From a3e03636fca4ea13c5c9924a04fbcb0b8389d384 Mon Sep 17 00:00:00 2001 From: Packit Service Date: Dec 09 2020 17:22:37 +0000 Subject: Prepare for a new update Reverting patches so we can apply the latest update and changes can be seen in the spec file and sources. --- diff --git a/configure.ac b/configure.ac index 5509756..f2fe1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -63,7 +63,7 @@ xenable_intf_imb=yes xenable_intf_lipmi=yes xenable_intf_open=yes #xenable_intf_serial=yes -xenable_intf_usb=yes +xenable_intf_usb=no xenable_ipmishell=yes dnl set some things so we build with GNU tools on Solaris @@ -209,7 +209,7 @@ fi dnl enable IPMI USB interface AC_ARG_ENABLE([intf-usb], [AC_HELP_STRING([--enable-intf-usb], - [enable IPMI USB interface [default=yes]])], + [enable IPMI USB interface [default=auto]])], [xenable_intf_usb=$enableval], [xenable_intf_usb=$xenable_intf_usb]) if test "x$xenable_intf_usb" = "xstatic" || test "x$xenable_intf_usb" = "xplugin"; then diff --git a/doc/ipmitool.1 b/doc/ipmitool.1 index 796ec83..2e39fad 100644 --- a/doc/ipmitool.1 +++ b/doc/ipmitool.1 @@ -372,20 +372,6 @@ Configure user access information on the given channel for the given userid. Displays the list of cipher suites supported for the given application (ipmi or sol) on the given channel. -.TP -\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>] -.br - -Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string. -Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes. -I.e. following two examples are equivalent: - -.RS -ipmitool channel setkg plain PASSWORD - -ipmitool channel setkg hex 50415353574F5244 -.RE - .RE .RE .TP @@ -3170,14 +3156,13 @@ SOL configuration data for the currently used channel. Enable, disable or show status of SOL payload for the user on the specified channel. .TP -\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>] [\fBnoguard\fR] +\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>] .br Configure parameters for Serial Over Lan. If no channel is given, it will display SOL configuration data for the currently used channel. Configuration parameter updates are automatically guarded -with the updates to the set\-in\-progress parameter, unless \fInoguard\fR -parameter is present. +with the updates to the set\-in\-progress parameter. .RS .TP Valid parameters and values are: diff --git a/include/ipmitool/Makefile.am b/include/ipmitool/Makefile.am index 8bc584a..9093a56 100644 --- a/include/ipmitool/Makefile.am +++ b/include/ipmitool/Makefile.am @@ -39,4 +39,4 @@ noinst_HEADERS = log.h bswap.h hpm2.h helper.h ipmi.h ipmi_cc.h ipmi_intf.h \ ipmi_fwum.h ipmi_main.h ipmi_tsol.h ipmi_firewall.h \ ipmi_kontronoem.h ipmi_ekanalyzer.h ipmi_gendev.h ipmi_ime.h \ ipmi_delloem.h ipmi_dcmi.h ipmi_vita.h ipmi_sel_supermicro.h \ - ipmi_cfgp.h ipmi_lanp6.h ipmi_quantaoem.h + ipmi_cfgp.h ipmi_lanp6.h diff --git a/include/ipmitool/helper.h b/include/ipmitool/helper.h index 6a2e5f4..bfaf284 100644 --- a/include/ipmitool/helper.h +++ b/include/ipmitool/helper.h @@ -38,8 +38,6 @@ #include #include -#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0])) - #ifndef TRUE #define TRUE 1 #endif @@ -60,8 +58,6 @@ # define IPMI_UID_MAX 63 #endif -#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */ - struct ipmi_intf; struct valstr { @@ -113,62 +109,6 @@ FILE * ipmi_open_file(const char * file, int rw); void ipmi_start_daemon(struct ipmi_intf *intf); uint16_t ipmi_get_oem_id(struct ipmi_intf *intf); -#define IS_SET(v, b) ((v) & (1 << (b))) - -/* le16toh(), hto16le(), et. al. don't exist for Windows or Apple */ -/* For portability, let's simply define our own versions here */ - -/* IPMI is always little-endian */ -static inline uint16_t ipmi16toh(void *ipmi16) -{ - uint8_t *ipmi = (uint8_t *)ipmi16; - uint16_t h; - - h = ipmi[1] << 8; /* MSB */ - h |= ipmi[0]; /* LSB */ - - return h; -} - -static inline void htoipmi16(uint16_t h, uint8_t *ipmi) -{ - ipmi[0] = h & 0xFF; /* LSB */ - ipmi[1] = h >> 8; /* MSB */ -} - -static inline uint32_t ipmi24toh(void *ipmi24) -{ - uint8_t *ipmi = (uint8_t *)ipmi24; - uint32_t h = 0; - - h = ipmi[2] << 16; /* MSB */ - h |= ipmi[1] << 8; - h |= ipmi[0]; /* LSB */ - - return h; -} - -static inline uint32_t ipmi32toh(void *ipmi32) -{ - uint8_t *ipmi = ipmi32; - uint32_t h; - - h = ipmi[3] << 24; /* MSB */ - h |= ipmi[2] << 16; - h |= ipmi[1] << 8; - h |= ipmi[0]; /* LSB */ - - return h; -} - -static inline void htoipmi32(uint32_t h, uint8_t *ipmi) -{ - ipmi[0] = h & 0xFF; /* LSB */ - ipmi[1] = (h >> 8) & 0xFF; - ipmi[2] = (h >> 16) & 0xFF; - ipmi[3] = (h >> 24) & 0xFF; /* MSB */ -} - #define ipmi_open_file_read(file) ipmi_open_file(file, 0) #define ipmi_open_file_write(file) ipmi_open_file(file, 1) diff --git a/include/ipmitool/ipmi_channel.h b/include/ipmitool/ipmi_channel.h index 324c0bb..b138c26 100644 --- a/include/ipmitool/ipmi_channel.h +++ b/include/ipmitool/ipmi_channel.h @@ -37,7 +37,6 @@ # include #endif #include -#include #define IPMI_GET_CHANNEL_AUTH_CAP 0x38 @@ -50,10 +49,6 @@ #define IPMI_GET_USER_NAME 0x46 #define IPMI_SET_USER_PASSWORD 0x47 #define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54 -#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56 - -#define IPMI_KG_KEY_ID 1 -#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1 /* These are for channel_info_t.session_support */ #define IPMI_CHANNEL_SESSION_LESS 0x00 @@ -83,50 +78,6 @@ struct channel_access_t { }; /* - * The Cipher Suite Record Format from table 22-18 of the IPMI v2.0 spec - */ -enum cipher_suite_format_tag { - STANDARD_CIPHER_SUITE = 0xc0, - OEM_CIPHER_SUITE = 0xc1, -}; -#ifdef HAVE_PRAGMA_PACK -#pragma pack(1) -#endif -struct std_cipher_suite_record_t { - uint8_t start_of_record; - uint8_t cipher_suite_id; - uint8_t auth_alg; - uint8_t integrity_alg; - uint8_t crypt_alg; -} ATTRIBUTE_PACKING; -struct oem_cipher_suite_record_t { - uint8_t start_of_record; - uint8_t cipher_suite_id; - uint8_t iana[3]; - uint8_t auth_alg; - uint8_t integrity_alg; - uint8_t crypt_alg; -} ATTRIBUTE_PACKING; -#ifdef HAVE_PRAGMA_PACK -#pragma pack(0) -#endif -#define CIPHER_ALG_MASK 0x3f -#define MAX_CIPHER_SUITE_RECORD_OFFSET 0x40 -#define MAX_CIPHER_SUITE_DATA_LEN 0x10 -#define LIST_ALGORITHMS_BY_CIPHER_SUITE 0x80 - -/* Below is the theoretical maximum number of cipher suites that could be - * reported by a BMC. That is with the Get Channel Cipher Suites Command, at 16 - * bytes at a time and 0x40 requests, it can report 1024 bytes, which is about - * 204 standard records or 128 OEM records. Really, we probably don't need more - * than about 20, which is the full set of standard records plus a few OEM - * records. - */ -#define MAX_CIPHER_SUITE_COUNT (MAX_CIPHER_SUITE_RECORD_OFFSET * \ - MAX_CIPHER_SUITE_DATA_LEN / \ - sizeof(struct std_cipher_suite_record_t)) - -/* * The Get Authentication Capabilities response structure * From table 22-15 of the IPMI v2.0 spec */ @@ -180,48 +131,12 @@ struct get_channel_auth_cap_rsp { int _ipmi_get_channel_access(struct ipmi_intf *intf, struct channel_access_t *channel_access, uint8_t get_volatile_settings); -int ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, - uint8_t channel, struct cipher_suite_info *suites, size_t *count); int _ipmi_get_channel_info(struct ipmi_intf *intf, struct channel_info_t *channel_info); int _ipmi_set_channel_access(struct ipmi_intf *intf, struct channel_access_t channel_access, uint8_t access_option, uint8_t privilege_option); -struct set_channel_security_keys_req { -#if WORDS_BIGENDIAN - uint8_t __reserved1 :4; - uint8_t channel :4; - - uint8_t __reserved2 :6; - uint8_t operation :2; - - uint8_t key_id; - unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */ -#else - uint8_t channel :4; - uint8_t __reserved1 :4; - - uint8_t operation :2; - uint8_t __reserved2 :6; - - uint8_t key_id; - unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */ -#endif -} __attribute__ ((packed)); - -struct set_channel_security_keys_rsp { -#if WORDS_BIGENDIAN - uint8_t __reserved1 :6; - uint8_t lock_status :2; - unsigned char key_value; /* just the first character, use &key_value to explore the rest */ -#else - uint8_t lock_status :2; - uint8_t __reserved1 :6; - unsigned char key_value; /* just the first character, use &key_value to explore the rest */ -#endif -} __attribute__ ((packed)); - uint8_t ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel); uint8_t ipmi_current_channel_medium(struct ipmi_intf * intf); int ipmi_channel_main(struct ipmi_intf * intf, int argc, char ** argv); diff --git a/include/ipmitool/ipmi_intf.h b/include/ipmitool/ipmi_intf.h index 7a07d66..982f645 100644 --- a/include/ipmitool/ipmi_intf.h +++ b/include/ipmitool/ipmi_intf.h @@ -60,38 +60,7 @@ enum LANPLUS_SESSION_STATE { #define IPMI_AUTHCODE_BUFFER_SIZE 20 #define IPMI_SIK_BUFFER_SIZE IPMI_MAX_MD_SIZE - -enum cipher_suite_ids { - IPMI_LANPLUS_CIPHER_SUITE_0 = 0, - IPMI_LANPLUS_CIPHER_SUITE_1 = 1, - IPMI_LANPLUS_CIPHER_SUITE_2 = 2, - IPMI_LANPLUS_CIPHER_SUITE_3 = 3, - IPMI_LANPLUS_CIPHER_SUITE_4 = 4, - IPMI_LANPLUS_CIPHER_SUITE_5 = 5, - IPMI_LANPLUS_CIPHER_SUITE_6 = 6, - IPMI_LANPLUS_CIPHER_SUITE_7 = 7, - IPMI_LANPLUS_CIPHER_SUITE_8 = 8, - IPMI_LANPLUS_CIPHER_SUITE_9 = 9, - IPMI_LANPLUS_CIPHER_SUITE_10 = 10, - IPMI_LANPLUS_CIPHER_SUITE_11 = 11, - IPMI_LANPLUS_CIPHER_SUITE_12 = 12, - IPMI_LANPLUS_CIPHER_SUITE_13 = 13, - IPMI_LANPLUS_CIPHER_SUITE_14 = 14, -#ifdef HAVE_CRYPTO_SHA256 - IPMI_LANPLUS_CIPHER_SUITE_15 = 15, - IPMI_LANPLUS_CIPHER_SUITE_16 = 16, - IPMI_LANPLUS_CIPHER_SUITE_17 = 17, -#endif /* HAVE_CRYPTO_SHA256 */ - IPMI_LANPLUS_CIPHER_SUITE_RESERVED = 0xff, -}; - -struct cipher_suite_info { - enum cipher_suite_ids cipher_suite_id; - uint8_t auth_alg; - uint8_t integrity_alg; - uint8_t crypt_alg; - uint32_t iana; -}; +#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */ struct ipmi_session_params { char * hostname; @@ -99,7 +68,7 @@ struct ipmi_session_params { uint8_t authcode_set[IPMI_AUTHCODE_BUFFER_SIZE + 1]; uint8_t authtype_set; uint8_t privlvl; - enum cipher_suite_ids cipher_suite_id; + uint8_t cipher_suite_id; char sol_escape_char; int password; int port; @@ -249,10 +218,7 @@ void ipmi_intf_session_set_username(struct ipmi_intf * intf, char * username); void ipmi_intf_session_set_password(struct ipmi_intf * intf, char * password); void ipmi_intf_session_set_privlvl(struct ipmi_intf * intf, uint8_t privlvl); void ipmi_intf_session_set_lookupbit(struct ipmi_intf * intf, uint8_t lookupbit); -#ifdef IPMI_INTF_LANPLUS -void ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, - enum cipher_suite_ids cipher_suite_id); -#endif /* IPMI_INTF_LANPLUS */ +void ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, uint8_t cipher_suite_id); void ipmi_intf_session_set_sol_escape_char(struct ipmi_intf * intf, char sol_escape_char); void ipmi_intf_session_set_kgkey(struct ipmi_intf *intf, const uint8_t *kgkey); void ipmi_intf_session_set_port(struct ipmi_intf * intf, int port); diff --git a/include/ipmitool/ipmi_quantaoem.h b/include/ipmitool/ipmi_quantaoem.h deleted file mode 100644 index 544f510..0000000 --- a/include/ipmitool/ipmi_quantaoem.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2018 Quanta Computer Inc. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistribution of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistribution in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * Neither the name of Quanta Computer Inc. or the names of - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * This software is provided "AS IS," without a warranty of any kind. - * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, - * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A - * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. - * Quanta Computer Inc. AND ITS LICENSORS SHALL NOT BE LIABLE - * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING - * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL - * Quanta Computer Inc. OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, - * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR - * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF - * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, - * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -#ifndef IPMI_QUANTAOEM_H -#define IPMI_QUANTAOEM_H - -#if HAVE_CONFIG_H -# include -#endif -#include -#include - -#define OEM_QCT_NETFN 0x36 -#define OEM_QCT_GET_INFO 0x65 - -typedef enum -{ - OEM_QCT_PLATFORM_UNKNOWN = 0, - OEM_QCT_PLATFORM_GRANTLEY, - OEM_QCT_PLATFORM_PURLEY -} qct_platform_t; - -qct_platform_t oem_qct_get_platform_id(struct ipmi_intf *intf); -char *oem_qct_get_evt_desc(struct ipmi_intf *intf, struct sel_event_record *rec); - -#endif /*IPMI_QUANTAOEM_H*/ diff --git a/include/ipmitool/ipmi_sdr.h b/include/ipmitool/ipmi_sdr.h index 0dd8ec7..41bb533 100644 --- a/include/ipmitool/ipmi_sdr.h +++ b/include/ipmitool/ipmi_sdr.h @@ -819,7 +819,7 @@ static const char *sensor_type_desc[] __attribute__ ((unused)) = { "Version Change", "FRU State" }; struct sensor_reading { - char s_id[33]; /* name of the sensor */ + char s_id[17]; /* name of the sensor */ struct sdr_record_full_sensor *full; struct sdr_record_compact_sensor *compact; uint8_t s_reading_valid; /* read value valididity */ diff --git a/lib/Makefile.am b/lib/Makefile.am index e7568f3..cc69a8f 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -41,7 +41,7 @@ libipmitool_la_SOURCES = helper.c ipmi_sdr.c ipmi_sel.c ipmi_sol.c ipmi_pef.c \ ipmi_main.c ipmi_tsol.c ipmi_firewall.c ipmi_kontronoem.c \ ipmi_hpmfwupg.c ipmi_sdradd.c ipmi_ekanalyzer.c ipmi_gendev.c \ ipmi_ime.c ipmi_delloem.c ipmi_dcmi.c hpm2.c ipmi_vita.c \ - ipmi_lanp6.c ipmi_cfgp.c ipmi_quantaoem.c \ + ipmi_lanp6.c ipmi_cfgp.c \ ../src/plugins/lan/md5.c ../src/plugins/lan/md5.h libipmitool_la_LDFLAGS = -export-dynamic diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c index ebcc94c..41e30db 100644 --- a/lib/dimm_spd.c +++ b/lib/dimm_spd.c @@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) struct ipmi_rq req; struct fru_info fru; uint8_t *spd_data, msg_data[4]; - uint32_t len, offset; + int len, offset; msg_data[0] = id; @@ -1697,15 +1697,6 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) } len = rsp->data[0]; - if(rsp->data_len < 1 - || len > rsp->data_len - 1 - || len > fru.size - offset) - { - printf(" Not enough buffer size"); - free(spd_data); - spd_data = NULL; - return -1; - } memcpy(&spd_data[offset], rsp->data + 1, len); offset += len; } while (offset < fru.size); diff --git a/lib/helper.c b/lib/helper.c index c3a1c80..de91438 100644 --- a/lib/helper.c +++ b/lib/helper.c @@ -829,6 +829,7 @@ ipmi_start_daemon(struct ipmi_intf *intf) #endif chdir("/"); + umask(0); for (fd=0; fd<64; fd++) { if (fd != intf->fd) diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c index 80ba522..fab2e54 100644 --- a/lib/ipmi_channel.c +++ b/lib/ipmi_channel.c @@ -342,119 +342,86 @@ ipmi_get_channel_auth_cap(struct ipmi_intf *intf, uint8_t channel, uint8_t priv) return 0; } -static size_t -parse_channel_cipher_suite_data(uint8_t *cipher_suite_data, size_t data_len, - struct cipher_suite_info* suites, size_t nr_suites) -{ - size_t count = 0; - size_t offset = 0; - uint32_t iana; - uint8_t auth_alg, integrity_alg, crypt_alg; - uint8_t cipher_suite_id; - - memset(suites, 0, sizeof(*suites) * nr_suites); - - while (offset < data_len && count < nr_suites) { - auth_alg = IPMI_AUTH_RAKP_NONE; - integrity_alg = IPMI_INTEGRITY_NONE; - crypt_alg = IPMI_CRYPT_NONE; - if (cipher_suite_data[offset] == STANDARD_CIPHER_SUITE) { - struct std_cipher_suite_record_t *record = - (struct std_cipher_suite_record_t*)(&cipher_suite_data[offset]); - /* standard type */ - iana = 0; - - /* Verify that we have at least a full record left; id + 3 algs */ - if ((data_len - offset) < sizeof(*record)) { - lprintf(LOG_INFO, "Incomplete data record in cipher suite data"); - break; - } - cipher_suite_id = record->cipher_suite_id; - auth_alg = CIPHER_ALG_MASK & record->auth_alg; - integrity_alg = CIPHER_ALG_MASK & record->integrity_alg; - crypt_alg = CIPHER_ALG_MASK & record->crypt_alg; - offset += sizeof(*record); - } else if (cipher_suite_data[offset] == OEM_CIPHER_SUITE) { - /* OEM record type */ - struct oem_cipher_suite_record_t *record = - (struct oem_cipher_suite_record_t*)(&cipher_suite_data[offset]); - /* Verify that we have at least a full record left - * id + iana + 3 algs - */ - if ((data_len - offset) < sizeof(*record)) { - lprintf(LOG_INFO, "Incomplete data record in cipher suite data"); - break; - } - - cipher_suite_id = record->cipher_suite_id; - - /* Grab the IANA */ - iana = ipmi24toh(record->iana); - auth_alg = CIPHER_ALG_MASK & record->auth_alg; - integrity_alg = CIPHER_ALG_MASK & record->integrity_alg; - crypt_alg = CIPHER_ALG_MASK & record->crypt_alg; - offset += sizeof(*record); - } else { - lprintf(LOG_INFO, "Bad start of record byte in cipher suite data (offset %d, value %x)", offset, cipher_suite_data[offset]); - break; - } - suites[count].cipher_suite_id = cipher_suite_id; - suites[count].iana = iana; - suites[count].auth_alg = auth_alg; - suites[count].integrity_alg = integrity_alg; - suites[count].crypt_alg = crypt_alg; - count++; - } - return count; -} - -int +static int ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, - uint8_t channel, struct cipher_suite_info *suites, size_t *count) + uint8_t channel) { struct ipmi_rs *rsp; struct ipmi_rq req; uint8_t rqdata[3]; + uint32_t iana; + uint8_t auth_alg, integrity_alg, crypt_alg; + uint8_t cipher_suite_id; uint8_t list_index = 0; /* 0x40 sets * 16 bytes per set */ - uint8_t cipher_suite_data[MAX_CIPHER_SUITE_RECORD_OFFSET * - MAX_CIPHER_SUITE_DATA_LEN]; - size_t offset = 0; - size_t nr_suites = 0; - - if (!suites || !count || !*count) - return -1; + uint8_t cipher_suite_data[1024]; + uint16_t offset = 0; + /* how much was returned, total */ + uint16_t cipher_suite_data_length = 0; - nr_suites = *count; - *count = 0; memset(cipher_suite_data, 0, sizeof(cipher_suite_data)); - + memset(&req, 0, sizeof(req)); req.msg.netfn = IPMI_NETFN_APP; req.msg.cmd = IPMI_GET_CHANNEL_CIPHER_SUITES; req.msg.data = rqdata; - req.msg.data_len = sizeof(rqdata); + req.msg.data_len = 3; rqdata[0] = channel; rqdata[1] = ((strncmp(payload_type, "ipmi", 4) == 0)? 0: 1); + /* Always ask for cipher suite format */ + rqdata[2] = 0x80; + + rsp = intf->sendrecv(intf, &req); + if (rsp == NULL) { + lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); + return -1; + } + if (rsp->ccode > 0) { + lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", + val2str(rsp->ccode, completion_code_vals)); + return -1; + } + + + /* + * Grab the returned channel number once. We assume it's the same + * in future calls. + */ + if (rsp->data_len >= 1) { + channel = rsp->data[0]; + } + + while ((rsp->data_len > 1) && (rsp->data_len == 17) && (list_index < 0x3F)) { + /* + * We got back cipher suite data -- store it. + * printf("copying data to offset %d\n", offset); + * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data"); + */ + memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1); + offset += rsp->data_len - 1; + + /* + * Increment our list for the next call + */ + ++list_index; + rqdata[2] = (rqdata[2] & 0x80) + list_index; - do { - /* Always ask for cipher suite format */ - rqdata[2] = LIST_ALGORITHMS_BY_CIPHER_SUITE | list_index; rsp = intf->sendrecv(intf, &req); if (rsp == NULL) { lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); return -1; } - if (rsp->ccode - || rsp->data_len < 1 - || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN) - { + if (rsp->ccode > 0) { lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", val2str(rsp->ccode, completion_code_vals)); return -1; } + } + + /* Copy last chunk */ + if(rsp->data_len > 1) { /* * We got back cipher suite data -- store it. * printf("copying data to offset %d\n", offset); @@ -462,46 +429,88 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, */ memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1); offset += rsp->data_len - 1; + } - /* - * Increment our list for the next call - */ - ++list_index; - } while ((rsp->data_len == (sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)) && - (list_index < MAX_CIPHER_SUITE_RECORD_OFFSET)); + /* We can chomp on all our data now. */ + cipher_suite_data_length = offset; + offset = 0; - *count = parse_channel_cipher_suite_data(cipher_suite_data, offset, suites, - nr_suites); - return 0; -} + if (! csv_output) { + printf("ID IANA Auth Alg Integrity Alg Confidentiality Alg\n"); + } + while (offset < cipher_suite_data_length) { + if (cipher_suite_data[offset++] == 0xC0) { + /* standard type */ + iana = 0; -static int -ipmi_print_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, - uint8_t channel) -{ - int rc; - size_t i = 0; - struct cipher_suite_info suites[MAX_CIPHER_SUITE_COUNT]; - size_t nr_suites = sizeof(*suites); + /* Verify that we have at least a full record left; id + 3 algs */ + if ((cipher_suite_data_length - offset) < 4) { + lprintf(LOG_ERR, "Incomplete data record in cipher suite data"); + return -1; + } + cipher_suite_id = cipher_suite_data[offset++]; + } else if (cipher_suite_data[offset++] == 0xC1) { + /* OEM record type */ + /* Verify that we have at least a full record left + * id + iana + 3 algs + */ + if ((cipher_suite_data_length - offset) < 4) { + lprintf(LOG_ERR, "Incomplete data record in cipher suite data"); + return -1; + } - rc = ipmi_get_channel_cipher_suites(intf, payload_type, channel, - suites, &nr_suites); + cipher_suite_id = cipher_suite_data[offset++]; - if (rc < 0) - return rc; + /* Grab the IANA */ + iana = + cipher_suite_data[offset] | + (cipher_suite_data[offset + 1] << 8) | + (cipher_suite_data[offset + 2] << 16); + offset += 3; + } else { + lprintf(LOG_ERR, "Bad start of record byte in cipher suite data"); + return -1; + } - if (! csv_output) { - printf("ID IANA Auth Alg Integrity Alg Confidentiality Alg\n"); - } - for (i = 0; i < nr_suites; i++) { + /* + * Grab the algorithms for this cipher suite. I guess we can't be + * sure of what order they'll come in. Also, I suppose we default + * to the NONE algorithm if one were absent. This part of the spec is + * poorly written -- I have read the errata document. For now, I'm only + * allowing one algorithm per type (auth, integrity, crypt) because I + * don't I understand how it could be otherwise. + */ + auth_alg = IPMI_AUTH_RAKP_NONE; + integrity_alg = IPMI_INTEGRITY_NONE; + crypt_alg = IPMI_CRYPT_NONE; + + while (((cipher_suite_data[offset] & 0xC0) != 0xC0) && + ((cipher_suite_data_length - offset) > 0)) + { + switch (cipher_suite_data[offset] & 0xC0) + { + case 0x00: + /* Authentication algorithm specifier */ + auth_alg = cipher_suite_data[offset++] & 0x3F; + break; + case 0x40: + /* Interity algorithm specifier */ + integrity_alg = cipher_suite_data[offset++] & 0x3F; + break; + case 0x80: + /* Confidentiality algorithm specifier */ + crypt_alg = cipher_suite_data[offset++] & 0x3F; + break; + } + } /* We have everything we need to spit out a cipher suite record */ printf((csv_output? "%d,%s,%s,%s,%s\n" : "%-4d %-7s %-15s %-15s %-15s\n"), - suites[i].cipher_suite_id, - iana_string(suites[i].iana), - val2str(suites[i].auth_alg, ipmi_auth_algorithms), - val2str(suites[i].integrity_alg, ipmi_integrity_algorithms), - val2str(suites[i].crypt_alg, ipmi_encryption_algorithms)); + cipher_suite_id, + iana_string(iana), + val2str(auth_alg, ipmi_auth_algorithms), + val2str(integrity_alg, ipmi_integrity_algorithms), + val2str(crypt_alg, ipmi_encryption_algorithms)); } return 0; } @@ -812,92 +821,6 @@ ipmi_set_user_access(struct ipmi_intf *intf, int argc, char **argv) return 0; } -int -ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel, const char *method, const char *key) -{ - uint8_t kgkey[IPMI_KG_BUFFER_SIZE]; - struct ipmi_rs *rsp; - struct ipmi_rq req; - struct set_channel_security_keys_req req_data; - int rc = -1; - - /* convert provided key to array of bytes */ - if (strcmp(method, "hex") == 0) { - if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) { - lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE-1)); - printf_channel_usage(); - return -1; - } - - rc = ipmi_parse_hex(key, kgkey, sizeof(kgkey)-1); - if (rc == -1) { - lprintf(LOG_ERR, "Number of Kg key characters is not even"); - return rc; - } else if (rc == -3) { - lprintf(LOG_ERR, "Kg key is not hexadecimal number"); - return rc; - } else if (rc > (IPMI_KG_BUFFER_SIZE-1)) { - lprintf(LOG_ERR, "Kg key is too long"); - return rc; - } - - } else if (strcmp(method, "plain") == 0) { - if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) { - lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE -1)); - printf_channel_usage(); - return rc; - } - - strncpy(kgkey, key, IPMI_KG_BUFFER_SIZE-1); - } else { - printf_channel_usage(); - return rc; - } - - /* assemble and send request to set kg key */ - memset(&req_data, 0, sizeof(req_data)); - req_data.channel = channel; - req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET; - req_data.key_id = IPMI_KG_KEY_ID; - memcpy(req_data.key_value, kgkey, IPMI_KG_BUFFER_SIZE-1); - - memset(&req, 0, sizeof(req)); - req.msg.netfn = IPMI_NETFN_APP; - req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS; - req.msg.data = (uint8_t*) &req_data; - req.msg.data_len = sizeof(req_data); - - rsp = intf->sendrecv(intf, &req); - if (rsp == NULL) { - lprintf(LOG_ERR, "Set Channel Security Keys command failed"); - return rc; - } - if (rsp->ccode > 0) { - const char *error = NULL; - switch (rsp->ccode) { - case 0x80: - error = "Key is locked"; - break; - case 0x81: - error = "Insufficient key bytes"; - break; - case 0x82: - error = "Too many key bytes"; - break; - case 0x83: - error = "Key value does not meet criteria for K_g key"; - break; - default: - error = val2str(rsp->ccode, completion_code_vals); - } - lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error); - return rc; - } - - lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded"); - return 0; -} - int ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv) { @@ -964,22 +887,9 @@ ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv) return (-1); } } - retval = ipmi_print_channel_cipher_suites(intf, + retval = ipmi_get_channel_cipher_suites(intf, argv[1], /* ipmi | sol */ channel); - } else if (strncmp(argv[0], "setkg", 5) == 0) { - if (argc < 3 || argc > 4) - printf_channel_usage(); - else { - uint8_t ch = 0xe; - char *method = argv[1]; - char *key = argv[2]; - if (argc == 4) { - ch = (uint8_t)strtol(argv[3], NULL, 0); - } - - retval = ipmi_set_channel_security_keys(intf, ch, method, key); - } } else { lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]); printf_channel_usage(); @@ -1006,10 +916,6 @@ printf_channel_usage() lprintf(LOG_NOTICE, ""); lprintf(LOG_NOTICE, -" setkg hex|plain [channel]"); - lprintf(LOG_NOTICE, -""); - lprintf(LOG_NOTICE, "Possible privilege levels are:"); lprintf(LOG_NOTICE, " 1 Callback level"); diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c index 98bc984..cf00eff 100644 --- a/lib/ipmi_fru.c +++ b/lib/ipmi_fru.c @@ -615,10 +615,7 @@ int read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, uint32_t offset, uint32_t length, uint8_t *frubuf) { - uint32_t off = offset; - uint32_t tmp; - uint32_t finish; - uint32_t size_left_in_buffer; + uint32_t off = offset, tmp, finish; struct ipmi_rs * rsp; struct ipmi_rq req; uint8_t msg_data[4]; @@ -631,12 +628,10 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, finish = offset + length; if (finish > fru->size) { - memset(frubuf + fru->size, 0, length - fru->size); finish = fru->size; lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " "Adjusting to %d", offset + length, finish - offset); - length = finish - offset; } memset(&req, 0, sizeof(req)); @@ -672,7 +667,6 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, } } - size_left_in_buffer = length; do { tmp = fru->access ? off >> 1 : off; msg_data[0] = id; @@ -713,18 +707,9 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, } tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; - if(rsp->data_len < 1 - || tmp > rsp->data_len - 1 - || tmp > size_left_in_buffer) - { - printf(" Not enough buffer size"); - return -1; - } - memcpy(frubuf, rsp->data + 1, tmp); off += tmp; frubuf += tmp; - size_left_in_buffer -= tmp; /* sometimes the size returned in the Info command * is too large. return 0 so higher level function * still attempts to parse what was returned */ @@ -757,9 +742,7 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, uint32_t offset, uint32_t length, uint8_t *frubuf) { static uint32_t fru_data_rqst_size = 20; - uint32_t off = offset; - uint32_t tmp, finish; - uint32_t size_left_in_buffer; + uint32_t off = offset, tmp, finish; struct ipmi_rs * rsp; struct ipmi_rq req; uint8_t msg_data[4]; @@ -772,12 +755,10 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, finish = offset + length; if (finish > fru->size) { - memset(frubuf + fru->size, 0, length - fru->size); finish = fru->size; lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " "Adjusting to %d", offset + length, finish - offset); - length = finish - offset; } memset(&req, 0, sizeof(req)); @@ -792,8 +773,6 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, if (fru->access && fru_data_rqst_size > 16) #endif fru_data_rqst_size = 16; - - size_left_in_buffer = length; do { tmp = fru->access ? off >> 1 : off; msg_data[0] = id; @@ -825,16 +804,8 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, } tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; - if(rsp->data_len < 1 - || tmp > rsp->data_len - 1 - || tmp > size_left_in_buffer) - { - printf(" Not enough buffer size"); - return -1; - } memcpy((frubuf + off)-offset, rsp->data + 1, tmp); off += tmp; - size_left_in_buffer -= tmp; /* sometimes the size returned in the Info command * is too large. return 0 so higher level function @@ -3062,7 +3033,7 @@ ipmi_fru_print(struct ipmi_intf * intf, struct sdr_record_fru_locator * fru) return 0; memset(desc, 0, sizeof(desc)); - memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc))); + memcpy(desc, fru->id_string, fru->id_code & 0x01f); desc[fru->id_code & 0x01f] = 0; printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id); diff --git a/lib/ipmi_lanp.c b/lib/ipmi_lanp.c index 022c7f1..65d881b 100644 --- a/lib/ipmi_lanp.c +++ b/lib/ipmi_lanp.c @@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, __min(p->data_len, sizeof(data))); + memcpy(data, p->data, p->data_len); /* set new ipaddr */ memcpy(data+3, temp, 4); printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert, @@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, __min(p->data_len, sizeof(data))); + memcpy(data, p->data, p->data_len); /* set new macaddr */ memcpy(data+7, temp, 6); printf("Setting LAN Alert %d MAC Address to " @@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, __min(p->data_len, sizeof(data))); + memcpy(data, p->data, p->data_len); if (strncasecmp(argv[1], "def", 3) == 0 || strncasecmp(argv[1], "default", 7) == 0) { @@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, __min(p->data_len, sizeof(data))); + memcpy(data, p->data, p->data_len); if (strncasecmp(argv[1], "on", 2) == 0 || strncasecmp(argv[1], "yes", 3) == 0) { @@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, __min(p->data_len, sizeof(data))); + memcpy(data, p->data, p->data_len); if (strncasecmp(argv[1], "pet", 3) == 0) { printf("Setting LAN Alert %d destination to PET Trap\n", alert); @@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, __min(p->data_len, sizeof(data))); + memcpy(data, p->data, p->data_len); if (str2uchar(argv[1], &data[2]) != 0) { lprintf(LOG_ERR, "Invalid time: %s", argv[1]); @@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, __min(p->data_len, sizeof(data))); + memcpy(data, p->data, p->data_len); if (str2uchar(argv[1], &data[3]) != 0) { lprintf(LOG_ERR, "Invalid retry: %s", argv[1]); diff --git a/lib/ipmi_main.c b/lib/ipmi_main.c index 9d4a148..811c80b 100644 --- a/lib/ipmi_main.c +++ b/lib/ipmi_main.c @@ -75,7 +75,6 @@ #include #include #include -#include #ifdef HAVE_CONFIG_H # include @@ -324,7 +323,6 @@ ipmi_main(int argc, char ** argv, uint8_t target_addr = 0; uint8_t target_channel = 0; - uint8_t u8tmp = 0; uint8_t transit_addr = 0; uint8_t transit_channel = 0; uint8_t target_lun = 0; @@ -349,10 +347,7 @@ ipmi_main(int argc, char ** argv, char * seloem = NULL; int port = 0; int devnum = 0; -#ifdef IPMI_INTF_LANPLUS - /* lookup best cipher suite available */ - enum cipher_suite_ids cipher_suite_id = IPMI_LANPLUS_CIPHER_SUITE_RESERVED; -#endif /* IPMI_INTF_LANPLUS */ + int cipher_suite_id = 3; /* See table 22-19 of the IPMIv2 spec */ int argflag, i, found; int rc = -1; int ai_family = AF_UNSPEC; @@ -430,18 +425,19 @@ ipmi_main(int argc, char ** argv, goto out_free; } break; -#ifdef IPMI_INTF_LANPLUS case 'C': - /* Cipher Suite ID is a byte as per IPMI specification */ - if (str2uchar(optarg, &u8tmp) != 0) { - lprintf(LOG_ERR, "Invalid parameter given or out of " - "range [0-255] for '-C'."); + if (str2int(optarg, &cipher_suite_id) != 0) { + lprintf(LOG_ERR, "Invalid parameter given or out of range for '-C'."); + rc = -1; + goto out_free; + } + /* add check Cipher is -gt 0 */ + if (cipher_suite_id < 0) { + lprintf(LOG_ERR, "Cipher suite ID %i is invalid.", cipher_suite_id); rc = -1; goto out_free; } - cipher_suite_id = u8tmp; break; -#endif /* IPMI_INTF_LANPLUS */ case 'v': verbose++; break; @@ -874,9 +870,7 @@ ipmi_main(int argc, char ** argv, ipmi_intf_session_set_lookupbit(ipmi_main_intf, lookupbit); ipmi_intf_session_set_sol_escape_char(ipmi_main_intf, sol_escape_char); -#ifdef IPMI_INTF_LANPLUS ipmi_intf_session_set_cipher_suite_id(ipmi_main_intf, cipher_suite_id); -#endif /* IPMI_INTF_LANPLUS */ ipmi_main_intf->devnum = devnum; diff --git a/lib/ipmi_oem.c b/lib/ipmi_oem.c index 86fd803..96db2ea 100644 --- a/lib/ipmi_oem.c +++ b/lib/ipmi_oem.c @@ -39,7 +39,6 @@ static int ipmi_oem_supermicro(struct ipmi_intf * intf); static int ipmi_oem_ibm(struct ipmi_intf * intf); -static int ipmi_oem_quanta(struct ipmi_intf * intf); static struct ipmi_oem_handle ipmi_oem_list[] = { { @@ -72,11 +71,6 @@ static struct ipmi_oem_handle ipmi_oem_list[] = { .name = "kontron", .desc = "Kontron OEM big buffer support" }, - { - .name = "quanta", - .desc = "Quanta IPMIv1.5 BMC with OEM LAN authentication support", - .setup = ipmi_oem_quanta, - }, { 0 } }; @@ -99,14 +93,6 @@ ipmi_oem_ibm(struct ipmi_intf * intf) return ipmi_sel_oem_init((const char *)filename); } -/* Quanta IPMIv2 BMCs use OEM authtype */ -static int -ipmi_oem_quanta(struct ipmi_intf * intf) -{ - ipmi_intf_session_set_authtype(intf, IPMI_SESSION_AUTHTYPE_OEM); - return 0; -} - /* ipmi_oem_print - print list of OEM handles */ void diff --git a/lib/ipmi_pef.c b/lib/ipmi_pef.c index 4be749e..bbf25f2 100644 --- a/lib/ipmi_pef.c +++ b/lib/ipmi_pef.c @@ -1183,7 +1183,6 @@ ipmi_pef2_get_info(struct ipmi_intf *intf) ipmi_pef_print_guid(guid_ptr); } ipmi_pef_print_flags(&pef_b2s_actions, P_SUPP, pcap.actions); - putchar('\n'); return 0; } @@ -1243,7 +1242,6 @@ ipmi_pef2_get_status(struct ipmi_intf *intf) return (-1); } ipmi_pef_print_flags(&pef_b2s_actions, P_ACTV, rsp->data[1]); - putchar('\n'); return 0; } diff --git a/lib/ipmi_quantaoem.c b/lib/ipmi_quantaoem.c deleted file mode 100644 index 7b4c5c6..0000000 --- a/lib/ipmi_quantaoem.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (c) 2018 Quanta Computer Inc. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistribution of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistribution in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * Neither the name of Quanta Computer Inc. or the names of - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * This software is provided "AS IS," without a warranty of any kind. - * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, - * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A - * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. - * Quanta Computer Inc. AND ITS LICENSORS SHALL NOT BE LIABLE - * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING - * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL - * Quanta Computer Inc. OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, - * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR - * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF - * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, - * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ -#define _XOPEN_SOURCE - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* Max Size of the description String to be displyed for the Each sel entry */ -#define SIZE_OF_DESC 128 - -#define CPU_SHIFT 6 -#define CPU_MASK 0X03 -#define CPU_NUM(x) (((x) >> CPU_SHIFT) & CPU_MASK) - -#define CHANNEL_BASE 0x41 -#define CHANNEL_SHIFT 3 -#define CHANNEL_MASK 0x07 -#define CHANNEL_OFFSET(x) (((x) >> CHANNEL_SHIFT) & CHANNEL_MASK) -#define CHANNEL_NUM(x) (CHANNEL_BASE + CHANNEL_OFFSET(x)) - -#define DIMM_MASK 0x07 -#define DIMM_NUM(x) ((x) & DIMM_MASK) - -#define GET_PLATFORM_ID_DATA_SIZE 4 - -// Magic code to check if it's valid command -#define QCT_MAGIC_1 0x4C -#define QCT_MAGIC_2 0x1C -#define QCT_MAGIC_3 0x00 -#define QCT_MAGIC_4 0x02 - -qct_platform_t -oem_qct_get_platform_id(struct ipmi_intf *intf) -{ - /* Execute a Get platform ID command to determine the board */ - struct ipmi_rs *rsp; - struct ipmi_rq req; - qct_platform_t platform_id; - uint8_t msg_data[GET_PLATFORM_ID_DATA_SIZE]; - - /* Ask for IPMI v2 data as well */ - msg_data[0] = QCT_MAGIC_1; - msg_data[1] = QCT_MAGIC_2; - msg_data[2] = QCT_MAGIC_3; - msg_data[3] = QCT_MAGIC_4; - - memset(&req, 0, sizeof(req)); - req.msg.netfn = OEM_QCT_NETFN; - req.msg.cmd = OEM_QCT_GET_INFO; - req.msg.data = msg_data; - req.msg.data_len = sizeof(msg_data); - - rsp = intf->sendrecv(intf, &req); - if (rsp == NULL) { - lprintf(LOG_ERR, "Get Platform ID command failed"); - return 0; - } - if (rsp->ccode) { - lprintf(LOG_ERR, "Get Platform ID command failed: %#x %s", - rsp->ccode, val2str(rsp->ccode, completion_code_vals)); - return 0; - } - platform_id = rsp->data[0]; - lprintf(LOG_DEBUG,"Platform ID: %hhx", rsp->data[0]); - return platform_id; -} - -char * -oem_qct_get_evt_desc(struct ipmi_intf *intf, struct sel_event_record *rec) -{ - struct ipmi_rs *rsp; - struct ipmi_rq req; - char *desc = NULL; - int data; - int sensor_type; - qct_platform_t platform_id; - - /* Get the OEM event Bytes of the SEL Records byte 15 to data */ - data = rec->sel_type.standard_type.event_data[2]; - /* Check for the Standard Event type == 0x6F */ - if (rec->sel_type.standard_type.event_type != 0x6F) { - goto out; - } - /* Allocate mem for te Description string */ - desc = malloc(SIZE_OF_DESC); - if (desc == NULL) { - lprintf(LOG_ERR, "ipmitool: malloc failure"); - goto out; - } - memset(desc, 0, SIZE_OF_DESC); - sensor_type = rec->sel_type.standard_type.sensor_type; - switch (sensor_type) { - case SENSOR_TYPE_MEMORY: - memset(&req, 0, sizeof (req)); - req.msg.netfn = IPMI_NETFN_APP; - req.msg.lun = 0; - req.msg.cmd = BMC_GET_DEVICE_ID; - req.msg.data = NULL; - req.msg.data_len = 0; - - rsp = intf->sendrecv(intf, &req); - if (rsp == NULL) { - lprintf(LOG_ERR, " Error getting system info"); - goto out; - } else if (rsp->ccode) { - lprintf(LOG_ERR, " Error getting system info: %s", - val2str(rsp->ccode, completion_code_vals)); - goto out; - } - /* check the platform type */ - platform_id = oem_qct_get_platform_id(intf); - if (OEM_QCT_PLATFORM_PURLEY == platform_id) { - snprintf(desc, SIZE_OF_DESC, "CPU%d_%c%d", - CPU_NUM(data), - CHANNEL_NUM(data), - DIMM_NUM(data)); - } - break; - default: - goto out; - } - return desc; -out: - if (desc) { - free(desc); - desc = NULL; - } - return desc; -} diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c index 01d81f7..2a9cbe3 100644 --- a/lib/ipmi_sdr.c +++ b/lib/ipmi_sdr.c @@ -577,8 +577,6 @@ ipmi_sdr_get_sensor_reading_ipmb(struct ipmi_intf *intf, uint8_t sensor, uint32_t save_addr; uint32_t save_channel; - if (target == (uint8_t) 0xb1) - return ipmi_sdr_get_sensor_reading(intf, sensor); if ( BRIDGE_TO_SENSOR(intf, target, channel) ) { lprintf(LOG_DEBUG, "Bridge to Sensor " @@ -2086,7 +2084,7 @@ ipmi_sdr_print_sensor_eventonly(struct ipmi_intf *intf, return -1; memset(desc, 0, sizeof (desc)); - snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string); + snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string); if (verbose) { printf("Sensor ID : %s (0x%x)\n", @@ -2137,7 +2135,7 @@ ipmi_sdr_print_sensor_mc_locator(struct ipmi_intf *intf, return -1; memset(desc, 0, sizeof (desc)); - snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string); + snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string); if (verbose == 0) { if (csv_output) @@ -2230,7 +2228,7 @@ ipmi_sdr_print_sensor_generic_locator(struct ipmi_intf *intf, char desc[17]; memset(desc, 0, sizeof (desc)); - snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string); + snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string); if (!verbose) { if (csv_output) @@ -2287,7 +2285,7 @@ ipmi_sdr_print_sensor_fru_locator(struct ipmi_intf *intf, char desc[17]; memset(desc, 0, sizeof (desc)); - snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string); + snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string); if (!verbose) { if (csv_output) @@ -2491,43 +2489,35 @@ ipmi_sdr_print_name_from_rawentry(struct ipmi_intf *intf, uint16_t id, int rc =0; char desc[17]; - const char *id_string; - uint8_t id_code; memset(desc, ' ', sizeof (desc)); switch ( type) { case SDR_RECORD_TYPE_FULL_SENSOR: record.full = (struct sdr_record_full_sensor *) raw; - id_code = record.full->id_code; - id_string = record.full->id_string; + snprintf(desc, (record.full->id_code & 0x1f) +1, "%s", + (const char *)record.full->id_string); break; - case SDR_RECORD_TYPE_COMPACT_SENSOR: record.compact = (struct sdr_record_compact_sensor *) raw ; - id_code = record.compact->id_code; - id_string = record.compact->id_string; + snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s", + (const char *)record.compact->id_string); break; - case SDR_RECORD_TYPE_EVENTONLY_SENSOR: record.eventonly = (struct sdr_record_eventonly_sensor *) raw ; - id_code = record.eventonly->id_code; - id_string = record.eventonly->id_string; - break; - + snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s", + (const char *)record.eventonly->id_string); + break; case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR: record.mcloc = (struct sdr_record_mc_locator *) raw ; - id_code = record.mcloc->id_code; - id_string = record.mcloc->id_string; + snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s", + (const char *)record.mcloc->id_string); break; - default: rc = -1; - } - if (!rc) { - snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string); - } + break; + } - lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); + lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); return rc; } diff --git a/lib/ipmi_sel.c b/lib/ipmi_sel.c index a54fefd..8b0395e 100644 --- a/lib/ipmi_sel.c +++ b/lib/ipmi_sel.c @@ -50,7 +50,6 @@ #include #include #include -#include extern int verbose; static int sel_extended = 0; @@ -1245,9 +1244,6 @@ ipmi_get_oem_desc(struct ipmi_intf * intf, struct sel_event_record * rec) case IPMI_OEM_SUPERMICRO_47488: desc = get_supermicro_evt_desc(intf, rec); break; - case IPMI_OEM_QUANTA: - desc = oem_qct_get_evt_desc(intf, rec); - break; case IPMI_OEM_UNKNOWN: default: break; @@ -1353,9 +1349,6 @@ ipmi_get_event_desc(struct ipmi_intf * intf, struct sel_event_record * rec, char sfx = ipmi_get_oem_desc(intf, rec); break; /* add your oem sensor assignation here */ - case IPMI_OEM_QUANTA: - sfx = ipmi_get_oem_desc(intf, rec); - break; default: lprintf(LOG_DEBUG, "oem sensor type %x using standard type supplied description", rec->sel_type.standard_type.sensor_type ); @@ -1366,12 +1359,9 @@ ipmi_get_event_desc(struct ipmi_intf * intf, struct sel_event_record * rec, char case IPMI_OEM_SUPERMICRO: case IPMI_OEM_SUPERMICRO_47488: sfx = ipmi_get_oem_desc(intf, rec); - break; - case IPMI_OEM_QUANTA: - sfx = ipmi_get_oem_desc(intf, rec); - break; + break; default: - break; + break; } } /* @@ -1996,12 +1986,9 @@ ipmi_sel_print_std_entry(struct ipmi_intf * intf, struct sel_event_record * evt) case IPMI_OEM_SUPERMICRO: case IPMI_OEM_SUPERMICRO_47488: print_sensor = 0; - break; - case IPMI_OEM_QUANTA: - print_sensor = 0; - break; + break; default: - break; + break; } /* * Sensor-Specific Discrete diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c index b9af1fd..141f0f4 100644 --- a/lib/ipmi_session.c +++ b/lib/ipmi_session.c @@ -309,10 +309,8 @@ ipmi_get_session_info(struct ipmi_intf * intf, } else { - memcpy(&session_info, rsp->data, - __min(rsp->data_len, sizeof(session_info))); - print_session_info(&session_info, - __min(rsp->data_len, sizeof(session_info))); + memcpy(&session_info, rsp->data, rsp->data_len); + print_session_info(&session_info, rsp->data_len); } break; @@ -343,10 +341,8 @@ ipmi_get_session_info(struct ipmi_intf * intf, break; } - memcpy(&session_info, rsp->data, - __min(rsp->data_len, sizeof(session_info))); - print_session_info(&session_info, - __min(rsp->data_len, sizeof(session_info))); + memcpy(&session_info, rsp->data, rsp->data_len); + print_session_info(&session_info, rsp->data_len); } while (i <= session_info.session_slot_count); break; diff --git a/lib/ipmi_sol.c b/lib/ipmi_sol.c index 04dbe63..3acd5bb 100644 --- a/lib/ipmi_sol.c +++ b/lib/ipmi_sol.c @@ -1875,7 +1875,7 @@ static void print_sol_usage(void) { lprintf(LOG_NOTICE, "SOL Commands: info []"); - lprintf(LOG_NOTICE, " set [channel] [noguard]"); + lprintf(LOG_NOTICE, " set [channel]"); lprintf(LOG_NOTICE, " payload [channel] [userid]"); lprintf(LOG_NOTICE, " activate [] [instance=]"); lprintf(LOG_NOTICE, " deactivate [instance=]"); @@ -1890,8 +1890,6 @@ print_sol_usage(void) static void print_sol_set_usage(void) { - lprintf(LOG_NOTICE, "\nSOL set usage: \n"); - lprintf(LOG_NOTICE, " sol set [channel] [noguard]\n"); lprintf(LOG_NOTICE, "\nSOL set parameters and values: \n"); lprintf(LOG_NOTICE, " set-in-progress set-complete | " "set-in-progress | commit-write"); diff --git a/src/ipmitool.c b/src/ipmitool.c index ec0b741..5e19c6e 100644 --- a/src/ipmitool.c +++ b/src/ipmitool.c @@ -66,7 +66,6 @@ #include #include #include -#include #ifdef HAVE_CONFIG_H # include diff --git a/src/plugins/ipmi_intf.c b/src/plugins/ipmi_intf.c index 00b0918..9225a34 100644 --- a/src/plugins/ipmi_intf.c +++ b/src/plugins/ipmi_intf.c @@ -55,7 +55,6 @@ #include #include #include -#include #define IPMI_DEFAULT_PAYLOAD_SIZE 25 @@ -252,14 +251,11 @@ ipmi_intf_session_set_lookupbit(struct ipmi_intf * intf, uint8_t lookupbit) intf->ssn_params.lookupbit = lookupbit; } -#ifdef IPMI_INTF_LANPLUS void -ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, - enum cipher_suite_ids cipher_suite_id) +ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, uint8_t cipher_suite_id) { intf->ssn_params.cipher_suite_id = cipher_suite_id; } -#endif /* IPMI_INTF_LANPLUS */ void ipmi_intf_session_set_sol_escape_char(struct ipmi_intf * intf, char sol_escape_char) diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c index c442c0e..a0e388c 100644 --- a/src/plugins/lanplus/lanplus.c +++ b/src/plugins/lanplus/lanplus.c @@ -164,109 +164,114 @@ extern int verbose; * returns 0 on success * 1 on failure */ -int lanplus_get_requested_ciphers(enum cipher_suite_ids cipher_suite_id, +int lanplus_get_requested_ciphers(int cipher_suite_id, uint8_t * auth_alg, uint8_t * integrity_alg, uint8_t * crypt_alg) { +#ifdef HAVE_CRYPTO_SHA256 + if ((cipher_suite_id < 0) || (cipher_suite_id > 17)) { + return 1; + } +#else + if ((cipher_suite_id < 0) || (cipher_suite_id > 14)) + return 1; +#endif /* HAVE_CRYPTO_SHA256 */ /* See table 22-19 for the source of the statement */ switch (cipher_suite_id) { - case IPMI_LANPLUS_CIPHER_SUITE_0: + case 0: *auth_alg = IPMI_AUTH_RAKP_NONE; *integrity_alg = IPMI_INTEGRITY_NONE; *crypt_alg = IPMI_CRYPT_NONE; break; - case IPMI_LANPLUS_CIPHER_SUITE_1: + case 1: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_NONE; *crypt_alg = IPMI_CRYPT_NONE; break; - case IPMI_LANPLUS_CIPHER_SUITE_2: + case 2: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96; *crypt_alg = IPMI_CRYPT_NONE; break; - case IPMI_LANPLUS_CIPHER_SUITE_3: + case 3: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96; *crypt_alg = IPMI_CRYPT_AES_CBC_128; break; - case IPMI_LANPLUS_CIPHER_SUITE_4: + case 4: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96; *crypt_alg = IPMI_CRYPT_XRC4_128; break; - case IPMI_LANPLUS_CIPHER_SUITE_5: + case 5: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96; *crypt_alg = IPMI_CRYPT_XRC4_40; break; - case IPMI_LANPLUS_CIPHER_SUITE_6: + case 6: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_NONE; *crypt_alg = IPMI_CRYPT_NONE; break; - case IPMI_LANPLUS_CIPHER_SUITE_7: + case 7: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128; *crypt_alg = IPMI_CRYPT_NONE; break; - case IPMI_LANPLUS_CIPHER_SUITE_8: + case 8: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128; *crypt_alg = IPMI_CRYPT_AES_CBC_128; break; - case IPMI_LANPLUS_CIPHER_SUITE_9: + case 9: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128; *crypt_alg = IPMI_CRYPT_XRC4_128; break; - case IPMI_LANPLUS_CIPHER_SUITE_10: + case 10: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128; *crypt_alg = IPMI_CRYPT_XRC4_40; break; - case IPMI_LANPLUS_CIPHER_SUITE_11: + case 11: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_MD5_128; *crypt_alg = IPMI_CRYPT_NONE; break; - case IPMI_LANPLUS_CIPHER_SUITE_12: + case 12: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_MD5_128; *crypt_alg = IPMI_CRYPT_AES_CBC_128; break; - case IPMI_LANPLUS_CIPHER_SUITE_13: + case 13: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_MD5_128; *crypt_alg = IPMI_CRYPT_XRC4_128; break; - case IPMI_LANPLUS_CIPHER_SUITE_14: + case 14: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_MD5_128; *crypt_alg = IPMI_CRYPT_XRC4_40; break; #ifdef HAVE_CRYPTO_SHA256 - case IPMI_LANPLUS_CIPHER_SUITE_15: + case 15: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256; *integrity_alg = IPMI_INTEGRITY_NONE; *crypt_alg = IPMI_CRYPT_NONE; break; - case IPMI_LANPLUS_CIPHER_SUITE_16: + case 16: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128; *crypt_alg = IPMI_CRYPT_NONE; break; - case IPMI_LANPLUS_CIPHER_SUITE_17: + case 17: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128; *crypt_alg = IPMI_CRYPT_AES_CBC_128; break; #endif /* HAVE_CRYPTO_SHA256 */ - case IPMI_LANPLUS_CIPHER_SUITE_RESERVED: - default: - return 1; } return 0; @@ -3436,61 +3441,6 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf) return 0; } -static uint8_t -ipmi_find_best_cipher_suite(struct ipmi_intf *intf) -{ - enum cipher_suite_ids best_suite = IPMI_LANPLUS_CIPHER_SUITE_RESERVED; -#ifdef HAVE_CRYPTO_SHA256 - struct cipher_suite_info suites[MAX_CIPHER_SUITE_COUNT]; - size_t nr_suites = ARRAY_SIZE(suites); - /* cipher suite best order is chosen with this criteria: - * HMAC-MD5 and MD5 are BAD; xRC4 is bad; AES128 is required - * HMAC-SHA256 > HMAC-SHA1 - * secure authentication > encrypted content - * - * With xRC4 out, all cipher suites with MD5 out, and cipher suite 3 being - * required by the spec, the only better defined standard cipher suite is - * 17. So if SHA256 is available, we should try to use that, otherwise, - * fall back to 3. - */ - const enum cipher_suite_ids cipher_order_preferred[] = { - IPMI_LANPLUS_CIPHER_SUITE_17, - IPMI_LANPLUS_CIPHER_SUITE_3, - }; - const size_t nr_preferred = ARRAY_SIZE(cipher_order_preferred); - size_t ipref, i; - int rc; - int retry_old = intf->ssn_params.retry; - - ipmi_intf_session_set_retry(intf, 1); - rc = ipmi_get_channel_cipher_suites(intf, "ipmi", IPMI_LAN_CHANNEL_E, suites, &nr_suites); - ipmi_intf_session_set_retry(intf, retry_old); - if (rc < 0) - { - /* default legacy behavior - cipher suite 3 if none is requested */ - return IPMI_LANPLUS_CIPHER_SUITE_3; - } - for (ipref = 0; ipref < nr_preferred && - IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite; ipref++) - { - for (i = 0; i < nr_suites; i++) { - if (cipher_order_preferred[ipref] == suites[i].cipher_suite_id) { - best_suite = cipher_order_preferred[ipref]; - break; - } - } - } -#endif /* HAVE_CRYPTO_SHA256 */ - if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite) { - /* IPMI 2.0 spec requires that cipher suite 3 is implemented - * so we should always be able to fall back to that if better - * options are not available. */ - best_suite = IPMI_LANPLUS_CIPHER_SUITE_3; - } - lprintf(LOG_INFO, "Using best available cipher suite %d\n", best_suite); - return best_suite; -} - /** * ipmi_lanplus_open */ @@ -3564,16 +3514,6 @@ ipmi_lanplus_open(struct ipmi_intf * intf) lprintf(LOG_INFO, "This BMC does not support IPMI v2 / RMCP+"); goto fail; } - /* - * If no cipher suite was provided, query the channel cipher suite list and - * pick the best one available - */ - if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED == - intf->ssn_params.cipher_suite_id) - { - ipmi_intf_session_set_cipher_suite_id(intf, - ipmi_find_best_cipher_suite(intf)); - } /* * If the open/rakp1/rakp3 sequence encounters a timeout, the whole sequence @@ -3788,7 +3728,7 @@ static int ipmi_lanplus_setup(struct ipmi_intf * intf) static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t size) { - if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) { + if (intf->ssn_params.cipher_suite_id == 3) { /* * encrypted payload can only be multiple of 16 bytes */ @@ -3806,7 +3746,7 @@ static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t siz static void ipmi_lanp_set_max_rp_data_size(struct ipmi_intf * intf, uint16_t size) { - if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) { + if (intf->ssn_params.cipher_suite_id == 3) { /* * encrypted payload can only be multiple of 16 bytes */ diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c index bc130a0..d5fac37 100644 --- a/src/plugins/lanplus/lanplus_crypt_impl.c +++ b/src/plugins/lanplus/lanplus_crypt_impl.c @@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX_init(ctx); - EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(ctx, 0); + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(&ctx, 0); *bytes_written = 0; @@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ *bytes_written = 0; @@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, { uint32_t tmplen; - if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) { *bytes_written = 0; return; /* Error */ @@ -210,8 +210,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(ctx); - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_cleanup(&ctx); } } } @@ -240,10 +239,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX_init(ctx); - EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(ctx, 0); + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(&ctx, 0); if (verbose >= 5) @@ -267,7 +266,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); @@ -278,7 +277,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, { uint32_t tmplen; - if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) { char buffer[1000]; ERR_error_string(ERR_get_error(), buffer); @@ -291,8 +290,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(ctx); - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_cleanup(&ctx); } }