Minor changelog fixup
[glibc.git] / crypt / md5-crypt.c
blob1b890bc49a2eb1533626c77aa8668f083e19688b
1 /* One way encryption based on MD5 sum.
2 Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
3 Copyright (C) 1996-2015 Free Software Foundation, Inc.
4 This file is part of the GNU C Library.
5 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
7 The GNU C Library is free software; you can redistribute it and/or
8 modify it under the terms of the GNU Lesser General Public
9 License as published by the Free Software Foundation; either
10 version 2.1 of the License, or (at your option) any later version.
12 The GNU C Library is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public
18 License along with the GNU C Library; if not, see
19 <http://www.gnu.org/licenses/>. */
21 #include <assert.h>
22 #include <errno.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <sys/param.h>
27 #include "md5.h"
28 #include "crypt-private.h"
31 #ifdef USE_NSS
32 typedef int PRBool;
33 # include <hasht.h>
34 # include <nsslowhash.h>
36 # define md5_init_ctx(ctxp, nss_ctxp) \
37 do \
38 { \
39 if (((nss_ctxp = NSSLOWHASH_NewContext (nss_ictx, HASH_AlgMD5)) \
40 == NULL)) \
41 { \
42 if (nss_ctx != NULL) \
43 NSSLOWHASH_Destroy (nss_ctx); \
44 if (nss_alt_ctx != NULL) \
45 NSSLOWHASH_Destroy (nss_alt_ctx); \
46 return NULL; \
47 } \
48 NSSLOWHASH_Begin (nss_ctxp); \
49 } \
50 while (0)
52 # define md5_process_bytes(buf, len, ctxp, nss_ctxp) \
53 NSSLOWHASH_Update (nss_ctxp, (const unsigned char *) buf, len)
55 # define md5_finish_ctx(ctxp, nss_ctxp, result) \
56 do \
57 { \
58 unsigned int ret; \
59 NSSLOWHASH_End (nss_ctxp, result, &ret, sizeof (result)); \
60 assert (ret == sizeof (result)); \
61 NSSLOWHASH_Destroy (nss_ctxp); \
62 nss_ctxp = NULL; \
63 } \
64 while (0)
65 #else
66 # define md5_init_ctx(ctxp, nss_ctxp) \
67 __md5_init_ctx (ctxp)
69 # define md5_process_bytes(buf, len, ctxp, nss_ctxp) \
70 __md5_process_bytes(buf, len, ctxp)
72 # define md5_finish_ctx(ctxp, nss_ctxp, result) \
73 __md5_finish_ctx (ctxp, result)
74 #endif
77 /* Define our magic string to mark salt for MD5 "encryption"
78 replacement. This is meant to be the same as for other MD5 based
79 encryption implementations. */
80 static const char md5_salt_prefix[] = "$1$";
83 /* Prototypes for local functions. */
84 extern char *__md5_crypt_r (const char *key, const char *salt,
85 char *buffer, int buflen);
86 extern char *__md5_crypt (const char *key, const char *salt);
89 /* This entry point is equivalent to the `crypt' function in Unix
90 libcs. */
91 char *
92 __md5_crypt_r (key, salt, buffer, buflen)
93 const char *key;
94 const char *salt;
95 char *buffer;
96 int buflen;
98 unsigned char alt_result[16]
99 __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
100 size_t salt_len;
101 size_t key_len;
102 size_t cnt;
103 char *cp;
104 char *copied_key = NULL;
105 char *copied_salt = NULL;
106 char *free_key = NULL;
107 size_t alloca_used = 0;
109 /* Find beginning of salt string. The prefix should normally always
110 be present. Just in case it is not. */
111 if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
112 /* Skip salt prefix. */
113 salt += sizeof (md5_salt_prefix) - 1;
115 salt_len = MIN (strcspn (salt, "$"), 8);
116 key_len = strlen (key);
118 if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
120 char *tmp;
122 if (__libc_use_alloca (alloca_used + key_len + __alignof__ (md5_uint32)))
123 tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
124 else
126 free_key = tmp = (char *) malloc (key_len + __alignof__ (md5_uint32));
127 if (tmp == NULL)
128 return NULL;
131 key = copied_key =
132 memcpy (tmp + __alignof__ (md5_uint32)
133 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
134 key, key_len);
135 assert ((key - (char *) 0) % __alignof__ (md5_uint32) == 0);
138 if ((salt - (char *) 0) % __alignof__ (md5_uint32) != 0)
140 char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32));
141 salt = copied_salt =
142 memcpy (tmp + __alignof__ (md5_uint32)
143 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
144 salt, salt_len);
145 assert ((salt - (char *) 0) % __alignof__ (md5_uint32) == 0);
148 #ifdef USE_NSS
149 /* Initialize libfreebl3. */
150 NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
151 if (nss_ictx == NULL)
153 free (free_key);
154 return NULL;
156 NSSLOWHASHContext *nss_ctx = NULL;
157 NSSLOWHASHContext *nss_alt_ctx = NULL;
158 #else
159 struct md5_ctx ctx;
160 struct md5_ctx alt_ctx;
161 #endif
163 /* Prepare for the real work. */
164 md5_init_ctx (&ctx, nss_ctx);
166 /* Add the key string. */
167 md5_process_bytes (key, key_len, &ctx, nss_ctx);
169 /* Because the SALT argument need not always have the salt prefix we
170 add it separately. */
171 md5_process_bytes (md5_salt_prefix, sizeof (md5_salt_prefix) - 1,
172 &ctx, nss_ctx);
174 /* The last part is the salt string. This must be at most 8
175 characters and it ends at the first `$' character (for
176 compatibility with existing implementations). */
177 md5_process_bytes (salt, salt_len, &ctx, nss_ctx);
180 /* Compute alternate MD5 sum with input KEY, SALT, and KEY. The
181 final result will be added to the first context. */
182 md5_init_ctx (&alt_ctx, nss_alt_ctx);
184 /* Add key. */
185 md5_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx);
187 /* Add salt. */
188 md5_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx);
190 /* Add key again. */
191 md5_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx);
193 /* Now get result of this (16 bytes) and add it to the other
194 context. */
195 md5_finish_ctx (&alt_ctx, nss_alt_ctx, alt_result);
197 /* Add for any character in the key one byte of the alternate sum. */
198 for (cnt = key_len; cnt > 16; cnt -= 16)
199 md5_process_bytes (alt_result, 16, &ctx, nss_ctx);
200 md5_process_bytes (alt_result, cnt, &ctx, nss_ctx);
202 /* For the following code we need a NUL byte. */
203 *alt_result = '\0';
205 /* The original implementation now does something weird: for every 1
206 bit in the key the first 0 is added to the buffer, for every 0
207 bit the first character of the key. This does not seem to be
208 what was intended but we have to follow this to be compatible. */
209 for (cnt = key_len; cnt > 0; cnt >>= 1)
210 md5_process_bytes ((cnt & 1) != 0
211 ? (const void *) alt_result : (const void *) key, 1,
212 &ctx, nss_ctx);
214 /* Create intermediate result. */
215 md5_finish_ctx (&ctx, nss_ctx, alt_result);
217 /* Now comes another weirdness. In fear of password crackers here
218 comes a quite long loop which just processes the output of the
219 previous round again. We cannot ignore this here. */
220 for (cnt = 0; cnt < 1000; ++cnt)
222 /* New context. */
223 md5_init_ctx (&ctx, nss_ctx);
225 /* Add key or last result. */
226 if ((cnt & 1) != 0)
227 md5_process_bytes (key, key_len, &ctx, nss_ctx);
228 else
229 md5_process_bytes (alt_result, 16, &ctx, nss_ctx);
231 /* Add salt for numbers not divisible by 3. */
232 if (cnt % 3 != 0)
233 md5_process_bytes (salt, salt_len, &ctx, nss_ctx);
235 /* Add key for numbers not divisible by 7. */
236 if (cnt % 7 != 0)
237 md5_process_bytes (key, key_len, &ctx, nss_ctx);
239 /* Add key or last result. */
240 if ((cnt & 1) != 0)
241 md5_process_bytes (alt_result, 16, &ctx, nss_ctx);
242 else
243 md5_process_bytes (key, key_len, &ctx, nss_ctx);
245 /* Create intermediate result. */
246 md5_finish_ctx (&ctx, nss_ctx, alt_result);
249 #ifdef USE_NSS
250 /* Free libfreebl3 resources. */
251 NSSLOW_Shutdown (nss_ictx);
252 #endif
254 /* Now we can construct the result string. It consists of three
255 parts. */
256 cp = __stpncpy (buffer, md5_salt_prefix, MAX (0, buflen));
257 buflen -= sizeof (md5_salt_prefix) - 1;
259 cp = __stpncpy (cp, salt, MIN ((size_t) MAX (0, buflen), salt_len));
260 buflen -= MIN ((size_t) MAX (0, buflen), salt_len);
262 if (buflen > 0)
264 *cp++ = '$';
265 --buflen;
268 __b64_from_24bit (&cp, &buflen,
269 alt_result[0], alt_result[6], alt_result[12], 4);
270 __b64_from_24bit (&cp, &buflen,
271 alt_result[1], alt_result[7], alt_result[13], 4);
272 __b64_from_24bit (&cp, &buflen,
273 alt_result[2], alt_result[8], alt_result[14], 4);
274 __b64_from_24bit (&cp, &buflen,
275 alt_result[3], alt_result[9], alt_result[15], 4);
276 __b64_from_24bit (&cp, &buflen,
277 alt_result[4], alt_result[10], alt_result[5], 4);
278 __b64_from_24bit (&cp, &buflen,
279 0, 0, alt_result[11], 2);
280 if (buflen <= 0)
282 __set_errno (ERANGE);
283 buffer = NULL;
285 else
286 *cp = '\0'; /* Terminate the string. */
288 /* Clear the buffer for the intermediate result so that people
289 attaching to processes or reading core dumps cannot get any
290 information. We do it in this way to clear correct_words[]
291 inside the MD5 implementation as well. */
292 #ifndef USE_NSS
293 __md5_init_ctx (&ctx);
294 __md5_finish_ctx (&ctx, alt_result);
295 memset (&ctx, '\0', sizeof (ctx));
296 memset (&alt_ctx, '\0', sizeof (alt_ctx));
297 #endif
298 if (copied_key != NULL)
299 memset (copied_key, '\0', key_len);
300 if (copied_salt != NULL)
301 memset (copied_salt, '\0', salt_len);
303 free (free_key);
304 return buffer;
307 #ifndef _LIBC
308 # define libc_freeres_ptr(decl) decl
309 #endif
310 libc_freeres_ptr (static char *buffer);
312 char *
313 __md5_crypt (const char *key, const char *salt)
315 /* We don't want to have an arbitrary limit in the size of the
316 password. We can compute the size of the result in advance and
317 so we can prepare the buffer we pass to `md5_crypt_r'. */
318 static int buflen;
319 int needed = 3 + strlen (salt) + 1 + 26 + 1;
321 if (buflen < needed)
323 char *new_buffer = (char *) realloc (buffer, needed);
324 if (new_buffer == NULL)
325 return NULL;
327 buffer = new_buffer;
328 buflen = needed;
331 return __md5_crypt_r (key, salt, buffer, buflen);
334 #ifndef _LIBC
335 static void
336 __attribute__ ((__destructor__))
337 free_mem (void)
339 free (buffer);
341 #endif