[BZ #4439]
[glibc/pb-stable.git] / crypt / md5-crypt.c
blob7ba1491db6a42e5b0966a96c2b38787b83bdee49
1 /* One way encryption based on MD5 sum.
2 Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
3 Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004
4 Free Software Foundation, Inc.
5 This file is part of the GNU C Library.
6 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
8 The GNU C Library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 2.1 of the License, or (at your option) any later version.
13 The GNU C Library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public
19 License along with the GNU C Library; if not, write to the Free
20 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
21 02111-1307 USA. */
23 #include <assert.h>
24 #include <errno.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <sys/param.h>
29 #include "md5.h"
32 /* Define our magic string to mark salt for MD5 "encryption"
33 replacement. This is meant to be the same as for other MD5 based
34 encryption implementations. */
35 static const char md5_salt_prefix[] = "$1$";
37 /* Table with characters for base64 transformation. */
38 static const char b64t[64] =
39 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
42 /* Prototypes for local functions. */
43 extern char *__md5_crypt_r (const char *key, const char *salt,
44 char *buffer, int buflen);
45 extern char *__md5_crypt (const char *key, const char *salt);
48 /* This entry point is equivalent to the `crypt' function in Unix
49 libcs. */
50 char *
51 __md5_crypt_r (key, salt, buffer, buflen)
52 const char *key;
53 const char *salt;
54 char *buffer;
55 int buflen;
57 unsigned char alt_result[16]
58 __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
59 struct md5_ctx ctx;
60 struct md5_ctx alt_ctx;
61 size_t salt_len;
62 size_t key_len;
63 size_t cnt;
64 char *cp;
65 char *copied_key = NULL;
66 char *copied_salt = NULL;
68 /* Find beginning of salt string. The prefix should normally always
69 be present. Just in case it is not. */
70 if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
71 /* Skip salt prefix. */
72 salt += sizeof (md5_salt_prefix) - 1;
74 salt_len = MIN (strcspn (salt, "$"), 8);
75 key_len = strlen (key);
77 if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
79 char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
80 key = copied_key =
81 memcpy (tmp + __alignof__ (md5_uint32)
82 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
83 key, key_len);
84 assert ((key - (char *) 0) % __alignof__ (md5_uint32) == 0);
87 if ((salt - (char *) 0) % __alignof__ (md5_uint32) != 0)
89 char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32));
90 salt = copied_salt =
91 memcpy (tmp + __alignof__ (md5_uint32)
92 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
93 salt, salt_len);
94 assert ((salt - (char *) 0) % __alignof__ (md5_uint32) == 0);
97 /* Prepare for the real work. */
98 __md5_init_ctx (&ctx);
100 /* Add the key string. */
101 __md5_process_bytes (key, key_len, &ctx);
103 /* Because the SALT argument need not always have the salt prefix we
104 add it separately. */
105 __md5_process_bytes (md5_salt_prefix, sizeof (md5_salt_prefix) - 1, &ctx);
107 /* The last part is the salt string. This must be at most 8
108 characters and it ends at the first `$' character (for
109 compatibility which existing solutions). */
110 __md5_process_bytes (salt, salt_len, &ctx);
113 /* Compute alternate MD5 sum with input KEY, SALT, and KEY. The
114 final result will be added to the first context. */
115 __md5_init_ctx (&alt_ctx);
117 /* Add key. */
118 __md5_process_bytes (key, key_len, &alt_ctx);
120 /* Add salt. */
121 __md5_process_bytes (salt, salt_len, &alt_ctx);
123 /* Add key again. */
124 __md5_process_bytes (key, key_len, &alt_ctx);
126 /* Now get result of this (16 bytes) and add it to the other
127 context. */
128 __md5_finish_ctx (&alt_ctx, alt_result);
130 /* Add for any character in the key one byte of the alternate sum. */
131 for (cnt = key_len; cnt > 16; cnt -= 16)
132 __md5_process_bytes (alt_result, 16, &ctx);
133 __md5_process_bytes (alt_result, cnt, &ctx);
135 /* For the following code we need a NUL byte. */
136 *alt_result = '\0';
138 /* The original implementation now does something weird: for every 1
139 bit in the key the first 0 is added to the buffer, for every 0
140 bit the first character of the key. This does not seem to be
141 what was intended but we have to follow this to be compatible. */
142 for (cnt = key_len; cnt > 0; cnt >>= 1)
143 __md5_process_bytes ((cnt & 1) != 0 ? (const char *) alt_result : key, 1,
144 &ctx);
146 /* Create intermediate result. */
147 __md5_finish_ctx (&ctx, alt_result);
149 /* Now comes another weirdness. In fear of password crackers here
150 comes a quite long loop which just processes the output of the
151 previous round again. We cannot ignore this here. */
152 for (cnt = 0; cnt < 1000; ++cnt)
154 /* New context. */
155 __md5_init_ctx (&ctx);
157 /* Add key or last result. */
158 if ((cnt & 1) != 0)
159 __md5_process_bytes (key, key_len, &ctx);
160 else
161 __md5_process_bytes (alt_result, 16, &ctx);
163 /* Add salt for numbers not divisible by 3. */
164 if (cnt % 3 != 0)
165 __md5_process_bytes (salt, salt_len, &ctx);
167 /* Add key for numbers not divisible by 7. */
168 if (cnt % 7 != 0)
169 __md5_process_bytes (key, key_len, &ctx);
171 /* Add key or last result. */
172 if ((cnt & 1) != 0)
173 __md5_process_bytes (alt_result, 16, &ctx);
174 else
175 __md5_process_bytes (key, key_len, &ctx);
177 /* Create intermediate result. */
178 __md5_finish_ctx (&ctx, alt_result);
181 /* Now we can construct the result string. It consists of three
182 parts. */
183 cp = __stpncpy (buffer, md5_salt_prefix, MAX (0, buflen));
184 buflen -= sizeof (md5_salt_prefix) - 1;
186 cp = __stpncpy (cp, salt, MIN ((size_t) MAX (0, buflen), salt_len));
187 buflen -= MIN ((size_t) MAX (0, buflen), salt_len);
189 if (buflen > 0)
191 *cp++ = '$';
192 --buflen;
195 #define b64_from_24bit(B2, B1, B0, N) \
196 do { \
197 unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
198 int n = (N); \
199 while (n-- > 0 && buflen > 0) \
201 *cp++ = b64t[w & 0x3f]; \
202 --buflen; \
203 w >>= 6; \
205 } while (0)
208 b64_from_24bit (alt_result[0], alt_result[6], alt_result[12], 4);
209 b64_from_24bit (alt_result[1], alt_result[7], alt_result[13], 4);
210 b64_from_24bit (alt_result[2], alt_result[8], alt_result[14], 4);
211 b64_from_24bit (alt_result[3], alt_result[9], alt_result[15], 4);
212 b64_from_24bit (alt_result[4], alt_result[10], alt_result[5], 4);
213 b64_from_24bit (0, 0, alt_result[11], 2);
214 if (buflen <= 0)
216 __set_errno (ERANGE);
217 buffer = NULL;
219 else
220 *cp = '\0'; /* Terminate the string. */
222 /* Clear the buffer for the intermediate result so that people
223 attaching to processes or reading core dumps cannot get any
224 information. We do it in this way to clear correct_words[]
225 inside the MD5 implementation as well. */
226 __md5_init_ctx (&ctx);
227 __md5_finish_ctx (&ctx, alt_result);
228 memset (&ctx, '\0', sizeof (ctx));
229 memset (&alt_ctx, '\0', sizeof (alt_ctx));
230 if (copied_key != NULL)
231 memset (copied_key, '\0', key_len);
232 if (copied_salt != NULL)
233 memset (copied_salt, '\0', salt_len);
235 return buffer;
238 #ifndef _LIBC
239 # define libc_freeres_ptr(decl) decl
240 #endif
241 libc_freeres_ptr (static char *buffer);
243 char *
244 __md5_crypt (const char *key, const char *salt)
246 /* We don't want to have an arbitrary limit in the size of the
247 password. We can compute the size of the result in advance and
248 so we can prepare the buffer we pass to `md5_crypt_r'. */
249 static int buflen;
250 int needed = 3 + strlen (salt) + 1 + 26 + 1;
252 if (buflen < needed)
254 char *new_buffer = (char *) realloc (buffer, needed);
255 if (new_buffer == NULL)
256 return NULL;
258 buffer = new_buffer;
259 buflen = needed;
262 return __md5_crypt_r (key, salt, buffer, buflen);
265 #ifndef _LIBC
266 static void
267 __attribute__ ((__destructor__))
268 free_mem (void)
270 free (buffer);
272 #endif