2 * ----------------------------------------------------------------------------
3 * "THE BEER-WARE LICENSE" (Revision 42):
4 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
5 * can do whatever you want with this stuff. If we meet some day, and you think
6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
7 * ----------------------------------------------------------------------------
11 * Ported from FreeBSD to Linux, only minimal changes. --marekm
15 * Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
20 #ifdef HAVE_MD5_PASSWORDS
26 #include <openssl/md5.h>
33 static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
34 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
36 static char *magic = "$1$"; /*
37 * This string is magic for
38 * this algorithm. Having
39 * it this way, we can get
44 to64(char *s, unsigned long v, int n)
47 *s++ = itoa64[v&0x3f];
53 is_md5_salt(const char *salt)
55 return (!strncmp(salt, magic, strlen(magic)));
61 * Use MD5 for what it is best at...
65 md5_crypt(const char *pw, const char *salt)
67 static char passwd[120], *p;
68 static const char *sp,*ep;
69 unsigned char final[16];
74 /* Refine the Salt first */
77 /* If it starts with the magic string, then skip that */
78 if(!strncmp(sp,magic,strlen(magic)))
81 /* It stops at the first '$', max 8 chars */
82 for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
85 /* get the length of the true salt */
90 /* The password first, since that is what is most unknown */
91 MD5_Update(&ctx,pw,strlen(pw));
93 /* Then our magic string */
94 MD5_Update(&ctx,magic,strlen(magic));
96 /* Then the raw salt */
97 MD5_Update(&ctx,sp,sl);
99 /* Then just as many characters of the MD5(pw,salt,pw) */
101 MD5_Update(&ctx1,pw,strlen(pw));
102 MD5_Update(&ctx1,sp,sl);
103 MD5_Update(&ctx1,pw,strlen(pw));
104 MD5_Final(final,&ctx1);
105 for(pl = strlen(pw); pl > 0; pl -= 16)
106 MD5_Update(&ctx,final,pl>16 ? 16 : pl);
108 /* Don't leave anything around in vm they could use. */
109 memset(final,0,sizeof final);
111 /* Then something really weird... */
112 for (j=0,i = strlen(pw); i ; i >>= 1)
114 MD5_Update(&ctx, final+j, 1);
116 MD5_Update(&ctx, pw+j, 1);
118 /* Now make the output string */
119 strcpy(passwd,magic);
120 strncat(passwd,sp,sl);
123 MD5_Final(final,&ctx);
126 * and now, just to make sure things don't run too fast
127 * On a 60 Mhz Pentium this takes 34 msec, so you would
128 * need 30 seconds to build a 1000 entry dictionary...
130 for(i=0;i<1000;i++) {
133 MD5_Update(&ctx1,pw,strlen(pw));
135 MD5_Update(&ctx1,final,16);
138 MD5_Update(&ctx1,sp,sl);
141 MD5_Update(&ctx1,pw,strlen(pw));
144 MD5_Update(&ctx1,final,16);
146 MD5_Update(&ctx1,pw,strlen(pw));
147 MD5_Final(final,&ctx1);
150 p = passwd + strlen(passwd);
152 l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
153 l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
154 l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
155 l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
156 l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
157 l = final[11] ; to64(p,l,2); p += 2;
160 /* Don't leave anything around in vm they could use. */
161 memset(final,0,sizeof final);
166 #endif /* HAVE_MD5_PASSWORDS */