lib/md5.c

   1 /* Functions to compute MD5 message digest of files or memory blocks.
   2    according to the definition of MD5 in RFC 1321 from April 1992.
   3    Copyright (C) 1995-1997, 1999-2001, 2005-2006, 2008-2014 Free Software
   4    Foundation, Inc.
   5    This file is part of the GNU C Library.
   6
   7    This program is free software; you can redistribute it and/or modify it
   8    under the terms of the GNU General Public License as published by the
   9    Free Software Foundation; either version 3, or (at your option) any
  10    later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, see <http://www.gnu.org/licenses/>.  */
  19
  20 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.  */
  21
  22 #include <config.h>
  23
  24 #if HAVE_OPENSSL_MD5
  25 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
  26 #endif
  27 #include "md5.h"
  28
  29 #include <stdalign.h>
  30 #include <stdint.h>
  31 #include <stdlib.h>
  32 #include <string.h>
  33 #include <sys/types.h>
  34
  35 #if USE_UNLOCKED_IO
  36 # include "unlocked-io.h"
  37 #endif
  38
  39 #ifdef _LIBC
  40 # include <endian.h>
  41 # if __BYTE_ORDER == __BIG_ENDIAN
  42 #  define WORDS_BIGENDIAN 1
  43 # endif
  44 /* We need to keep the namespace clean so define the MD5 function
  45    protected using leading __ .  */
  46 # define md5_init_ctx __md5_init_ctx
  47 # define md5_process_block __md5_process_block
  48 # define md5_process_bytes __md5_process_bytes
  49 # define md5_finish_ctx __md5_finish_ctx
  50 # define md5_read_ctx __md5_read_ctx
  51 # define md5_stream __md5_stream
  52 # define md5_buffer __md5_buffer
  53 #endif
  54
  55 #ifdef WORDS_BIGENDIAN
  56 # define SWAP(n)                                                        \
  57     (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
  58 #else
  59 # define SWAP(n) (n)
  60 #endif
  61
  62 #define BLOCKSIZE 32768
  63 #if BLOCKSIZE % 64 != 0
  64 # error "invalid BLOCKSIZE"
  65 #endif
  66
  67 #if ! HAVE_OPENSSL_MD5
  68 /* This array contains the bytes used to pad the buffer to the next
  69    64-byte boundary.  (RFC 1321, 3.1: Step 1)  */
  70 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
  71
  72
  73 /* Initialize structure containing state of computation.
  74    (RFC 1321, 3.3: Step 3)  */
  75 void
  76 md5_init_ctx (struct md5_ctx *ctx)
  77 {
  78   ctx->A = 0x67452301;
  79   ctx->B = 0xefcdab89;
  80   ctx->C = 0x98badcfe;
  81   ctx->D = 0x10325476;
  82
  83   ctx->total[0] = ctx->total[1] = 0;
  84   ctx->buflen = 0;
  85 }
  86
  87 /* Copy the 4 byte value from v into the memory location pointed to by *cp,
  88    If your architecture allows unaligned access this is equivalent to
  89    * (uint32_t *) cp = v  */
  90 static void
  91 set_uint32 (char *cp, uint32_t v)
  92 {
  93   memcpy (cp, &v, sizeof v);
  94 }
  95
  96 /* Put result from CTX in first 16 bytes following RESBUF.  The result
  97    must be in little endian byte order.  */
  98 void *
  99 md5_read_ctx (const struct md5_ctx *ctx, void *resbuf)
 100 {
 101   char *r = resbuf;
 102   set_uint32 (r + 0 * sizeof ctx->A, SWAP (ctx->A));
 103   set_uint32 (r + 1 * sizeof ctx->B, SWAP (ctx->B));
 104   set_uint32 (r + 2 * sizeof ctx->C, SWAP (ctx->C));
 105   set_uint32 (r + 3 * sizeof ctx->D, SWAP (ctx->D));
 106
 107   return resbuf;
 108 }
 109
 110 /* Process the remaining bytes in the internal buffer and the usual
 111    prolog according to the standard and write the result to RESBUF.  */
 112 void *
 113 md5_finish_ctx (struct md5_ctx *ctx, void *resbuf)
 114 {
 115   /* Take yet unprocessed bytes into account.  */
 116   uint32_t bytes = ctx->buflen;
 117   size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
 118
 119   /* Now count remaining bytes.  */
 120   ctx->total[0] += bytes;
 121   if (ctx->total[0] < bytes)
 122     ++ctx->total[1];
 123
 124   /* Put the 64-bit file length in *bits* at the end of the buffer.  */
 125   ctx->buffer[size - 2] = SWAP (ctx->total[0] << 3);
 126   ctx->buffer[size - 1] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
 127
 128   memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
 129
 130   /* Process last bytes.  */
 131   md5_process_block (ctx->buffer, size * 4, ctx);
 132
 133   return md5_read_ctx (ctx, resbuf);
 134 }
 135 #endif
 136
 137 /* Compute MD5 message digest for bytes read from STREAM.  The
 138    resulting message digest number will be written into the 16 bytes
 139    beginning at RESBLOCK.  */
 140 int
 141 md5_stream (FILE *stream, void *resblock)
 142 {
 143   struct md5_ctx ctx;
 144   size_t sum;
 145
 146   char *buffer = malloc (BLOCKSIZE + 72);
 147   if (!buffer)
 148     return 1;
 149
 150   /* Initialize the computation context.  */
 151   md5_init_ctx (&ctx);
 152
 153   /* Iterate over full file contents.  */
 154   while (1)
 155     {
 156       /* We read the file in blocks of BLOCKSIZE bytes.  One call of the
 157          computation function processes the whole buffer so that with the
 158          next round of the loop another block can be read.  */
 159       size_t n;
 160       sum = 0;
 161
 162       /* Read block.  Take care for partial reads.  */
 163       while (1)
 164         {
 165           n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
 166
 167           sum += n;
 168
 169           if (sum == BLOCKSIZE)
 170             break;
 171
 172           if (n == 0)
 173             {
 174               /* Check for the error flag IFF N == 0, so that we don't
 175                  exit the loop after a partial read due to e.g., EAGAIN
 176                  or EWOULDBLOCK.  */
 177               if (ferror (stream))
 178                 {
 179                   free (buffer);
 180                   return 1;
 181                 }
 182               goto process_partial_block;
 183             }
 184
 185           /* We've read at least one byte, so ignore errors.  But always
 186              check for EOF, since feof may be true even though N > 0.
 187              Otherwise, we could end up calling fread after EOF.  */
 188           if (feof (stream))
 189             goto process_partial_block;
 190         }
 191
 192       /* Process buffer with BLOCKSIZE bytes.  Note that
 193          BLOCKSIZE % 64 == 0
 194        */
 195       md5_process_block (buffer, BLOCKSIZE, &ctx);
 196     }
 197
 198 process_partial_block:
 199
 200   /* Process any remaining bytes.  */
 201   if (sum > 0)
 202     md5_process_bytes (buffer, sum, &ctx);
 203
 204   /* Construct result in desired memory.  */
 205   md5_finish_ctx (&ctx, resblock);
 206   free (buffer);
 207   return 0;
 208 }
 209
 210 #if ! HAVE_OPENSSL_MD5
 211 /* Compute MD5 message digest for LEN bytes beginning at BUFFER.  The
 212    result is always in little endian byte order, so that a byte-wise
 213    output yields to the wanted ASCII representation of the message
 214    digest.  */
 215 void *
 216 md5_buffer (const char *buffer, size_t len, void *resblock)
 217 {
 218   struct md5_ctx ctx;
 219
 220   /* Initialize the computation context.  */
 221   md5_init_ctx (&ctx);
 222
 223   /* Process whole buffer but last len % 64 bytes.  */
 224   md5_process_bytes (buffer, len, &ctx);
 225
 226   /* Put result in desired memory area.  */
 227   return md5_finish_ctx (&ctx, resblock);
 228 }
 229
 230
 231 void
 232 md5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx)
 233 {
 234   /* When we already have some bits in our internal buffer concatenate
 235      both inputs first.  */
 236   if (ctx->buflen != 0)
 237     {
 238       size_t left_over = ctx->buflen;
 239       size_t add = 128 - left_over > len ? len : 128 - left_over;
 240
 241       memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
 242       ctx->buflen += add;
 243
 244       if (ctx->buflen > 64)
 245         {
 246           md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
 247
 248           ctx->buflen &= 63;
 249           /* The regions in the following copy operation cannot overlap.  */
 250           memcpy (ctx->buffer,
 251                   &((char *) ctx->buffer)[(left_over + add) & ~63],
 252                   ctx->buflen);
 253         }
 254
 255       buffer = (const char *) buffer + add;
 256       len -= add;
 257     }
 258
 259   /* Process available complete blocks.  */
 260   if (len >= 64)
 261     {
 262 #if !_STRING_ARCH_unaligned
 263 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0)
 264       if (UNALIGNED_P (buffer))
 265         while (len > 64)
 266           {
 267             md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
 268             buffer = (const char *) buffer + 64;
 269             len -= 64;
 270           }
 271       else
 272 #endif
 273         {
 274           md5_process_block (buffer, len & ~63, ctx);
 275           buffer = (const char *) buffer + (len & ~63);
 276           len &= 63;
 277         }
 278     }
 279
 280   /* Move remaining bytes in internal buffer.  */
 281   if (len > 0)
 282     {
 283       size_t left_over = ctx->buflen;
 284
 285       memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
 286       left_over += len;
 287       if (left_over >= 64)
 288         {
 289           md5_process_block (ctx->buffer, 64, ctx);
 290           left_over -= 64;
 291           memcpy (ctx->buffer, &ctx->buffer[16], left_over);
 292         }
 293       ctx->buflen = left_over;
 294     }
 295 }
 296
 297
 298 /* These are the four functions used in the four steps of the MD5 algorithm
 299    and defined in the RFC 1321.  The first function is a little bit optimized
 300    (as found in Colin Plumbs public domain implementation).  */
 301 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
 302 #define FF(b, c, d) (d ^ (b & (c ^ d)))
 303 #define FG(b, c, d) FF (d, b, c)
 304 #define FH(b, c, d) (b ^ c ^ d)
 305 #define FI(b, c, d) (c ^ (b | ~d))
 306
 307 /* Process LEN bytes of BUFFER, accumulating context into CTX.
 308    It is assumed that LEN % 64 == 0.  */
 309
 310 void
 311 md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx)
 312 {
 313   uint32_t correct_words[16];
 314   const uint32_t *words = buffer;
 315   size_t nwords = len / sizeof (uint32_t);
 316   const uint32_t *endp = words + nwords;
 317   uint32_t A = ctx->A;
 318   uint32_t B = ctx->B;
 319   uint32_t C = ctx->C;
 320   uint32_t D = ctx->D;
 321   uint32_t lolen = len;
 322
 323   /* First increment the byte count.  RFC 1321 specifies the possible
 324      length of the file up to 2^64 bits.  Here we only compute the
 325      number of bytes.  Do a double word increment.  */
 326   ctx->total[0] += lolen;
 327   ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
 328
 329   /* Process all bytes in the buffer with 64 bytes in each round of
 330      the loop.  */
 331   while (words < endp)
 332     {
 333       uint32_t *cwp = correct_words;
 334       uint32_t A_save = A;
 335       uint32_t B_save = B;
 336       uint32_t C_save = C;
 337       uint32_t D_save = D;
 338
 339       /* First round: using the given function, the context and a constant
 340          the next context is computed.  Because the algorithms processing
 341          unit is a 32-bit word and it is determined to work on words in
 342          little endian byte order we perhaps have to change the byte order
 343          before the computation.  To reduce the work for the next steps
 344          we store the swapped words in the array CORRECT_WORDS.  */
 345
 346 #define OP(a, b, c, d, s, T)                                            \
 347       do                                                                \
 348         {                                                               \
 349           a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T;             \
 350           ++words;                                                      \
 351           CYCLIC (a, s);                                                \
 352           a += b;                                                       \
 353         }                                                               \
 354       while (0)
 355
 356       /* It is unfortunate that C does not provide an operator for
 357          cyclic rotation.  Hope the C compiler is smart enough.  */
 358 #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
 359
 360       /* Before we start, one word to the strange constants.
 361          They are defined in RFC 1321 as
 362
 363          T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
 364
 365          Here is an equivalent invocation using Perl:
 366
 367          perl -e 'foreach(1..64){printf "0x%08x\n", int (4294967296 * abs (sin $_))}'
 368        */
 369
 370       /* Round 1.  */
 371       OP (A, B, C, D, 7, 0xd76aa478);
 372       OP (D, A, B, C, 12, 0xe8c7b756);
 373       OP (C, D, A, B, 17, 0x242070db);
 374       OP (B, C, D, A, 22, 0xc1bdceee);
 375       OP (A, B, C, D, 7, 0xf57c0faf);
 376       OP (D, A, B, C, 12, 0x4787c62a);
 377       OP (C, D, A, B, 17, 0xa8304613);
 378       OP (B, C, D, A, 22, 0xfd469501);
 379       OP (A, B, C, D, 7, 0x698098d8);
 380       OP (D, A, B, C, 12, 0x8b44f7af);
 381       OP (C, D, A, B, 17, 0xffff5bb1);
 382       OP (B, C, D, A, 22, 0x895cd7be);
 383       OP (A, B, C, D, 7, 0x6b901122);
 384       OP (D, A, B, C, 12, 0xfd987193);
 385       OP (C, D, A, B, 17, 0xa679438e);
 386       OP (B, C, D, A, 22, 0x49b40821);
 387
 388       /* For the second to fourth round we have the possibly swapped words
 389          in CORRECT_WORDS.  Redefine the macro to take an additional first
 390          argument specifying the function to use.  */
 391 #undef OP
 392 #define OP(f, a, b, c, d, k, s, T)                                      \
 393       do                                                                \
 394         {                                                               \
 395           a += f (b, c, d) + correct_words[k] + T;                      \
 396           CYCLIC (a, s);                                                \
 397           a += b;                                                       \
 398         }                                                               \
 399       while (0)
 400
 401       /* Round 2.  */
 402       OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
 403       OP (FG, D, A, B, C, 6, 9, 0xc040b340);
 404       OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
 405       OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
 406       OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
 407       OP (FG, D, A, B, C, 10, 9, 0x02441453);
 408       OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
 409       OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
 410       OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
 411       OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
 412       OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
 413       OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
 414       OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
 415       OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
 416       OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
 417       OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
 418
 419       /* Round 3.  */
 420       OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
 421       OP (FH, D, A, B, C, 8, 11, 0x8771f681);
 422       OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
 423       OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
 424       OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
 425       OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
 426       OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
 427       OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
 428       OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
 429       OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
 430       OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
 431       OP (FH, B, C, D, A, 6, 23, 0x04881d05);
 432       OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
 433       OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
 434       OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
 435       OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
 436
 437       /* Round 4.  */
 438       OP (FI, A, B, C, D, 0, 6, 0xf4292244);
 439       OP (FI, D, A, B, C, 7, 10, 0x432aff97);
 440       OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
 441       OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
 442       OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
 443       OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
 444       OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
 445       OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
 446       OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
 447       OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
 448       OP (FI, C, D, A, B, 6, 15, 0xa3014314);
 449       OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
 450       OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
 451       OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
 452       OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
 453       OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
 454
 455       /* Add the starting values of the context.  */
 456       A += A_save;
 457       B += B_save;
 458       C += C_save;
 459       D += D_save;
 460     }
 461
 462   /* Put checksum in context given as argument.  */
 463   ctx->A = A;
 464   ctx->B = B;
 465   ctx->C = C;
 466   ctx->D = D;
 467 }
 468 #endif