Index: /branches/amp_4_0/src/library/avxnet/avxnet.c =================================================================== --- /branches/amp_4_0/src/library/avxnet/avxnet.c (revision 2634) +++ /branches/amp_4_0/src/library/avxnet/avxnet.c (working copy) @@ -228,7 +228,7 @@ FILE *fd = NULL; struct sockaddr snet_target; struct sockaddr_in * sin; - char gate_addr[128], net_addr[128]; + char gate_addr[128], net_addr[256]; char buf[1024], iface[16]; if (AF_INET == family) { Index: /branches/amp_4_0/src/library/ca_ui/ca_ui.c =================================================================== --- /branches/amp_4_0/src/library/ca_ui/ca_ui.c (revision 2634) +++ /branches/amp_4_0/src/library/ca_ui/ca_ui.c (working copy) @@ -968,7 +968,7 @@ int set_prompt(char *prompt, int len) { - char snode[MAX_LONG_TOKEN_SIZE + 1] = ""; + char snode[4 * MAX_LONG_TOKEN_SIZE + 1] = ""; char smode[MAX_LONG_TOKEN_SIZE + 1] = ""; /*zero strings*/ memset(snode, 0, sizeof(snode)); Index: /branches/amp_4_0/src/library/libexauth/auth_ext_ipc.c =================================================================== --- /branches/amp_4_0/src/library/libexauth/auth_ext_ipc.c (revision 2634) +++ /branches/amp_4_0/src/library/libexauth/auth_ext_ipc.c (working copy) @@ -436,6 +436,9 @@ unsigned char temp[2 * SECRET_LEN]; int len; int i; + int ret; + int outlen; + EVP_CIPHER_CTX *ctx; memcpy(temp, secret_in, SECRET_LEN); len = strlen((char *)temp) + 1; @@ -452,15 +455,38 @@ iv[i] = seed_iv[i % sizeof(seed_iv)]; } - if (AES_set_encrypt_key(key, 128, &aes_key) < 0) { - return -1; - } - - AES_cbc_encrypt(secret_in, temp, len, &aes_key, iv, AES_ENCRYPT); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + { + fprintf(stderr, "%s %s:%u - EVP_CIPHER_CTX_new failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + if (ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_EncryptInit_ex failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + EVP_EncryptUpdate(ctx, temp, &outlen, secret_in, len); + if (ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_EncryptUpdate failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_EncryptFinal_ex(ctx, temp + outlen, &outlen); + if (ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_EncryptFinal_ex failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } EVP_EncodeBlock(secret_out, temp, len); + if (ctx) EVP_CIPHER_CTX_free(ctx); return 0; +ErrP: + if (ctx) EVP_CIPHER_CTX_free(ctx); + return -1; } /*********************************************************************** @@ -484,6 +510,9 @@ unsigned char temp[2 * SECRET_LEN]; int len; int i; + int ret; + int inlen; + EVP_CIPHER_CTX *ctx; memcpy(temp, secret_in, 2 * SECRET_LEN); temp[2 * SECRET_LEN - 1] = '\0'; @@ -514,13 +543,36 @@ iv[i] = seed_iv[i % sizeof(seed_iv)]; } - if (AES_set_decrypt_key(key, 128, &aes_key) < 0) { - return -1; - } - - AES_cbc_encrypt(temp, secret_out, len, &aes_key, iv, AES_DECRYPT); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + { + fprintf(stderr, "%s %s:%u - EVP_CIPHER_CTX_new failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv); + if(ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_DecryptUpdate failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_DecryptUpdate(ctx, secret_out, &inlen, temp, len); + if(ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_DecryptUpdate failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_DecryptFinal_ex(ctx, secret_out + inlen, &inlen); + if(ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_DecryptFinal_ex failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + if (ctx) EVP_CIPHER_CTX_free(ctx); return 0; +ErrP: + if (ctx) EVP_CIPHER_CTX_free(ctx); + return -1; } #undef AES_BLOCK_SIZE Index: /branches/amp_4_0/src/library/libexauth/radlib.c =================================================================== --- /branches/amp_4_0/src/library/libexauth/radlib.c (revision 2634) +++ /branches/amp_4_0/src/library/libexauth/radlib.c (working copy) @@ -92,11 +92,12 @@ static void insert_scrambled_password(struct rad_handle *h, int srv) { - MD5_CTX ctx; unsigned char md5[MD5_DIGEST_LENGTH]; const struct rad_server *srvp; int padded_len; int pos; + EVP_MD_CTX *ctx; + unsigned int digest_len; srvp = &h->servers[srv]; padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf; @@ -106,11 +107,24 @@ int i; /* Calculate the new scrambler */ - MD5Init(&ctx); - MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); - MD5Update(&ctx, md5, 16); - MD5Final(md5, &ctx); - + ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + if (EVP_DigestUpdate(ctx, srvp->secret, strlen(srvp->secret)) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + if (EVP_DigestUpdate(ctx, md5, 16) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + if (EVP_DigestFinal_ex(ctx, md5, &digest_len) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + EVP_MD_CTX_free(ctx); /* * Mix in the current chunk of the password, and copy * the result into the right place in the request. Also @@ -126,21 +140,28 @@ static void insert_request_authenticator(struct rad_handle *h, int resp) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; + unsigned int digest_len; const struct rad_server *srvp; srvp = &h->servers[h->srv]; /* Create the request authenticator */ - MD5Init(&ctx); - MD5Update(&ctx, &h->out[POS_CODE], POS_AUTH - POS_CODE); + ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + EVP_DigestUpdate(ctx, &h->out[POS_CODE], POS_AUTH - POS_CODE); if (resp) - MD5Update(&ctx, &h->in[POS_AUTH], LEN_AUTH); + EVP_DigestUpdate(ctx, &h->in[POS_AUTH], LEN_AUTH); else - MD5Update(&ctx, &h->out[POS_AUTH], LEN_AUTH); - MD5Update(&ctx, &h->out[POS_ATTRS], h->out_len - POS_ATTRS); - MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); - MD5Final(&h->out[POS_AUTH], &ctx); + + EVP_DigestUpdate(ctx, &h->out[POS_AUTH], LEN_AUTH); + EVP_DigestUpdate(ctx, &h->out[POS_ATTRS], h->out_len - POS_ATTRS); + EVP_DigestUpdate(ctx, srvp->secret, strlen(srvp->secret)); + EVP_DigestFinal_ex(ctx, &h->out[POS_AUTH], &digest_len); + EVP_MD_CTX_free(ctx); } static void @@ -179,7 +200,8 @@ is_valid_response(struct rad_handle *h, int srv, const struct sockaddr_storage *from) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; + unsigned int digest_len; unsigned char md5[MD5_DIGEST_LENGTH]; const struct rad_server *srvp; int len; @@ -217,12 +239,20 @@ return 0; /* Check the response authenticator */ - MD5Init(&ctx); - MD5Update(&ctx, &h->in[POS_CODE], POS_AUTH - POS_CODE); - MD5Update(&ctx, &h->out[POS_AUTH], LEN_AUTH); - MD5Update(&ctx, &h->in[POS_ATTRS], len - POS_ATTRS); - MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); - MD5Final(md5, &ctx); + ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(ctx); + return 0; + } + EVP_DigestUpdate(ctx, &h->in[POS_CODE], POS_AUTH - POS_CODE); + EVP_DigestUpdate(ctx, &h->out[POS_AUTH], LEN_AUTH); + EVP_DigestUpdate(ctx, &h->in[POS_ATTRS], len - POS_ATTRS); + EVP_DigestUpdate(ctx, srvp->secret, strlen(srvp->secret)); + if (EVP_DigestFinal_ex(ctx, md5, &digest_len) == 0) { + EVP_MD_CTX_free(ctx); + return 0; + } + EVP_MD_CTX_free(ctx); if (memcmp(&h->in[POS_AUTH], md5, sizeof(md5)) != 0) return 0; @@ -273,7 +303,8 @@ static int is_valid_request(struct rad_handle *h) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; + unsigned int digest_len; unsigned char md5[MD5_DIGEST_LENGTH]; const struct rad_server *srvp; int len; @@ -296,12 +327,20 @@ if (h->in[POS_CODE] != RAD_ACCESS_REQUEST) { uint32_t zeroes[4] = { 0, 0, 0, 0 }; /* Check the request authenticator */ - MD5Init(&ctx); - MD5Update(&ctx, &h->in[POS_CODE], POS_AUTH - POS_CODE); - MD5Update(&ctx, zeroes, LEN_AUTH); - MD5Update(&ctx, &h->in[POS_ATTRS], len - POS_ATTRS); - MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); - MD5Final(md5, &ctx); + ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(ctx); + return 0; + } + EVP_DigestUpdate(ctx, &h->in[POS_CODE], POS_AUTH - POS_CODE); + EVP_DigestUpdate(ctx, zeroes, LEN_AUTH); + EVP_DigestUpdate(ctx, &h->in[POS_ATTRS], len - POS_ATTRS); + EVP_DigestUpdate(ctx, srvp->secret, strlen(srvp->secret)); + if (EVP_DigestFinal_ex(ctx, md5, &digest_len) == 0) { + EVP_MD_CTX_free(ctx); + return 0; + } + EVP_MD_CTX_free(ctx); if (memcmp(&h->in[POS_AUTH], md5, sizeof(md5)) != 0) return (0); } @@ -1615,7 +1654,8 @@ char R[LEN_AUTH]; const char *S; int i, Ppos; - MD5_CTX Context; + EVP_MD_CTX *Context; + unsigned int digest_len; u_char b[MD5_DIGEST_LENGTH], *C, *demangled; if ((mlen % 16 != 0) || mlen > 128) { @@ -1639,10 +1679,18 @@ if (!demangled) return NULL; - MD5Init(&Context); - MD5Update(&Context, S, strlen(S)); - MD5Update(&Context, R, LEN_AUTH); - MD5Final(b, &Context); + Context = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(Context, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_DigestUpdate(Context, S, strlen(S)); + EVP_DigestUpdate(Context, R, LEN_AUTH); + if (EVP_DigestFinal_ex(Context, b, &digest_len) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_MD_CTX_free(Context); Ppos = 0; while (mlen) { @@ -1651,10 +1699,18 @@ demangled[Ppos++] = C[i] ^ b[i]; if (mlen) { - MD5Init(&Context); - MD5Update(&Context, S, strlen(S)); - MD5Update(&Context, C, 16); - MD5Final(b, &Context); + Context = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(Context, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_DigestUpdate(Context, S, strlen(S)); + EVP_DigestUpdate(Context, C, 16); + if (EVP_DigestFinal_ex(Context, b, &digest_len) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_MD_CTX_free(Context); } C += 16; @@ -1671,7 +1727,8 @@ const char *S; u_char b[MD5_DIGEST_LENGTH], *demangled; const u_char *A, *C; - MD5_CTX Context; + EVP_MD_CTX *Context; + unsigned int digest_len; int Slen, i, Clen, Ppos; u_char *P; @@ -1694,11 +1751,19 @@ Slen = strlen(S); P = alloca(Clen); /* We derive our plaintext */ - MD5Init(&Context); - MD5Update(&Context, S, Slen); - MD5Update(&Context, R, LEN_AUTH); - MD5Update(&Context, A, SALT_LEN); - MD5Final(b, &Context); + Context = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(Context, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_DigestUpdate(Context, S, Slen); + EVP_DigestUpdate(Context, R, LEN_AUTH); + EVP_DigestUpdate(Context, A, SALT_LEN); + if (EVP_DigestFinal_ex(Context, b, &digest_len) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_MD_CTX_free(Context); Ppos = 0; while (Clen) { @@ -1708,10 +1773,18 @@ P[Ppos++] = C[i] ^ b[i]; if (Clen) { - MD5Init(&Context); - MD5Update(&Context, S, Slen); - MD5Update(&Context, C, 16); - MD5Final(b, &Context); + Context = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(Context, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_DigestUpdate(Context, S, Slen); + EVP_DigestUpdate(Context, C, 16); + if (EVP_DigestFinal_ex(Context, b, &digest_len) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_MD_CTX_free(Context); } C += 16; Index: /branches/amp_4_0/src/library/libexauth/taclib.c =================================================================== --- /branches/amp_4_0/src/library/libexauth/taclib.c (revision 2634) +++ /branches/amp_4_0/src/library/libexauth/taclib.c (working copy) @@ -314,8 +314,9 @@ crypt_msg(struct tac_handle *h, struct tac_msg *msg) { const char *secret; - MD5_CTX base_ctx; - MD5_CTX ctx; + EVP_MD_CTX *ctx; + EVP_MD_CTX *base_ctx; + unsigned int digest_len; unsigned char md5[16]; int chunk; int msg_len; @@ -328,18 +329,25 @@ msg_len = ntohl(msg->length); - MD5Init(&base_ctx); - MD5Update(&base_ctx, msg->session_id, sizeof msg->session_id); - MD5Update(&base_ctx, secret, strlen(secret)); - MD5Update(&base_ctx, &msg->version, sizeof msg->version); - MD5Update(&base_ctx, &msg->seq_no, sizeof msg->seq_no); + base_ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(base_ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(base_ctx); + return; + } + EVP_DigestUpdate(base_ctx, msg->session_id, sizeof msg->session_id); + EVP_DigestUpdate(base_ctx, secret, strlen(secret)); + EVP_DigestUpdate(base_ctx, secret, strlen(secret)); + EVP_DigestUpdate(base_ctx, &msg->version, sizeof msg->version); ctx = base_ctx; for (chunk = 0; chunk < msg_len; chunk += sizeof md5) { int chunk_len; int i; - MD5Final(md5, &ctx); + if (EVP_DigestFinal_ex(base_ctx, md5, &digest_len) == 0) { + EVP_MD_CTX_free(base_ctx); + return; + } if ((chunk_len = msg_len - chunk) > sizeof md5) chunk_len = sizeof md5; @@ -347,8 +355,9 @@ msg->u.body[chunk + i] ^= md5[i]; ctx = base_ctx; - MD5Update(&ctx, md5, sizeof md5); + EVP_DigestUpdate(ctx, md5, sizeof md5); } + EVP_MD_CTX_free(base_ctx); } /*