1 /* $OpenBSD: md5.c,v 1.23 2024/06/01 07:36:16 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include <stdint.h> 61 #include <stdlib.h> 62 #include <string.h> 63 64 #include <openssl/opensslconf.h> 65 66 #include <openssl/md5.h> 67 68 #include "crypto_internal.h" 69 70 /* Ensure that MD5_LONG and uint32_t are equivalent size. */ 71 CTASSERT(sizeof(MD5_LONG) == sizeof(uint32_t)); 72 73 #ifdef MD5_ASM 74 void md5_block_asm_data_order(MD5_CTX *c, const void *p, size_t num); 75 #define md5_block_data_order md5_block_asm_data_order 76 #endif 77 78 #ifndef MD5_ASM 79 static inline uint32_t 80 md5_F(uint32_t x, uint32_t y, uint32_t z) 81 { 82 return (x & y) | (~x & z); 83 } 84 85 static inline uint32_t 86 md5_G(uint32_t x, uint32_t y, uint32_t z) 87 { 88 return (x & z) | (y & ~z); 89 } 90 91 static inline uint32_t 92 md5_H(uint32_t x, uint32_t y, uint32_t z) 93 { 94 return x ^ y ^ z; 95 } 96 97 static inline uint32_t 98 md5_I(uint32_t x, uint32_t y, uint32_t z) 99 { 100 return y ^ (x | ~z); 101 } 102 103 static inline void 104 md5_round1(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, 105 uint32_t t, uint32_t s) 106 { 107 *a = b + crypto_rol_u32(*a + md5_F(b, c, d) + x + t, s); 108 } 109 110 static inline void 111 md5_round2(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, 112 uint32_t t, uint32_t s) 113 { 114 *a = b + crypto_rol_u32(*a + md5_G(b, c, d) + x + t, s); 115 } 116 117 static inline void 118 md5_round3(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, 119 uint32_t t, uint32_t s) 120 { 121 *a = b + crypto_rol_u32(*a + md5_H(b, c, d) + x + t, s); 122 } 123 124 static inline void 125 md5_round4(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, 126 uint32_t t, uint32_t s) 127 { 128 *a = b + crypto_rol_u32(*a + md5_I(b, c, d) + x + t, s); 129 } 130 131 static void 132 md5_block_data_order(MD5_CTX *c, const void *_in, size_t num) 133 { 134 const uint8_t *in = _in; 135 const MD5_LONG *in32; 136 MD5_LONG A, B, C, D; 137 MD5_LONG X0, X1, X2, X3, X4, X5, X6, X7, 138 X8, X9, X10, X11, X12, X13, X14, X15; 139 140 while (num-- > 0) { 141 A = c->A; 142 B = c->B; 143 C = c->C; 144 D = c->D; 145 146 if ((uintptr_t)in % 4 == 0) { 147 /* Input is 32 bit aligned. */ 148 in32 = (const MD5_LONG *)in; 149 X0 = le32toh(in32[0]); 150 X1 = le32toh(in32[1]); 151 X2 = le32toh(in32[2]); 152 X3 = le32toh(in32[3]); 153 X4 = le32toh(in32[4]); 154 X5 = le32toh(in32[5]); 155 X6 = le32toh(in32[6]); 156 X7 = le32toh(in32[7]); 157 X8 = le32toh(in32[8]); 158 X9 = le32toh(in32[9]); 159 X10 = le32toh(in32[10]); 160 X11 = le32toh(in32[11]); 161 X12 = le32toh(in32[12]); 162 X13 = le32toh(in32[13]); 163 X14 = le32toh(in32[14]); 164 X15 = le32toh(in32[15]); 165 } else { 166 /* Input is not 32 bit aligned. */ 167 X0 = crypto_load_le32toh(&in[0 * 4]); 168 X1 = crypto_load_le32toh(&in[1 * 4]); 169 X2 = crypto_load_le32toh(&in[2 * 4]); 170 X3 = crypto_load_le32toh(&in[3 * 4]); 171 X4 = crypto_load_le32toh(&in[4 * 4]); 172 X5 = crypto_load_le32toh(&in[5 * 4]); 173 X6 = crypto_load_le32toh(&in[6 * 4]); 174 X7 = crypto_load_le32toh(&in[7 * 4]); 175 X8 = crypto_load_le32toh(&in[8 * 4]); 176 X9 = crypto_load_le32toh(&in[9 * 4]); 177 X10 = crypto_load_le32toh(&in[10 * 4]); 178 X11 = crypto_load_le32toh(&in[11 * 4]); 179 X12 = crypto_load_le32toh(&in[12 * 4]); 180 X13 = crypto_load_le32toh(&in[13 * 4]); 181 X14 = crypto_load_le32toh(&in[14 * 4]); 182 X15 = crypto_load_le32toh(&in[15 * 4]); 183 } 184 in += MD5_CBLOCK; 185 186 md5_round1(&A, B, C, D, X0, 0xd76aa478L, 7); 187 md5_round1(&D, A, B, C, X1, 0xe8c7b756L, 12); 188 md5_round1(&C, D, A, B, X2, 0x242070dbL, 17); 189 md5_round1(&B, C, D, A, X3, 0xc1bdceeeL, 22); 190 md5_round1(&A, B, C, D, X4, 0xf57c0fafL, 7); 191 md5_round1(&D, A, B, C, X5, 0x4787c62aL, 12); 192 md5_round1(&C, D, A, B, X6, 0xa8304613L, 17); 193 md5_round1(&B, C, D, A, X7, 0xfd469501L, 22); 194 md5_round1(&A, B, C, D, X8, 0x698098d8L, 7); 195 md5_round1(&D, A, B, C, X9, 0x8b44f7afL, 12); 196 md5_round1(&C, D, A, B, X10, 0xffff5bb1L, 17); 197 md5_round1(&B, C, D, A, X11, 0x895cd7beL, 22); 198 md5_round1(&A, B, C, D, X12, 0x6b901122L, 7); 199 md5_round1(&D, A, B, C, X13, 0xfd987193L, 12); 200 md5_round1(&C, D, A, B, X14, 0xa679438eL, 17); 201 md5_round1(&B, C, D, A, X15, 0x49b40821L, 22); 202 203 md5_round2(&A, B, C, D, X1, 0xf61e2562L, 5); 204 md5_round2(&D, A, B, C, X6, 0xc040b340L, 9); 205 md5_round2(&C, D, A, B, X11, 0x265e5a51L, 14); 206 md5_round2(&B, C, D, A, X0, 0xe9b6c7aaL, 20); 207 md5_round2(&A, B, C, D, X5, 0xd62f105dL, 5); 208 md5_round2(&D, A, B, C, X10, 0x02441453L, 9); 209 md5_round2(&C, D, A, B, X15, 0xd8a1e681L, 14); 210 md5_round2(&B, C, D, A, X4, 0xe7d3fbc8L, 20); 211 md5_round2(&A, B, C, D, X9, 0x21e1cde6L, 5); 212 md5_round2(&D, A, B, C, X14, 0xc33707d6L, 9); 213 md5_round2(&C, D, A, B, X3, 0xf4d50d87L, 14); 214 md5_round2(&B, C, D, A, X8, 0x455a14edL, 20); 215 md5_round2(&A, B, C, D, X13, 0xa9e3e905L, 5); 216 md5_round2(&D, A, B, C, X2, 0xfcefa3f8L, 9); 217 md5_round2(&C, D, A, B, X7, 0x676f02d9L, 14); 218 md5_round2(&B, C, D, A, X12, 0x8d2a4c8aL, 20); 219 220 md5_round3(&A, B, C, D, X5, 0xfffa3942L, 4); 221 md5_round3(&D, A, B, C, X8, 0x8771f681L, 11); 222 md5_round3(&C, D, A, B, X11, 0x6d9d6122L, 16); 223 md5_round3(&B, C, D, A, X14, 0xfde5380cL, 23); 224 md5_round3(&A, B, C, D, X1, 0xa4beea44L, 4); 225 md5_round3(&D, A, B, C, X4, 0x4bdecfa9L, 11); 226 md5_round3(&C, D, A, B, X7, 0xf6bb4b60L, 16); 227 md5_round3(&B, C, D, A, X10, 0xbebfbc70L, 23); 228 md5_round3(&A, B, C, D, X13, 0x289b7ec6L, 4); 229 md5_round3(&D, A, B, C, X0, 0xeaa127faL, 11); 230 md5_round3(&C, D, A, B, X3, 0xd4ef3085L, 16); 231 md5_round3(&B, C, D, A, X6, 0x04881d05L, 23); 232 md5_round3(&A, B, C, D, X9, 0xd9d4d039L, 4); 233 md5_round3(&D, A, B, C, X12, 0xe6db99e5L, 11); 234 md5_round3(&C, D, A, B, X15, 0x1fa27cf8L, 16); 235 md5_round3(&B, C, D, A, X2, 0xc4ac5665L, 23); 236 237 md5_round4(&A, B, C, D, X0, 0xf4292244L, 6); 238 md5_round4(&D, A, B, C, X7, 0x432aff97L, 10); 239 md5_round4(&C, D, A, B, X14, 0xab9423a7L, 15); 240 md5_round4(&B, C, D, A, X5, 0xfc93a039L, 21); 241 md5_round4(&A, B, C, D, X12, 0x655b59c3L, 6); 242 md5_round4(&D, A, B, C, X3, 0x8f0ccc92L, 10); 243 md5_round4(&C, D, A, B, X10, 0xffeff47dL, 15); 244 md5_round4(&B, C, D, A, X1, 0x85845dd1L, 21); 245 md5_round4(&A, B, C, D, X8, 0x6fa87e4fL, 6); 246 md5_round4(&D, A, B, C, X15, 0xfe2ce6e0L, 10); 247 md5_round4(&C, D, A, B, X6, 0xa3014314L, 15); 248 md5_round4(&B, C, D, A, X13, 0x4e0811a1L, 21); 249 md5_round4(&A, B, C, D, X4, 0xf7537e82L, 6); 250 md5_round4(&D, A, B, C, X11, 0xbd3af235L, 10); 251 md5_round4(&C, D, A, B, X2, 0x2ad7d2bbL, 15); 252 md5_round4(&B, C, D, A, X9, 0xeb86d391L, 21); 253 254 c->A += A; 255 c->B += B; 256 c->C += C; 257 c->D += D; 258 } 259 } 260 #endif 261 262 int 263 MD5_Init(MD5_CTX *c) 264 { 265 memset(c, 0, sizeof(*c)); 266 267 c->A = 0x67452301UL; 268 c->B = 0xefcdab89UL; 269 c->C = 0x98badcfeUL; 270 c->D = 0x10325476UL; 271 272 return 1; 273 } 274 LCRYPTO_ALIAS(MD5_Init); 275 276 int 277 MD5_Update(MD5_CTX *c, const void *data_, size_t len) 278 { 279 const unsigned char *data = data_; 280 unsigned char *p; 281 MD5_LONG l; 282 size_t n; 283 284 if (len == 0) 285 return 1; 286 287 l = (c->Nl + (((MD5_LONG)len) << 3))&0xffffffffUL; 288 /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to 289 * Wei Dai <weidai@eskimo.com> for pointing it out. */ 290 if (l < c->Nl) /* overflow */ 291 c->Nh++; 292 c->Nh+=(MD5_LONG)(len>>29); /* might cause compiler warning on 16-bit */ 293 c->Nl = l; 294 295 n = c->num; 296 if (n != 0) { 297 p = (unsigned char *)c->data; 298 299 if (len >= MD5_CBLOCK || len + n >= MD5_CBLOCK) { 300 memcpy(p + n, data, MD5_CBLOCK - n); 301 md5_block_data_order(c, p, 1); 302 n = MD5_CBLOCK - n; 303 data += n; 304 len -= n; 305 c->num = 0; 306 memset(p, 0, MD5_CBLOCK); /* keep it zeroed */ 307 } else { 308 memcpy(p + n, data, len); 309 c->num += (unsigned int)len; 310 return 1; 311 } 312 } 313 314 n = len/MD5_CBLOCK; 315 if (n > 0) { 316 md5_block_data_order(c, data, n); 317 n *= MD5_CBLOCK; 318 data += n; 319 len -= n; 320 } 321 322 if (len != 0) { 323 p = (unsigned char *)c->data; 324 c->num = (unsigned int)len; 325 memcpy(p, data, len); 326 } 327 return 1; 328 } 329 LCRYPTO_ALIAS(MD5_Update); 330 331 void 332 MD5_Transform(MD5_CTX *c, const unsigned char *data) 333 { 334 md5_block_data_order(c, data, 1); 335 } 336 LCRYPTO_ALIAS(MD5_Transform); 337 338 int 339 MD5_Final(unsigned char *md, MD5_CTX *c) 340 { 341 unsigned char *p = (unsigned char *)c->data; 342 size_t n = c->num; 343 344 p[n] = 0x80; /* there is always room for one */ 345 n++; 346 347 if (n > (MD5_CBLOCK - 8)) { 348 memset(p + n, 0, MD5_CBLOCK - n); 349 n = 0; 350 md5_block_data_order(c, p, 1); 351 } 352 353 memset(p + n, 0, MD5_CBLOCK - 8 - n); 354 c->data[MD5_LBLOCK - 2] = htole32(c->Nl); 355 c->data[MD5_LBLOCK - 1] = htole32(c->Nh); 356 357 md5_block_data_order(c, p, 1); 358 c->num = 0; 359 memset(p, 0, MD5_CBLOCK); 360 361 crypto_store_htole32(&md[0 * 4], c->A); 362 crypto_store_htole32(&md[1 * 4], c->B); 363 crypto_store_htole32(&md[2 * 4], c->C); 364 crypto_store_htole32(&md[3 * 4], c->D); 365 366 return 1; 367 } 368 LCRYPTO_ALIAS(MD5_Final); 369 370 unsigned char * 371 MD5(const unsigned char *d, size_t n, unsigned char *md) 372 { 373 MD5_CTX c; 374 375 if (!MD5_Init(&c)) 376 return NULL; 377 MD5_Update(&c, d, n); 378 MD5_Final(md, &c); 379 explicit_bzero(&c, sizeof(c)); 380 return (md); 381 } 382 LCRYPTO_ALIAS(MD5); 383