 0; - return; } else { uint32_t tmplen; - if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) + if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) { + /* Error */ char buffer[1000]; ERR_error_string(ERR_get_error(), buffer); lprintf(LOG_DEBUG, "the ERR error %s", buffer); lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); *bytes_written = 0; - return; /* Error */ } else { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); } } @@ -299,4 +303,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes", input_length); printbuf(output, *bytes_written, "Decrypted this data"); } + /* performs cleanup and free */ + EVP_CIPHER_CTX_free(ctx); }