hppa: Use __prlimit64 as the internal name.
[glibc.git] / crypt / md5-crypt.c
blobdb4ea9c6f1f42f00cfd1388bb0db3bc973bd0794
1 /* One way encryption based on MD5 sum.
2 Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
3 Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004, 2009, 2012
4 Free Software Foundation, Inc.
5 This file is part of the GNU C Library.
6 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
8 The GNU C Library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 2.1 of the License, or (at your option) any later version.
13 The GNU C Library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public
19 License along with the GNU C Library; if not, see
20 <http://www.gnu.org/licenses/>. */
22 #include <assert.h>
23 #include <errno.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/param.h>
28 #include "md5.h"
31 #ifdef USE_NSS
32 typedef int PRBool;
33 # include <hasht.h>
34 # include <nsslowhash.h>
36 # define md5_init_ctx(ctxp, nss_ctxp) \
37 do \
38 { \
39 if (((nss_ctxp = NSSLOWHASH_NewContext (nss_ictx, HASH_AlgMD5)) \
40 == NULL)) \
41 { \
42 if (nss_ctx != NULL) \
43 NSSLOWHASH_Destroy (nss_ctx); \
44 if (nss_alt_ctx != NULL) \
45 NSSLOWHASH_Destroy (nss_alt_ctx); \
46 return NULL; \
47 } \
48 NSSLOWHASH_Begin (nss_ctxp); \
49 } \
50 while (0)
52 # define md5_process_bytes(buf, len, ctxp, nss_ctxp) \
53 NSSLOWHASH_Update (nss_ctxp, (const unsigned char *) buf, len)
55 # define md5_finish_ctx(ctxp, nss_ctxp, result) \
56 do \
57 { \
58 unsigned int ret; \
59 NSSLOWHASH_End (nss_ctxp, result, &ret, sizeof (result)); \
60 assert (ret == sizeof (result)); \
61 NSSLOWHASH_Destroy (nss_ctxp); \
62 nss_ctxp = NULL; \
63 } \
64 while (0)
65 #else
66 # define md5_init_ctx(ctxp, nss_ctxp) \
67 __md5_init_ctx (ctxp)
69 # define md5_process_bytes(buf, len, ctxp, nss_ctxp) \
70 __md5_process_bytes(buf, len, ctxp)
72 # define md5_finish_ctx(ctxp, nss_ctxp, result) \
73 __md5_finish_ctx (ctxp, result)
74 #endif
77 /* Define our magic string to mark salt for MD5 "encryption"
78 replacement. This is meant to be the same as for other MD5 based
79 encryption implementations. */
80 static const char md5_salt_prefix[] = "$1$";
82 /* Table with characters for base64 transformation. */
83 static const char b64t[64] =
84 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
87 /* Prototypes for local functions. */
88 extern char *__md5_crypt_r (const char *key, const char *salt,
89 char *buffer, int buflen);
90 extern char *__md5_crypt (const char *key, const char *salt);
93 /* This entry point is equivalent to the `crypt' function in Unix
94 libcs. */
95 char *
96 __md5_crypt_r (key, salt, buffer, buflen)
97 const char *key;
98 const char *salt;
99 char *buffer;
100 int buflen;
102 unsigned char alt_result[16]
103 __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
104 size_t salt_len;
105 size_t key_len;
106 size_t cnt;
107 char *cp;
108 char *copied_key = NULL;
109 char *copied_salt = NULL;
110 char *free_key = NULL;
111 size_t alloca_used = 0;
113 /* Find beginning of salt string. The prefix should normally always
114 be present. Just in case it is not. */
115 if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
116 /* Skip salt prefix. */
117 salt += sizeof (md5_salt_prefix) - 1;
119 salt_len = MIN (strcspn (salt, "$"), 8);
120 key_len = strlen (key);
122 if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
124 char *tmp;
126 if (__libc_use_alloca (alloca_used + key_len + __alignof__ (md5_uint32)))
127 tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
128 else
130 free_key = tmp = (char *) malloc (key_len + __alignof__ (md5_uint32));
131 if (tmp == NULL)
132 return NULL;
135 key = copied_key =
136 memcpy (tmp + __alignof__ (md5_uint32)
137 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
138 key, key_len);
139 assert ((key - (char *) 0) % __alignof__ (md5_uint32) == 0);
142 if ((salt - (char *) 0) % __alignof__ (md5_uint32) != 0)
144 char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32));
145 salt = copied_salt =
146 memcpy (tmp + __alignof__ (md5_uint32)
147 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
148 salt, salt_len);
149 assert ((salt - (char *) 0) % __alignof__ (md5_uint32) == 0);
152 #ifdef USE_NSS
153 /* Initialize libfreebl3. */
154 NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
155 if (nss_ictx == NULL)
157 free (free_key);
158 return NULL;
160 NSSLOWHASHContext *nss_ctx = NULL;
161 NSSLOWHASHContext *nss_alt_ctx = NULL;
162 #else
163 struct md5_ctx ctx;
164 struct md5_ctx alt_ctx;
165 #endif
167 /* Prepare for the real work. */
168 md5_init_ctx (&ctx, nss_ctx);
170 /* Add the key string. */
171 md5_process_bytes (key, key_len, &ctx, nss_ctx);
173 /* Because the SALT argument need not always have the salt prefix we
174 add it separately. */
175 md5_process_bytes (md5_salt_prefix, sizeof (md5_salt_prefix) - 1,
176 &ctx, nss_ctx);
178 /* The last part is the salt string. This must be at most 8
179 characters and it ends at the first `$' character (for
180 compatibility with existing implementations). */
181 md5_process_bytes (salt, salt_len, &ctx, nss_ctx);
184 /* Compute alternate MD5 sum with input KEY, SALT, and KEY. The
185 final result will be added to the first context. */
186 md5_init_ctx (&alt_ctx, nss_alt_ctx);
188 /* Add key. */
189 md5_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx);
191 /* Add salt. */
192 md5_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx);
194 /* Add key again. */
195 md5_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx);
197 /* Now get result of this (16 bytes) and add it to the other
198 context. */
199 md5_finish_ctx (&alt_ctx, nss_alt_ctx, alt_result);
201 /* Add for any character in the key one byte of the alternate sum. */
202 for (cnt = key_len; cnt > 16; cnt -= 16)
203 md5_process_bytes (alt_result, 16, &ctx, nss_ctx);
204 md5_process_bytes (alt_result, cnt, &ctx, nss_ctx);
206 /* For the following code we need a NUL byte. */
207 *alt_result = '\0';
209 /* The original implementation now does something weird: for every 1
210 bit in the key the first 0 is added to the buffer, for every 0
211 bit the first character of the key. This does not seem to be
212 what was intended but we have to follow this to be compatible. */
213 for (cnt = key_len; cnt > 0; cnt >>= 1)
214 md5_process_bytes ((cnt & 1) != 0
215 ? (const void *) alt_result : (const void *) key, 1,
216 &ctx, nss_ctx);
218 /* Create intermediate result. */
219 md5_finish_ctx (&ctx, nss_ctx, alt_result);
221 /* Now comes another weirdness. In fear of password crackers here
222 comes a quite long loop which just processes the output of the
223 previous round again. We cannot ignore this here. */
224 for (cnt = 0; cnt < 1000; ++cnt)
226 /* New context. */
227 md5_init_ctx (&ctx, nss_ctx);
229 /* Add key or last result. */
230 if ((cnt & 1) != 0)
231 md5_process_bytes (key, key_len, &ctx, nss_ctx);
232 else
233 md5_process_bytes (alt_result, 16, &ctx, nss_ctx);
235 /* Add salt for numbers not divisible by 3. */
236 if (cnt % 3 != 0)
237 md5_process_bytes (salt, salt_len, &ctx, nss_ctx);
239 /* Add key for numbers not divisible by 7. */
240 if (cnt % 7 != 0)
241 md5_process_bytes (key, key_len, &ctx, nss_ctx);
243 /* Add key or last result. */
244 if ((cnt & 1) != 0)
245 md5_process_bytes (alt_result, 16, &ctx, nss_ctx);
246 else
247 md5_process_bytes (key, key_len, &ctx, nss_ctx);
249 /* Create intermediate result. */
250 md5_finish_ctx (&ctx, nss_ctx, alt_result);
253 #ifdef USE_NSS
254 /* Free libfreebl3 resources. */
255 NSSLOW_Shutdown (nss_ictx);
256 #endif
258 /* Now we can construct the result string. It consists of three
259 parts. */
260 cp = __stpncpy (buffer, md5_salt_prefix, MAX (0, buflen));
261 buflen -= sizeof (md5_salt_prefix) - 1;
263 cp = __stpncpy (cp, salt, MIN ((size_t) MAX (0, buflen), salt_len));
264 buflen -= MIN ((size_t) MAX (0, buflen), salt_len);
266 if (buflen > 0)
268 *cp++ = '$';
269 --buflen;
272 void b64_from_24bit (unsigned int b2, unsigned int b1, unsigned int b0,
273 int n)
275 unsigned int w = (b2 << 16) | (b1 << 8) | b0;
276 while (n-- > 0 && buflen > 0)
278 *cp++ = b64t[w & 0x3f];
279 --buflen;
280 w >>= 6;
284 b64_from_24bit (alt_result[0], alt_result[6], alt_result[12], 4);
285 b64_from_24bit (alt_result[1], alt_result[7], alt_result[13], 4);
286 b64_from_24bit (alt_result[2], alt_result[8], alt_result[14], 4);
287 b64_from_24bit (alt_result[3], alt_result[9], alt_result[15], 4);
288 b64_from_24bit (alt_result[4], alt_result[10], alt_result[5], 4);
289 b64_from_24bit (0, 0, alt_result[11], 2);
290 if (buflen <= 0)
292 __set_errno (ERANGE);
293 buffer = NULL;
295 else
296 *cp = '\0'; /* Terminate the string. */
298 /* Clear the buffer for the intermediate result so that people
299 attaching to processes or reading core dumps cannot get any
300 information. We do it in this way to clear correct_words[]
301 inside the MD5 implementation as well. */
302 #ifndef USE_NSS
303 __md5_init_ctx (&ctx);
304 __md5_finish_ctx (&ctx, alt_result);
305 memset (&ctx, '\0', sizeof (ctx));
306 memset (&alt_ctx, '\0', sizeof (alt_ctx));
307 #endif
308 if (copied_key != NULL)
309 memset (copied_key, '\0', key_len);
310 if (copied_salt != NULL)
311 memset (copied_salt, '\0', salt_len);
313 free (free_key);
314 return buffer;
317 #ifndef _LIBC
318 # define libc_freeres_ptr(decl) decl
319 #endif
320 libc_freeres_ptr (static char *buffer);
322 char *
323 __md5_crypt (const char *key, const char *salt)
325 /* We don't want to have an arbitrary limit in the size of the
326 password. We can compute the size of the result in advance and
327 so we can prepare the buffer we pass to `md5_crypt_r'. */
328 static int buflen;
329 int needed = 3 + strlen (salt) + 1 + 26 + 1;
331 if (buflen < needed)
333 char *new_buffer = (char *) realloc (buffer, needed);
334 if (new_buffer == NULL)
335 return NULL;
337 buffer = new_buffer;
338 buflen = needed;
341 return __md5_crypt_r (key, salt, buffer, buflen);
344 #ifndef _LIBC
345 static void
346 __attribute__ ((__destructor__))
347 free_mem (void)
349 free (buffer);
351 #endif