2
* This is work is derived from material Copyright RSA Data Security, Inc.
4
* The RSA copyright statement and Licence for that original material is
5
* included below. This is followed by the Apache copyright statement and
6
* licence for the modifications made to that material.
9
/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
12
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
15
License to copy and use this software is granted provided that it
16
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
17
Algorithm" in all material mentioning or referencing this software
20
License is also granted to make and use derivative works provided
21
that such works are identified as "derived from the RSA Data
22
Security, Inc. MD5 Message-Digest Algorithm" in all material
23
mentioning or referencing the derived work.
25
RSA Data Security, Inc. makes no representations concerning either
26
the merchantability of this software or the suitability of this
27
software for any particular purpose. It is provided "as is"
28
without express or implied warranty of any kind.
30
These notices must be retained in any copies of any part of this
31
documentation and/or software.
34
/* Copyright 2000-2005 The Apache Software Foundation or its licensors, as
37
* Licensed under the Apache License, Version 2.0 (the "License");
38
* you may not use this file except in compliance with the License.
39
* You may obtain a copy of the License at
41
* http://www.apache.org/licenses/LICENSE-2.0
43
* Unless required by applicable law or agreed to in writing, software
44
* distributed under the License is distributed on an "AS IS" BASIS,
45
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
46
* See the License for the specific language governing permissions and
47
* limitations under the License.
51
* The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
52
* MD5 crypt() function, which is licenced as follows:
53
* ----------------------------------------------------------------------------
54
* "THE BEER-WARE LICENSE" (Revision 42):
55
* <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
56
* can do whatever you want with this stuff. If we meet some day, and you think
57
* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
58
* ----------------------------------------------------------------------------
60
#include "apr_strings.h"
63
#include "apu_config.h"
75
#if APR_HAVE_PTHREAD_H
79
/* Constants for MD5Transform routine.
99
static void MD5Transform(apr_uint32_t state[4], const unsigned char block[64]);
100
static void Encode(unsigned char *output, const apr_uint32_t *input,
102
static void Decode(apr_uint32_t *output, const unsigned char *input,
105
static unsigned char PADDING[64] =
107
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
108
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
109
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
112
#if APR_CHARSET_EBCDIC
113
static apr_xlate_t *xlate_ebcdic_to_ascii; /* used in apr_md5_encode() */
116
/* F, G, H and I are basic MD5 functions.
118
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
119
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
120
#define H(x, y, z) ((x) ^ (y) ^ (z))
121
#define I(x, y, z) ((y) ^ ((x) | (~z)))
123
/* ROTATE_LEFT rotates x left n bits.
125
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
127
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
128
* Rotation is separate from addition to prevent recomputation.
130
#define FF(a, b, c, d, x, s, ac) { \
131
(a) += F ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
132
(a) = ROTATE_LEFT ((a), (s)); \
135
#define GG(a, b, c, d, x, s, ac) { \
136
(a) += G ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
137
(a) = ROTATE_LEFT ((a), (s)); \
140
#define HH(a, b, c, d, x, s, ac) { \
141
(a) += H ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
142
(a) = ROTATE_LEFT ((a), (s)); \
145
#define II(a, b, c, d, x, s, ac) { \
146
(a) += I ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
147
(a) = ROTATE_LEFT ((a), (s)); \
151
/* MD5 initialization. Begins an MD5 operation, writing a new context.
153
APU_DECLARE(apr_status_t) apr_md5_init(apr_md5_ctx_t *context)
155
context->count[0] = context->count[1] = 0;
157
/* Load magic initialization constants. */
158
context->state[0] = 0x67452301;
159
context->state[1] = 0xefcdab89;
160
context->state[2] = 0x98badcfe;
161
context->state[3] = 0x10325476;
162
context->xlate = NULL;
167
/* MD5 translation setup. Provides the APR translation handle
168
* to be used for translating the content before calculating the
171
APU_DECLARE(apr_status_t) apr_md5_set_xlate(apr_md5_ctx_t *context,
178
/* TODO: remove the single-byte-only restriction from this code
180
rv = apr_xlate_sb_get(xlate, &is_sb);
181
if (rv != APR_SUCCESS) {
187
context->xlate = xlate;
191
#endif /* APR_HAS_XLATE */
194
/* MD5 block update operation. Continues an MD5 message-digest
195
* operation, processing another message block, and updating the
198
APU_DECLARE(apr_status_t) apr_md5_update(apr_md5_ctx_t *context,
202
const unsigned char *input = _input;
203
unsigned int i, idx, partLen;
205
apr_size_t inbytes_left, outbytes_left;
208
/* Compute number of bytes mod 64 */
209
idx = (unsigned int)((context->count[0] >> 3) & 0x3F);
211
/* Update number of bits */
212
if ((context->count[0] += ((apr_uint32_t)inputLen << 3))
213
< ((apr_uint32_t)inputLen << 3))
215
context->count[1] += (apr_uint32_t)inputLen >> 29;
219
/* Transform as many times as possible. */
221
if (inputLen >= partLen) {
222
memcpy(&context->buffer[idx], input, partLen);
223
MD5Transform(context->state, context->buffer);
225
for (i = partLen; i + 63 < inputLen; i += 64)
226
MD5Transform(context->state, &input[i]);
233
/* Buffer remaining input */
234
memcpy(&context->buffer[idx], &input[i], inputLen - i);
235
#else /*APR_HAS_XLATE*/
236
if (inputLen >= partLen) {
237
if (context->xlate) {
238
inbytes_left = outbytes_left = partLen;
239
apr_xlate_conv_buffer(context->xlate, (const char *)input,
241
(char *)&context->buffer[idx],
245
memcpy(&context->buffer[idx], input, partLen);
247
MD5Transform(context->state, context->buffer);
249
for (i = partLen; i + 63 < inputLen; i += 64) {
250
if (context->xlate) {
251
unsigned char inp_tmp[64];
252
inbytes_left = outbytes_left = 64;
253
apr_xlate_conv_buffer(context->xlate, (const char *)&input[i],
254
&inbytes_left, (char *)inp_tmp,
256
MD5Transform(context->state, inp_tmp);
259
MD5Transform(context->state, &input[i]);
268
/* Buffer remaining input */
269
if (context->xlate) {
270
inbytes_left = outbytes_left = inputLen - i;
271
apr_xlate_conv_buffer(context->xlate, (const char *)&input[i],
272
&inbytes_left, (char *)&context->buffer[idx],
276
memcpy(&context->buffer[idx], &input[i], inputLen - i);
278
#endif /*APR_HAS_XLATE*/
282
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
283
* the message digest and zeroizing the context.
285
APU_DECLARE(apr_status_t) apr_md5_final(unsigned char digest[APR_MD5_DIGESTSIZE],
286
apr_md5_ctx_t *context)
288
unsigned char bits[8];
289
unsigned int idx, padLen;
291
/* Save number of bits */
292
Encode(bits, context->count, 8);
295
/* apr_md5_update() should not translate for this final round. */
296
context->xlate = NULL;
297
#endif /*APR_HAS_XLATE*/
299
/* Pad out to 56 mod 64. */
300
idx = (unsigned int)((context->count[0] >> 3) & 0x3f);
301
padLen = (idx < 56) ? (56 - idx) : (120 - idx);
302
apr_md5_update(context, PADDING, padLen);
304
/* Append length (before padding) */
305
apr_md5_update(context, bits, 8);
307
/* Store state in digest */
308
Encode(digest, context->state, APR_MD5_DIGESTSIZE);
310
/* Zeroize sensitive information. */
311
memset(context, 0, sizeof(*context));
316
/* MD5 in one step (init, update, final)
318
APU_DECLARE(apr_status_t) apr_md5(unsigned char digest[APR_MD5_DIGESTSIZE],
322
const unsigned char *input = _input;
328
if ((rv = apr_md5_update(&ctx, input, inputLen)) != APR_SUCCESS)
331
return apr_md5_final(digest, &ctx);
334
/* MD5 basic transformation. Transforms state based on block. */
335
static void MD5Transform(apr_uint32_t state[4], const unsigned char block[64])
337
apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3],
338
x[APR_MD5_DIGESTSIZE];
340
Decode(x, block, 64);
343
FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
344
FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
345
FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
346
FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
347
FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
348
FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
349
FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
350
FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
351
FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
352
FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
353
FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
354
FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
355
FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
356
FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
357
FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
358
FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
361
GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
362
GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
363
GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
364
GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
365
GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
366
GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
367
GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
368
GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
369
GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
370
GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
371
GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
372
GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
373
GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
374
GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
375
GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
376
GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
379
HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
380
HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
381
HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
382
HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
383
HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
384
HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
385
HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
386
HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
387
HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
388
HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
389
HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
390
HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
391
HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
392
HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
393
HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
394
HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
397
II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
398
II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
399
II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
400
II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
401
II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
402
II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
403
II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
404
II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
405
II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
406
II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
407
II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
408
II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
409
II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
410
II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
411
II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
412
II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
419
/* Zeroize sensitive information. */
420
memset(x, 0, sizeof(x));
423
/* Encodes input (apr_uint32_t) into output (unsigned char). Assumes len is
426
static void Encode(unsigned char *output, const apr_uint32_t *input,
432
for (i = 0, j = 0; j < len; i++, j += 4) {
434
output[j] = (unsigned char)(k & 0xff);
435
output[j + 1] = (unsigned char)((k >> 8) & 0xff);
436
output[j + 2] = (unsigned char)((k >> 16) & 0xff);
437
output[j + 3] = (unsigned char)((k >> 24) & 0xff);
441
/* Decodes input (unsigned char) into output (apr_uint32_t). Assumes len is
444
static void Decode(apr_uint32_t *output, const unsigned char *input,
449
for (i = 0, j = 0; j < len; i++, j += 4)
450
output[i] = ((apr_uint32_t)input[j]) |
451
(((apr_uint32_t)input[j + 1]) << 8) |
452
(((apr_uint32_t)input[j + 2]) << 16) |
453
(((apr_uint32_t)input[j + 3]) << 24);
456
#if APR_CHARSET_EBCDIC
457
APU_DECLARE(apr_status_t) apr_MD5InitEBCDIC(apr_xlate_t *xlate)
459
xlate_ebcdic_to_ascii = xlate;
465
* Define the Magic String prefix that identifies a password as being
466
* hashed using our algorithm.
468
static const char *apr1_id = "$apr1$";
471
* The following MD5 password encryption code was largely borrowed from
472
* the FreeBSD 3.0 /usr/src/lib/libcrypt/crypt.c file, which is
473
* licenced as stated at the top of this file.
476
static void to64(char *s, unsigned long v, int n)
478
static unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
479
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
482
*s++ = itoa64[v&0x3f];
487
APU_DECLARE(apr_status_t) apr_md5_encode(const char *pw, const char *salt,
488
char *result, apr_size_t nbytes)
491
* Minimum size is 8 bytes for salt, plus 1 for the trailing NUL,
492
* plus 4 for the '$' separators, plus the password hash itself.
493
* Let's leave a goodly amount of leeway.
496
char passwd[120], *p;
498
unsigned char final[APR_MD5_DIGESTSIZE];
499
apr_ssize_t sl, pl, i;
500
apr_md5_ctx_t ctx, ctx1;
504
* Refine the salt first. It's possible we were given an already-hashed
505
* string as the salt argument, so extract the actual salt value from it
506
* if so. Otherwise just use the string up to the first '$' as the salt.
511
* If it starts with the magic string, then skip that.
513
if (!strncmp(sp, apr1_id, strlen(apr1_id))) {
514
sp += strlen(apr1_id);
518
* It stops at the first '$' or 8 chars, whichever comes first
520
for (ep = sp; (*ep != '\0') && (*ep != '$') && (ep < (sp + 8)); ep++) {
525
* Get the length of the true salt
530
* 'Time to make the doughnuts..'
533
#if APR_CHARSET_EBCDIC
534
apr_md5_set_xlate(&ctx, xlate_ebcdic_to_ascii);
538
* The password first, since that is what is most unknown
540
apr_md5_update(&ctx, pw, strlen(pw));
543
* Then our magic string
545
apr_md5_update(&ctx, apr1_id, strlen(apr1_id));
550
apr_md5_update(&ctx, sp, sl);
553
* Then just as many characters of the MD5(pw, salt, pw)
556
apr_md5_update(&ctx1, pw, strlen(pw));
557
apr_md5_update(&ctx1, sp, sl);
558
apr_md5_update(&ctx1, pw, strlen(pw));
559
apr_md5_final(final, &ctx1);
560
for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
561
apr_md5_update(&ctx, final,
562
(pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl);
566
* Don't leave anything around in vm they could use.
568
memset(final, 0, sizeof(final));
571
* Then something really weird...
573
for (i = strlen(pw); i != 0; i >>= 1) {
575
apr_md5_update(&ctx, final, 1);
578
apr_md5_update(&ctx, pw, 1);
583
* Now make the output string. We know our limitations, so we
584
* can use the string routines without bounds checking.
586
strcpy(passwd, apr1_id);
587
strncat(passwd, sp, sl);
590
apr_md5_final(final, &ctx);
593
* And now, just to make sure things don't run too fast..
594
* On a 60 Mhz Pentium this takes 34 msec, so you would
595
* need 30 seconds to build a 1000 entry dictionary...
597
for (i = 0; i < 1000; i++) {
600
apr_md5_update(&ctx1, pw, strlen(pw));
603
apr_md5_update(&ctx1, final, APR_MD5_DIGESTSIZE);
606
apr_md5_update(&ctx1, sp, sl);
610
apr_md5_update(&ctx1, pw, strlen(pw));
614
apr_md5_update(&ctx1, final, APR_MD5_DIGESTSIZE);
617
apr_md5_update(&ctx1, pw, strlen(pw));
619
apr_md5_final(final,&ctx1);
622
p = passwd + strlen(passwd);
624
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p, l, 4); p += 4;
625
l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p, l, 4); p += 4;
626
l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p, l, 4); p += 4;
627
l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p, l, 4); p += 4;
628
l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p, l, 4); p += 4;
629
l = final[11] ; to64(p, l, 2); p += 2;
633
* Don't leave anything around in vm they could use.
635
memset(final, 0, sizeof(final));
637
apr_cpystrn(result, passwd, nbytes - 1);
641
#if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
642
#if defined(APU_CRYPT_THREADSAFE) || !APR_HAS_THREADS || \
643
defined(CRYPT_R_CRYPTD) || defined(CRYPT_R_STRUCT_CRYPT_DATA)
645
#define crypt_mutex_lock()
646
#define crypt_mutex_unlock()
648
#elif APR_HAVE_PTHREAD_H && defined(PTHREAD_MUTEX_INITIALIZER)
650
static pthread_mutex_t crypt_mutex = PTHREAD_MUTEX_INITIALIZER;
651
static void crypt_mutex_lock(void)
653
pthread_mutex_lock(&crypt_mutex);
656
static void crypt_mutex_unlock(void)
658
pthread_mutex_unlock(&crypt_mutex);
663
#error apr_password_validate() is not threadsafe. rebuild APR without thread support.
669
* Validate a plaintext password against a smashed one. Uses either
670
* crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending
671
* upon the format of the smashed input password. Returns APR_SUCCESS if
672
* they match, or APR_EMISMATCH if they don't. If the platform doesn't
673
* support crypt, then the default check is against a clear text string.
675
APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd,
679
#if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
682
if (!strncmp(hash, apr1_id, strlen(apr1_id))) {
684
* The hash was created using our custom algorithm.
686
apr_md5_encode(passwd, hash, sample, sizeof(sample));
688
else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) {
689
apr_sha1_base64(passwd, strlen(passwd), sample);
693
* It's not our algorithm, so feed it to crypt() if possible.
695
#if defined(WIN32) || defined(BEOS) || defined(NETWARE)
696
apr_cpystrn(sample, passwd, sizeof(sample) - 1);
697
#elif defined(CRYPT_R_CRYPTD)
700
crypt_pw = crypt_r(passwd, hash, &buffer);
701
apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
702
#elif defined(CRYPT_R_STRUCT_CRYPT_DATA)
703
struct crypt_data buffer;
705
/* having to clear this seems bogus... GNU doc is
706
* confusing... user report found from google says
707
* the crypt_data struct had to be cleared to get
708
* the same result as plain crypt()
710
memset(&buffer, 0, sizeof(buffer));
711
crypt_pw = crypt_r(passwd, hash, &buffer);
712
apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
714
/* Do a bit of sanity checking since we know that crypt_r()
715
* should always be used for threaded builds on AIX, and
716
* problems in configure logic can result in the wrong
719
#if defined(_AIX) && APR_HAS_THREADS
720
#error Configuration error! crypt_r() should have been selected!
723
/* Handle thread safety issues by holding a mutex around the
727
crypt_pw = crypt(passwd, hash);
728
apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
729
crypt_mutex_unlock();
732
return (strcmp(sample, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;