2 * This is work is derived from material Copyright RSA Data Security, Inc.
4 * The RSA copyright statement and Licence for that original material is
5 * included below. This is followed by the Apache copyright statement and
6 * licence for the modifications made to that material.
9 /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
12 /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
15 License to copy and use this software is granted provided that it
16 is identified as the "RSA Data Security, Inc. MD5 Message-Digest
17 Algorithm" in all material mentioning or referencing this software
20 License is also granted to make and use derivative works provided
21 that such works are identified as "derived from the RSA Data
22 Security, Inc. MD5 Message-Digest Algorithm" in all material
23 mentioning or referencing the derived work.
25 RSA Data Security, Inc. makes no representations concerning either
26 the merchantability of this software or the suitability of this
27 software for any particular purpose. It is provided "as is"
28 without express or implied warranty of any kind.
30 These notices must be retained in any copies of any part of this
31 documentation and/or software.
34 /* Licensed to the Apache Software Foundation (ASF) under one or more
35 * contributor license agreements. See the NOTICE file distributed with
36 * this work for additional information regarding copyright ownership.
37 * The ASF licenses this file to You under the Apache License, Version 2.0
38 * (the "License"); you may not use this file except in compliance with
39 * the License. You may obtain a copy of the License at
41 * http://www.apache.org/licenses/LICENSE-2.0
43 * Unless required by applicable law or agreed to in writing, software
44 * distributed under the License is distributed on an "AS IS" BASIS,
45 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
46 * See the License for the specific language governing permissions and
47 * limitations under the License.
51 * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
52 * MD5 crypt() function, which is licenced as follows:
53 * ----------------------------------------------------------------------------
54 * "THE BEER-WARE LICENSE" (Revision 42):
55 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
56 * can do whatever you want with this stuff. If we meet some day, and you think
57 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
58 * ----------------------------------------------------------------------------
60 #include "apr_strings.h"
63 #include "apu_config.h"
69 /* Constants for MD5Transform routine.
89 static void MD5Transform(apr_uint32_t state[4], const unsigned char block[64]);
90 static void Encode(unsigned char *output, const apr_uint32_t *input,
92 static void Decode(apr_uint32_t *output, const unsigned char *input,
95 static const unsigned char PADDING[64] =
97 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
98 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
99 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
102 #if APR_CHARSET_EBCDIC
103 static apr_xlate_t *xlate_ebcdic_to_ascii; /* used in apr_md5_encode() */
108 /* F, G, H and I are basic MD5 functions.
110 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
111 #define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
112 #define H(x, y, z) ((x) ^ (y) ^ (z))
113 #define I(x, y, z) ((y) ^ ((x) | (~z)))
115 /* ROTATE_LEFT rotates x left n bits.
117 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
119 /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
120 * Rotation is separate from addition to prevent recomputation.
122 #define FF(a, b, c, d, x, s, ac) { \
123 (a) += F ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
124 (a) = ROTATE_LEFT ((a), (s)); \
127 #define GG(a, b, c, d, x, s, ac) { \
128 (a) += G ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
129 (a) = ROTATE_LEFT ((a), (s)); \
132 #define HH(a, b, c, d, x, s, ac) { \
133 (a) += H ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
134 (a) = ROTATE_LEFT ((a), (s)); \
137 #define II(a, b, c, d, x, s, ac) { \
138 (a) += I ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
139 (a) = ROTATE_LEFT ((a), (s)); \
143 /* MD5 initialization. Begins an MD5 operation, writing a new context.
145 APU_DECLARE(apr_status_t) apr_md5_init(apr_md5_ctx_t *context)
147 context->count[0] = context->count[1] = 0;
149 /* Load magic initialization constants. */
150 context->state[0] = 0x67452301;
151 context->state[1] = 0xefcdab89;
152 context->state[2] = 0x98badcfe;
153 context->state[3] = 0x10325476;
154 context->xlate = NULL;
159 /* MD5 translation setup. Provides the APR translation handle
160 * to be used for translating the content before calculating the
163 APU_DECLARE(apr_status_t) apr_md5_set_xlate(apr_md5_ctx_t *context,
170 /* TODO: remove the single-byte-only restriction from this code
172 rv = apr_xlate_sb_get(xlate, &is_sb);
173 if (rv != APR_SUCCESS) {
179 context->xlate = xlate;
183 #endif /* APR_HAS_XLATE */
186 /* MD5 block update operation. Continues an MD5 message-digest
187 * operation, processing another message block, and updating the
190 static apr_status_t md5_update_buffer(apr_md5_ctx_t *context,
195 const unsigned char *input = vinput;
196 unsigned int i, idx, partLen;
198 apr_size_t inbytes_left, outbytes_left;
201 /* Compute number of bytes mod 64 */
202 idx = (unsigned int)((context->count[0] >> 3) & 0x3F);
204 /* Update number of bits */
205 if ((context->count[0] += ((apr_uint32_t)inputLen << 3))
206 < ((apr_uint32_t)inputLen << 3))
208 context->count[1] += (apr_uint32_t)inputLen >> 29;
212 /* Transform as many times as possible. */
214 if (inputLen >= partLen) {
215 memcpy(&context->buffer[idx], input, partLen);
216 MD5Transform(context->state, context->buffer);
218 for (i = partLen; i + 63 < inputLen; i += 64)
219 MD5Transform(context->state, &input[i]);
226 /* Buffer remaining input */
227 memcpy(&context->buffer[idx], &input[i], inputLen - i);
228 #else /*APR_HAS_XLATE*/
229 if (inputLen >= partLen) {
230 if (context->xlate && (xlate_buffer == DO_XLATE)) {
231 inbytes_left = outbytes_left = partLen;
232 apr_xlate_conv_buffer(context->xlate, (const char *)input,
234 (char *)&context->buffer[idx],
238 memcpy(&context->buffer[idx], input, partLen);
240 MD5Transform(context->state, context->buffer);
242 for (i = partLen; i + 63 < inputLen; i += 64) {
243 if (context->xlate && (xlate_buffer == DO_XLATE)) {
244 unsigned char inp_tmp[64];
245 inbytes_left = outbytes_left = 64;
246 apr_xlate_conv_buffer(context->xlate, (const char *)&input[i],
247 &inbytes_left, (char *)inp_tmp,
249 MD5Transform(context->state, inp_tmp);
252 MD5Transform(context->state, &input[i]);
261 /* Buffer remaining input */
262 if (context->xlate && (xlate_buffer == DO_XLATE)) {
263 inbytes_left = outbytes_left = inputLen - i;
264 apr_xlate_conv_buffer(context->xlate, (const char *)&input[i],
265 &inbytes_left, (char *)&context->buffer[idx],
269 memcpy(&context->buffer[idx], &input[i], inputLen - i);
271 #endif /*APR_HAS_XLATE*/
275 /* MD5 block update operation. API with the default setting
276 * for EBCDIC translations
278 APU_DECLARE(apr_status_t) apr_md5_update(apr_md5_ctx_t *context,
282 return md5_update_buffer(context, input, inputLen, DO_XLATE);
285 /* MD5 finalization. Ends an MD5 message-digest operation, writing the
286 * the message digest and zeroizing the context.
288 APU_DECLARE(apr_status_t) apr_md5_final(unsigned char digest[APR_MD5_DIGESTSIZE],
289 apr_md5_ctx_t *context)
291 unsigned char bits[8];
292 unsigned int idx, padLen;
294 /* Save number of bits */
295 Encode(bits, context->count, 8);
298 /* apr_md5_update() should not translate for this final round. */
299 context->xlate = NULL;
300 #endif /*APR_HAS_XLATE*/
302 /* Pad out to 56 mod 64. */
303 idx = (unsigned int)((context->count[0] >> 3) & 0x3f);
304 padLen = (idx < 56) ? (56 - idx) : (120 - idx);
305 apr_md5_update(context, PADDING, padLen);
307 /* Append length (before padding) */
308 apr_md5_update(context, bits, 8);
310 /* Store state in digest */
311 Encode(digest, context->state, APR_MD5_DIGESTSIZE);
313 /* Zeroize sensitive information. */
314 memset(context, 0, sizeof(*context));
319 /* MD5 in one step (init, update, final)
321 APU_DECLARE(apr_status_t) apr_md5(unsigned char digest[APR_MD5_DIGESTSIZE],
325 const unsigned char *input = _input;
331 if ((rv = apr_md5_update(&ctx, input, inputLen)) != APR_SUCCESS)
334 return apr_md5_final(digest, &ctx);
337 /* MD5 basic transformation. Transforms state based on block. */
338 static void MD5Transform(apr_uint32_t state[4], const unsigned char block[64])
340 apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3],
341 tmpbuf[APR_MD5_DIGESTSIZE];
342 const apr_uint32_t *x;
344 #if !APR_IS_BIGENDIAN
345 if ((apr_uintptr_t)block % sizeof(apr_uint32_t) == 0) {
346 x = (apr_uint32_t *)block;
350 Decode(tmpbuf, block, 64);
355 FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
356 FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
357 FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
358 FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
359 FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
360 FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
361 FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
362 FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
363 FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
364 FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
365 FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
366 FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
367 FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
368 FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
369 FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
370 FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
373 GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
374 GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
375 GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
376 GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
377 GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
378 GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
379 GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
380 GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
381 GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
382 GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
383 GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
384 GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
385 GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
386 GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
387 GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
388 GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
391 HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
392 HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
393 HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
394 HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
395 HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
396 HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
397 HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
398 HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
399 HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
400 HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
401 HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
402 HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
403 HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
404 HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
405 HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
406 HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
409 II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
410 II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
411 II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
412 II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
413 II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
414 II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
415 II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
416 II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
417 II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
418 II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
419 II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
420 II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
421 II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
422 II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
423 II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
424 II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
431 #if !APR_IS_BIGENDIAN
435 /* Zeroize sensitive information. */
436 memset(tmpbuf, 0, sizeof(tmpbuf));
440 /* Encodes input (apr_uint32_t) into output (unsigned char). Assumes len is
443 static void Encode(unsigned char *output, const apr_uint32_t *input,
449 for (i = 0, j = 0; j < len; i++, j += 4) {
451 output[j] = (unsigned char)(k & 0xff);
452 output[j + 1] = (unsigned char)((k >> 8) & 0xff);
453 output[j + 2] = (unsigned char)((k >> 16) & 0xff);
454 output[j + 3] = (unsigned char)((k >> 24) & 0xff);
458 /* Decodes input (unsigned char) into output (apr_uint32_t). Assumes len is
461 static void Decode(apr_uint32_t *output, const unsigned char *input,
466 for (i = 0, j = 0; j < len; i++, j += 4)
467 output[i] = ((apr_uint32_t)input[j]) |
468 (((apr_uint32_t)input[j + 1]) << 8) |
469 (((apr_uint32_t)input[j + 2]) << 16) |
470 (((apr_uint32_t)input[j + 3]) << 24);
473 #if APR_CHARSET_EBCDIC
474 APU_DECLARE(apr_status_t) apr_MD5InitEBCDIC(apr_xlate_t *xlate)
476 xlate_ebcdic_to_ascii = xlate;
482 * Define the Magic String prefix that identifies a password as being
483 * hashed using our algorithm.
485 static const char * const apr1_id = "$apr1$";
488 * The following MD5 password encryption code was largely borrowed from
489 * the FreeBSD 3.0 /usr/src/lib/libcrypt/crypt.c file, which is
490 * licenced as stated at the top of this file.
493 static void to64(char *s, unsigned long v, int n)
495 static unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
496 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
499 *s++ = itoa64[v&0x3f];
504 APU_DECLARE(apr_status_t) apr_md5_encode(const char *pw, const char *salt,
505 char *result, apr_size_t nbytes)
508 * Minimum size is 8 bytes for salt, plus 1 for the trailing NUL,
509 * plus 4 for the '$' separators, plus the password hash itself.
510 * Let's leave a goodly amount of leeway.
513 char passwd[120], *p;
515 unsigned char final[APR_MD5_DIGESTSIZE];
516 apr_ssize_t sl, pl, i;
517 apr_md5_ctx_t ctx, ctx1;
521 * Refine the salt first. It's possible we were given an already-hashed
522 * string as the salt argument, so extract the actual salt value from it
523 * if so. Otherwise just use the string up to the first '$' as the salt.
528 * If it starts with the magic string, then skip that.
530 if (!strncmp(sp, apr1_id, strlen(apr1_id))) {
531 sp += strlen(apr1_id);
535 * It stops at the first '$' or 8 chars, whichever comes first
537 for (ep = sp; (*ep != '\0') && (*ep != '$') && (ep < (sp + 8)); ep++) {
542 * Get the length of the true salt
547 * 'Time to make the doughnuts..'
550 #if APR_CHARSET_EBCDIC
551 apr_md5_set_xlate(&ctx, xlate_ebcdic_to_ascii);
555 * The password first, since that is what is most unknown
557 apr_md5_update(&ctx, pw, strlen(pw));
560 * Then our magic string
562 apr_md5_update(&ctx, apr1_id, strlen(apr1_id));
567 apr_md5_update(&ctx, sp, sl);
570 * Then just as many characters of the MD5(pw, salt, pw)
573 #if APR_CHARSET_EBCDIC
574 apr_md5_set_xlate(&ctx1, xlate_ebcdic_to_ascii);
576 apr_md5_update(&ctx1, pw, strlen(pw));
577 apr_md5_update(&ctx1, sp, sl);
578 apr_md5_update(&ctx1, pw, strlen(pw));
579 apr_md5_final(final, &ctx1);
580 for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
581 md5_update_buffer(&ctx, final,
582 (pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl, SKIP_XLATE);
586 * Don't leave anything around in vm they could use.
588 memset(final, 0, sizeof(final));
591 * Then something really weird...
593 for (i = strlen(pw); i != 0; i >>= 1) {
595 md5_update_buffer(&ctx, final, 1, SKIP_XLATE);
598 apr_md5_update(&ctx, pw, 1);
603 * Now make the output string. We know our limitations, so we
604 * can use the string routines without bounds checking.
606 strcpy(passwd, apr1_id);
607 strncat(passwd, sp, sl);
610 apr_md5_final(final, &ctx);
613 * And now, just to make sure things don't run too fast..
614 * On a 60 Mhz Pentium this takes 34 msec, so you would
615 * need 30 seconds to build a 1000 entry dictionary...
617 for (i = 0; i < 1000; i++) {
620 * apr_md5_final clears out ctx1.xlate at the end of each loop,
621 * so need to to set it each time through
623 #if APR_CHARSET_EBCDIC
624 apr_md5_set_xlate(&ctx1, xlate_ebcdic_to_ascii);
627 apr_md5_update(&ctx1, pw, strlen(pw));
630 md5_update_buffer(&ctx1, final, APR_MD5_DIGESTSIZE, SKIP_XLATE);
633 apr_md5_update(&ctx1, sp, sl);
637 apr_md5_update(&ctx1, pw, strlen(pw));
641 md5_update_buffer(&ctx1, final, APR_MD5_DIGESTSIZE, SKIP_XLATE);
644 apr_md5_update(&ctx1, pw, strlen(pw));
646 apr_md5_final(final,&ctx1);
649 p = passwd + strlen(passwd);
651 l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p, l, 4); p += 4;
652 l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p, l, 4); p += 4;
653 l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p, l, 4); p += 4;
654 l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p, l, 4); p += 4;
655 l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p, l, 4); p += 4;
656 l = final[11] ; to64(p, l, 2); p += 2;
660 * Don't leave anything around in vm they could use.
662 memset(final, 0, sizeof(final));
664 apr_cpystrn(result, passwd, nbytes - 1);