1 /*
2  * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
3  * MD5 Message-Digest Algorithm (RFC 1321).
4  *
5  * Homepage:
6  * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
7  *
8  * Author:
9  * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
10  *
11  * This software was written by Alexander Peslyak in 2001.  No copyright is
12  * claimed, and the software is hereby placed in the public domain.
13  * In case this attempt to disclaim copyright and place the software in the
14  * public domain is deemed null and void, then the software is
15  * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
16  * general public under the following terms:
17  *
18  * Redistribution and use in source and binary forms, with or without
19  * modification, are permitted.
20  *
21  * There's ABSOLUTELY NO WARRANTY, express or implied.
22  *
23  * (This is a heavily cut-down "BSD license".)
24  *
25  * This differs from Colin Plumb's older public domain implementation in that
26  * no exactly 32-bit integer data type is required (any 32-bit or wider
27  * unsigned integer data type will do), there's no compile-time endianness
28  * configuration, and the function prototypes match OpenSSL's.  No code from
29  * Colin Plumb's implementation has been reused; this comment merely compares
30  * the properties of the two independent implementations.
31  *
32  * The primary goals of this implementation are portability and ease of use.
33  * It is meant to be fast, but not as fast as possible.  Some known
34  * optimizations are not included to reduce source code size and avoid
35  * compile-time configuration.
36  */
37 
38 #ifndef HAVE_OPENSSL
39 
40 #include <string.h>
41 
42 #include "md5.h"
43 
44 /*
45  * The basic MD5 functions.
46  *
47  * F and G are optimized compared to their RFC 1321 definitions for
48  * architectures that lack an AND-NOT instruction, just like in Colin Plumb's
49  * implementation.
50  */
51 #define F(x, y, z)			((z) ^ ((x) & ((y) ^ (z))))
52 #define G(x, y, z)			((y) ^ ((z) & ((x) ^ (y))))
53 #define H(x, y, z)			(((x) ^ (y)) ^ (z))
54 #define H2(x, y, z)			((x) ^ ((y) ^ (z)))
55 #define I(x, y, z)			((y) ^ ((x) | ~(z)))
56 
57 /*
58  * The MD5 transformation for all four rounds.
59  */
60 #define STEP(f, a, b, c, d, x, t, s) \
61 	(a) += f((b), (c), (d)) + (x) + (t); \
62 	(a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \
63 	(a) += (b);
64 
65 /*
66  * SET reads 4 input bytes in little-endian byte order and stores them
67  * in a properly aligned word in host byte order.
68  *
69  * The check for little-endian architectures that tolerate unaligned
70  * memory accesses is just an optimization.  Nothing will break if it
71  * doesn't work.
72  */
73 #if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
74 #define SET(n) \
75 	(*(MD5_u32plus *)&ptr[(n) * 4])
76 #define GET(n) \
77 	SET(n)
78 #else
79 #define SET(n) \
80 	(ctx->block[(n)] = \
81 	(MD5_u32plus)ptr[(n) * 4] | \
82 	((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \
83 	((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \
84 	((MD5_u32plus)ptr[(n) * 4 + 3] << 24))
85 #define GET(n) \
86 	(ctx->block[(n)])
87 #endif
88 
89 /*
90  * This processes one or more 64-byte data blocks, but does NOT update
91  * the bit counters.  There are no alignment requirements.
92  */
body(MD5_CTX * ctx,const void * data,unsigned long size)93 static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
94 {
95 	const unsigned char *ptr;
96 	MD5_u32plus a, b, c, d;
97 	MD5_u32plus saved_a, saved_b, saved_c, saved_d;
98 
99 	ptr = (const unsigned char *)data;
100 
101 	a = ctx->a;
102 	b = ctx->b;
103 	c = ctx->c;
104 	d = ctx->d;
105 
106 	do {
107 		saved_a = a;
108 		saved_b = b;
109 		saved_c = c;
110 		saved_d = d;
111 
112 /* Round 1 */
113 		STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7)
114 		STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12)
115 		STEP(F, c, d, a, b, SET(2), 0x242070db, 17)
116 		STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22)
117 		STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7)
118 		STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12)
119 		STEP(F, c, d, a, b, SET(6), 0xa8304613, 17)
120 		STEP(F, b, c, d, a, SET(7), 0xfd469501, 22)
121 		STEP(F, a, b, c, d, SET(8), 0x698098d8, 7)
122 		STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12)
123 		STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17)
124 		STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22)
125 		STEP(F, a, b, c, d, SET(12), 0x6b901122, 7)
126 		STEP(F, d, a, b, c, SET(13), 0xfd987193, 12)
127 		STEP(F, c, d, a, b, SET(14), 0xa679438e, 17)
128 		STEP(F, b, c, d, a, SET(15), 0x49b40821, 22)
129 
130 /* Round 2 */
131 		STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5)
132 		STEP(G, d, a, b, c, GET(6), 0xc040b340, 9)
133 		STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14)
134 		STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20)
135 		STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5)
136 		STEP(G, d, a, b, c, GET(10), 0x02441453, 9)
137 		STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14)
138 		STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20)
139 		STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5)
140 		STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9)
141 		STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14)
142 		STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20)
143 		STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5)
144 		STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9)
145 		STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14)
146 		STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20)
147 
148 /* Round 3 */
149 		STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4)
150 		STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11)
151 		STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16)
152 		STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23)
153 		STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4)
154 		STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11)
155 		STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16)
156 		STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23)
157 		STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4)
158 		STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11)
159 		STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16)
160 		STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23)
161 		STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4)
162 		STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11)
163 		STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16)
164 		STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23)
165 
166 /* Round 4 */
167 		STEP(I, a, b, c, d, GET(0), 0xf4292244, 6)
168 		STEP(I, d, a, b, c, GET(7), 0x432aff97, 10)
169 		STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15)
170 		STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21)
171 		STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6)
172 		STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10)
173 		STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15)
174 		STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21)
175 		STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6)
176 		STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10)
177 		STEP(I, c, d, a, b, GET(6), 0xa3014314, 15)
178 		STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21)
179 		STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6)
180 		STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10)
181 		STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15)
182 		STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21)
183 
184 		a += saved_a;
185 		b += saved_b;
186 		c += saved_c;
187 		d += saved_d;
188 
189 		ptr += 64;
190 	} while (size -= 64);
191 
192 	ctx->a = a;
193 	ctx->b = b;
194 	ctx->c = c;
195 	ctx->d = d;
196 
197 	return ptr;
198 }
199 
MD5_Init(MD5_CTX * ctx)200 void MD5_Init(MD5_CTX *ctx)
201 {
202 	ctx->a = 0x67452301;
203 	ctx->b = 0xefcdab89;
204 	ctx->c = 0x98badcfe;
205 	ctx->d = 0x10325476;
206 
207 	ctx->lo = 0;
208 	ctx->hi = 0;
209 }
210 
MD5_Update(MD5_CTX * ctx,const void * data,unsigned long size)211 void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
212 {
213 	MD5_u32plus saved_lo;
214 	unsigned long used, available;
215 
216 	saved_lo = ctx->lo;
217 	if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
218 		ctx->hi++;
219 	ctx->hi += size >> 29;
220 
221 	used = saved_lo & 0x3f;
222 
223 	if (used) {
224 		available = 64 - used;
225 
226 		if (size < available) {
227 			memcpy(&ctx->buffer[used], data, size);
228 			return;
229 		}
230 
231 		memcpy(&ctx->buffer[used], data, available);
232 		data = (const unsigned char *)data + available;
233 		size -= available;
234 		body(ctx, ctx->buffer, 64);
235 	}
236 
237 	if (size >= 64) {
238 		data = body(ctx, data, size & ~(unsigned long)0x3f);
239 		size &= 0x3f;
240 	}
241 
242 	memcpy(ctx->buffer, data, size);
243 }
244 
MD5_Final(unsigned char * result,MD5_CTX * ctx)245 void MD5_Final(unsigned char *result, MD5_CTX *ctx)
246 {
247 	unsigned long used, available;
248 
249 	used = ctx->lo & 0x3f;
250 
251 	ctx->buffer[used++] = 0x80;
252 
253 	available = 64 - used;
254 
255 	if (available < 8) {
256 		memset(&ctx->buffer[used], 0, available);
257 		body(ctx, ctx->buffer, 64);
258 		used = 0;
259 		available = 64;
260 	}
261 
262 	memset(&ctx->buffer[used], 0, available - 8);
263 
264 	ctx->lo <<= 3;
265 	ctx->buffer[56] = ctx->lo;
266 	ctx->buffer[57] = ctx->lo >> 8;
267 	ctx->buffer[58] = ctx->lo >> 16;
268 	ctx->buffer[59] = ctx->lo >> 24;
269 	ctx->buffer[60] = ctx->hi;
270 	ctx->buffer[61] = ctx->hi >> 8;
271 	ctx->buffer[62] = ctx->hi >> 16;
272 	ctx->buffer[63] = ctx->hi >> 24;
273 
274 	body(ctx, ctx->buffer, 64);
275 
276 	result[0] = ctx->a;
277 	result[1] = ctx->a >> 8;
278 	result[2] = ctx->a >> 16;
279 	result[3] = ctx->a >> 24;
280 	result[4] = ctx->b;
281 	result[5] = ctx->b >> 8;
282 	result[6] = ctx->b >> 16;
283 	result[7] = ctx->b >> 24;
284 	result[8] = ctx->c;
285 	result[9] = ctx->c >> 8;
286 	result[10] = ctx->c >> 16;
287 	result[11] = ctx->c >> 24;
288 	result[12] = ctx->d;
289 	result[13] = ctx->d >> 8;
290 	result[14] = ctx->d >> 16;
291 	result[15] = ctx->d >> 24;
292 
293 	memset(ctx, 0, sizeof(*ctx));
294 }
295 
296 #endif
297