From 8bd2e5a847686e3b681b9a71492844c998800894 Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Mon, 17 Oct 2016 12:22:04 +0200
Subject: [PATCH] Resolves: #1383995 - add support for openssl-1.1.0b from
 upstream

---
 OpenIPMI-2.0.22-openssl-support.patch | 169 ++++++++++++++++++++++++++
 OpenIPMI.spec                         |   8 +-
 2 files changed, 176 insertions(+), 1 deletion(-)
 create mode 100644 OpenIPMI-2.0.22-openssl-support.patch

diff --git a/OpenIPMI-2.0.22-openssl-support.patch b/OpenIPMI-2.0.22-openssl-support.patch
new file mode 100644
index 0000000..5dc2427
--- /dev/null
+++ b/OpenIPMI-2.0.22-openssl-support.patch
@@ -0,0 +1,169 @@
+diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
+index b0a2431f1322..67bf74a5e697 100644
+--- a/lanserv/lanserv_ipmi.c
++++ b/lanserv/lanserv_ipmi.c
+@@ -2217,7 +2217,7 @@ aes_cbc_encrypt(lanserv_data_t *lan, session_t *session,
+     unsigned char  *d;
+     unsigned char  *iv;
+     unsigned int   i;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int            rv;
+     int            outlen;
+     int            tmplen;
+@@ -2264,14 +2264,18 @@ aes_cbc_encrypt(lanserv_data_t *lan, session_t *session,
+     *data_size += 16;
+ 
+     /* Ok, we're set to do the crypt operation. */
+-    EVP_CIPHER_CTX_init(&ctx);
+-    EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, a->ckey, iv);
+-    EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-    if (!EVP_EncryptUpdate(&ctx, *pos, &outlen, d, l)) {
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++	    rv = ENOMEM;
++	    goto out_cleanup;
++    }
++    EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, a->ckey, iv);
++    EVP_CIPHER_CTX_set_padding(ctx, 0);
++    if (!EVP_EncryptUpdate(ctx, *pos, &outlen, d, l)) {
+ 	rv = ENOMEM;
+ 	goto out_cleanup;
+     }
+-    if (!EVP_EncryptFinal_ex(&ctx, (*pos) + outlen, &tmplen)) {
++    if (!EVP_EncryptFinal_ex(ctx, (*pos) + outlen, &tmplen)) {
+ 	rv = ENOMEM; /* right? */
+ 	goto out_cleanup;
+     }
+@@ -2281,7 +2285,7 @@ aes_cbc_encrypt(lanserv_data_t *lan, session_t *session,
+     *data_len = outlen + 16;
+ 
+  out_cleanup:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    EVP_CIPHER_CTX_free(ctx);
+     free(d);
+     return rv;
+ }
+@@ -2292,7 +2296,7 @@ aes_cbc_decrypt(lanserv_data_t *lan, session_t *session, msg_t *msg)
+     auth_data_t    *a = &session->auth_data;
+     unsigned int   l = msg->len;
+     unsigned char  *d;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int            outlen;
+     unsigned char  *pad;
+     int            padlen;
+@@ -2312,10 +2316,14 @@ aes_cbc_decrypt(lanserv_data_t *lan, session_t *session, msg_t *msg)
+     memcpy(d, msg->data+16, l);
+ 
+     /* Ok, we're set to do the decrypt operation. */
+-    EVP_CIPHER_CTX_init(&ctx);
+-    EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, a->k2, msg->data);
+-    EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-    if (!EVP_DecryptUpdate(&ctx, msg->data+16, &outlen, d, l)) {
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++	    rv = ENOMEM;
++	    goto out_cleanup;
++    }
++    EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, a->k2, msg->data);
++    EVP_CIPHER_CTX_set_padding(ctx, 0);
++    if (!EVP_DecryptUpdate(ctx, msg->data+16, &outlen, d, l)) {
+ 	rv = EINVAL;
+ 	goto out_cleanup;
+     }
+@@ -2348,7 +2356,7 @@ aes_cbc_decrypt(lanserv_data_t *lan, session_t *session, msg_t *msg)
+     msg->len = outlen;
+ 
+  out_cleanup:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    EVP_CIPHER_CTX_free(ctx);
+     free(d);
+     return rv;
+ }
+diff --git a/lib/aes_cbc.c b/lib/aes_cbc.c
+index 483cdfbc521b..f20d69b8b1b3 100644
+--- a/lib/aes_cbc.c
++++ b/lib/aes_cbc.c
+@@ -86,7 +86,7 @@ aes_cbc_encrypt(ipmi_con_t    *ipmi,
+     unsigned int   l = *payload_len;
+     unsigned int   i;
+     unsigned char  *d;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int            rv;
+     int            outlen;
+     int            tmplen;
+@@ -133,15 +133,19 @@ aes_cbc_encrypt(ipmi_con_t    *ipmi,
+     *header_len -= 16;
+     *max_payload_len += 16;
+ 
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++	    rv = ENOMEM;
++	    goto out_cleanup;
++    }
+     /* Ok, we're set to do the crypt operation. */
+-    EVP_CIPHER_CTX_init(&ctx);
+-    EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, info->k2, iv);
+-    EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-    if (!EVP_EncryptUpdate(&ctx, *payload, &outlen, d, l)) {
++    EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, info->k2, iv);
++    EVP_CIPHER_CTX_set_padding(ctx, 0);
++    if (!EVP_EncryptUpdate(ctx, *payload, &outlen, d, l)) {
+ 	rv = ENOMEM; /* right? */
+ 	goto out_cleanup;
+     }
+-    if (!EVP_EncryptFinal_ex(&ctx, (*payload) + outlen, &tmplen)) {
++    if (!EVP_EncryptFinal_ex(ctx, (*payload) + outlen, &tmplen)) {
+ 	rv = ENOMEM; /* right? */
+ 	goto out_cleanup;
+     }
+@@ -154,7 +158,7 @@ aes_cbc_encrypt(ipmi_con_t    *ipmi,
+     *payload_len = outlen + 16;
+ 
+  out_cleanup:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    EVP_CIPHER_CTX_free(ctx);
+     ipmi_mem_free(d);
+ 
+     return rv;
+@@ -170,7 +174,7 @@ aes_cbc_decrypt(ipmi_con_t    *ipmi,
+     unsigned int   l = *payload_len;
+     unsigned char  *d;
+     unsigned char  *p;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int            outlen;
+     int            rv = 0;
+     unsigned char  *pad;
+@@ -195,10 +199,14 @@ aes_cbc_decrypt(ipmi_con_t    *ipmi,
+     memcpy(d, p, l);
+ 
+     /* Ok, we're set to do the decrypt operation. */
+-    EVP_CIPHER_CTX_init(&ctx);
+-    EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, info->k2, *payload);
+-    EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-    if (!EVP_DecryptUpdate(&ctx, p, &outlen, d, l)) {
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++	    rv = ENOMEM;
++	    goto out_cleanup;
++    }
++    EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, info->k2, *payload);
++    EVP_CIPHER_CTX_set_padding(ctx, 0);
++    if (!EVP_DecryptUpdate(ctx, p, &outlen, d, l)) {
+ 	rv = EINVAL;
+ 	goto out_cleanup;
+     }
+@@ -231,7 +239,7 @@ aes_cbc_decrypt(ipmi_con_t    *ipmi,
+     *payload_len = outlen;
+ 
+  out_cleanup:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    EVP_CIPHER_CTX_free(ctx);
+     ipmi_mem_free(d);
+     return rv;
+ }
+-- 
+2.9.3
diff --git a/OpenIPMI.spec b/OpenIPMI.spec
index 2cfca72..04aade8 100644
--- a/OpenIPMI.spec
+++ b/OpenIPMI.spec
@@ -5,7 +5,7 @@ Summary: IPMI (Intelligent Platform Management Interface) library and tools
 Name: OpenIPMI
 
 Version: 2.0.22
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: LGPLv2+ and GPLv2+ or BSD
 Group: System Environment/Base
 URL: http://sourceforge.net/projects/openipmi/
@@ -16,6 +16,8 @@ Source3: ipmi.service
 Patch1: 0001-Apply-OpenIPMI-2.0.18-pthread-pkgconfig.patch.patch
 Patch2: 0002-Apply-.-OpenIPMI-2.0.19-man.patch.patch
 Patch3: 0003-Apply-OpenIPMI-2.0.21-nobundle.patch.patch
+Patch4: OpenIPMI-2.0.22-openssl-support.patch
+
 BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
 BuildRequires: openssl-devel python-devel perl-devel perl-generators tcl-devel tkinter
 BuildRequires: desktop-file-utils
@@ -90,6 +92,7 @@ This package contains a network IPMI listener.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1 -b .openssl-support
 rm -rf ./libedit
 
 %build
@@ -223,6 +226,9 @@ fi
 %doc %{_mandir}/man5/ipmi_sim_cmd.5*
 
 %changelog
+* Mon Oct 17 2016 Josef Ridky <jridky@redhat.com> - 2.0.22-4
+- Add support for openssl-1.1.0 library (#1383995)
+
 * Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.22-3
 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages