1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at http://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 
23 #include "curl_setup.h"
24 
25 #ifndef CURL_DISABLE_CRYPTO_AUTH
26 
27 #include "curl_md5.h"
28 #include "curl_hmac.h"
29 #include "warnless.h"
30 
31 #if defined(USE_GNUTLS_NETTLE)
32 
33 #include <nettle/md5.h>
34 #include "curl_memory.h"
35 /* The last #include file should be: */
36 #include "memdebug.h"
37 
38 typedef struct md5_ctx MD5_CTX;
39 
MD5_Init(MD5_CTX * ctx)40 static void MD5_Init(MD5_CTX * ctx)
41 {
42   md5_init(ctx);
43 }
44 
MD5_Update(MD5_CTX * ctx,const unsigned char * input,unsigned int inputLen)45 static void MD5_Update(MD5_CTX * ctx,
46                        const unsigned char * input,
47                        unsigned int inputLen)
48 {
49   md5_update(ctx, inputLen, input);
50 }
51 
MD5_Final(unsigned char digest[16],MD5_CTX * ctx)52 static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
53 {
54   md5_digest(ctx, 16, digest);
55 }
56 
57 #elif defined(USE_GNUTLS)
58 
59 #include <gcrypt.h>
60 #include "curl_memory.h"
61 /* The last #include file should be: */
62 #include "memdebug.h"
63 
64 typedef gcry_md_hd_t MD5_CTX;
65 
MD5_Init(MD5_CTX * ctx)66 static void MD5_Init(MD5_CTX * ctx)
67 {
68   gcry_md_open(ctx, GCRY_MD_MD5, 0);
69 }
70 
MD5_Update(MD5_CTX * ctx,const unsigned char * input,unsigned int inputLen)71 static void MD5_Update(MD5_CTX * ctx,
72                        const unsigned char * input,
73                        unsigned int inputLen)
74 {
75   gcry_md_write(*ctx, input, inputLen);
76 }
77 
MD5_Final(unsigned char digest[16],MD5_CTX * ctx)78 static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
79 {
80   memcpy(digest, gcry_md_read(*ctx, 0), 16);
81   gcry_md_close(*ctx);
82 }
83 
84 #elif defined(USE_OPENSSL)
85 /* When OpenSSL is available we use the MD5-function from OpenSSL */
86 #include <openssl/md5.h>
87 #include "curl_memory.h"
88 /* The last #include file should be: */
89 #include "memdebug.h"
90 
91 #elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \
92               (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \
93       (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \
94               (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000))
95 
96 /* For Apple operating systems: CommonCrypto has the functions we need.
97    These functions are available on Tiger and later, as well as iOS 2.0
98    and later. If you're building for an older cat, well, sorry.
99 
100    Declaring the functions as static like this seems to be a bit more
101    reliable than defining COMMON_DIGEST_FOR_OPENSSL on older cats. */
102 #  include <CommonCrypto/CommonDigest.h>
103 #  define MD5_CTX CC_MD5_CTX
104 #include "curl_memory.h"
105 /* The last #include file should be: */
106 #include "memdebug.h"
107 
MD5_Init(MD5_CTX * ctx)108 static void MD5_Init(MD5_CTX *ctx)
109 {
110   CC_MD5_Init(ctx);
111 }
112 
MD5_Update(MD5_CTX * ctx,const unsigned char * input,unsigned int inputLen)113 static void MD5_Update(MD5_CTX *ctx,
114                        const unsigned char *input,
115                        unsigned int inputLen)
116 {
117   CC_MD5_Update(ctx, input, inputLen);
118 }
119 
MD5_Final(unsigned char digest[16],MD5_CTX * ctx)120 static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
121 {
122   CC_MD5_Final(digest, ctx);
123 }
124 
125 #elif defined(_WIN32)
126 
127 #include <wincrypt.h>
128 #include "curl_memory.h"
129 /* The last #include file should be: */
130 #include "memdebug.h"
131 
132 typedef struct {
133   HCRYPTPROV hCryptProv;
134   HCRYPTHASH hHash;
135 } MD5_CTX;
136 
MD5_Init(MD5_CTX * ctx)137 static void MD5_Init(MD5_CTX *ctx)
138 {
139   if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL,
140                          PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
141     CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash);
142   }
143 }
144 
MD5_Update(MD5_CTX * ctx,const unsigned char * input,unsigned int inputLen)145 static void MD5_Update(MD5_CTX *ctx,
146                        const unsigned char *input,
147                        unsigned int inputLen)
148 {
149   CryptHashData(ctx->hHash, (unsigned char *)input, inputLen, 0);
150 }
151 
MD5_Final(unsigned char digest[16],MD5_CTX * ctx)152 static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
153 {
154   unsigned long length = 0;
155   CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0);
156   if(length == 16)
157     CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &length, 0);
158   if(ctx->hHash)
159     CryptDestroyHash(ctx->hHash);
160   if(ctx->hCryptProv)
161     CryptReleaseContext(ctx->hCryptProv, 0);
162 }
163 
164 #elif defined(USE_AXTLS)
165 #include <axTLS/config.h>
166 #include <axTLS/os_int.h>
167 #include <axTLS/crypto.h>
168 #include "curl_memory.h"
169 /* The last #include file should be: */
170 #include "memdebug.h"
171 #else
172 /* When no other crypto library is available we use this code segment */
173 /*
174  * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
175  * MD5 Message-Digest Algorithm (RFC 1321).
176  *
177  * Homepage:
178  http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
179  *
180  * Author:
181  * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
182  *
183  * This software was written by Alexander Peslyak in 2001.  No copyright is
184  * claimed, and the software is hereby placed in the public domain.
185  * In case this attempt to disclaim copyright and place the software in the
186  * public domain is deemed null and void, then the software is
187  * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
188  * general public under the following terms:
189  *
190  * Redistribution and use in source and binary forms, with or without
191  * modification, are permitted.
192  *
193  * There's ABSOLUTELY NO WARRANTY, express or implied.
194  *
195  * (This is a heavily cut-down "BSD license".)
196  *
197  * This differs from Colin Plumb's older public domain implementation in that
198  * no exactly 32-bit integer data type is required (any 32-bit or wider
199  * unsigned integer data type will do), there's no compile-time endianness
200  * configuration, and the function prototypes match OpenSSL's.  No code from
201  * Colin Plumb's implementation has been reused; this comment merely compares
202  * the properties of the two independent implementations.
203  *
204  * The primary goals of this implementation are portability and ease of use.
205  * It is meant to be fast, but not as fast as possible.  Some known
206  * optimizations are not included to reduce source code size and avoid
207  * compile-time configuration.
208  */
209 
210 #include <string.h>
211 
212 /* The last #include files should be: */
213 #include "curl_memory.h"
214 #include "memdebug.h"
215 
216 /* Any 32-bit or wider unsigned integer data type will do */
217 typedef unsigned int MD5_u32plus;
218 
219 typedef struct {
220   MD5_u32plus lo, hi;
221   MD5_u32plus a, b, c, d;
222   unsigned char buffer[64];
223   MD5_u32plus block[16];
224 } MD5_CTX;
225 
226 static void MD5_Init(MD5_CTX *ctx);
227 static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
228 static void MD5_Final(unsigned char *result, MD5_CTX *ctx);
229 
230 /*
231  * The basic MD5 functions.
232  *
233  * F and G are optimized compared to their RFC 1321 definitions for
234  * architectures that lack an AND-NOT instruction, just like in Colin Plumb's
235  * implementation.
236  */
237 #define F(x, y, z)                      ((z) ^ ((x) & ((y) ^ (z))))
238 #define G(x, y, z)                      ((y) ^ ((z) & ((x) ^ (y))))
239 #define H(x, y, z)                      (((x) ^ (y)) ^ (z))
240 #define H2(x, y, z)                     ((x) ^ ((y) ^ (z)))
241 #define I(x, y, z)                      ((y) ^ ((x) | ~(z)))
242 
243 /*
244  * The MD5 transformation for all four rounds.
245  */
246 #define STEP(f, a, b, c, d, x, t, s) \
247         (a) += f((b), (c), (d)) + (x) + (t); \
248         (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \
249         (a) += (b);
250 
251 /*
252  * SET reads 4 input bytes in little-endian byte order and stores them
253  * in a properly aligned word in host byte order.
254  *
255  * The check for little-endian architectures that tolerate unaligned
256  * memory accesses is just an optimization.  Nothing will break if it
257  * doesn't work.
258  */
259 #if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
260 #define SET(n) \
261         (*(MD5_u32plus *)&ptr[(n) * 4])
262 #define GET(n) \
263         SET(n)
264 #else
265 #define SET(n) \
266         (ctx->block[(n)] = \
267         (MD5_u32plus)ptr[(n) * 4] | \
268         ((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \
269         ((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \
270         ((MD5_u32plus)ptr[(n) * 4 + 3] << 24))
271 #define GET(n) \
272         (ctx->block[(n)])
273 #endif
274 
275 /*
276  * This processes one or more 64-byte data blocks, but does NOT update
277  * the bit counters.  There are no alignment requirements.
278  */
body(MD5_CTX * ctx,const void * data,unsigned long size)279 static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
280 {
281   const unsigned char *ptr;
282   MD5_u32plus a, b, c, d;
283   MD5_u32plus saved_a, saved_b, saved_c, saved_d;
284 
285   ptr = (const unsigned char *)data;
286 
287   a = ctx->a;
288   b = ctx->b;
289   c = ctx->c;
290   d = ctx->d;
291 
292   do {
293     saved_a = a;
294     saved_b = b;
295     saved_c = c;
296     saved_d = d;
297 
298 /* Round 1 */
299     STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7)
300       STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12)
301       STEP(F, c, d, a, b, SET(2), 0x242070db, 17)
302       STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22)
303       STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7)
304       STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12)
305       STEP(F, c, d, a, b, SET(6), 0xa8304613, 17)
306       STEP(F, b, c, d, a, SET(7), 0xfd469501, 22)
307       STEP(F, a, b, c, d, SET(8), 0x698098d8, 7)
308       STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12)
309       STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17)
310       STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22)
311       STEP(F, a, b, c, d, SET(12), 0x6b901122, 7)
312       STEP(F, d, a, b, c, SET(13), 0xfd987193, 12)
313       STEP(F, c, d, a, b, SET(14), 0xa679438e, 17)
314       STEP(F, b, c, d, a, SET(15), 0x49b40821, 22)
315 
316 /* Round 2 */
317       STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5)
318       STEP(G, d, a, b, c, GET(6), 0xc040b340, 9)
319       STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14)
320       STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20)
321       STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5)
322       STEP(G, d, a, b, c, GET(10), 0x02441453, 9)
323       STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14)
324       STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20)
325       STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5)
326       STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9)
327       STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14)
328       STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20)
329       STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5)
330       STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9)
331       STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14)
332       STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20)
333 
334 /* Round 3 */
335       STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4)
336       STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11)
337       STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16)
338       STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23)
339       STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4)
340       STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11)
341       STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16)
342       STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23)
343       STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4)
344       STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11)
345       STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16)
346       STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23)
347       STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4)
348       STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11)
349       STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16)
350       STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23)
351 
352 /* Round 4 */
353       STEP(I, a, b, c, d, GET(0), 0xf4292244, 6)
354       STEP(I, d, a, b, c, GET(7), 0x432aff97, 10)
355       STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15)
356       STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21)
357       STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6)
358       STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10)
359       STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15)
360       STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21)
361       STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6)
362       STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10)
363       STEP(I, c, d, a, b, GET(6), 0xa3014314, 15)
364       STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21)
365       STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6)
366       STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10)
367       STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15)
368       STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21)
369 
370       a += saved_a;
371     b += saved_b;
372     c += saved_c;
373     d += saved_d;
374 
375     ptr += 64;
376   } while(size -= 64);
377 
378   ctx->a = a;
379   ctx->b = b;
380   ctx->c = c;
381   ctx->d = d;
382 
383   return ptr;
384 }
385 
MD5_Init(MD5_CTX * ctx)386 static void MD5_Init(MD5_CTX *ctx)
387 {
388   ctx->a = 0x67452301;
389   ctx->b = 0xefcdab89;
390   ctx->c = 0x98badcfe;
391   ctx->d = 0x10325476;
392 
393   ctx->lo = 0;
394   ctx->hi = 0;
395 }
396 
MD5_Update(MD5_CTX * ctx,const void * data,unsigned long size)397 static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
398 {
399   MD5_u32plus saved_lo;
400   unsigned long used, available;
401 
402   saved_lo = ctx->lo;
403   if((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
404     ctx->hi++;
405   ctx->hi += (MD5_u32plus)size >> 29;
406 
407   used = saved_lo & 0x3f;
408 
409   if(used) {
410     available = 64 - used;
411 
412     if(size < available) {
413       memcpy(&ctx->buffer[used], data, size);
414       return;
415     }
416 
417     memcpy(&ctx->buffer[used], data, available);
418     data = (const unsigned char *)data + available;
419     size -= available;
420     body(ctx, ctx->buffer, 64);
421   }
422 
423   if(size >= 64) {
424     data = body(ctx, data, size & ~(unsigned long)0x3f);
425     size &= 0x3f;
426   }
427 
428   memcpy(ctx->buffer, data, size);
429 }
430 
MD5_Final(unsigned char * result,MD5_CTX * ctx)431 static void MD5_Final(unsigned char *result, MD5_CTX *ctx)
432 {
433   unsigned long used, available;
434 
435   used = ctx->lo & 0x3f;
436 
437   ctx->buffer[used++] = 0x80;
438 
439   available = 64 - used;
440 
441   if(available < 8) {
442     memset(&ctx->buffer[used], 0, available);
443     body(ctx, ctx->buffer, 64);
444     used = 0;
445     available = 64;
446   }
447 
448   memset(&ctx->buffer[used], 0, available - 8);
449 
450   ctx->lo <<= 3;
451   ctx->buffer[56] = curlx_ultouc((ctx->lo)&0xff);
452   ctx->buffer[57] = curlx_ultouc((ctx->lo >> 8)&0xff);
453   ctx->buffer[58] = curlx_ultouc((ctx->lo >> 16)&0xff);
454   ctx->buffer[59] = curlx_ultouc(ctx->lo >> 24);
455   ctx->buffer[60] = curlx_ultouc((ctx->hi)&0xff);
456   ctx->buffer[61] = curlx_ultouc((ctx->hi >> 8)&0xff);
457   ctx->buffer[62] = curlx_ultouc((ctx->hi >> 16)&0xff);
458   ctx->buffer[63] = curlx_ultouc(ctx->hi >> 24);
459 
460   body(ctx, ctx->buffer, 64);
461 
462   result[0] = curlx_ultouc((ctx->a)&0xff);
463   result[1] = curlx_ultouc((ctx->a >> 8)&0xff);
464   result[2] = curlx_ultouc((ctx->a >> 16)&0xff);
465   result[3] = curlx_ultouc(ctx->a >> 24);
466   result[4] = curlx_ultouc((ctx->b)&0xff);
467   result[5] = curlx_ultouc((ctx->b >> 8)&0xff);
468   result[6] = curlx_ultouc((ctx->b >> 16)&0xff);
469   result[7] = curlx_ultouc(ctx->b >> 24);
470   result[8] = curlx_ultouc((ctx->c)&0xff);
471   result[9] = curlx_ultouc((ctx->c >> 8)&0xff);
472   result[10] = curlx_ultouc((ctx->c >> 16)&0xff);
473   result[11] = curlx_ultouc(ctx->c >> 24);
474   result[12] = curlx_ultouc((ctx->d)&0xff);
475   result[13] = curlx_ultouc((ctx->d >> 8)&0xff);
476   result[14] = curlx_ultouc((ctx->d >> 16)&0xff);
477   result[15] = curlx_ultouc(ctx->d >> 24);
478 
479   memset(ctx, 0, sizeof(*ctx));
480 }
481 
482 #endif /* CRYPTO LIBS */
483 
484 const HMAC_params Curl_HMAC_MD5[] = {
485   {
486     (HMAC_hinit_func) MD5_Init,           /* Hash initialization function. */
487     (HMAC_hupdate_func) MD5_Update,       /* Hash update function. */
488     (HMAC_hfinal_func) MD5_Final,         /* Hash computation end function. */
489     sizeof(MD5_CTX),                      /* Size of hash context structure. */
490     64,                                   /* Maximum key length. */
491     16                                    /* Result size. */
492   }
493 };
494 
495 const MD5_params Curl_DIGEST_MD5[] = {
496   {
497     (Curl_MD5_init_func) MD5_Init,      /* Digest initialization function */
498     (Curl_MD5_update_func) MD5_Update,  /* Digest update function */
499     (Curl_MD5_final_func) MD5_Final,    /* Digest computation end function */
500     sizeof(MD5_CTX),                    /* Size of digest context struct */
501     16                                  /* Result size */
502   }
503 };
504 
505 /*
506  * @unittest: 1601
507  */
Curl_md5it(unsigned char * outbuffer,const unsigned char * input)508 void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
509                 const unsigned char *input)
510 {
511   MD5_CTX ctx;
512   MD5_Init(&ctx);
513   MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
514   MD5_Final(outbuffer, &ctx);
515 }
516 
Curl_MD5_init(const MD5_params * md5params)517 MD5_context *Curl_MD5_init(const MD5_params *md5params)
518 {
519   MD5_context *ctxt;
520 
521   /* Create MD5 context */
522   ctxt = malloc(sizeof *ctxt);
523 
524   if(!ctxt)
525     return ctxt;
526 
527   ctxt->md5_hashctx = malloc(md5params->md5_ctxtsize);
528 
529   if(!ctxt->md5_hashctx) {
530     free(ctxt);
531     return NULL;
532   }
533 
534   ctxt->md5_hash = md5params;
535 
536   (*md5params->md5_init_func)(ctxt->md5_hashctx);
537 
538   return ctxt;
539 }
540 
Curl_MD5_update(MD5_context * context,const unsigned char * data,unsigned int len)541 int Curl_MD5_update(MD5_context *context,
542                     const unsigned char *data,
543                     unsigned int len)
544 {
545   (*context->md5_hash->md5_update_func)(context->md5_hashctx, data, len);
546 
547   return 0;
548 }
549 
Curl_MD5_final(MD5_context * context,unsigned char * result)550 int Curl_MD5_final(MD5_context *context, unsigned char *result)
551 {
552   (*context->md5_hash->md5_final_func)(result, context->md5_hashctx);
553 
554   free(context->md5_hashctx);
555   free(context);
556 
557   return 0;
558 }
559 
560 #endif /* CURL_DISABLE_CRYPTO_AUTH */
561