1 /* One way encryption based on MD5 sum.
2 Copyright (C) 1996, 1997, 1999, 2000 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, write to the Free
18 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
25 #include <sys/param.h>
30 /* Define our magic string to mark salt for MD5 "encryption"
31 replacement. This is meant to be the same as for other MD5 based
32 encryption implementations. */
33 static const char md5_salt_prefix[] = "$1$";
35 /* Table with characters for base64 transformation. */
36 static const char b64t[64] =
37 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
40 /* Prototypes for local functions. */
41 extern char *__md5_crypt_r (const char *key, const char *salt,
42 char *buffer, int buflen);
43 extern char *__md5_crypt (const char *key, const char *salt);
46 /* This entry point is equivalent to the `crypt' function in Unix
49 __md5_crypt_r (key, salt, buffer, buflen)
55 unsigned char alt_result[16]
56 __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
58 struct md5_ctx alt_ctx;
63 char *copied_key = NULL;
64 char *copied_salt = NULL;
66 /* Find beginning of salt string. The prefix should normally always
67 be present. Just in case it is not. */
68 if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
69 /* Skip salt prefix. */
70 salt += sizeof (md5_salt_prefix) - 1;
72 salt_len = MIN (strcspn (salt, "$"), 8);
73 key_len = strlen (key);
75 if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
77 char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
79 memcpy (tmp + __alignof__ (md5_uint32)
80 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
82 assert ((key - (char *) 0) % __alignof__ (md5_uint32) == 0);
85 if ((salt - (char *) 0) % __alignof__ (md5_uint32) != 0)
87 char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32));
89 memcpy (tmp + __alignof__ (md5_uint32)
90 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
92 assert ((salt - (char *) 0) % __alignof__ (md5_uint32) == 0);
95 /* Prepare for the real work. */
96 __md5_init_ctx (&ctx);
98 /* Add the key string. */
99 __md5_process_bytes (key, key_len, &ctx);
101 /* Because the SALT argument need not always have the salt prefix we
102 add it separately. */
103 __md5_process_bytes (md5_salt_prefix, sizeof (md5_salt_prefix) - 1, &ctx);
105 /* The last part is the salt string. This must be at most 8
106 characters and it ends at the first `$' character (for
107 compatibility which existing solutions). */
108 __md5_process_bytes (salt, salt_len, &ctx);
111 /* Compute alternate MD5 sum with input KEY, SALT, and KEY. The
112 final result will be added to the first context. */
113 __md5_init_ctx (&alt_ctx);
116 __md5_process_bytes (key, key_len, &alt_ctx);
119 __md5_process_bytes (salt, salt_len, &alt_ctx);
122 __md5_process_bytes (key, key_len, &alt_ctx);
124 /* Now get result of this (16 bytes) and add it to the other
126 __md5_finish_ctx (&alt_ctx, alt_result);
128 /* Add for any character in the key one byte of the alternate sum. */
129 for (cnt = key_len; cnt > 16; cnt -= 16)
130 __md5_process_bytes (alt_result, 16, &ctx);
131 __md5_process_bytes (alt_result, cnt, &ctx);
133 /* For the following code we need a NUL byte. */
136 /* The original implementation now does something weird: for every 1
137 bit in the key the first 0 is added to the buffer, for every 0
138 bit the first character of the key. This does not seem to be
139 what was intended but we have to follow this to be compatible. */
140 for (cnt = key_len; cnt > 0; cnt >>= 1)
141 __md5_process_bytes ((cnt & 1) != 0 ? (const char *) alt_result : key, 1,
144 /* Create intermediate result. */
145 __md5_finish_ctx (&ctx, alt_result);
147 /* Now comes another weirdness. In fear of password crackers here
148 comes a quite long loop which just processes the output of the
149 previous round again. We cannot ignore this here. */
150 for (cnt = 0; cnt < 1000; ++cnt)
153 __md5_init_ctx (&ctx);
155 /* Add key or last result. */
157 __md5_process_bytes (key, key_len, &ctx);
159 __md5_process_bytes (alt_result, 16, &ctx);
161 /* Add salt for numbers not divisible by 3. */
163 __md5_process_bytes (salt, salt_len, &ctx);
165 /* Add key for numbers not divisible by 7. */
167 __md5_process_bytes (key, key_len, &ctx);
169 /* Add key or last result. */
171 __md5_process_bytes (alt_result, 16, &ctx);
173 __md5_process_bytes (key, key_len, &ctx);
175 /* Create intermediate result. */
176 __md5_finish_ctx (&ctx, alt_result);
179 /* Now we can construct the result string. It consists of three
181 cp = __stpncpy (buffer, md5_salt_prefix, MAX (0, buflen));
182 buflen -= sizeof (md5_salt_prefix);
184 cp = __stpncpy (cp, salt, MIN ((size_t) buflen, salt_len));
185 buflen -= MIN ((size_t) buflen, salt_len);
193 #define b64_from_24bit(B2, B1, B0, N) \
195 unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
197 while (n-- > 0 && buflen > 0) \
199 *cp++ = b64t[w & 0x3f]; \
206 b64_from_24bit (alt_result[0], alt_result[6], alt_result[12], 4);
207 b64_from_24bit (alt_result[1], alt_result[7], alt_result[13], 4);
208 b64_from_24bit (alt_result[2], alt_result[8], alt_result[14], 4);
209 b64_from_24bit (alt_result[3], alt_result[9], alt_result[15], 4);
210 b64_from_24bit (alt_result[4], alt_result[10], alt_result[5], 4);
211 b64_from_24bit (0, 0, alt_result[11], 2);
214 __set_errno (ERANGE);
218 *cp = '\0'; /* Terminate the string. */
220 /* Clear the buffer for the intermediate result so that people
221 attaching to processes or reading core dumps cannot get any
222 information. We do it in this way to clear correct_words[]
223 inside the MD5 implementation as well. */
224 __md5_init_ctx (&ctx);
225 __md5_finish_ctx (&ctx, alt_result);
226 memset (&ctx, '\0', sizeof (ctx));
227 memset (&alt_ctx, '\0', sizeof (alt_ctx));
228 if (copied_key != NULL)
229 memset (copied_key, '\0', key_len);
230 if (copied_salt != NULL)
231 memset (copied_salt, '\0', salt_len);
240 __md5_crypt (const char *key, const char *salt)
242 /* We don't want to have an arbitrary limit in the size of the
243 password. We can compute the size of the result in advance and
244 so we can prepare the buffer we pass to `md5_crypt_r'. */
246 int needed = 3 + strlen (salt) + 1 + 26 + 1;
251 if ((buffer = realloc (buffer, buflen)) == NULL)
255 return __md5_crypt_r (key, salt, buffer, buflen);
260 __attribute__ ((__destructor__))