Index: /branches/amp_4_0/Makefile.master =================================================================== --- /branches/amp_4_0/Makefile.master (revision 2634) +++ /branches/amp_4_0/Makefile.master (working copy) @@ -30,7 +30,7 @@ # commom cc flag FLAGS_BASE=-Wformat -Wall -Werror -O -JSON_LIB= -ljson-c +#JSON_LIB= -ljson-c #FLAGS=${FLAGS_BASE} -ansi -pedantic FLAGS=${FLAGS_BASE} Index: /branches/amp_4_0/amp.spec =================================================================== --- /branches/amp_4_0/amp.spec (revision 2634) +++ /branches/amp_4_0/amp.spec (working copy) @@ -1,3 +1,6 @@ +# Disable debuginfo, since we package a stripped upstream binary. +%global debug_package %{nil} + Name: amp Version: 4.0.0 Release: 1%{?dist} @@ -185,12 +188,12 @@ install -Dm 0755 src/webui_agent/webui_agent %{buildroot}/ca/bin/ install -Dm 0755 src/webui_monitor/webui_monitor %{buildroot}/ca/bin/ cp -r src/webui/webui/* %{buildroot}/ca/webui -install -Dm 0755 src/openssh/openssh-6.6p1/sshd %{buildroot}/ca/bin/ -install -Dm 0755 src/openssh/openssh-6.6p1/ssh %{buildroot}/ca/bin/ +install -Dm 0755 src/openssh/openssh-9.9p1/sshd %{buildroot}/ca/bin/ +install -Dm 0755 src/openssh/openssh-9.9p1/ssh %{buildroot}/ca/bin/ install -Dm 0644 src/openssh/sshd_config %{buildroot}/ca/etc/ install -Dm 0755 src/openssh/ssh-regenkey.sh %{buildroot}/ca/bin/ install -Dm 0755 src/webui/tftp/pulltftp %{buildroot}/ca/bin/ -install -Dm 0755 src/library/libpyexauth/_pyexauth.so %{buildroot}/usr/lib64/python3.13/site-packages/ +install -Dm 0755 src/library/libpyexauth/_pyexauth.cpython-313-x86_64-linux-gnu.so %{buildroot}/usr/lib64/python3.13/site-packages/ install -Dm 0644 conf/array.conf %{buildroot}/etc/NetworkManager/conf.d/array.conf install -Dm 0755 scripts/check_build.py %{buildroot}/ca/bin/check_build.py install -Dm 0755 scripts/check_adc_ssl.py %{buildroot}/ca/bin/check_adc_ssl.py @@ -202,14 +205,14 @@ cp conf/dashboard.ndjson %{buildroot}/ca/bin/ cp scripts/import_kibana_dashboard.sh %{buildroot}/ca/bin/ cp lib/composer/composer-2.5.0.2.tgz %{buildroot}/ca/etc/ -mkdir -p /ca/webui/htdocs/new/src/hive/media/docs +mkdir -p %{buildroot}/ca/webui/htdocs/new/src/hive/media/docs %files %defattr(-,root,root,-) %attr (755,root,root)/usr/bin/telnet %attr (755,root,root)/usr/bin/wget -%attr (755,root,root)/usr/lib64/libpcap.so.1 -%attr (755,root,root)/usr/lib64/libpcap.so.1.5.3 +/usr/lib64/libpcap.so.1 +/usr/lib64/libpcap.so.1.5.3 %attr (755,root,root)/usr/sbin/tcpdump %attr (755,root,root)/usr/sbin/tcpslice %attr (755,root,root)/usr/bin/rsync @@ -264,7 +267,7 @@ %attr (755,root,root)/ca/bin/ssh-regenkey.sh %attr (644,root,root)/ca/etc/sshd_config %attr (755,root,root)/ca/bin/pulltftp -%attr (755,root,root)/usr/lib64/python3.13/site-packages/_pyexauth.so +%attr (755,root,root)/usr/lib64/python3.13/site-packages/_pyexauth.cpython-313-x86_64-linux-gnu.so #%attr (755,root,root)/usr/lib64/python3.13/site-packages/_cffi_backend.so %attr (644,root,root)/etc/NetworkManager/conf.d/array.conf %attr (755,root,root)/ca/bin/check_build.py Index: /branches/amp_4_0/scripts/avxrepocreate.py =================================================================== --- /branches/amp_4_0/scripts/avxrepocreate.py (revision 2634) +++ /branches/amp_4_0/scripts/avxrepocreate.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by Index: /branches/amp_4_0/scripts/bond_operation.py =================================================================== --- /branches/amp_4_0/scripts/bond_operation.py (revision 2634) +++ /branches/amp_4_0/scripts/bond_operation.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by Index: /branches/amp_4_0/scripts/check_adc_ssl.py =================================================================== --- /branches/amp_4_0/scripts/check_adc_ssl.py (revision 2634) +++ /branches/amp_4_0/scripts/check_adc_ssl.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 import json import sys from StringIO import StringIO Index: /branches/amp_4_0/scripts/check_build.py =================================================================== --- /branches/amp_4_0/scripts/check_build.py (revision 2634) +++ /branches/amp_4_0/scripts/check_build.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 import psycopg2 import os import json Index: /branches/amp_4_0/scripts/docker_operation.py =================================================================== --- /branches/amp_4_0/scripts/docker_operation.py (revision 2634) +++ /branches/amp_4_0/scripts/docker_operation.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by Index: /branches/amp_4_0/scripts/init_network.py =================================================================== --- /branches/amp_4_0/scripts/init_network.py (revision 2634) +++ /branches/amp_4_0/scripts/init_network.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 from glob import glob from time import sleep Index: /branches/amp_4_0/scripts/mailnotify.py =================================================================== --- /branches/amp_4_0/scripts/mailnotify.py (revision 2634) +++ /branches/amp_4_0/scripts/mailnotify.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 from email.mime.text import MIMEText from subprocess import Popen, PIPE Index: /branches/amp_4_0/scripts/mgmt_interface.py =================================================================== --- /branches/amp_4_0/scripts/mgmt_interface.py (revision 2634) +++ /branches/amp_4_0/scripts/mgmt_interface.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 from glob import glob import os Index: /branches/amp_4_0/scripts/reloadmacpool.py =================================================================== --- /branches/amp_4_0/scripts/reloadmacpool.py (revision 2634) +++ /branches/amp_4_0/scripts/reloadmacpool.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 import os import shutil Index: /branches/amp_4_0/src/backend/backend.c =================================================================== --- /branches/amp_4_0/src/backend/backend.c (revision 2634) +++ /branches/amp_4_0/src/backend/backend.c (working copy) @@ -37,7 +37,6 @@ #include #include #include -#include #include "clickarray.h" #include "proxy_shm.h" @@ -927,7 +926,6 @@ shutdown(sock_listen_cli_loopback, SHUT_RDWR); shutdown(sock_listen_rpc_loopback, SHUT_RDWR); - xmlCleanupParser(); /*detach the shared memory*/ if (shmdt(cluster_node) < 0) { } Index: /branches/amp_4_0/src/backend/engineering.c =================================================================== --- /branches/amp_4_0/src/backend/engineering.c (revision 2634) +++ /branches/amp_4_0/src/backend/engineering.c (working copy) @@ -151,7 +151,7 @@ globs anyone? */ int test_challenge(char* challenge, char* response, char* pub_key_path) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; EVP_PKEY *pkey; X509 *x509; FILE *fp; @@ -229,10 +229,10 @@ return FALSE; } - EVP_VerifyInit(&md_ctx, EVP_sha1()); - EVP_VerifyUpdate(&md_ctx, challenge, strlen(challenge)); + EVP_VerifyInit(md_ctx, EVP_sha1()); + EVP_VerifyUpdate(md_ctx, challenge, strlen(challenge)); - if (! EVP_VerifyFinal(&md_ctx, sig, sig_len, pkey)) { + if (! EVP_VerifyFinal(md_ctx, sig, sig_len, pkey)) { free(sig); EVP_PKEY_free(pkey); return FALSE; /* and after all that they give us a bad sig! */ Index: /branches/amp_4_0/src/backend/ext_update.c =================================================================== --- /branches/amp_4_0/src/backend/ext_update.c (revision 2634) +++ /branches/amp_4_0/src/backend/ext_update.c (working copy) @@ -57,7 +57,7 @@ return -1; } - fgets(qp_buf, 512, fp); + fgets(qp_buf, AMP_BUF_SIZE, fp); pclose(fp); if (strstr(qp_buf, "error")) { @@ -150,7 +150,7 @@ return -1; } - fgets(qp_buf, 512, fp); + fgets(qp_buf, AMP_BUF_SIZE, fp); pclose(fp); if (strstr(qp_buf, "error")) { @@ -184,7 +184,7 @@ return -1; } - fgets(check_buf, 512, aq_fp); + fgets(check_buf, AMP_BUF_SIZE, aq_fp); pclose(aq_fp); if (strlen(check_buf) == 0 || check_buf[0] == '\0') { @@ -340,4 +340,4 @@ free(package_tar); } return ret; -} \ No newline at end of file +} Index: /branches/amp_4_0/src/backend/ntp.c =================================================================== --- /branches/amp_4_0/src/backend/ntp.c (revision 2634) +++ /branches/amp_4_0/src/backend/ntp.c (working copy) @@ -177,7 +177,7 @@ int ui_ntp_on(){ pid_t pid; - char cmd[256] = {0}; + char cmd[1024] = {0}; char ip[256] = {0}; if(isntpon()){ Index: /branches/amp_4_0/src/backend/recovery.c =================================================================== --- /branches/amp_4_0/src/backend/recovery.c (revision 2634) +++ /branches/amp_4_0/src/backend/recovery.c (working copy) @@ -237,7 +237,7 @@ /* this globs anyone? */ int test_challenge(char* challenge,char* response,char* pub_key_path) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; EVP_PKEY *pkey; X509 *x509; FILE *fp; @@ -340,9 +340,9 @@ return FALSE; } - EVP_VerifyInit(&md_ctx,EVP_sha1()); - EVP_VerifyUpdate(&md_ctx,challenge,strlen(challenge)); - if (! EVP_VerifyFinal(&md_ctx,sig,sig_len,pkey)) { + EVP_VerifyInit(md_ctx,EVP_sha1()); + EVP_VerifyUpdate(md_ctx,challenge,strlen(challenge)); + if (! EVP_VerifyFinal(md_ctx,sig,sig_len,pkey)) { free(sig); EVP_PKEY_free(pkey); return FALSE; /* and after all that they give us a bad sig! */ Index: /branches/amp_4_0/src/backend/sys_time.c =================================================================== --- /branches/amp_4_0/src/backend/sys_time.c (revision 2634) +++ /branches/amp_4_0/src/backend/sys_time.c (working copy) @@ -1235,7 +1235,7 @@ char line[MAX_LINE_SIZE + 1]; FILE *fp = NULL; - if ((str = (char *)malloc(MAX_LINE_SIZE + 1)) == NULL) { + if ((str = (char *)malloc(MAX_LINE_SIZE + strlen(SYS_TZ_STR) + 6)) == NULL) { return NULL; } bzero(str, (MAX_LINE_SIZE + 1)); @@ -1267,7 +1267,7 @@ fgets(line, (MAX_LINE_SIZE + 1), fp); fclose(fp); - snprintf(str, (MAX_LINE_SIZE + 1), "%s \"%s\"\n", SYS_TZ_STR, line); + snprintf(str, (MAX_LINE_SIZE + strlen(SYS_TZ_STR) + 6), "%s \"%s\"\n", SYS_TZ_STR, line); return str; } Index: /branches/amp_4_0/src/backend/sys_tool.c =================================================================== --- /branches/amp_4_0/src/backend/sys_tool.c (revision 2634) +++ /branches/amp_4_0/src/backend/sys_tool.c (working copy) @@ -1074,7 +1074,7 @@ int fd; FILE *fp; int max_buff = 2048; - char cmd[max_buff] = ""; + char cmd[MAX_LINE_SIZE + 1] = ""; printf("%-10s %-20s %s\n", "length", "date/time", "name"); dirp = opendir(my_dir); Index: /branches/amp_4_0/src/backend/users.c =================================================================== --- /branches/amp_4_0/src/backend/users.c (revision 2634) +++ /branches/amp_4_0/src/backend/users.c (working copy) @@ -32,6 +32,7 @@ #include #include #include +#include #include #include "ca_ui.h" @@ -832,9 +833,10 @@ enable_test_account(void) { struct spwd *sp = NULL; - SHA_CTX context; + EVP_MD_CTX *context; char serial_num[LICKEYLEN_MAX]; - unsigned char serial_sha1[SHA_DIGEST_LENGTH]; + unsigned char serial_sha1[EVP_MAX_MD_SIZE]; + unsigned int md_len = EVP_MAX_MD_SIZE; char pass[PASSWD_STR_LEN]; char *enc_pass = NULL; int i; @@ -847,12 +849,30 @@ return -1; } - SHA1_Init(&context); - SHA1_Update(&context, serial_num, strlen(serial_num)); - SHA1_Final(serial_sha1, &context); + context = EVP_MD_CTX_new(); + if (context == NULL) { + perror("EVP_MD_CTX_new failed"); + return -1; + } + if (EVP_DigestInit_ex(context, EVP_sha1(), NULL) != 1) { + perror("EVP_DigestInit_ex failed"); + EVP_MD_CTX_free(context); + return -1; + } + if (EVP_DigestUpdate(context, serial_num, strlen(serial_num)) != 1) { + perror("EVP_DigestUpdate failed"); + EVP_MD_CTX_free(context); + return -1; + } + if (EVP_DigestFinal_ex(context, serial_sha1, &md_len) != 1) { + perror("EVP_DigestFinal_ex failed"); + EVP_MD_CTX_free(context); + return -1; + } + EVP_MD_CTX_free(context); for (i = 0; i < PASSWD_LEN; i++) { - serial_sha1[i] ^= serial_sha1[SHA_DIGEST_LENGTH - 1 - i]; + serial_sha1[i] ^= serial_sha1[md_len - 1 - i]; } for (i = 0; i < PASSWD_LEN; i++) { Index: /branches/amp_4_0/src/generator/Makefile =================================================================== --- /branches/amp_4_0/src/generator/Makefile (revision 2634) +++ /branches/amp_4_0/src/generator/Makefile (working copy) @@ -23,15 +23,15 @@ all : libparser.a -arrayos_Command_Tree.txt arrayos_Command_Tree.html ${LEX_SRC} ${YACC_SRC} \ +arrayos_Command_Tree.txt arrayos_Command_Tree.html gen.h ${LEX_SRC} ${YACC_SRC} \ : gen_bison.pl \ gen_bison.pm gen_flex.pm gen_h.pm gen_tree.pm gen_html.pm commands.pm - $(PERL) -w gen_bison.pl + $(PERL) -w -I ${.CURDIR}./ ${.CURDIR}./gen_bison.pl ( cp gen.h ../) #arrayos tab.c file arrayos_user.tab.c : arrayos_user.y - ${YACC} -p arrayos_user -d arrayos_user.y -v + ${YACC} ${YACC_DEBUG} -p arrayos_user -b arrayos_user -d arrayos_user.y arrayos_enable.tab.c : arrayos_enable.y ${YACC} -p arrayos_enable -d arrayos_enable.y -v arrayos_config.tab.c : arrayos_config.y Index: /branches/amp_4_0/src/library/avx_log/avx_log.h =================================================================== --- /branches/amp_4_0/src/library/avx_log/avx_log.h (revision 2634) +++ /branches/amp_4_0/src/library/avx_log/avx_log.h (working copy) @@ -74,6 +74,7 @@ SSHD_LOGIN_MSG_SEND, SSHD_LOGIN_GETPID, SSHD_LOGIN_MSG_RCV, + AUTH_USER_LOCK, LOG_IDX_MAX }; Index: /branches/amp_4_0/src/library/avxnet/avxnet.c =================================================================== --- /branches/amp_4_0/src/library/avxnet/avxnet.c (revision 2634) +++ /branches/amp_4_0/src/library/avxnet/avxnet.c (working copy) @@ -228,7 +228,7 @@ FILE *fd = NULL; struct sockaddr snet_target; struct sockaddr_in * sin; - char gate_addr[128], net_addr[128]; + char gate_addr[128], net_addr[256]; char buf[1024], iface[16]; if (AF_INET == family) { Index: /branches/amp_4_0/src/library/ca_ui/ca_ui.c =================================================================== --- /branches/amp_4_0/src/library/ca_ui/ca_ui.c (revision 2634) +++ /branches/amp_4_0/src/library/ca_ui/ca_ui.c (working copy) @@ -968,7 +968,7 @@ int set_prompt(char *prompt, int len) { - char snode[MAX_LONG_TOKEN_SIZE + 1] = ""; + char snode[4 * MAX_LONG_TOKEN_SIZE + 1] = ""; char smode[MAX_LONG_TOKEN_SIZE + 1] = ""; /*zero strings*/ memset(snode, 0, sizeof(snode)); Index: /branches/amp_4_0/src/library/libexauth/auth_ext_ipc.c =================================================================== --- /branches/amp_4_0/src/library/libexauth/auth_ext_ipc.c (revision 2634) +++ /branches/amp_4_0/src/library/libexauth/auth_ext_ipc.c (working copy) @@ -436,6 +436,9 @@ unsigned char temp[2 * SECRET_LEN]; int len; int i; + int ret; + int outlen; + EVP_CIPHER_CTX *ctx; memcpy(temp, secret_in, SECRET_LEN); len = strlen((char *)temp) + 1; @@ -452,15 +455,38 @@ iv[i] = seed_iv[i % sizeof(seed_iv)]; } - if (AES_set_encrypt_key(key, 128, &aes_key) < 0) { - return -1; - } - - AES_cbc_encrypt(secret_in, temp, len, &aes_key, iv, AES_ENCRYPT); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + { + fprintf(stderr, "%s %s:%u - EVP_CIPHER_CTX_new failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + if (ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_EncryptInit_ex failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + EVP_EncryptUpdate(ctx, temp, &outlen, secret_in, len); + if (ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_EncryptUpdate failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_EncryptFinal_ex(ctx, temp + outlen, &outlen); + if (ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_EncryptFinal_ex failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } EVP_EncodeBlock(secret_out, temp, len); + if (ctx) EVP_CIPHER_CTX_free(ctx); return 0; +ErrP: + if (ctx) EVP_CIPHER_CTX_free(ctx); + return -1; } /*********************************************************************** @@ -484,6 +510,9 @@ unsigned char temp[2 * SECRET_LEN]; int len; int i; + int ret; + int inlen; + EVP_CIPHER_CTX *ctx; memcpy(temp, secret_in, 2 * SECRET_LEN); temp[2 * SECRET_LEN - 1] = '\0'; @@ -514,13 +543,36 @@ iv[i] = seed_iv[i % sizeof(seed_iv)]; } - if (AES_set_decrypt_key(key, 128, &aes_key) < 0) { - return -1; - } - - AES_cbc_encrypt(temp, secret_out, len, &aes_key, iv, AES_DECRYPT); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + { + fprintf(stderr, "%s %s:%u - EVP_CIPHER_CTX_new failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv); + if(ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_DecryptUpdate failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_DecryptUpdate(ctx, secret_out, &inlen, temp, len); + if(ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_DecryptUpdate failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + ret = EVP_DecryptFinal_ex(ctx, secret_out + inlen, &inlen); + if(ret <= 0) + { + fprintf(stderr, "%s %s:%u - EVP_DecryptFinal_ex failed\n", __FUNCTION__, __FILE__, __LINE__); + goto ErrP; + } + if (ctx) EVP_CIPHER_CTX_free(ctx); return 0; +ErrP: + if (ctx) EVP_CIPHER_CTX_free(ctx); + return -1; } #undef AES_BLOCK_SIZE Index: /branches/amp_4_0/src/library/libexauth/radlib.c =================================================================== --- /branches/amp_4_0/src/library/libexauth/radlib.c (revision 2634) +++ /branches/amp_4_0/src/library/libexauth/radlib.c (working copy) @@ -92,11 +92,12 @@ static void insert_scrambled_password(struct rad_handle *h, int srv) { - MD5_CTX ctx; unsigned char md5[MD5_DIGEST_LENGTH]; const struct rad_server *srvp; int padded_len; int pos; + EVP_MD_CTX *ctx; + unsigned int digest_len; srvp = &h->servers[srv]; padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf; @@ -106,11 +107,24 @@ int i; /* Calculate the new scrambler */ - MD5Init(&ctx); - MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); - MD5Update(&ctx, md5, 16); - MD5Final(md5, &ctx); - + ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + if (EVP_DigestUpdate(ctx, srvp->secret, strlen(srvp->secret)) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + if (EVP_DigestUpdate(ctx, md5, 16) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + if (EVP_DigestFinal_ex(ctx, md5, &digest_len) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + EVP_MD_CTX_free(ctx); /* * Mix in the current chunk of the password, and copy * the result into the right place in the request. Also @@ -126,21 +140,28 @@ static void insert_request_authenticator(struct rad_handle *h, int resp) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; + unsigned int digest_len; const struct rad_server *srvp; srvp = &h->servers[h->srv]; /* Create the request authenticator */ - MD5Init(&ctx); - MD5Update(&ctx, &h->out[POS_CODE], POS_AUTH - POS_CODE); + ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(ctx); + return; + } + EVP_DigestUpdate(ctx, &h->out[POS_CODE], POS_AUTH - POS_CODE); if (resp) - MD5Update(&ctx, &h->in[POS_AUTH], LEN_AUTH); + EVP_DigestUpdate(ctx, &h->in[POS_AUTH], LEN_AUTH); else - MD5Update(&ctx, &h->out[POS_AUTH], LEN_AUTH); - MD5Update(&ctx, &h->out[POS_ATTRS], h->out_len - POS_ATTRS); - MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); - MD5Final(&h->out[POS_AUTH], &ctx); + + EVP_DigestUpdate(ctx, &h->out[POS_AUTH], LEN_AUTH); + EVP_DigestUpdate(ctx, &h->out[POS_ATTRS], h->out_len - POS_ATTRS); + EVP_DigestUpdate(ctx, srvp->secret, strlen(srvp->secret)); + EVP_DigestFinal_ex(ctx, &h->out[POS_AUTH], &digest_len); + EVP_MD_CTX_free(ctx); } static void @@ -179,7 +200,8 @@ is_valid_response(struct rad_handle *h, int srv, const struct sockaddr_storage *from) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; + unsigned int digest_len; unsigned char md5[MD5_DIGEST_LENGTH]; const struct rad_server *srvp; int len; @@ -217,12 +239,20 @@ return 0; /* Check the response authenticator */ - MD5Init(&ctx); - MD5Update(&ctx, &h->in[POS_CODE], POS_AUTH - POS_CODE); - MD5Update(&ctx, &h->out[POS_AUTH], LEN_AUTH); - MD5Update(&ctx, &h->in[POS_ATTRS], len - POS_ATTRS); - MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); - MD5Final(md5, &ctx); + ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(ctx); + return 0; + } + EVP_DigestUpdate(ctx, &h->in[POS_CODE], POS_AUTH - POS_CODE); + EVP_DigestUpdate(ctx, &h->out[POS_AUTH], LEN_AUTH); + EVP_DigestUpdate(ctx, &h->in[POS_ATTRS], len - POS_ATTRS); + EVP_DigestUpdate(ctx, srvp->secret, strlen(srvp->secret)); + if (EVP_DigestFinal_ex(ctx, md5, &digest_len) == 0) { + EVP_MD_CTX_free(ctx); + return 0; + } + EVP_MD_CTX_free(ctx); if (memcmp(&h->in[POS_AUTH], md5, sizeof(md5)) != 0) return 0; @@ -273,7 +303,8 @@ static int is_valid_request(struct rad_handle *h) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; + unsigned int digest_len; unsigned char md5[MD5_DIGEST_LENGTH]; const struct rad_server *srvp; int len; @@ -296,12 +327,20 @@ if (h->in[POS_CODE] != RAD_ACCESS_REQUEST) { uint32_t zeroes[4] = { 0, 0, 0, 0 }; /* Check the request authenticator */ - MD5Init(&ctx); - MD5Update(&ctx, &h->in[POS_CODE], POS_AUTH - POS_CODE); - MD5Update(&ctx, zeroes, LEN_AUTH); - MD5Update(&ctx, &h->in[POS_ATTRS], len - POS_ATTRS); - MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); - MD5Final(md5, &ctx); + ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(ctx); + return 0; + } + EVP_DigestUpdate(ctx, &h->in[POS_CODE], POS_AUTH - POS_CODE); + EVP_DigestUpdate(ctx, zeroes, LEN_AUTH); + EVP_DigestUpdate(ctx, &h->in[POS_ATTRS], len - POS_ATTRS); + EVP_DigestUpdate(ctx, srvp->secret, strlen(srvp->secret)); + if (EVP_DigestFinal_ex(ctx, md5, &digest_len) == 0) { + EVP_MD_CTX_free(ctx); + return 0; + } + EVP_MD_CTX_free(ctx); if (memcmp(&h->in[POS_AUTH], md5, sizeof(md5)) != 0) return (0); } @@ -1615,7 +1654,8 @@ char R[LEN_AUTH]; const char *S; int i, Ppos; - MD5_CTX Context; + EVP_MD_CTX *Context; + unsigned int digest_len; u_char b[MD5_DIGEST_LENGTH], *C, *demangled; if ((mlen % 16 != 0) || mlen > 128) { @@ -1639,10 +1679,18 @@ if (!demangled) return NULL; - MD5Init(&Context); - MD5Update(&Context, S, strlen(S)); - MD5Update(&Context, R, LEN_AUTH); - MD5Final(b, &Context); + Context = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(Context, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_DigestUpdate(Context, S, strlen(S)); + EVP_DigestUpdate(Context, R, LEN_AUTH); + if (EVP_DigestFinal_ex(Context, b, &digest_len) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_MD_CTX_free(Context); Ppos = 0; while (mlen) { @@ -1651,10 +1699,18 @@ demangled[Ppos++] = C[i] ^ b[i]; if (mlen) { - MD5Init(&Context); - MD5Update(&Context, S, strlen(S)); - MD5Update(&Context, C, 16); - MD5Final(b, &Context); + Context = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(Context, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_DigestUpdate(Context, S, strlen(S)); + EVP_DigestUpdate(Context, C, 16); + if (EVP_DigestFinal_ex(Context, b, &digest_len) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_MD_CTX_free(Context); } C += 16; @@ -1671,7 +1727,8 @@ const char *S; u_char b[MD5_DIGEST_LENGTH], *demangled; const u_char *A, *C; - MD5_CTX Context; + EVP_MD_CTX *Context; + unsigned int digest_len; int Slen, i, Clen, Ppos; u_char *P; @@ -1694,11 +1751,19 @@ Slen = strlen(S); P = alloca(Clen); /* We derive our plaintext */ - MD5Init(&Context); - MD5Update(&Context, S, Slen); - MD5Update(&Context, R, LEN_AUTH); - MD5Update(&Context, A, SALT_LEN); - MD5Final(b, &Context); + Context = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(Context, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_DigestUpdate(Context, S, Slen); + EVP_DigestUpdate(Context, R, LEN_AUTH); + EVP_DigestUpdate(Context, A, SALT_LEN); + if (EVP_DigestFinal_ex(Context, b, &digest_len) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_MD_CTX_free(Context); Ppos = 0; while (Clen) { @@ -1708,10 +1773,18 @@ P[Ppos++] = C[i] ^ b[i]; if (Clen) { - MD5Init(&Context); - MD5Update(&Context, S, Slen); - MD5Update(&Context, C, 16); - MD5Final(b, &Context); + Context = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(Context, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_DigestUpdate(Context, S, Slen); + EVP_DigestUpdate(Context, C, 16); + if (EVP_DigestFinal_ex(Context, b, &digest_len) == 0) { + EVP_MD_CTX_free(Context); + return NULL; + } + EVP_MD_CTX_free(Context); } C += 16; Index: /branches/amp_4_0/src/library/libexauth/taclib.c =================================================================== --- /branches/amp_4_0/src/library/libexauth/taclib.c (revision 2634) +++ /branches/amp_4_0/src/library/libexauth/taclib.c (working copy) @@ -314,8 +314,9 @@ crypt_msg(struct tac_handle *h, struct tac_msg *msg) { const char *secret; - MD5_CTX base_ctx; - MD5_CTX ctx; + EVP_MD_CTX *ctx; + EVP_MD_CTX *base_ctx; + unsigned int digest_len; unsigned char md5[16]; int chunk; int msg_len; @@ -328,18 +329,25 @@ msg_len = ntohl(msg->length); - MD5Init(&base_ctx); - MD5Update(&base_ctx, msg->session_id, sizeof msg->session_id); - MD5Update(&base_ctx, secret, strlen(secret)); - MD5Update(&base_ctx, &msg->version, sizeof msg->version); - MD5Update(&base_ctx, &msg->seq_no, sizeof msg->seq_no); + base_ctx = EVP_MD_CTX_new(); + if (EVP_DigestInit_ex(base_ctx, EVP_md5(), NULL) == 0) { + EVP_MD_CTX_free(base_ctx); + return; + } + EVP_DigestUpdate(base_ctx, msg->session_id, sizeof msg->session_id); + EVP_DigestUpdate(base_ctx, secret, strlen(secret)); + EVP_DigestUpdate(base_ctx, secret, strlen(secret)); + EVP_DigestUpdate(base_ctx, &msg->version, sizeof msg->version); ctx = base_ctx; for (chunk = 0; chunk < msg_len; chunk += sizeof md5) { int chunk_len; int i; - MD5Final(md5, &ctx); + if (EVP_DigestFinal_ex(base_ctx, md5, &digest_len) == 0) { + EVP_MD_CTX_free(base_ctx); + return; + } if ((chunk_len = msg_len - chunk) > sizeof md5) chunk_len = sizeof md5; @@ -347,8 +355,9 @@ msg->u.body[chunk + i] ^= md5[i]; ctx = base_ctx; - MD5Update(&ctx, md5, sizeof md5); + EVP_DigestUpdate(ctx, md5, sizeof md5); } + EVP_MD_CTX_free(base_ctx); } /* Index: /branches/amp_4_0/src/library/libpyexauth/Makefile =================================================================== --- /branches/amp_4_0/src/library/libpyexauth/Makefile (revision 2634) +++ /branches/amp_4_0/src/library/libpyexauth/Makefile (working copy) @@ -5,7 +5,7 @@ all: _pyexauth.so _pyexauth.so: - cd ./$(.CURDIR) && python3 ./$(.CURDIR)/pyexauth_build.py + cd ./$(.CURDIR) && python3.13 pyexauth_build.py install: install -m 755 ./$(.CURDIR)/_pyexauth.so ./$(.CURDIR)/../../webui/webui/htdocs/new/src/hive Index: /branches/amp_4_0/src/library/libpyexauth/_cffi_backend.so =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: /branches/amp_4_0/src/library/libpyexauth/pyexauth_build.py =================================================================== --- /branches/amp_4_0/src/library/libpyexauth/pyexauth_build.py (revision 2634) +++ /branches/amp_4_0/src/library/libpyexauth/pyexauth_build.py (working copy) @@ -4,6 +4,8 @@ from cffi import FFI ffi = FFI() +apath="/home/admin/amp/madhuri/amp_4_0/build/array/BUILD/amp-4.0.0/src/library" + ffi.cdef("int is_external_auth_on();") ffi.cdef("int exauth_priority();") ffi.cdef("int external_auth(char*, char*);") @@ -20,8 +22,8 @@ exauth_conf_t g_exauth_conf; exauth_conf_t *shm_p = NULL; """, - include_dirs=["../libexauth", "../libpyauth"], - library_dirs=["../libexauth", "../avx_log", "../libpyauth"], + include_dirs=[f"{apath}/libexauth", f"{apath}/libpyauth"], + library_dirs=[f"{apath}/libexauth",f"{apath}/avx_log",f"{apath}/libpyauth"], libraries=["exauth", "avxlog", "ssl", "pyauth", "crypt"]) if __name__ == "__main__": Index: /branches/amp_4_0/src/openssh/Makefile =================================================================== --- /branches/amp_4_0/src/openssh/Makefile (revision 2634) +++ /branches/amp_4_0/src/openssh/Makefile (working copy) @@ -6,8 +6,9 @@ ./build.sh all clean: rm -rf openssh-6.6p1 + rm -rf openssh-9.9p1 realclean: git clean -dfx . install: - install -Dm 0755 -t ${ANROOT}/ca/bin/ ${.CURDIR}/openssh-6.6p1/sshd ${.CURDIR}/openssh-6.6p1/ssh + install -Dm 0755 -t ${ANROOT}/ca/bin/ ${.CURDIR}/openssh-9.9p1/sshd ${.CURDIR}/openssh-9.9p1/ssh install -Dm 0755 -t ${ANROOT}/ca/etc/ ${.CURDIR}/sshd_config Index: /branches/amp_4_0/src/openssh/build.sh =================================================================== --- /branches/amp_4_0/src/openssh/build.sh (revision 2634) +++ /branches/amp_4_0/src/openssh/build.sh (working copy) @@ -1,17 +1,17 @@ #!/usr/bin/env bash -if [ ! -d openssh-6.6p1 ] +if [ ! -d openssh-9.9p1 ] then - if [ -f openssh-6.6p1.tar.gz ] + if [ -f openssh-9.9p1.tar.gz ] then - tar xvf openssh-6.6p1.tar.gz - cd openssh-6.6p1 + tar xvf openssh-9.9p1.tar.gz + cd openssh-9.9p1 else echo "source tar.gz file not exist!" exit 1 fi else - cd openssh-6.6p1 + cd openssh-9.9p1 fi if [ Makefile -nt configure ] @@ -27,12 +27,9 @@ cp ../click6_utils.h ./ cp ../uinet_api_types.h ./ - patch -p1 < ../array_patch - patch -p1 < ../69338.diff - patch -p1 < ../60882.diff - patch -p1 < ../72130.diff - patch -p1 < ../80026.diff - patch -p1 < ../80586.diff +# patch -p1 < ../array_patch +# patch -p1 < ../weak_mac.patch +# patch -p1 < ../CVE-2023-48795-mitigation.patch if [ $? -ne 0 ] then echo "array_patch failed!" Index: /branches/amp_4_0/src/openssh/openssh-6.6p1.tar.gz =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: /branches/amp_4_0/src/openssh/openssh-9.9p1.tar.gz =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/x-gzip Index: /branches/amp_4_0/src/openssh/openssh-9.9p1.tar.gz =================================================================== --- /branches/amp_4_0/src/openssh/openssh-9.9p1.tar.gz (revision 2634) +++ /branches/amp_4_0/src/openssh/openssh-9.9p1.tar.gz (working copy) Property changes on: src/openssh/openssh-9.9p1.tar.gz ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +application/x-gzip \ No newline at end of property Index: /branches/amp_4_0/src/webui/tftp/tftp.c =================================================================== --- /branches/amp_4_0/src/webui/tftp/tftp.c (revision 2634) +++ /branches/amp_4_0/src/webui/tftp/tftp.c (working copy) @@ -34,9 +34,9 @@ #ifndef lint #if 0 static char sccsid[] = "@(#)tftp.c 8.1 (Berkeley) 6/6/93"; -#endif static const char rcsid[] = "$FreeBSD$"; +#endif #endif /* not lint */ /* Many bug fixes are from Jim Guyton */ Index: /branches/amp_4_0/src/webui/tftp/tftpsubs.c =================================================================== --- /branches/amp_4_0/src/webui/tftp/tftpsubs.c (revision 2634) +++ /branches/amp_4_0/src/webui/tftp/tftpsubs.c (working copy) @@ -34,9 +34,9 @@ #ifndef lint #if 0 static char sccsid[] = "@(#)tftpsubs.c 8.1 (Berkeley) 6/6/93"; -#endif static const char rcsid[] = "$FreeBSD: src/usr.bin/tftp/tftpsubs.c,v 1.3 1999/08/28 01:06:25 peter Exp $"; +#endif #endif /* not lint */ /* Simple minded read-ahead/write-behind subroutines for tftp user and Index: /branches/amp_4_0/src/webui/webui/conf/build_config.py =================================================================== --- /branches/amp_4_0/src/webui/webui/conf/build_config.py (revision 2634) +++ /branches/amp_4_0/src/webui/webui/conf/build_config.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 import sys import string Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/gen_frontend.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/gen_frontend.py (revision 2634) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/gen_frontend.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 # -*- coding: iso-8859-15 -*- """ Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/setup.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/setup.py (revision 2634) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/setup.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 import os, sys from optparse import OptionParser from hive.lang import LANGS_LOCALE_DIR Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/storemon.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/storemon.py (revision 2634) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/storemon.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3.13 # encoding: utf-8 """ Data format in MongoDB Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/tools/dicttoxml.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/tools/dicttoxml.py (revision 2634) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/tools/dicttoxml.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3.13 # coding: utf-8 """ @@ -255,4 +255,4 @@ addline('<%s>%s' % (custom_root, convert(obj, ids, attr_type, parent=custom_root), custom_root)) else: addline(convert(obj, ids, attr_type, parent='')) - return ''.join(output).encode('utf-8') \ No newline at end of file + return ''.join(output).encode('utf-8') Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/tools/xmltodict.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/tools/xmltodict.py (revision 2634) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/tools/xmltodict.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3.13 "Makes working with XML feel like you are working with JSON" from xml.parsers import expat Index: /branches/amp_4_0/tools/led_test.c =================================================================== --- /branches/amp_4_0/tools/led_test.c (revision 2634) +++ /branches/amp_4_0/tools/led_test.c (working copy) @@ -13,7 +13,6 @@ #include #include -#include #include #define IDLEN 4 Index: /branches/amp_4_0/tools/sign_pack.c =================================================================== --- /branches/amp_4_0/tools/sign_pack.c (revision 2634) +++ /branches/amp_4_0/tools/sign_pack.c (working copy) @@ -33,7 +33,7 @@ char *key_name = NULL; unsigned char *sig_buff; unsigned char buff[LINE+1]; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; EVP_PKEY *pkey; FILE *fp; int amm,fd,ifd; @@ -82,15 +82,15 @@ exit(1); } /* Compute the package hash */ - EVP_SignInit(&md_ctx,EVP_sha1()); + EVP_SignInit(md_ctx,EVP_sha1()); while((amm= read(fd,buff,LINE)) > 0) { - EVP_SignUpdate(&md_ctx,buff,amm); + EVP_SignUpdate(md_ctx,buff,amm); } close(fd); /* Setup a sig buffer */ sig_buff = malloc(EVP_PKEY_size(pkey)); - if (! EVP_SignFinal(&md_ctx,sig_buff,&sig_len,pkey) ) { + if (! EVP_SignFinal(md_ctx,sig_buff,&sig_len,pkey) ) { ERR_print_errors_fp(stderr); exit(1); } Index: /branches/amp_4_0/tools/sign_unpack.c =================================================================== --- /branches/amp_4_0/tools/sign_unpack.c (revision 2634) +++ /branches/amp_4_0/tools/sign_unpack.c (working copy) @@ -34,7 +34,7 @@ int siglen; X509 *x509; EVP_PKEY *pkey; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; int ifd,ofd,amm; FILE *fp; @@ -97,13 +97,13 @@ sig = malloc(siglen); read(ifd,sig,siglen); - EVP_VerifyInit(&md_ctx, EVP_sha1()); + EVP_VerifyInit(md_ctx, EVP_sha1()); /* Read the rest of the binary as the signed data */ while((amm = read(ifd,buff,LINE)) != 0) { - EVP_VerifyUpdate(&md_ctx,buff,amm); + EVP_VerifyUpdate(md_ctx,buff,amm); } /* If this fails the package is blown and we wont extract it */ - if (! EVP_VerifyFinal(&md_ctx,sig,siglen,pkey)) { + if (! EVP_VerifyFinal(md_ctx,sig,siglen,pkey)) { ERR_print_errors_fp(stderr); exit(1); } Index: /branches/amp_4_0/update/avxupdate.py =================================================================== --- /branches/amp_4_0/update/avxupdate.py (revision 2634) +++ /branches/amp_4_0/update/avxupdate.py (working copy) @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/local/bin/python3.13 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by