commit b57487e360916ab3eaa50aa6d021c73b6337a4a0
Author: Dennis Schridde <dennis.schridde@uni-heidelberg.de>
Date:   Wed Nov 30 17:33:00 2016 +0100

    ID:461 - OpenSSL 1.1 compatibility - "error: storage size of 'ctx' isn't known"
    
    In OpenSSL 1.1 EVP_CIPHER_CTX became opaque, cf. `man 3ssl EVP_EncryptInit`
    
    Fixes: ID:461

diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index d5fac37..3c0df23 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 							uint8_t       * output,
 							uint32_t        * bytes_written)
 {
-	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+	EVP_CIPHER_CTX* ctx;
+	EVP_CIPHER_CTX_init(ctx);
+	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
 	
 
 	*bytes_written = 0;
@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
 
 
-	if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+	if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
 	{
 		/* Error */
 		*bytes_written = 0;
@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 	{
 		uint32_t tmplen;
 
-		if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
 		{
 			*bytes_written = 0;
 			return; /* Error */
@@ -210,7 +210,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 		{
 			/* Success */
 			*bytes_written += tmplen;
-			EVP_CIPHER_CTX_cleanup(&ctx);
+			EVP_CIPHER_CTX_cleanup(ctx);
 		}
 	}
 }
@@ -239,10 +239,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 							uint8_t       * output,
 							uint32_t        * bytes_written)
 {
-	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+	EVP_CIPHER_CTX* ctx;
+	EVP_CIPHER_CTX_init(ctx);
+	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
 
 	if (verbose >= 5)
@@ -266,7 +266,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
 
 
-	if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+	if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
 	{
 		/* Error */
 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
@@ -277,7 +277,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 	{
 		uint32_t tmplen;
 
-		if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
 		{
 			char buffer[1000];
 			ERR_error_string(ERR_get_error(), buffer);
@@ -290,7 +290,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 		{
 			/* Success */
 			*bytes_written += tmplen;
-			EVP_CIPHER_CTX_cleanup(&ctx);
+			EVP_CIPHER_CTX_cleanup(ctx);
 		}
 	}
 
commit 77fe5635037ebaf411cae46cf5045ca819b5c145
Author: Zdenek Styblik <stybla@turnovfree.net>
Date:   Sun Jan 15 15:11:25 2017 +0100

    ID:461 - Make compiler happier about changes related to OpenSSL 1.1
    
    Complaint was that ctx isn't initialized.

diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index 3c0df23..d12d0e3 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -164,7 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 							uint8_t       * output,
 							uint32_t        * bytes_written)
 {
-	EVP_CIPHER_CTX* ctx;
+	EVP_CIPHER_CTX *ctx = NULL;
 	EVP_CIPHER_CTX_init(ctx);
 	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -239,7 +239,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 							uint8_t       * output,
 							uint32_t        * bytes_written)
 {
-	EVP_CIPHER_CTX* ctx;
+	EVP_CIPHER_CTX *ctx = NULL;
 	EVP_CIPHER_CTX_init(ctx);
 	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
commit f004b4b7197fc83e7d47ec8cbcaefffa9a922717
Author: Zdenek Styblik <stybla@turnovfree.net>
Date:   Sun Mar 12 14:00:35 2017 +0100

    ID:480 - ipmitool coredumps in EVP_CIPHER_CTX_init
    
    IPMI tool coredumps due to changes introduced in ID:461. This shouldn't be
    surprise as a NULL pointer is passed to init. Commit addresses this issue by
    calling EVP_CIPHER_CTX_new() instead of EVP_CIPHER_CTX_init(), which is
    deprecated, and by checking return value of call to former function.

diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index d12d0e3..0e330c1 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -165,10 +165,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 							uint32_t        * bytes_written)
 {
 	EVP_CIPHER_CTX *ctx = NULL;
-	EVP_CIPHER_CTX_init(ctx);
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL) {
+		*bytes_written = 0;
+		return;
+	}
 	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
-	
 
 	*bytes_written = 0;
 
@@ -240,11 +243,14 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 							uint32_t        * bytes_written)
 {
 	EVP_CIPHER_CTX *ctx = NULL;
-	EVP_CIPHER_CTX_init(ctx);
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL) {
+		*bytes_written = 0;
+		return;
+	}
 	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
-
 	if (verbose >= 5)
 	{
 		printbuf(iv,  16, "decrypting with this IV");
commit 1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1
Author: Holger Liebig <holger.liebig@ts.fujitsu.com>
Date:   Tue Apr 4 20:43:05 2017 +0200

    ID:480 - Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup()
    
    Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup() to fix memory
    leak.

diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index 0e330c1..9652a5e 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -165,13 +165,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 							uint32_t        * bytes_written)
 {
 	EVP_CIPHER_CTX *ctx = NULL;
-	ctx = EVP_CIPHER_CTX_new();
-	if (ctx == NULL) {
-		*bytes_written = 0;
-		return;
-	}
-	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
 	*bytes_written = 0;
 
@@ -185,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 		printbuf(input, input_length, "encrypting this data");
 	}
 
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL) {
+		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
+		return;
+	}
+	EVP_CIPHER_CTX_init(ctx);
+	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
 	/*
 	 * The default implementation adds a whole block of padding if the input
@@ -198,7 +199,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 	{
 		/* Error */
 		*bytes_written = 0;
-		return;
 	}
 	else
 	{
@@ -206,16 +206,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 
 		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
 		{
+			/* Error */
 			*bytes_written = 0;
-			return; /* Error */
 		}
 		else
 		{
 			/* Success */
 			*bytes_written += tmplen;
-			EVP_CIPHER_CTX_cleanup(ctx);
 		}
 	}
+	/* performs cleanup and free */
+	EVP_CIPHER_CTX_free(ctx);
 }
 
 
@@ -243,13 +244,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 							uint32_t        * bytes_written)
 {
 	EVP_CIPHER_CTX *ctx = NULL;
-	ctx = EVP_CIPHER_CTX_new();
-	if (ctx == NULL) {
-		*bytes_written = 0;
-		return;
-	}
-	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
 	if (verbose >= 5)
 	{
@@ -258,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 		printbuf(input, input_length, "decrypting this data");
 	}
 
-
 	*bytes_written = 0;
 
 	if (input_length == 0)
 		return;
 
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL) {
+		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
+		return;
+	}
+	EVP_CIPHER_CTX_init(ctx);
+	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+
 	/*
 	 * The default implementation adds a whole block of padding if the input
 	 * data is perfectly aligned.  We would like to keep that from happening.
@@ -277,7 +279,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 		/* Error */
 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
 		*bytes_written = 0;
-		return;
 	}
 	else
 	{
@@ -285,20 +286,21 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 
 		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
 		{
+			/* Error */
 			char buffer[1000];
 			ERR_error_string(ERR_get_error(), buffer);
 			lprintf(LOG_DEBUG, "the ERR error %s", buffer);
 			lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
 			*bytes_written = 0;
-			return; /* Error */
 		}
 		else
 		{
 			/* Success */
 			*bytes_written += tmplen;
-			EVP_CIPHER_CTX_cleanup(ctx);
 		}
 	}
+	/* performs cleanup and free */
+	EVP_CIPHER_CTX_free(ctx);
 
 	if (verbose >= 5)
 	{