1 /*
2 Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.
3
4 This software is provided 'as-is', without any express or implied
5 warranty. In no event will the authors be held liable for any damages
6 arising from the use of this software.
7
8 Permission is granted to anyone to use this software for any purpose,
9 including commercial applications, and to alter it and redistribute it
10 freely, subject to the following restrictions:
11
12 1. The origin of this software must not be misrepresented; you must not
13 claim that you wrote the original software. If you use this software
14 in a product, an acknowledgment in the product documentation would be
15 appreciated but is not required.
16 2. Altered source versions must be plainly marked as such, and must not be
17 misrepresented as being the original software.
18 3. This notice may not be removed or altered from any source distribution.
19
20 L. Peter Deutsch
21 ghost@aladdin.com
22
23 * Sub-licensed with modifications under AGPL:
24 *
25 * This program is free software: you can redistribute it and/or modify
26 * it under the terms of the GNU Affero General Public License version 3.
27 *
28 * This program is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31 * GNU General Public License for more details.
32 *
33 * You should have received a copy of the GNU Affero General Public License
34 * along with this program. If not, see <http://www.gnu.org/licenses/>.
35 *
36 * In addition, as a special exception, the copyright holders give
37 * permission to link the code of portions of this program with the
38 * OpenSSL library under certain conditions as described in each
39 * individual source file, and distribute linked combinations
40 * including the two.
41 *
42 * You must obey the GNU Affero General Public License in all respects
43 * for all of the code used other than OpenSSL.
44 */
45
46 #include "md5.h"
47 #include <string.h>
48
49 #undef BYTE_ORDER /* 1 = big-endian, -1 = little-endian, 0 = unknown */
50 #ifdef ARCH_IS_BIG_ENDIAN
51 # define BYTE_ORDER (ARCH_IS_BIG_ENDIAN ? 1 : -1)
52 #else
53 # define BYTE_ORDER 0
54 #endif
55
56 #define T_MASK ((md5_word_t)~0)
57 #define T1 /* 0xd76aa478 */ (T_MASK ^ 0x28955b87)
58 #define T2 /* 0xe8c7b756 */ (T_MASK ^ 0x173848a9)
59 #define T3 0x242070db
60 #define T4 /* 0xc1bdceee */ (T_MASK ^ 0x3e423111)
61 #define T5 /* 0xf57c0faf */ (T_MASK ^ 0x0a83f050)
62 #define T6 0x4787c62a
63 #define T7 /* 0xa8304613 */ (T_MASK ^ 0x57cfb9ec)
64 #define T8 /* 0xfd469501 */ (T_MASK ^ 0x02b96afe)
65 #define T9 0x698098d8
66 #define T10 /* 0x8b44f7af */ (T_MASK ^ 0x74bb0850)
67 #define T11 /* 0xffff5bb1 */ (T_MASK ^ 0x0000a44e)
68 #define T12 /* 0x895cd7be */ (T_MASK ^ 0x76a32841)
69 #define T13 0x6b901122
70 #define T14 /* 0xfd987193 */ (T_MASK ^ 0x02678e6c)
71 #define T15 /* 0xa679438e */ (T_MASK ^ 0x5986bc71)
72 #define T16 0x49b40821
73 #define T17 /* 0xf61e2562 */ (T_MASK ^ 0x09e1da9d)
74 #define T18 /* 0xc040b340 */ (T_MASK ^ 0x3fbf4cbf)
75 #define T19 0x265e5a51
76 #define T20 /* 0xe9b6c7aa */ (T_MASK ^ 0x16493855)
77 #define T21 /* 0xd62f105d */ (T_MASK ^ 0x29d0efa2)
78 #define T22 0x02441453
79 #define T23 /* 0xd8a1e681 */ (T_MASK ^ 0x275e197e)
80 #define T24 /* 0xe7d3fbc8 */ (T_MASK ^ 0x182c0437)
81 #define T25 0x21e1cde6
82 #define T26 /* 0xc33707d6 */ (T_MASK ^ 0x3cc8f829)
83 #define T27 /* 0xf4d50d87 */ (T_MASK ^ 0x0b2af278)
84 #define T28 0x455a14ed
85 #define T29 /* 0xa9e3e905 */ (T_MASK ^ 0x561c16fa)
86 #define T30 /* 0xfcefa3f8 */ (T_MASK ^ 0x03105c07)
87 #define T31 0x676f02d9
88 #define T32 /* 0x8d2a4c8a */ (T_MASK ^ 0x72d5b375)
89 #define T33 /* 0xfffa3942 */ (T_MASK ^ 0x0005c6bd)
90 #define T34 /* 0x8771f681 */ (T_MASK ^ 0x788e097e)
91 #define T35 0x6d9d6122
92 #define T36 /* 0xfde5380c */ (T_MASK ^ 0x021ac7f3)
93 #define T37 /* 0xa4beea44 */ (T_MASK ^ 0x5b4115bb)
94 #define T38 0x4bdecfa9
95 #define T39 /* 0xf6bb4b60 */ (T_MASK ^ 0x0944b49f)
96 #define T40 /* 0xbebfbc70 */ (T_MASK ^ 0x4140438f)
97 #define T41 0x289b7ec6
98 #define T42 /* 0xeaa127fa */ (T_MASK ^ 0x155ed805)
99 #define T43 /* 0xd4ef3085 */ (T_MASK ^ 0x2b10cf7a)
100 #define T44 0x04881d05
101 #define T45 /* 0xd9d4d039 */ (T_MASK ^ 0x262b2fc6)
102 #define T46 /* 0xe6db99e5 */ (T_MASK ^ 0x1924661a)
103 #define T47 0x1fa27cf8
104 #define T48 /* 0xc4ac5665 */ (T_MASK ^ 0x3b53a99a)
105 #define T49 /* 0xf4292244 */ (T_MASK ^ 0x0bd6ddbb)
106 #define T50 0x432aff97
107 #define T51 /* 0xab9423a7 */ (T_MASK ^ 0x546bdc58)
108 #define T52 /* 0xfc93a039 */ (T_MASK ^ 0x036c5fc6)
109 #define T53 0x655b59c3
110 #define T54 /* 0x8f0ccc92 */ (T_MASK ^ 0x70f3336d)
111 #define T55 /* 0xffeff47d */ (T_MASK ^ 0x00100b82)
112 #define T56 /* 0x85845dd1 */ (T_MASK ^ 0x7a7ba22e)
113 #define T57 0x6fa87e4f
114 #define T58 /* 0xfe2ce6e0 */ (T_MASK ^ 0x01d3191f)
115 #define T59 /* 0xa3014314 */ (T_MASK ^ 0x5cfebceb)
116 #define T60 0x4e0811a1
117 #define T61 /* 0xf7537e82 */ (T_MASK ^ 0x08ac817d)
118 #define T62 /* 0xbd3af235 */ (T_MASK ^ 0x42c50dca)
119 #define T63 0x2ad7d2bb
120 #define T64 /* 0xeb86d391 */ (T_MASK ^ 0x14792c6e)
121
122
123 #if defined(__clang__) && defined(__clang_major__) && __clang_major__ >= 4
124 __attribute__((no_sanitize("unsigned-integer-overflow")))
125 #endif
md5_process(md5_context_t * pms,const md5_byte_t * data)126 static void md5_process(md5_context_t *pms, const md5_byte_t *data /*[64]*/) {
127 md5_word_t
128 a = pms->abcd[0], b = pms->abcd[1],
129 c = pms->abcd[2], d = pms->abcd[3];
130 md5_word_t t;
131 #if BYTE_ORDER > 0
132 /* Define storage only for big-endian CPUs. */
133 md5_word_t X[16];
134 #else
135 /* Define storage for little-endian or both types of CPUs. */
136 md5_word_t xbuf[16];
137 const md5_word_t *X;
138 #endif
139
140 {
141 #if BYTE_ORDER == 0
142 /*
143 * Determine dynamically whether this is a big-endian or
144 * little-endian machine, since we can use a more efficient
145 * algorithm on the latter.
146 */
147 static const int w = 1;
148
149 if (*((const md5_byte_t *)&w)) /* dynamic little-endian */
150 #endif
151 #if BYTE_ORDER <= 0 /* little-endian */
152 {
153 /*
154 * On little-endian machines, we can process properly aligned
155 * data without copying it.
156 */
157 if (! ((data - (const md5_byte_t *)0) & 3)) {
158 /* data are properly aligned */
159 X = (const md5_word_t *)data;
160 } else {
161 /* not aligned */
162 memcpy(xbuf, data, 64);
163 X = xbuf;
164 }
165 }
166 #endif
167 #if BYTE_ORDER == 0
168 else /* dynamic big-endian */
169 #endif
170 #if BYTE_ORDER >= 0 /* big-endian */
171 {
172 /*
173 * On big-endian machines, we must arrange the bytes in the
174 * right order.
175 */
176 const md5_byte_t *xp = data;
177 int i;
178
179 # if BYTE_ORDER == 0
180 X = xbuf; /* (dynamic only) */
181 # else
182 # define xbuf X /* (static only) */
183 # endif
184 for (i = 0; i < 16; ++i, xp += 4)
185 xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
186 }
187 #endif
188 }
189
190 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
191
192 /* Round 1. */
193 /* Let [abcd k s i] denote the operation
194 a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */
195 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
196 #define SET(a, b, c, d, k, s, Ti)\
197 t = a + F(b,c,d) + X[k] + Ti;\
198 a = ROTATE_LEFT(t, s) + b
199 /* Do the following 16 operations. */
200 SET(a, b, c, d, 0, 7, T1);
201 SET(d, a, b, c, 1, 12, T2);
202 SET(c, d, a, b, 2, 17, T3);
203 SET(b, c, d, a, 3, 22, T4);
204 SET(a, b, c, d, 4, 7, T5);
205 SET(d, a, b, c, 5, 12, T6);
206 SET(c, d, a, b, 6, 17, T7);
207 SET(b, c, d, a, 7, 22, T8);
208 SET(a, b, c, d, 8, 7, T9);
209 SET(d, a, b, c, 9, 12, T10);
210 SET(c, d, a, b, 10, 17, T11);
211 SET(b, c, d, a, 11, 22, T12);
212 SET(a, b, c, d, 12, 7, T13);
213 SET(d, a, b, c, 13, 12, T14);
214 SET(c, d, a, b, 14, 17, T15);
215 SET(b, c, d, a, 15, 22, T16);
216 #undef SET
217
218 /* Round 2. */
219 /* Let [abcd k s i] denote the operation
220 a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */
221 #define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
222 #define SET(a, b, c, d, k, s, Ti)\
223 t = a + G(b,c,d) + X[k] + Ti;\
224 a = ROTATE_LEFT(t, s) + b
225 /* Do the following 16 operations. */
226 SET(a, b, c, d, 1, 5, T17);
227 SET(d, a, b, c, 6, 9, T18);
228 SET(c, d, a, b, 11, 14, T19);
229 SET(b, c, d, a, 0, 20, T20);
230 SET(a, b, c, d, 5, 5, T21);
231 SET(d, a, b, c, 10, 9, T22);
232 SET(c, d, a, b, 15, 14, T23);
233 SET(b, c, d, a, 4, 20, T24);
234 SET(a, b, c, d, 9, 5, T25);
235 SET(d, a, b, c, 14, 9, T26);
236 SET(c, d, a, b, 3, 14, T27);
237 SET(b, c, d, a, 8, 20, T28);
238 SET(a, b, c, d, 13, 5, T29);
239 SET(d, a, b, c, 2, 9, T30);
240 SET(c, d, a, b, 7, 14, T31);
241 SET(b, c, d, a, 12, 20, T32);
242 #undef SET
243
244 /* Round 3. */
245 /* Let [abcd k s t] denote the operation
246 a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */
247 #define H(x, y, z) ((x) ^ (y) ^ (z))
248 #define SET(a, b, c, d, k, s, Ti)\
249 t = a + H(b,c,d) + X[k] + Ti;\
250 a = ROTATE_LEFT(t, s) + b
251 /* Do the following 16 operations. */
252 SET(a, b, c, d, 5, 4, T33);
253 SET(d, a, b, c, 8, 11, T34);
254 SET(c, d, a, b, 11, 16, T35);
255 SET(b, c, d, a, 14, 23, T36);
256 SET(a, b, c, d, 1, 4, T37);
257 SET(d, a, b, c, 4, 11, T38);
258 SET(c, d, a, b, 7, 16, T39);
259 SET(b, c, d, a, 10, 23, T40);
260 SET(a, b, c, d, 13, 4, T41);
261 SET(d, a, b, c, 0, 11, T42);
262 SET(c, d, a, b, 3, 16, T43);
263 SET(b, c, d, a, 6, 23, T44);
264 SET(a, b, c, d, 9, 4, T45);
265 SET(d, a, b, c, 12, 11, T46);
266 SET(c, d, a, b, 15, 16, T47);
267 SET(b, c, d, a, 2, 23, T48);
268 #undef SET
269
270 /* Round 4. */
271 /* Let [abcd k s t] denote the operation
272 a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */
273 #define I(x, y, z) ((y) ^ ((x) | ~(z)))
274 #define SET(a, b, c, d, k, s, Ti)\
275 t = a + I(b,c,d) + X[k] + Ti;\
276 a = ROTATE_LEFT(t, s) + b
277 /* Do the following 16 operations. */
278 SET(a, b, c, d, 0, 6, T49);
279 SET(d, a, b, c, 7, 10, T50);
280 SET(c, d, a, b, 14, 15, T51);
281 SET(b, c, d, a, 5, 21, T52);
282 SET(a, b, c, d, 12, 6, T53);
283 SET(d, a, b, c, 3, 10, T54);
284 SET(c, d, a, b, 10, 15, T55);
285 SET(b, c, d, a, 1, 21, T56);
286 SET(a, b, c, d, 8, 6, T57);
287 SET(d, a, b, c, 15, 10, T58);
288 SET(c, d, a, b, 6, 15, T59);
289 SET(b, c, d, a, 13, 21, T60);
290 SET(a, b, c, d, 4, 6, T61);
291 SET(d, a, b, c, 11, 10, T62);
292 SET(c, d, a, b, 2, 15, T63);
293 SET(b, c, d, a, 9, 21, T64);
294 #undef SET
295
296 /* Then perform the following additions. (That is increment each
297 of the four registers by the value it had before this block
298 was started.) */
299 pms->abcd[0] += a;
300 pms->abcd[1] += b;
301 pms->abcd[2] += c;
302 pms->abcd[3] += d;
303 }
304
md5_init(md5_context_t * pms)305 void md5_init(md5_context_t *pms) {
306 pms->count[0] = pms->count[1] = 0;
307 pms->abcd[0] = 0x67452301;
308 pms->abcd[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476;
309 pms->abcd[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301;
310 pms->abcd[3] = 0x10325476;
311 }
312
md5_append(md5_context_t * pms,const md5_byte_t * data,int nbytes)313 void md5_append(md5_context_t *pms, const md5_byte_t *data, int nbytes) {
314 const md5_byte_t *p = data;
315 int left = nbytes;
316 int offset = (pms->count[0] >> 3) & 63;
317 md5_word_t nbits = (md5_word_t)(nbytes << 3);
318
319 if (nbytes <= 0)
320 return;
321
322 /* Update the message length. */
323 pms->count[1] += nbytes >> 29;
324 pms->count[0] += nbits;
325 if (pms->count[0] < nbits)
326 pms->count[1]++;
327
328 /* Process an initial partial block. */
329 if (offset) {
330 int copy = (offset + nbytes > 64 ? 64 - offset : nbytes);
331
332 memcpy(pms->buf + offset, p, copy);
333 if (offset + copy < 64)
334 return;
335 p += copy;
336 left -= copy;
337 md5_process(pms, pms->buf);
338 }
339
340 /* Process full blocks. */
341 for (; left >= 64; p += 64, left -= 64)
342 md5_process(pms, p);
343
344 /* Process a final partial block. */
345 if (left)
346 memcpy(pms->buf, p, left);
347 }
348
349 #if defined(__clang__) && defined(__clang_major__) && __clang_major__ >= 4
350 __attribute__((no_sanitize("unsigned-integer-overflow")))
351 #endif
md5_finish(md5_context_t * pms,md5_byte_t digest[16])352 void md5_finish(md5_context_t *pms, md5_byte_t digest[16]) {
353 static const md5_byte_t pad[64] = {
354 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
355 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
356 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
357 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
358 };
359 md5_byte_t data[8];
360
361 /* Save the length before padding. */
362 for (int i = 0; i < 8; ++i)
363 data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3));
364 /* Pad to 56 bytes mod 64. */
365 md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1);
366 /* Append the length. */
367 md5_append(pms, data, 8);
368 for (int i = 0; i < 16; ++i)
369 digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3));
370 }
371
372