1 /* Functions to compute MD5 message digest of files or memory blocks.
2 according to the definition of MD5 in RFC 1321 from April 1992.
3 Copyright (C) 1995-2011, 2015 Red Hat, Inc.
4 This file is part of elfutils.
5 Written by Ulrich Drepper <drepper@redhat.com>, 1995.
6
7 This file is free software; you can redistribute it and/or modify
8 it under the terms of either
9
10 * the GNU Lesser General Public License as published by the Free
11 Software Foundation; either version 3 of the License, or (at
12 your option) any later version
13
14 or
15
16 * the GNU General Public License as published by the Free
17 Software Foundation; either version 2 of the License, or (at
18 your option) any later version
19
20 or both in parallel, as here.
21
22 elfutils is distributed in the hope that it will be useful, but
23 WITHOUT ANY WARRANTY; without even the implied warranty of
24 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25 General Public License for more details.
26
27 You should have received copies of the GNU General Public License and
28 the GNU Lesser General Public License along with this program. If
29 not, see <http://www.gnu.org/licenses/>. */
30
31 #ifdef HAVE_CONFIG_H
32 # include <config.h>
33 #endif
34
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/types.h>
38
39 #include "md5.h"
40 #include "system.h"
41
42 #define SWAP(n) LE32 (n)
43
44 /* This array contains the bytes used to pad the buffer to the next
45 64-byte boundary. (RFC 1321, 3.1: Step 1) */
46 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
47
48
49 /* Initialize structure containing state of computation.
50 (RFC 1321, 3.3: Step 3) */
51 void
md5_init_ctx(struct md5_ctx * ctx)52 md5_init_ctx (struct md5_ctx *ctx)
53 {
54 ctx->A = 0x67452301;
55 ctx->B = 0xefcdab89;
56 ctx->C = 0x98badcfe;
57 ctx->D = 0x10325476;
58
59 ctx->total[0] = ctx->total[1] = 0;
60 ctx->buflen = 0;
61 }
62
63 /* Put result from CTX in first 16 bytes following RESBUF. The result
64 must be in little endian byte order.
65
66 IMPORTANT: On some systems it is required that RESBUF is correctly
67 aligned for a 32 bits value. */
68 void *
md5_read_ctx(const struct md5_ctx * ctx,void * resbuf)69 md5_read_ctx (const struct md5_ctx *ctx, void *resbuf)
70 {
71 ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
72 ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
73 ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
74 ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
75
76 return resbuf;
77 }
78
79 static void
le64_copy(char * dest,uint64_t x)80 le64_copy (char *dest, uint64_t x)
81 {
82 for (size_t i = 0; i < 8; ++i)
83 {
84 dest[i] = (uint8_t) x;
85 x >>= 8;
86 }
87 }
88
89 /* Process the remaining bytes in the internal buffer and the usual
90 prolog according to the standard and write the result to RESBUF.
91
92 IMPORTANT: On some systems it is required that RESBUF is correctly
93 aligned for a 32 bits value. */
94 void *
md5_finish_ctx(struct md5_ctx * ctx,void * resbuf)95 md5_finish_ctx (struct md5_ctx *ctx, void *resbuf)
96 {
97 /* Take yet unprocessed bytes into account. */
98 md5_uint32 bytes = ctx->buflen;
99 size_t pad;
100
101 /* Now count remaining bytes. */
102 ctx->total[0] += bytes;
103 if (ctx->total[0] < bytes)
104 ++ctx->total[1];
105
106 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
107 memcpy (&ctx->buffer[bytes], fillbuf, pad);
108
109 /* Put the 64-bit file length in *bits* at the end of the buffer. */
110 const uint64_t bit_length = ((ctx->total[0] << 3)
111 + ((uint64_t) ((ctx->total[1] << 3) |
112 (ctx->total[0] >> 29)) << 32));
113 le64_copy (&ctx->buffer[bytes + pad], bit_length);
114
115 /* Process last bytes. */
116 md5_process_block (ctx->buffer, bytes + pad + 8, ctx);
117
118 return md5_read_ctx (ctx, resbuf);
119 }
120
121
122 #ifdef NEED_MD5_STREAM
123 /* Compute MD5 message digest for bytes read from STREAM. The
124 resulting message digest number will be written into the 16 bytes
125 beginning at RESBLOCK. */
126 int
md5_stream(FILE * stream,void * resblock)127 md5_stream (FILE *stream, void *resblock)
128 {
129 /* Important: BLOCKSIZE must be a multiple of 64. */
130 #define BLOCKSIZE 4096
131 struct md5_ctx ctx;
132 char buffer[BLOCKSIZE + 72];
133 size_t sum;
134
135 /* Initialize the computation context. */
136 md5_init_ctx (&ctx);
137
138 /* Iterate over full file contents. */
139 while (1)
140 {
141 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
142 computation function processes the whole buffer so that with the
143 next round of the loop another block can be read. */
144 size_t n;
145 sum = 0;
146
147 /* Read block. Take care for partial reads. */
148 do
149 {
150 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
151
152 sum += n;
153 }
154 while (sum < BLOCKSIZE && n != 0);
155 if (n == 0 && ferror (stream))
156 return 1;
157
158 /* If end of file is reached, end the loop. */
159 if (n == 0)
160 break;
161
162 /* Process buffer with BLOCKSIZE bytes. Note that
163 BLOCKSIZE % 64 == 0
164 */
165 md5_process_block (buffer, BLOCKSIZE, &ctx);
166 }
167
168 /* Add the last bytes if necessary. */
169 if (sum > 0)
170 md5_process_bytes (buffer, sum, &ctx);
171
172 /* Construct result in desired memory. */
173 md5_finish_ctx (&ctx, resblock);
174 return 0;
175 }
176 #endif
177
178
179 #ifdef NEED_MD5_BUFFER
180 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
181 result is always in little endian byte order, so that a byte-wise
182 output yields to the wanted ASCII representation of the message
183 digest. */
184 void *
md5_buffer(const char * buffer,size_t len,void * resblock)185 md5_buffer (const char *buffer, size_t len, void *resblock)
186 {
187 struct md5_ctx ctx;
188
189 /* Initialize the computation context. */
190 md5_init_ctx (&ctx);
191
192 /* Process whole buffer but last len % 64 bytes. */
193 md5_process_bytes (buffer, len, &ctx);
194
195 /* Put result in desired memory area. */
196 return md5_finish_ctx (&ctx, resblock);
197 }
198 #endif
199
200
201 void
md5_process_bytes(const void * buffer,size_t len,struct md5_ctx * ctx)202 md5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx)
203 {
204 /* When we already have some bits in our internal buffer concatenate
205 both inputs first. */
206 if (ctx->buflen != 0)
207 {
208 size_t left_over = ctx->buflen;
209 size_t add = 128 - left_over > len ? len : 128 - left_over;
210
211 memcpy (&ctx->buffer[left_over], buffer, add);
212 ctx->buflen += add;
213
214 if (ctx->buflen > 64)
215 {
216 md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
217
218 ctx->buflen &= 63;
219 /* The regions in the following copy operation cannot overlap. */
220 memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
221 ctx->buflen);
222 }
223
224 buffer = (const char *) buffer + add;
225 len -= add;
226 }
227
228 /* Process available complete blocks. */
229 if (len >= 64)
230 {
231 #if !_STRING_ARCH_unaligned
232 /* To check alignment gcc has an appropriate operator. Other
233 compilers don't. */
234 # if __GNUC__ >= 2
235 # define UNALIGNED_P(p) (((md5_uintptr) p) % __alignof__ (md5_uint32) != 0)
236 # else
237 # define UNALIGNED_P(p) (((md5_uintptr) p) % sizeof (md5_uint32) != 0)
238 # endif
239 if (UNALIGNED_P (buffer))
240 while (len > 64)
241 {
242 md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
243 buffer = (const char *) buffer + 64;
244 len -= 64;
245 }
246 else
247 #endif
248 {
249 md5_process_block (buffer, len & ~63, ctx);
250 buffer = (const char *) buffer + (len & ~63);
251 len &= 63;
252 }
253 }
254
255 /* Move remaining bytes in internal buffer. */
256 if (len > 0)
257 {
258 size_t left_over = ctx->buflen;
259
260 memcpy (&ctx->buffer[left_over], buffer, len);
261 left_over += len;
262 if (left_over >= 64)
263 {
264 md5_process_block (ctx->buffer, 64, ctx);
265 left_over -= 64;
266 memcpy (ctx->buffer, &ctx->buffer[64], left_over);
267 }
268 ctx->buflen = left_over;
269 }
270 }
271
272
273 /* These are the four functions used in the four steps of the MD5 algorithm
274 and defined in the RFC 1321. The first function is a little bit optimized
275 (as found in Colin Plumbs public domain implementation). */
276 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
277 #define FF(b, c, d) (d ^ (b & (c ^ d)))
278 #define FG(b, c, d) FF (d, b, c)
279 #define FH(b, c, d) (b ^ c ^ d)
280 #define FI(b, c, d) (c ^ (b | ~d))
281
282 /* Process LEN bytes of BUFFER, accumulating context into CTX.
283 It is assumed that LEN % 64 == 0. */
284
285 void
md5_process_block(const void * buffer,size_t len,struct md5_ctx * ctx)286 md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx)
287 {
288 md5_uint32 correct_words[16];
289 const md5_uint32 *words = buffer;
290 size_t nwords = len / sizeof (md5_uint32);
291 const md5_uint32 *endp = words + nwords;
292 md5_uint32 A = ctx->A;
293 md5_uint32 B = ctx->B;
294 md5_uint32 C = ctx->C;
295 md5_uint32 D = ctx->D;
296
297 /* First increment the byte count. RFC 1321 specifies the possible
298 length of the file up to 2^64 bits. Here we only compute the
299 number of bytes. Do a double word increment. */
300 ctx->total[0] += len;
301 if (ctx->total[0] < len)
302 ++ctx->total[1];
303
304 /* Process all bytes in the buffer with 64 bytes in each round of
305 the loop. */
306 while (words < endp)
307 {
308 md5_uint32 *cwp = correct_words;
309 md5_uint32 A_save = A;
310 md5_uint32 B_save = B;
311 md5_uint32 C_save = C;
312 md5_uint32 D_save = D;
313
314 /* First round: using the given function, the context and a constant
315 the next context is computed. Because the algorithms processing
316 unit is a 32-bit word and it is determined to work on words in
317 little endian byte order we perhaps have to change the byte order
318 before the computation. To reduce the work for the next steps
319 we store the swapped words in the array CORRECT_WORDS. */
320
321 #define OP(a, b, c, d, s, T) \
322 do \
323 { \
324 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \
325 ++words; \
326 CYCLIC (a, s); \
327 a += b; \
328 } \
329 while (0)
330
331 /* It is unfortunate that C does not provide an operator for
332 cyclic rotation. Hope the C compiler is smart enough. */
333 #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
334
335 /* Before we start, one word to the strange constants.
336 They are defined in RFC 1321 as
337
338 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
339 */
340
341 /* Round 1. */
342 OP (A, B, C, D, 7, 0xd76aa478);
343 OP (D, A, B, C, 12, 0xe8c7b756);
344 OP (C, D, A, B, 17, 0x242070db);
345 OP (B, C, D, A, 22, 0xc1bdceee);
346 OP (A, B, C, D, 7, 0xf57c0faf);
347 OP (D, A, B, C, 12, 0x4787c62a);
348 OP (C, D, A, B, 17, 0xa8304613);
349 OP (B, C, D, A, 22, 0xfd469501);
350 OP (A, B, C, D, 7, 0x698098d8);
351 OP (D, A, B, C, 12, 0x8b44f7af);
352 OP (C, D, A, B, 17, 0xffff5bb1);
353 OP (B, C, D, A, 22, 0x895cd7be);
354 OP (A, B, C, D, 7, 0x6b901122);
355 OP (D, A, B, C, 12, 0xfd987193);
356 OP (C, D, A, B, 17, 0xa679438e);
357 OP (B, C, D, A, 22, 0x49b40821);
358
359 /* For the second to fourth round we have the possibly swapped words
360 in CORRECT_WORDS. Redefine the macro to take an additional first
361 argument specifying the function to use. */
362 #undef OP
363 #define OP(f, a, b, c, d, k, s, T) \
364 do \
365 { \
366 a += f (b, c, d) + correct_words[k] + T; \
367 CYCLIC (a, s); \
368 a += b; \
369 } \
370 while (0)
371
372 /* Round 2. */
373 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
374 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
375 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
376 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
377 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
378 OP (FG, D, A, B, C, 10, 9, 0x02441453);
379 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
380 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
381 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
382 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
383 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
384 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
385 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
386 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
387 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
388 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
389
390 /* Round 3. */
391 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
392 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
393 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
394 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
395 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
396 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
397 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
398 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
399 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
400 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
401 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
402 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
403 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
404 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
405 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
406 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
407
408 /* Round 4. */
409 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
410 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
411 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
412 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
413 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
414 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
415 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
416 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
417 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
418 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
419 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
420 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
421 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
422 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
423 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
424 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
425
426 /* Add the starting values of the context. */
427 A += A_save;
428 B += B_save;
429 C += C_save;
430 D += D_save;
431 }
432
433 /* Put checksum in context given as argument. */
434 ctx->A = A;
435 ctx->B = B;
436 ctx->C = C;
437 ctx->D = D;
438 }
439