Update to 1.8.19. Fixes rhbz#2123819

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2023-01-02 11:59:43 -08:00
parent 4139dd3889
commit fc161eb079
16 changed files with 239160 additions and 6297 deletions

1
.gitignore vendored
View File

@ -11,3 +11,4 @@ ipmitool-1.8.11.tar.bz2
/ipmitool-1.8.17.tar.bz2
/ipmitool-1.8.18.tar.bz2
/ipmitool-1.8.18.tar.gz
/ipmitool-1.8.19.tar.gz

View File

@ -1,25 +0,0 @@
From 152efd46931a70ab4e3d81e99d312df7dcd666e6 Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Tue, 10 May 2016 19:12:08 +0200
Subject: [PATCH] CVE-2011-4339 OpenIPMI
IPMI event daemon creates PID file with world writeable permissions
---
lib/helper.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/helper.c b/lib/helper.c
index de91438..c3a1c80 100644
--- a/lib/helper.c
+++ b/lib/helper.c
@@ -829,7 +829,6 @@ ipmi_start_daemon(struct ipmi_intf *intf)
#endif
chdir("/");
- umask(0);
for (fd=0; fd<64; fd++) {
if (fd != intf->fd)
--
2.7.4

View File

@ -1,89 +0,0 @@
diff -urNp old/src/plugins/lanplus/lanplus_crypt_impl.c new/src/plugins/lanplus/lanplus_crypt_impl.c
--- old/src/plugins/lanplus/lanplus_crypt_impl.c 2016-05-28 10:20:20.000000000 +0200
+++ new/src/plugins/lanplus/lanplus_crypt_impl.c 2017-02-21 10:50:21.634873466 +0100
@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
*bytes_written = 0;
@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
{
/* Error */
*bytes_written = 0;
@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
{
uint32_t tmplen;
- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
*bytes_written = 0;
return; /* Error */
@@ -210,7 +210,8 @@ lanplus_encrypt_aes_cbc_128(const uint8_
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_cleanup(ctx);
+ EVP_CIPHER_CTX_free(ctx);
}
}
}
@@ -239,10 +240,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
if (verbose >= 5)
@@ -266,7 +267,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
{
/* Error */
lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
@@ -277,7 +278,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
{
uint32_t tmplen;
- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
char buffer[1000];
ERR_error_string(ERR_get_error(), buffer);
@@ -290,7 +291,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_cleanup(ctx);
+ EVP_CIPHER_CTX_free(ctx);
}
}

View File

@ -1,9 +1,8 @@
diff --git a/include/ipmitool/ipmi_sdr.h b/include/ipmitool/ipmi_sdr.h
index ccf0cf0..47d3949 100644
--- a/include/ipmitool/ipmi_sdr.h
+++ b/include/ipmitool/ipmi_sdr.h
@@ -819,7 +819,7 @@ static const char *sensor_type_desc[] __attribute__ ((unused)) = {
"Version Change", "FRU State" };
diff --color -Nur ipmitool-IPMITOOL_1_8_19.orig/include/ipmitool/ipmi_sdr.h ipmitool-IPMITOOL_1_8_19/include/ipmitool/ipmi_sdr.h
--- ipmitool-IPMITOOL_1_8_19.orig/include/ipmitool/ipmi_sdr.h 2022-09-01 11:42:31.000000000 -0700
+++ ipmitool-IPMITOOL_1_8_19/include/ipmitool/ipmi_sdr.h 2022-12-20 14:12:47.675994549 -0800
@@ -799,7 +799,7 @@
#define SENSOR_TYPE_MAX 0x2C
struct sensor_reading {
- char s_id[17]; /* name of the sensor */
@ -11,6 +10,3 @@ index ccf0cf0..47d3949 100644
struct sdr_record_full_sensor *full;
struct sdr_record_compact_sensor *compact;
uint8_t s_reading_valid; /* read value valididity */
--
2.1.0

View File

@ -1,21 +0,0 @@
diff -urNp old/configure.ac new/configure.ac
--- old/configure.ac 2017-02-02 14:20:33.230784269 +0100
+++ new/configure.ac 2017-02-02 14:22:53.528510336 +0100
@@ -63,7 +63,7 @@ xenable_intf_imb=yes
xenable_intf_lipmi=yes
xenable_intf_open=yes
#xenable_intf_serial=yes
-xenable_intf_usb=no
+xenable_intf_usb=yes
xenable_ipmishell=yes
dnl set some things so we build with GNU tools on Solaris
@@ -209,7 +209,7 @@ fi
dnl enable IPMI USB interface
AC_ARG_ENABLE([intf-usb],
[AC_HELP_STRING([--enable-intf-usb],
- [enable IPMI USB interface [default=auto]])],
+ [enable IPMI USB interface [default=yes]])],
[xenable_intf_usb=$enableval],
[xenable_intf_usb=$xenable_intf_usb])
if test "x$xenable_intf_usb" = "xstatic" || test "x$xenable_intf_usb" = "xplugin"; then

View File

@ -1,6 +1,6 @@
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
--- old/doc/ipmitool.1 2017-10-03 16:10:50.446539988 +0200
+++ new/doc/ipmitool.1 2017-10-03 16:16:37.039673239 +0200
diff -urNp old/doc/ipmitool.1.in new/doc/ipmitool.1.in
--- old/doc/ipmitool.1.in 2017-10-03 16:10:50.446539988 +0200
+++ new/doc/ipmitool.1.in 2017-10-03 16:16:37.039673239 +0200
@@ -3170,13 +3170,14 @@ SOL configuration data for the currently
Enable, disable or show status of SOL payload for the user on the specified channel.

View File

@ -1,40 +0,0 @@
From 95f666fa10c32233ee202d8b99d05b5e13528a25 Mon Sep 17 00:00:00 2001
From: Vaclav Dolezal <vdolezal@redhat.com>
Date: Thu, 23 Jan 2020 11:26:32 +0100
Subject: [PATCH] hpmfwupg: move variable definition to .c file
Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
---
include/ipmitool/ipmi_hpmfwupg.h | 2 +-
lib/ipmi_hpmfwupg.c | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/ipmitool/ipmi_hpmfwupg.h b/include/ipmitool/ipmi_hpmfwupg.h
index de65292..07f597b 100644
--- a/include/ipmitool/ipmi_hpmfwupg.h
+++ b/include/ipmitool/ipmi_hpmfwupg.h
@@ -800,7 +800,7 @@ typedef struct _VERSIONINFO {
char descString[HPMFWUPG_DESC_STRING_LENGTH + 1];
}VERSIONINFO, *PVERSIONINFO;
-VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX];
+extern VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX];
#define TARGET_VER (0x01)
#define ROLLBACK_VER (0x02)
diff --git a/lib/ipmi_hpmfwupg.c b/lib/ipmi_hpmfwupg.c
index bbcffc0..d7cdcd6 100644
--- a/lib/ipmi_hpmfwupg.c
+++ b/lib/ipmi_hpmfwupg.c
@@ -58,6 +58,8 @@ ipmi_intf_get_max_request_data_size(struct ipmi_intf * intf);
extern int verbose;
+VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX];
+
int HpmfwupgUpgrade(struct ipmi_intf *intf, char *imageFilename,
int activate, int, int);
int HpmfwupgValidateImageIntegrity(struct HpmfwupgUpgradeCtx *pFwupgCtx);
--
2.20.1

View File

@ -1,864 +0,0 @@
From f2df2aa5a010544d53589a5b048677406eb40ee8 Mon Sep 17 00:00:00 2001
From: Vernon Mauery <vernon.mauery@intel.com>
Date: Mon, 9 Apr 2018 12:28:57 -0700
Subject: [PATCH] lanplus: Auto-select 'best' cipher suite available
Current cipher suites could be ranked as this:
17 > 3 >> all the rest
Cherry-picked-from: 7772254b62826b894ca629df8c597030a98f4f72
Cherry-picked-from: f9c699c712f884c82fc1a62f1f61a8d597ac0cfd
Also fetched some functions/macros for helper.h
Equals to getting include/ipmitool/helper.h changes from commits:
(oldest first)
6c00d44 mc: watchdog get: Update to match IPMI 2.0 spec
e8e94d8 mc: watchdog set: Refactor to reduce complexity
0310208 mc: Code refactor to reduce copy-paste ratio
249e092 general: Make byteswapping arch-independent
5491b12 refix 249e0929: Fix byteswapping helpers
bb1a4cc Refactoring. Improve code reuse ratio.
---
include/ipmitool/helper.h | 58 ++++++++
include/ipmitool/ipmi_channel.h | 47 +++++++
include/ipmitool/ipmi_intf.h | 39 ++++-
lib/ipmi_channel.c | 242 +++++++++++++++-----------------
lib/ipmi_main.c | 23 +--
src/plugins/ipmi_intf.c | 5 +-
src/plugins/lanplus/lanplus.c | 114 +++++++++++----
7 files changed, 360 insertions(+), 168 deletions(-)
diff --git a/include/ipmitool/helper.h b/include/ipmitool/helper.h
index c53736f..6a2e5f4 100644
--- a/include/ipmitool/helper.h
+++ b/include/ipmitool/helper.h
@@ -38,6 +38,8 @@
#include <stdio.h>
#include <string.h>
+#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
+
#ifndef TRUE
#define TRUE 1
#endif
@@ -111,6 +113,62 @@ FILE * ipmi_open_file(const char * file, int rw);
void ipmi_start_daemon(struct ipmi_intf *intf);
uint16_t ipmi_get_oem_id(struct ipmi_intf *intf);
+#define IS_SET(v, b) ((v) & (1 << (b)))
+
+/* le16toh(), hto16le(), et. al. don't exist for Windows or Apple */
+/* For portability, let's simply define our own versions here */
+
+/* IPMI is always little-endian */
+static inline uint16_t ipmi16toh(void *ipmi16)
+{
+ uint8_t *ipmi = (uint8_t *)ipmi16;
+ uint16_t h;
+
+ h = ipmi[1] << 8; /* MSB */
+ h |= ipmi[0]; /* LSB */
+
+ return h;
+}
+
+static inline void htoipmi16(uint16_t h, uint8_t *ipmi)
+{
+ ipmi[0] = h & 0xFF; /* LSB */
+ ipmi[1] = h >> 8; /* MSB */
+}
+
+static inline uint32_t ipmi24toh(void *ipmi24)
+{
+ uint8_t *ipmi = (uint8_t *)ipmi24;
+ uint32_t h = 0;
+
+ h = ipmi[2] << 16; /* MSB */
+ h |= ipmi[1] << 8;
+ h |= ipmi[0]; /* LSB */
+
+ return h;
+}
+
+static inline uint32_t ipmi32toh(void *ipmi32)
+{
+ uint8_t *ipmi = ipmi32;
+ uint32_t h;
+
+ h = ipmi[3] << 24; /* MSB */
+ h |= ipmi[2] << 16;
+ h |= ipmi[1] << 8;
+ h |= ipmi[0]; /* LSB */
+
+ return h;
+}
+
+static inline void htoipmi32(uint32_t h, uint8_t *ipmi)
+{
+ ipmi[0] = h & 0xFF; /* LSB */
+ ipmi[1] = (h >> 8) & 0xFF;
+ ipmi[2] = (h >> 16) & 0xFF;
+ ipmi[3] = (h >> 24) & 0xFF; /* MSB */
+}
+
#define ipmi_open_file_read(file) ipmi_open_file(file, 0)
#define ipmi_open_file_write(file) ipmi_open_file(file, 1)
diff --git a/include/ipmitool/ipmi_channel.h b/include/ipmitool/ipmi_channel.h
index 3ade2d5..324c0bb 100644
--- a/include/ipmitool/ipmi_channel.h
+++ b/include/ipmitool/ipmi_channel.h
@@ -37,6 +37,7 @@
# include <config.h>
#endif
#include <ipmitool/ipmi.h>
+#include <ipmitool/ipmi_intf.h>
#define IPMI_GET_CHANNEL_AUTH_CAP 0x38
@@ -81,6 +82,50 @@ struct channel_access_t {
uint8_t user_level_auth;
};
+/*
+ * The Cipher Suite Record Format from table 22-18 of the IPMI v2.0 spec
+ */
+enum cipher_suite_format_tag {
+ STANDARD_CIPHER_SUITE = 0xc0,
+ OEM_CIPHER_SUITE = 0xc1,
+};
+#ifdef HAVE_PRAGMA_PACK
+#pragma pack(1)
+#endif
+struct std_cipher_suite_record_t {
+ uint8_t start_of_record;
+ uint8_t cipher_suite_id;
+ uint8_t auth_alg;
+ uint8_t integrity_alg;
+ uint8_t crypt_alg;
+} ATTRIBUTE_PACKING;
+struct oem_cipher_suite_record_t {
+ uint8_t start_of_record;
+ uint8_t cipher_suite_id;
+ uint8_t iana[3];
+ uint8_t auth_alg;
+ uint8_t integrity_alg;
+ uint8_t crypt_alg;
+} ATTRIBUTE_PACKING;
+#ifdef HAVE_PRAGMA_PACK
+#pragma pack(0)
+#endif
+#define CIPHER_ALG_MASK 0x3f
+#define MAX_CIPHER_SUITE_RECORD_OFFSET 0x40
+#define MAX_CIPHER_SUITE_DATA_LEN 0x10
+#define LIST_ALGORITHMS_BY_CIPHER_SUITE 0x80
+
+/* Below is the theoretical maximum number of cipher suites that could be
+ * reported by a BMC. That is with the Get Channel Cipher Suites Command, at 16
+ * bytes at a time and 0x40 requests, it can report 1024 bytes, which is about
+ * 204 standard records or 128 OEM records. Really, we probably don't need more
+ * than about 20, which is the full set of standard records plus a few OEM
+ * records.
+ */
+#define MAX_CIPHER_SUITE_COUNT (MAX_CIPHER_SUITE_RECORD_OFFSET * \
+ MAX_CIPHER_SUITE_DATA_LEN / \
+ sizeof(struct std_cipher_suite_record_t))
+
/*
* The Get Authentication Capabilities response structure
* From table 22-15 of the IPMI v2.0 spec
@@ -135,6 +180,8 @@ struct get_channel_auth_cap_rsp {
int _ipmi_get_channel_access(struct ipmi_intf *intf,
struct channel_access_t *channel_access,
uint8_t get_volatile_settings);
+int ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
+ uint8_t channel, struct cipher_suite_info *suites, size_t *count);
int _ipmi_get_channel_info(struct ipmi_intf *intf,
struct channel_info_t *channel_info);
int _ipmi_set_channel_access(struct ipmi_intf *intf,
diff --git a/include/ipmitool/ipmi_intf.h b/include/ipmitool/ipmi_intf.h
index 0b8c64b..7a07d66 100644
--- a/include/ipmitool/ipmi_intf.h
+++ b/include/ipmitool/ipmi_intf.h
@@ -61,13 +61,45 @@ enum LANPLUS_SESSION_STATE {
#define IPMI_AUTHCODE_BUFFER_SIZE 20
#define IPMI_SIK_BUFFER_SIZE IPMI_MAX_MD_SIZE
+enum cipher_suite_ids {
+ IPMI_LANPLUS_CIPHER_SUITE_0 = 0,
+ IPMI_LANPLUS_CIPHER_SUITE_1 = 1,
+ IPMI_LANPLUS_CIPHER_SUITE_2 = 2,
+ IPMI_LANPLUS_CIPHER_SUITE_3 = 3,
+ IPMI_LANPLUS_CIPHER_SUITE_4 = 4,
+ IPMI_LANPLUS_CIPHER_SUITE_5 = 5,
+ IPMI_LANPLUS_CIPHER_SUITE_6 = 6,
+ IPMI_LANPLUS_CIPHER_SUITE_7 = 7,
+ IPMI_LANPLUS_CIPHER_SUITE_8 = 8,
+ IPMI_LANPLUS_CIPHER_SUITE_9 = 9,
+ IPMI_LANPLUS_CIPHER_SUITE_10 = 10,
+ IPMI_LANPLUS_CIPHER_SUITE_11 = 11,
+ IPMI_LANPLUS_CIPHER_SUITE_12 = 12,
+ IPMI_LANPLUS_CIPHER_SUITE_13 = 13,
+ IPMI_LANPLUS_CIPHER_SUITE_14 = 14,
+#ifdef HAVE_CRYPTO_SHA256
+ IPMI_LANPLUS_CIPHER_SUITE_15 = 15,
+ IPMI_LANPLUS_CIPHER_SUITE_16 = 16,
+ IPMI_LANPLUS_CIPHER_SUITE_17 = 17,
+#endif /* HAVE_CRYPTO_SHA256 */
+ IPMI_LANPLUS_CIPHER_SUITE_RESERVED = 0xff,
+};
+
+struct cipher_suite_info {
+ enum cipher_suite_ids cipher_suite_id;
+ uint8_t auth_alg;
+ uint8_t integrity_alg;
+ uint8_t crypt_alg;
+ uint32_t iana;
+};
+
struct ipmi_session_params {
char * hostname;
uint8_t username[17];
uint8_t authcode_set[IPMI_AUTHCODE_BUFFER_SIZE + 1];
uint8_t authtype_set;
uint8_t privlvl;
- uint8_t cipher_suite_id;
+ enum cipher_suite_ids cipher_suite_id;
char sol_escape_char;
int password;
int port;
@@ -217,7 +249,10 @@ void ipmi_intf_session_set_username(struct ipmi_intf * intf, char * username);
void ipmi_intf_session_set_password(struct ipmi_intf * intf, char * password);
void ipmi_intf_session_set_privlvl(struct ipmi_intf * intf, uint8_t privlvl);
void ipmi_intf_session_set_lookupbit(struct ipmi_intf * intf, uint8_t lookupbit);
-void ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, uint8_t cipher_suite_id);
+#ifdef IPMI_INTF_LANPLUS
+void ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf,
+ enum cipher_suite_ids cipher_suite_id);
+#endif /* IPMI_INTF_LANPLUS */
void ipmi_intf_session_set_sol_escape_char(struct ipmi_intf * intf, char sol_escape_char);
void ipmi_intf_session_set_kgkey(struct ipmi_intf *intf, const uint8_t *kgkey);
void ipmi_intf_session_set_port(struct ipmi_intf * intf, int port);
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
index e1fc75f..3ae3104 100644
--- a/lib/ipmi_channel.c
+++ b/lib/ipmi_channel.c
@@ -342,86 +342,116 @@ ipmi_get_channel_auth_cap(struct ipmi_intf *intf, uint8_t channel, uint8_t priv)
return 0;
}
-static int
+static size_t
+parse_channel_cipher_suite_data(uint8_t *cipher_suite_data, size_t data_len,
+ struct cipher_suite_info* suites, size_t nr_suites)
+{
+ size_t count = 0;
+ size_t offset = 0;
+ uint32_t iana;
+ uint8_t auth_alg, integrity_alg, crypt_alg;
+ uint8_t cipher_suite_id;
+
+ memset(suites, 0, sizeof(*suites) * nr_suites);
+
+ while (offset < data_len && count < nr_suites) {
+ auth_alg = IPMI_AUTH_RAKP_NONE;
+ integrity_alg = IPMI_INTEGRITY_NONE;
+ crypt_alg = IPMI_CRYPT_NONE;
+ if (cipher_suite_data[offset] == STANDARD_CIPHER_SUITE) {
+ struct std_cipher_suite_record_t *record =
+ (struct std_cipher_suite_record_t*)(&cipher_suite_data[offset]);
+ /* standard type */
+ iana = 0;
+
+ /* Verify that we have at least a full record left; id + 3 algs */
+ if ((data_len - offset) < sizeof(*record)) {
+ lprintf(LOG_INFO, "Incomplete data record in cipher suite data");
+ break;
+ }
+ cipher_suite_id = record->cipher_suite_id;
+ auth_alg = CIPHER_ALG_MASK & record->auth_alg;
+ integrity_alg = CIPHER_ALG_MASK & record->integrity_alg;
+ crypt_alg = CIPHER_ALG_MASK & record->crypt_alg;
+ offset += sizeof(*record);
+ } else if (cipher_suite_data[offset] == OEM_CIPHER_SUITE) {
+ /* OEM record type */
+ struct oem_cipher_suite_record_t *record =
+ (struct oem_cipher_suite_record_t*)(&cipher_suite_data[offset]);
+ /* Verify that we have at least a full record left
+ * id + iana + 3 algs
+ */
+ if ((data_len - offset) < sizeof(*record)) {
+ lprintf(LOG_INFO, "Incomplete data record in cipher suite data");
+ break;
+ }
+
+ cipher_suite_id = record->cipher_suite_id;
+
+ /* Grab the IANA */
+ iana = ipmi24toh(record->iana);
+ auth_alg = CIPHER_ALG_MASK & record->auth_alg;
+ integrity_alg = CIPHER_ALG_MASK & record->integrity_alg;
+ crypt_alg = CIPHER_ALG_MASK & record->crypt_alg;
+ offset += sizeof(*record);
+ } else {
+ lprintf(LOG_INFO, "Bad start of record byte in cipher suite data (offset %d, value %x)", offset, cipher_suite_data[offset]);
+ break;
+ }
+ suites[count].cipher_suite_id = cipher_suite_id;
+ suites[count].iana = iana;
+ suites[count].auth_alg = auth_alg;
+ suites[count].integrity_alg = integrity_alg;
+ suites[count].crypt_alg = crypt_alg;
+ count++;
+ }
+ return count;
+}
+
+int
ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
- uint8_t channel)
+ uint8_t channel, struct cipher_suite_info *suites, size_t *count)
{
struct ipmi_rs *rsp;
struct ipmi_rq req;
uint8_t rqdata[3];
- uint32_t iana;
- uint8_t auth_alg, integrity_alg, crypt_alg;
- uint8_t cipher_suite_id;
uint8_t list_index = 0;
/* 0x40 sets * 16 bytes per set */
- uint8_t cipher_suite_data[1024];
- uint16_t offset = 0;
- /* how much was returned, total */
- uint16_t cipher_suite_data_length = 0;
+ uint8_t cipher_suite_data[MAX_CIPHER_SUITE_RECORD_OFFSET *
+ MAX_CIPHER_SUITE_DATA_LEN];
+ size_t offset = 0;
+ size_t nr_suites = 0;
+ if (!suites || !count || !*count)
+ return -1;
+
+ nr_suites = *count;
+ *count = 0;
memset(cipher_suite_data, 0, sizeof(cipher_suite_data));
-
+
memset(&req, 0, sizeof(req));
req.msg.netfn = IPMI_NETFN_APP;
req.msg.cmd = IPMI_GET_CHANNEL_CIPHER_SUITES;
req.msg.data = rqdata;
- req.msg.data_len = 3;
+ req.msg.data_len = sizeof(rqdata);
rqdata[0] = channel;
rqdata[1] = ((strncmp(payload_type, "ipmi", 4) == 0)? 0: 1);
- /* Always ask for cipher suite format */
- rqdata[2] = 0x80;
-
- rsp = intf->sendrecv(intf, &req);
- if (rsp == NULL) {
- lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
- return -1;
- }
- if (rsp->ccode > 0) {
- lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
- val2str(rsp->ccode, completion_code_vals));
- return -1;
- }
-
-
- /*
- * Grab the returned channel number once. We assume it's the same
- * in future calls.
- */
- if (rsp->data_len >= 1) {
- channel = rsp->data[0];
- }
-
- while ((rsp->data_len > 1) && (rsp->data_len == 17) && (list_index < 0x3F)) {
- /*
- * We got back cipher suite data -- store it.
- * printf("copying data to offset %d\n", offset);
- * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data");
- */
- memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
- offset += rsp->data_len - 1;
-
- /*
- * Increment our list for the next call
- */
- ++list_index;
- rqdata[2] = (rqdata[2] & 0x80) + list_index;
+ do {
+ /* Always ask for cipher suite format */
+ rqdata[2] = LIST_ALGORITHMS_BY_CIPHER_SUITE | list_index;
rsp = intf->sendrecv(intf, &req);
if (rsp == NULL) {
lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
return -1;
}
- if (rsp->ccode > 0) {
+ if (rsp->ccode || rsp->data_len < 1) {
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
val2str(rsp->ccode, completion_code_vals));
return -1;
}
- }
-
- /* Copy last chunk */
- if(rsp->data_len > 1) {
/*
* We got back cipher suite data -- store it.
* printf("copying data to offset %d\n", offset);
@@ -429,88 +459,46 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
*/
memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
offset += rsp->data_len - 1;
- }
- /* We can chomp on all our data now. */
- cipher_suite_data_length = offset;
- offset = 0;
+ /*
+ * Increment our list for the next call
+ */
+ ++list_index;
+ } while ((rsp->data_len == (sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)) &&
+ (list_index < MAX_CIPHER_SUITE_RECORD_OFFSET));
- if (! csv_output) {
- printf("ID IANA Auth Alg Integrity Alg Confidentiality Alg\n");
- }
- while (offset < cipher_suite_data_length) {
- if (cipher_suite_data[offset++] == 0xC0) {
- /* standard type */
- iana = 0;
+ *count = parse_channel_cipher_suite_data(cipher_suite_data, offset, suites,
+ nr_suites);
+ return 0;
+}
- /* Verify that we have at least a full record left; id + 3 algs */
- if ((cipher_suite_data_length - offset) < 4) {
- lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
- return -1;
- }
- cipher_suite_id = cipher_suite_data[offset++];
- } else if (cipher_suite_data[offset++] == 0xC1) {
- /* OEM record type */
- /* Verify that we have at least a full record left
- * id + iana + 3 algs
- */
- if ((cipher_suite_data_length - offset) < 4) {
- lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
- return -1;
- }
+static int
+ipmi_print_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
+ uint8_t channel)
+{
+ int rc;
+ size_t i = 0;
+ struct cipher_suite_info suites[MAX_CIPHER_SUITE_COUNT];
+ size_t nr_suites = sizeof(*suites);
- cipher_suite_id = cipher_suite_data[offset++];
+ rc = ipmi_get_channel_cipher_suites(intf, payload_type, channel,
+ suites, &nr_suites);
- /* Grab the IANA */
- iana =
- cipher_suite_data[offset] |
- (cipher_suite_data[offset + 1] << 8) |
- (cipher_suite_data[offset + 2] << 16);
- offset += 3;
- } else {
- lprintf(LOG_ERR, "Bad start of record byte in cipher suite data");
- return -1;
- }
+ if (rc < 0)
+ return rc;
- /*
- * Grab the algorithms for this cipher suite. I guess we can't be
- * sure of what order they'll come in. Also, I suppose we default
- * to the NONE algorithm if one were absent. This part of the spec is
- * poorly written -- I have read the errata document. For now, I'm only
- * allowing one algorithm per type (auth, integrity, crypt) because I
- * don't I understand how it could be otherwise.
- */
- auth_alg = IPMI_AUTH_RAKP_NONE;
- integrity_alg = IPMI_INTEGRITY_NONE;
- crypt_alg = IPMI_CRYPT_NONE;
-
- while (((cipher_suite_data[offset] & 0xC0) != 0xC0) &&
- ((cipher_suite_data_length - offset) > 0))
- {
- switch (cipher_suite_data[offset] & 0xC0)
- {
- case 0x00:
- /* Authentication algorithm specifier */
- auth_alg = cipher_suite_data[offset++] & 0x3F;
- break;
- case 0x40:
- /* Interity algorithm specifier */
- integrity_alg = cipher_suite_data[offset++] & 0x3F;
- break;
- case 0x80:
- /* Confidentiality algorithm specifier */
- crypt_alg = cipher_suite_data[offset++] & 0x3F;
- break;
- }
- }
+ if (! csv_output) {
+ printf("ID IANA Auth Alg Integrity Alg Confidentiality Alg\n");
+ }
+ for (i = 0; i < nr_suites; i++) {
/* We have everything we need to spit out a cipher suite record */
printf((csv_output? "%d,%s,%s,%s,%s\n" :
"%-4d %-7s %-15s %-15s %-15s\n"),
- cipher_suite_id,
- iana_string(iana),
- val2str(auth_alg, ipmi_auth_algorithms),
- val2str(integrity_alg, ipmi_integrity_algorithms),
- val2str(crypt_alg, ipmi_encryption_algorithms));
+ suites[i].cipher_suite_id,
+ iana_string(suites[i].iana),
+ val2str(suites[i].auth_alg, ipmi_auth_algorithms),
+ val2str(suites[i].integrity_alg, ipmi_integrity_algorithms),
+ val2str(suites[i].crypt_alg, ipmi_encryption_algorithms));
}
return 0;
}
@@ -973,7 +961,7 @@ ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
return (-1);
}
}
- retval = ipmi_get_channel_cipher_suites(intf,
+ retval = ipmi_print_channel_cipher_suites(intf,
argv[1], /* ipmi | sol */
channel);
} else if (strncmp(argv[0], "setkg", 5) == 0) {
diff --git a/lib/ipmi_main.c b/lib/ipmi_main.c
index 811c80b..6aee102 100644
--- a/lib/ipmi_main.c
+++ b/lib/ipmi_main.c
@@ -323,6 +323,7 @@ ipmi_main(int argc, char ** argv,
uint8_t target_addr = 0;
uint8_t target_channel = 0;
+ uint8_t u8tmp = 0;
uint8_t transit_addr = 0;
uint8_t transit_channel = 0;
uint8_t target_lun = 0;
@@ -347,7 +348,10 @@ ipmi_main(int argc, char ** argv,
char * seloem = NULL;
int port = 0;
int devnum = 0;
- int cipher_suite_id = 3; /* See table 22-19 of the IPMIv2 spec */
+#ifdef IPMI_INTF_LANPLUS
+ /* lookup best cipher suite available */
+ enum cipher_suite_ids cipher_suite_id = IPMI_LANPLUS_CIPHER_SUITE_RESERVED;
+#endif /* IPMI_INTF_LANPLUS */
int argflag, i, found;
int rc = -1;
int ai_family = AF_UNSPEC;
@@ -425,19 +429,18 @@ ipmi_main(int argc, char ** argv,
goto out_free;
}
break;
+#ifdef IPMI_INTF_LANPLUS
case 'C':
- if (str2int(optarg, &cipher_suite_id) != 0) {
- lprintf(LOG_ERR, "Invalid parameter given or out of range for '-C'.");
- rc = -1;
- goto out_free;
- }
- /* add check Cipher is -gt 0 */
- if (cipher_suite_id < 0) {
- lprintf(LOG_ERR, "Cipher suite ID %i is invalid.", cipher_suite_id);
+ /* Cipher Suite ID is a byte as per IPMI specification */
+ if (str2uchar(optarg, &u8tmp) != 0) {
+ lprintf(LOG_ERR, "Invalid parameter given or out of "
+ "range [0-255] for '-C'.");
rc = -1;
goto out_free;
}
+ cipher_suite_id = u8tmp;
break;
+#endif /* IPMI_INTF_LANPLUS */
case 'v':
verbose++;
break;
@@ -870,7 +873,9 @@ ipmi_main(int argc, char ** argv,
ipmi_intf_session_set_lookupbit(ipmi_main_intf, lookupbit);
ipmi_intf_session_set_sol_escape_char(ipmi_main_intf, sol_escape_char);
+#ifdef IPMI_INTF_LANPLUS
ipmi_intf_session_set_cipher_suite_id(ipmi_main_intf, cipher_suite_id);
+#endif /* IPMI_INTF_LANPLUS */
ipmi_main_intf->devnum = devnum;
diff --git a/src/plugins/ipmi_intf.c b/src/plugins/ipmi_intf.c
index 1d9e87b..00b0918 100644
--- a/src/plugins/ipmi_intf.c
+++ b/src/plugins/ipmi_intf.c
@@ -252,11 +252,14 @@ ipmi_intf_session_set_lookupbit(struct ipmi_intf * intf, uint8_t lookupbit)
intf->ssn_params.lookupbit = lookupbit;
}
+#ifdef IPMI_INTF_LANPLUS
void
-ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, uint8_t cipher_suite_id)
+ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf,
+ enum cipher_suite_ids cipher_suite_id)
{
intf->ssn_params.cipher_suite_id = cipher_suite_id;
}
+#endif /* IPMI_INTF_LANPLUS */
void
ipmi_intf_session_set_sol_escape_char(struct ipmi_intf * intf, char sol_escape_char)
diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c
index a0e388c..3087348 100644
--- a/src/plugins/lanplus/lanplus.c
+++ b/src/plugins/lanplus/lanplus.c
@@ -164,114 +164,109 @@ extern int verbose;
* returns 0 on success
* 1 on failure
*/
-int lanplus_get_requested_ciphers(int cipher_suite_id,
+int lanplus_get_requested_ciphers(enum cipher_suite_ids cipher_suite_id,
uint8_t * auth_alg,
uint8_t * integrity_alg,
uint8_t * crypt_alg)
{
-#ifdef HAVE_CRYPTO_SHA256
- if ((cipher_suite_id < 0) || (cipher_suite_id > 17)) {
- return 1;
- }
-#else
- if ((cipher_suite_id < 0) || (cipher_suite_id > 14))
- return 1;
-#endif /* HAVE_CRYPTO_SHA256 */
/* See table 22-19 for the source of the statement */
switch (cipher_suite_id)
{
- case 0:
+ case IPMI_LANPLUS_CIPHER_SUITE_0:
*auth_alg = IPMI_AUTH_RAKP_NONE;
*integrity_alg = IPMI_INTEGRITY_NONE;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 1:
+ case IPMI_LANPLUS_CIPHER_SUITE_1:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_NONE;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 2:
+ case IPMI_LANPLUS_CIPHER_SUITE_2:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 3:
+ case IPMI_LANPLUS_CIPHER_SUITE_3:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
break;
- case 4:
+ case IPMI_LANPLUS_CIPHER_SUITE_4:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
*crypt_alg = IPMI_CRYPT_XRC4_128;
break;
- case 5:
+ case IPMI_LANPLUS_CIPHER_SUITE_5:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
*crypt_alg = IPMI_CRYPT_XRC4_40;
break;
- case 6:
+ case IPMI_LANPLUS_CIPHER_SUITE_6:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_NONE;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 7:
+ case IPMI_LANPLUS_CIPHER_SUITE_7:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 8:
+ case IPMI_LANPLUS_CIPHER_SUITE_8:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
break;
- case 9:
+ case IPMI_LANPLUS_CIPHER_SUITE_9:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
*crypt_alg = IPMI_CRYPT_XRC4_128;
break;
- case 10:
+ case IPMI_LANPLUS_CIPHER_SUITE_10:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
*crypt_alg = IPMI_CRYPT_XRC4_40;
break;
- case 11:
+ case IPMI_LANPLUS_CIPHER_SUITE_11:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_MD5_128;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 12:
+ case IPMI_LANPLUS_CIPHER_SUITE_12:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_MD5_128;
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
break;
- case 13:
+ case IPMI_LANPLUS_CIPHER_SUITE_13:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_MD5_128;
*crypt_alg = IPMI_CRYPT_XRC4_128;
break;
- case 14:
+ case IPMI_LANPLUS_CIPHER_SUITE_14:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_MD5_128;
*crypt_alg = IPMI_CRYPT_XRC4_40;
break;
#ifdef HAVE_CRYPTO_SHA256
- case 15:
+ case IPMI_LANPLUS_CIPHER_SUITE_15:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
*integrity_alg = IPMI_INTEGRITY_NONE;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 16:
+ case IPMI_LANPLUS_CIPHER_SUITE_16:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 17:
+ case IPMI_LANPLUS_CIPHER_SUITE_17:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128;
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
break;
#endif /* HAVE_CRYPTO_SHA256 */
+ case IPMI_LANPLUS_CIPHER_SUITE_RESERVED:
+ default:
+ return 1;
}
return 0;
@@ -3441,6 +3436,57 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf)
return 0;
}
+static uint8_t
+ipmi_find_best_cipher_suite(struct ipmi_intf *intf)
+{
+ enum cipher_suite_ids best_suite = IPMI_LANPLUS_CIPHER_SUITE_RESERVED;
+#ifdef HAVE_CRYPTO_SHA256
+ struct cipher_suite_info suites[MAX_CIPHER_SUITE_COUNT];
+ size_t nr_suites = ARRAY_SIZE(suites);
+ /* cipher suite best order is chosen with this criteria:
+ * HMAC-MD5 and MD5 are BAD; xRC4 is bad; AES128 is required
+ * HMAC-SHA256 > HMAC-SHA1
+ * secure authentication > encrypted content
+ *
+ * With xRC4 out, all cipher suites with MD5 out, and cipher suite 3 being
+ * required by the spec, the only better defined standard cipher suite is
+ * 17. So if SHA256 is available, we should try to use that, otherwise,
+ * fall back to 3.
+ */
+ const enum cipher_suite_ids cipher_order_preferred[] = {
+ IPMI_LANPLUS_CIPHER_SUITE_17,
+ IPMI_LANPLUS_CIPHER_SUITE_3,
+ };
+ const size_t nr_preferred = ARRAY_SIZE(cipher_order_preferred);
+ size_t ipref, i;
+
+ if (ipmi_get_channel_cipher_suites(intf, "ipmi", IPMI_LAN_CHANNEL_E,
+ suites, &nr_suites) < 0)
+ {
+ /* default legacy behavior - cipher suite 3 if none is requested */
+ return IPMI_LANPLUS_CIPHER_SUITE_3;
+ }
+ for (ipref = 0; ipref < nr_preferred &&
+ IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite; ipref++)
+ {
+ for (i = 0; i < nr_suites; i++) {
+ if (cipher_order_preferred[ipref] == suites[i].cipher_suite_id) {
+ best_suite = cipher_order_preferred[ipref];
+ break;
+ }
+ }
+ }
+#endif /* HAVE_CRYPTO_SHA256 */
+ if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite) {
+ /* IPMI 2.0 spec requires that cipher suite 3 is implemented
+ * so we should always be able to fall back to that if better
+ * options are not available. */
+ best_suite = IPMI_LANPLUS_CIPHER_SUITE_3;
+ }
+ lprintf(LOG_INFO, "Using best available cipher suite %d\n", best_suite);
+ return best_suite;
+}
+
/**
* ipmi_lanplus_open
*/
@@ -3514,6 +3560,16 @@ ipmi_lanplus_open(struct ipmi_intf * intf)
lprintf(LOG_INFO, "This BMC does not support IPMI v2 / RMCP+");
goto fail;
}
+ /*
+ * If no cipher suite was provided, query the channel cipher suite list and
+ * pick the best one available
+ */
+ if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED ==
+ intf->ssn_params.cipher_suite_id)
+ {
+ ipmi_intf_session_set_cipher_suite_id(intf,
+ ipmi_find_best_cipher_suite(intf));
+ }
/*
* If the open/rakp1/rakp3 sequence encounters a timeout, the whole sequence
@@ -3728,7 +3784,7 @@ static int ipmi_lanplus_setup(struct ipmi_intf * intf)
static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t size)
{
- if (intf->ssn_params.cipher_suite_id == 3) {
+ if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) {
/*
* encrypted payload can only be multiple of 16 bytes
*/
@@ -3746,7 +3802,7 @@ static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t siz
static void ipmi_lanp_set_max_rp_data_size(struct ipmi_intf * intf, uint16_t size)
{
- if (intf->ssn_params.cipher_suite_id == 3) {
+ if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) {
/*
* encrypted payload can only be multiple of 16 bytes
*/
--
2.20.1

View File

@ -1,33 +0,0 @@
From f65ea137f0d03f883219a791a49cf8ea7e16776a Mon Sep 17 00:00:00 2001
From: Vaclav Dolezal <vdolezal@redhat.com>
Date: Fri, 1 Mar 2019 14:46:12 +0100
Subject: [PATCH] Fix "ipmitool pef {status,info}" not printing final newline
Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
---
lib/ipmi_pef.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/ipmi_pef.c b/lib/ipmi_pef.c
index bbf25f2..4be749e 100644
--- a/lib/ipmi_pef.c
+++ b/lib/ipmi_pef.c
@@ -1183,6 +1183,7 @@ ipmi_pef2_get_info(struct ipmi_intf *intf)
ipmi_pef_print_guid(guid_ptr);
}
ipmi_pef_print_flags(&pef_b2s_actions, P_SUPP, pcap.actions);
+ putchar('\n');
return 0;
}
@@ -1242,6 +1243,7 @@ ipmi_pef2_get_status(struct ipmi_intf *intf)
return (-1);
}
ipmi_pef_print_flags(&pef_b2s_actions, P_ACTV, rsp->data[1]);
+ putchar('\n');
return 0;
}
--
2.20.1

View File

@ -1,57 +0,0 @@
From 57b57b27fe2c17e3030c41ee5566af36ccd33941 Mon Sep 17 00:00:00 2001
From: Vaclav Dolezal <vdolezal@redhat.com>
Date: Thu, 30 Jan 2020 16:18:37 +0100
Subject: [PATCH] Expand column with name in ipmitool sdr/sensor output
---
lib/ipmi_sdr.c | 4 ++--
lib/ipmi_sensor.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
index fd2c02d..0f6faab 100644
--- a/lib/ipmi_sdr.c
+++ b/lib/ipmi_sdr.c
@@ -1619,7 +1619,7 @@ ipmi_sdr_print_sensor_fc(struct ipmi_intf *intf,
/*
* print sensor name, reading, state
*/
- printf("%-16s | ", sr->s_id);
+ printf("%-24s | ", sr->s_id);
memset(sval, 0, sizeof (sval));
@@ -1657,7 +1657,7 @@ ipmi_sdr_print_sensor_fc(struct ipmi_intf *intf,
/*
* print sensor name, number, state, entity, reading
*/
- printf("%-16s | %02Xh | ",
+ printf("%-24s | %02Xh | ",
sr->s_id, sensor->keys.sensor_num);
if (IS_THRESHOLD_SENSOR(sensor)) {
diff --git a/lib/ipmi_sensor.c b/lib/ipmi_sensor.c
index a0b7eb8..7328508 100644
--- a/lib/ipmi_sensor.c
+++ b/lib/ipmi_sensor.c
@@ -175,7 +175,7 @@ ipmi_sensor_print_fc_discrete(struct ipmi_intf *intf,
/* output format
* id value units status thresholds....
*/
- printf("%-16s ", sr->s_id);
+ printf("%-24s ", sr->s_id);
if (sr->s_reading_valid) {
if (sr->s_has_analog_value) {
/* don't show discrete component */
@@ -276,7 +276,7 @@ ipmi_sensor_print_fc_threshold(struct ipmi_intf *intf,
/* output format
* id value units status thresholds....
*/
- printf("%-16s ", sr->s_id);
+ printf("%-24s ", sr->s_id);
if (sr->s_reading_valid) {
if (sr->s_has_analog_value)
printf("| %-10.3f | %-10s | %-6s",
--
2.20.1

View File

@ -1,378 +0,0 @@
From b3e74778c65ba3ffc8a9b3133c87588ee5d18a74 Mon Sep 17 00:00:00 2001
From: Chrostoper Ertl <chertl@microsoft.com>
Date: Thu, 28 Nov 2019 16:33:59 +0000
Subject: [PATCH] Fixes for CVE-2020-5208
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
This patch is combination of following commits:
pick e824c23316ae50beb7f7488f2055ac65e8b341f2 fru: Fix buffer overflow vulnerabilities
pick 840fb1cbb4fb365cb9797300e3374d4faefcdb10 fru: Fix buffer overflow in ipmi_spd_print_fru
pick 41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 session: Fix buffer overflow in ipmi_get_session_info
pick 9452be87181a6e83cfcc768b3ed8321763db50e4 channel: Fix buffer overflow
pick d45572d71e70840e0d4c50bf48218492b79c1a10 lanp: Fix buffer overflows in get_lan_param_select
pick 7ccea283dd62a05a320c1921e3d8d71a87772637 fru, sdr: Fix id_string buffer overflows
---
lib/dimm_spd.c | 9 ++++++++-
lib/ipmi_channel.c | 5 ++++-
lib/ipmi_fru.c | 35 ++++++++++++++++++++++++++++++++---
lib/ipmi_lanp.c | 14 +++++++-------
lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++----------------
lib/ipmi_session.c | 12 ++++++++----
6 files changed, 83 insertions(+), 32 deletions(-)
diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c
index 41e30db..68f3b4f 100644
--- a/lib/dimm_spd.c
+++ b/lib/dimm_spd.c
@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
struct ipmi_rq req;
struct fru_info fru;
uint8_t *spd_data, msg_data[4];
- int len, offset;
+ uint32_t len, offset;
msg_data[0] = id;
@@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
}
len = rsp->data[0];
+ if(rsp->data_len < 1
+ || len > rsp->data_len - 1
+ || len > fru.size - offset)
+ {
+ printf(" Not enough buffer size");
+ return -1;
+ }
memcpy(&spd_data[offset], rsp->data + 1, len);
offset += len;
} while (offset < fru.size);
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
index 3ae3104..80ba522 100644
--- a/lib/ipmi_channel.c
+++ b/lib/ipmi_channel.c
@@ -447,7 +447,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
return -1;
}
- if (rsp->ccode || rsp->data_len < 1) {
+ if (rsp->ccode
+ || rsp->data_len < 1
+ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
+ {
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
val2str(rsp->ccode, completion_code_vals));
return -1;
diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c
index cf00eff..98bc984 100644
--- a/lib/ipmi_fru.c
+++ b/lib/ipmi_fru.c
@@ -615,7 +615,10 @@ int
read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
uint32_t offset, uint32_t length, uint8_t *frubuf)
{
- uint32_t off = offset, tmp, finish;
+ uint32_t off = offset;
+ uint32_t tmp;
+ uint32_t finish;
+ uint32_t size_left_in_buffer;
struct ipmi_rs * rsp;
struct ipmi_rq req;
uint8_t msg_data[4];
@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
finish = offset + length;
if (finish > fru->size) {
+ memset(frubuf + fru->size, 0, length - fru->size);
finish = fru->size;
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
"Adjusting to %d",
offset + length, finish - offset);
+ length = finish - offset;
}
memset(&req, 0, sizeof(req));
@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
}
}
+ size_left_in_buffer = length;
do {
tmp = fru->access ? off >> 1 : off;
msg_data[0] = id;
@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
}
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
+ if(rsp->data_len < 1
+ || tmp > rsp->data_len - 1
+ || tmp > size_left_in_buffer)
+ {
+ printf(" Not enough buffer size");
+ return -1;
+ }
+
memcpy(frubuf, rsp->data + 1, tmp);
off += tmp;
frubuf += tmp;
+ size_left_in_buffer -= tmp;
/* sometimes the size returned in the Info command
* is too large. return 0 so higher level function
* still attempts to parse what was returned */
@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
uint32_t offset, uint32_t length, uint8_t *frubuf)
{
static uint32_t fru_data_rqst_size = 20;
- uint32_t off = offset, tmp, finish;
+ uint32_t off = offset;
+ uint32_t tmp, finish;
+ uint32_t size_left_in_buffer;
struct ipmi_rs * rsp;
struct ipmi_rq req;
uint8_t msg_data[4];
@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
finish = offset + length;
if (finish > fru->size) {
+ memset(frubuf + fru->size, 0, length - fru->size);
finish = fru->size;
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
"Adjusting to %d",
offset + length, finish - offset);
+ length = finish - offset;
}
memset(&req, 0, sizeof(req));
@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
if (fru->access && fru_data_rqst_size > 16)
#endif
fru_data_rqst_size = 16;
+
+ size_left_in_buffer = length;
do {
tmp = fru->access ? off >> 1 : off;
msg_data[0] = id;
@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
}
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
+ if(rsp->data_len < 1
+ || tmp > rsp->data_len - 1
+ || tmp > size_left_in_buffer)
+ {
+ printf(" Not enough buffer size");
+ return -1;
+ }
memcpy((frubuf + off)-offset, rsp->data + 1, tmp);
off += tmp;
+ size_left_in_buffer -= tmp;
/* sometimes the size returned in the Info command
* is too large. return 0 so higher level function
@@ -3033,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, struct sdr_record_fru_locator * fru)
return 0;
memset(desc, 0, sizeof(desc));
- memcpy(desc, fru->id_string, fru->id_code & 0x01f);
+ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc)));
desc[fru->id_code & 0x01f] = 0;
printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id);
diff --git a/lib/ipmi_lanp.c b/lib/ipmi_lanp.c
index 65d881b..022c7f1 100644
--- a/lib/ipmi_lanp.c
+++ b/lib/ipmi_lanp.c
@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
/* set new ipaddr */
memcpy(data+3, temp, 4);
printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert,
@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
/* set new macaddr */
memcpy(data+7, temp, 6);
printf("Setting LAN Alert %d MAC Address to "
@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (strncasecmp(argv[1], "def", 3) == 0 ||
strncasecmp(argv[1], "default", 7) == 0) {
@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (strncasecmp(argv[1], "on", 2) == 0 ||
strncasecmp(argv[1], "yes", 3) == 0) {
@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (strncasecmp(argv[1], "pet", 3) == 0) {
printf("Setting LAN Alert %d destination to PET Trap\n", alert);
@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (str2uchar(argv[1], &data[2]) != 0) {
lprintf(LOG_ERR, "Invalid time: %s", argv[1]);
@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (str2uchar(argv[1], &data[3]) != 0) {
lprintf(LOG_ERR, "Invalid retry: %s", argv[1]);
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
index 0f6faab..9890132 100644
--- a/lib/ipmi_sdr.c
+++ b/lib/ipmi_sdr.c
@@ -2086,7 +2086,7 @@ ipmi_sdr_print_sensor_eventonly(struct ipmi_intf *intf,
return -1;
memset(desc, 0, sizeof (desc));
- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string);
+ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string);
if (verbose) {
printf("Sensor ID : %s (0x%x)\n",
@@ -2137,7 +2137,7 @@ ipmi_sdr_print_sensor_mc_locator(struct ipmi_intf *intf,
return -1;
memset(desc, 0, sizeof (desc));
- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string);
+ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string);
if (verbose == 0) {
if (csv_output)
@@ -2230,7 +2230,7 @@ ipmi_sdr_print_sensor_generic_locator(struct ipmi_intf *intf,
char desc[17];
memset(desc, 0, sizeof (desc));
- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string);
+ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string);
if (!verbose) {
if (csv_output)
@@ -2287,7 +2287,7 @@ ipmi_sdr_print_sensor_fru_locator(struct ipmi_intf *intf,
char desc[17];
memset(desc, 0, sizeof (desc));
- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string);
+ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string);
if (!verbose) {
if (csv_output)
@@ -2491,35 +2491,43 @@ ipmi_sdr_print_name_from_rawentry(struct ipmi_intf *intf, uint16_t id,
int rc =0;
char desc[17];
+ const char *id_string;
+ uint8_t id_code;
memset(desc, ' ', sizeof (desc));
switch ( type) {
case SDR_RECORD_TYPE_FULL_SENSOR:
record.full = (struct sdr_record_full_sensor *) raw;
- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s",
- (const char *)record.full->id_string);
+ id_code = record.full->id_code;
+ id_string = record.full->id_string;
break;
+
case SDR_RECORD_TYPE_COMPACT_SENSOR:
record.compact = (struct sdr_record_compact_sensor *) raw ;
- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s",
- (const char *)record.compact->id_string);
+ id_code = record.compact->id_code;
+ id_string = record.compact->id_string;
break;
+
case SDR_RECORD_TYPE_EVENTONLY_SENSOR:
record.eventonly = (struct sdr_record_eventonly_sensor *) raw ;
- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s",
- (const char *)record.eventonly->id_string);
- break;
+ id_code = record.eventonly->id_code;
+ id_string = record.eventonly->id_string;
+ break;
+
case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR:
record.mcloc = (struct sdr_record_mc_locator *) raw ;
- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s",
- (const char *)record.mcloc->id_string);
+ id_code = record.mcloc->id_code;
+ id_string = record.mcloc->id_string;
break;
+
default:
rc = -1;
- break;
- }
+ }
+ if (!rc) {
+ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string);
+ }
- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
+ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
return rc;
}
diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c
index 141f0f4..b9af1fd 100644
--- a/lib/ipmi_session.c
+++ b/lib/ipmi_session.c
@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
}
else
{
- memcpy(&session_info, rsp->data, rsp->data_len);
- print_session_info(&session_info, rsp->data_len);
+ memcpy(&session_info, rsp->data,
+ __min(rsp->data_len, sizeof(session_info)));
+ print_session_info(&session_info,
+ __min(rsp->data_len, sizeof(session_info)));
}
break;
@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
break;
}
- memcpy(&session_info, rsp->data, rsp->data_len);
- print_session_info(&session_info, rsp->data_len);
+ memcpy(&session_info, rsp->data,
+ __min(rsp->data_len, sizeof(session_info)));
+ print_session_info(&session_info,
+ __min(rsp->data_len, sizeof(session_info)));
} while (i <= session_info.session_slot_count);
break;
--
2.20.1

File diff suppressed because it is too large Load Diff

238898
enterprise-numbers Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,239 @@
diff --color -Nur ipmitool-IPMITOOL_1_8_19.orig/doc/ipmitool.1.in ipmitool-IPMITOOL_1_8_19/doc/ipmitool.1.in
--- ipmitool-IPMITOOL_1_8_19.orig/doc/ipmitool.1.in 2023-01-02 11:41:51.179962218 -0800
+++ ipmitool-IPMITOOL_1_8_19/doc/ipmitool.1.in 2023-01-02 11:43:56.396850762 -0800
@@ -384,6 +384,20 @@
Displays the list of cipher suites supported for the given
application (ipmi or sol) on the given channel.
+.TP
+\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>]
+.br
+
+Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string.
+Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes.
+I.e. following two examples are equivalent:
+
+.RS
+ipmitool channel setkg plain PASSWORD
+
+ipmitool channel setkg hex 50415353574F5244
+.RE
+
.RE
.RE
.TP
diff --color -Nur ipmitool-IPMITOOL_1_8_19.orig/include/ipmitool/helper.h ipmitool-IPMITOOL_1_8_19/include/ipmitool/helper.h
--- ipmitool-IPMITOOL_1_8_19.orig/include/ipmitool/helper.h 2022-09-01 11:42:31.000000000 -0700
+++ ipmitool-IPMITOOL_1_8_19/include/ipmitool/helper.h 2023-01-02 11:44:40.775811260 -0800
@@ -67,6 +67,8 @@
# define IPMI_UID_MAX 63
#endif
+#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */
+
struct ipmi_intf;
struct valstr {
diff --color -Nur ipmitool-IPMITOOL_1_8_19.orig/include/ipmitool/ipmi_channel.h ipmitool-IPMITOOL_1_8_19/include/ipmitool/ipmi_channel.h
--- ipmitool-IPMITOOL_1_8_19.orig/include/ipmitool/ipmi_channel.h 2022-09-01 11:42:31.000000000 -0700
+++ ipmitool-IPMITOOL_1_8_19/include/ipmitool/ipmi_channel.h 2023-01-02 11:46:39.321705721 -0800
@@ -49,6 +49,10 @@
#define IPMI_GET_USER_NAME 0x46
#define IPMI_SET_USER_PASSWORD 0x47
#define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54
+#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56
+
+#define IPMI_KG_KEY_ID 1
+#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1
/* These are for channel_info_t.session_support */
#define IPMI_CHANNEL_SESSION_LESS 0x00
@@ -208,6 +212,39 @@
struct channel_access_t channel_access,
uint8_t access_option,
uint8_t privilege_option);
+struct set_channel_security_keys_req {
+#if WORDS_BIGENDIAN
+ uint8_t __reserved1 :4;
+ uint8_t channel :4;
+
+ uint8_t __reserved2 :6;
+ uint8_t operation :2;
+
+ uint8_t key_id;
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
+#else
+ uint8_t channel :4;
+ uint8_t __reserved1 :4;
+
+ uint8_t operation :2;
+ uint8_t __reserved2 :6;
+
+ uint8_t key_id;
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
+#endif
+} __attribute__ ((packed));
+
+struct set_channel_security_keys_rsp {
+#if WORDS_BIGENDIAN
+ uint8_t __reserved1 :6;
+ uint8_t lock_status :2;
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */
+#else
+ uint8_t lock_status :2;
+ uint8_t __reserved1 :6;
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */
+#endif
+} __attribute__ ((packed));
uint8_t ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel);
void ipmi_current_channel_info(struct ipmi_intf *intf,
diff --color -Nur ipmitool-IPMITOOL_1_8_19.orig/include/ipmitool/ipmi_intf.h ipmitool-IPMITOOL_1_8_19/include/ipmitool/ipmi_intf.h
--- ipmitool-IPMITOOL_1_8_19.orig/include/ipmitool/ipmi_intf.h 2022-09-01 11:42:31.000000000 -0700
+++ ipmitool-IPMITOOL_1_8_19/include/ipmitool/ipmi_intf.h 2023-01-02 11:47:15.995673068 -0800
@@ -59,7 +59,6 @@
#define IPMI_AUTHCODE_BUFFER_SIZE 20
#define IPMI_SIK_BUFFER_SIZE IPMI_MAX_MD_SIZE
-#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */
enum cipher_suite_ids {
IPMI_LANPLUS_CIPHER_SUITE_0 = 0,
diff --color -Nur ipmitool-IPMITOOL_1_8_19.orig/lib/ipmi_channel.c ipmitool-IPMITOOL_1_8_19/lib/ipmi_channel.c
--- ipmitool-IPMITOOL_1_8_19.orig/lib/ipmi_channel.c 2022-09-01 11:42:31.000000000 -0700
+++ ipmitool-IPMITOOL_1_8_19/lib/ipmi_channel.c 2023-01-02 11:51:08.420466223 -0800
@@ -901,6 +901,92 @@
return 0;
}
+int
+ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel, const char *method, const char *key)
+{
+ uint8_t kgkey[IPMI_KG_BUFFER_SIZE];
+ struct ipmi_rs *rsp;
+ struct ipmi_rq req;
+ struct set_channel_security_keys_req req_data;
+ int rc = -1;
+
+ /* convert provided key to array of bytes */
+ if (strcmp(method, "hex") == 0) {
+ if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) {
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE-1));
+ printf_channel_usage();
+ return -1;
+ }
+
+ rc = ipmi_parse_hex(key, kgkey, sizeof(kgkey)-1);
+ if (rc == -1) {
+ lprintf(LOG_ERR, "Number of Kg key characters is not even");
+ return rc;
+ } else if (rc == -3) {
+ lprintf(LOG_ERR, "Kg key is not hexadecimal number");
+ return rc;
+ } else if (rc > (IPMI_KG_BUFFER_SIZE-1)) {
+ lprintf(LOG_ERR, "Kg key is too long");
+ return rc;
+ }
+
+ } else if (strcmp(method, "plain") == 0) {
+ if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) {
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE -1));
+ printf_channel_usage();
+ return rc;
+ }
+
+ strncpy(kgkey, key, IPMI_KG_BUFFER_SIZE-1);
+ } else {
+ printf_channel_usage();
+ return rc;
+ }
+
+ /* assemble and send request to set kg key */
+ memset(&req_data, 0, sizeof(req_data));
+ req_data.channel = channel;
+ req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET;
+ req_data.key_id = IPMI_KG_KEY_ID;
+ memcpy(req_data.key_value, kgkey, IPMI_KG_BUFFER_SIZE-1);
+
+ memset(&req, 0, sizeof(req));
+ req.msg.netfn = IPMI_NETFN_APP;
+ req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS;
+ req.msg.data = (uint8_t*) &req_data;
+ req.msg.data_len = sizeof(req_data);
+
+ rsp = intf->sendrecv(intf, &req);
+ if (rsp == NULL) {
+ lprintf(LOG_ERR, "Set Channel Security Keys command failed");
+ return rc;
+ }
+ if (rsp->ccode > 0) {
+ const char *error = NULL;
+ switch (rsp->ccode) {
+ case 0x80:
+ error = "Key is locked";
+ break;
+ case 0x81:
+ error = "Insufficient key bytes";
+ break;
+ case 0x82:
+ error = "Too many key bytes";
+ break;
+ case 0x83:
+ error = "Key value does not meet criteria for K_g key";
+ break;
+ default:
+ error = val2str(rsp->ccode, completion_code_vals);
+ }
+ lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error);
+ return rc;
+ }
+
+ lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded");
+ return 0;
+}
+
int
ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
{
@@ -970,6 +1056,19 @@
retval = ipmi_print_channel_cipher_suites(intf,
argv[1], /* ipmi | sol */
channel);
+ } else if (strncmp(argv[0], "setkg", 5) == 0) {
+ if (argc < 3 || argc > 4)
+ printf_channel_usage();
+ else {
+ uint8_t ch = 0xe;
+ char *method = argv[1];
+ char *key = argv[2];
+ if (argc == 4) {
+ ch = (uint8_t)strtol(argv[3], NULL, 0);
+ }
+
+ retval = ipmi_set_channel_security_keys(intf, ch, method, key);
+ }
} else {
lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]);
printf_channel_usage();
@@ -996,6 +1095,10 @@
lprintf(LOG_NOTICE,
"");
lprintf(LOG_NOTICE,
+" setkg hex|plain <key> [channel]");
+ lprintf(LOG_NOTICE,
+"");
+ lprintf(LOG_NOTICE,
"Possible privilege levels are:");
lprintf(LOG_NOTICE,
" 1 Callback level");
diff --color -Nur ipmitool-IPMITOOL_1_8_19.orig/src/plugins/ipmi_intf.c ipmitool-IPMITOOL_1_8_19/src/plugins/ipmi_intf.c
--- ipmitool-IPMITOOL_1_8_19.orig/src/plugins/ipmi_intf.c 2022-09-01 11:42:31.000000000 -0700
+++ ipmitool-IPMITOOL_1_8_19/src/plugins/ipmi_intf.c 2023-01-02 11:51:45.295433433 -0800
@@ -52,6 +52,7 @@
#include <ipmitool/ipmi.h>
#include <ipmitool/ipmi_sdr.h>
#include <ipmitool/log.h>
+#include <ipmitool/helper.h>
#define IPMI_DEFAULT_PAYLOAD_SIZE 25

View File

@ -1,10 +1,10 @@
%global gitname IPMITOOL
%global gitversion 1_8_18
%global gitversion 1_8_19
Name: ipmitool
Summary: Utility for IPMI control
Version: 1.8.18
Release: 26%{?dist}
Version: 1.8.19
Release: 1%{?dist}
License: BSD
URL: http://ipmitool.sourceforge.net/
Source0: https://github.com/%{name}/%{name}/archive/%{gitname}_%{gitversion}/%{name}-%{version}.tar.gz
@ -14,20 +14,14 @@ Source3: exchange-bmc-os-info.service
Source4: exchange-bmc-os-info.sysconf
Source5: set-bmc-url.sh
Source6: exchange-bmc-os-info
# https://www.iana.org/assignments/enterprise-numbers.txt
Source7: enterprise-numbers
Patch1: 0001-CVE-2011-4339-OpenIPMI.patch
# WARNING: THIS PATCH MUST BE USED FOR RAWHIDE (f26+) BRANCH
Patch2: 0002-openssl.patch
Patch3: 0003-ipmitool-1.8.11-set-kg-key.patch
# https://github.com/ipmitool/ipmitool/issues/170
Patch3: ipmitool-1.8.19-set-kg-key.patch
Patch4: 0004-slowswid.patch
Patch5: 0005-sensor-id-length.patch
Patch6: 0006-enable-usb.patch
Patch7: 0007-check-input.patch
Patch8: 0008-add-extern.patch
Patch9: 0009-best-cipher.patch
Patch10: 0010-pef-missing-newline.patch
Patch11: 0011-expand-sensor-name-column.patch
Patch12: 0012-CVE-2020-5208.patch
BuildRequires: openssl-devel readline-devel ncurses-devel
%{?systemd_requires}
@ -115,7 +109,8 @@ autoconf
automake --foreign
# end: release auto-tools
%configure --disable-dependency-tracking --enable-file-security --disable-intf-free
install -Dm 644 %{SOURCE7} .
%configure --disable-dependency-tracking --enable-file-security --disable-intf-free --enable-intf-usb
make %{?_smp_mflags}
%install
@ -167,6 +162,7 @@ install -Dm 755 contrib/bmc-snmp-proxy %{buildroot}%{_libexecdir}/bmc-sn
%{_mandir}/man1/ipmitool.1*
%doc %{_datadir}/doc/ipmitool
%{_datadir}/ipmitool
%{_datadir}/misc/enterprise-numbers
%files -n ipmievd
%config(noreplace) %{_sysconfdir}/sysconfig/ipmievd
@ -186,6 +182,9 @@ install -Dm 755 contrib/bmc-snmp-proxy %{buildroot}%{_libexecdir}/bmc-sn
%{_libexecdir}/bmc-snmp-proxy
%changelog
* Sun Sep 04 2022 Kevin Fenzi <kevin@scrye.com> - 1.8.19-1
- Update to 1.8.19. Fixes rhbz#2123819
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

View File

@ -1,5 +1 @@
SHA512 (exchange-bmc-os-info) = 77aad6f132b0ab56dcf8f8a5d1efbba9196c2fbb5771e5106833455a071a5dc79109d945a7adc0022f9604cbfd4a01ea1ea54ce15a2409c85f5effbf6cfc4f09
SHA512 (exchange-bmc-os-info.service) = 4349e7be9879c55c64e6233f749db7d656a12b421ad53a41d612e8c891abbe108d0fabe57d5753b5c1367da4f34e2e3bb579ea4ba8bc39b81ec64b66d5f65f79
SHA512 (exchange-bmc-os-info.sysconf) = 475f5645eb6a7038efe5568950235fa43a081f26490b7e17de2279e022950144f197e1a545177447ce1ec345862e7fb8fb802eaa3728bc9e32868e34c081263a
SHA512 (set-bmc-url.sh) = 99bceee522b23e0c4bc55f9e4bdc08ece9ecbf8a50511fa8f8b90ecc94d8f9715e74bb15a5f1e7c2162e7ac2e1933aff0c78b464e1010f21c784d84c0b1bfe2a
SHA512 (ipmitool-1.8.18.tar.gz) = 2f2b9c4ce76eb2afdac168edbd41241352c2d4d18286494ffb57dcf750f18448d144543faa8a5494f077c78a4f5ae730624d3798ba6e621249c42fd868d86406
SHA512 (ipmitool-1.8.19.tar.gz) = 2d91706e9feba4b2ce4808eca087b81b842c4292a5840830001919c06ec8babd8f8761b74bb9dcf8fbc7765f028a5b1a192a3c1b643f2adaa157fed6fb0d1ee3