--- glibc-2.1.3/md5-crypt/md5-crypt.c 2000/03/04 00:47:30 1.1 +++ glibc-2.1.3/md5-crypt/md5-crypt.c 2000/08/24 06:10:02 1.8 @@ -1,5 +1,5 @@ /* One way encryption based on MD5 sum. - Copyright (C) 1996, 1997, 1999 Free Software Foundation, Inc. + Copyright (C) 1996, 1997, 1999, 2000 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 1996. @@ -18,6 +18,7 @@ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#include #include #include #include @@ -37,9 +38,9 @@ /* Prototypes for local functions. */ -extern char *__md5_crypt_r __P ((const char *key, const char *salt, - char *buffer, int buflen)); -extern char *__md5_crypt __P ((const char *key, const char *salt)); +extern char *__md5_crypt_r (const char *key, const char *salt, + char *buffer, int buflen); +extern char *__md5_crypt (const char *key, const char *salt); /* This entry point is equivalent to the `crypt' function in Unix @@ -51,13 +52,16 @@ char *buffer; int buflen; { - unsigned char alt_result[16]; + unsigned char alt_result[16] + __attribute__ ((__aligned__ (__alignof__ (md5_uint32)))); struct md5_ctx ctx; struct md5_ctx alt_ctx; size_t salt_len; size_t key_len; size_t cnt; char *cp; + char *copied_key = NULL; + char *copied_salt = NULL; /* Find beginning of salt string. The prefix should normally always be present. Just in case it is not. */ @@ -68,6 +72,26 @@ salt_len = MIN (strcspn (salt, "$"), 8); key_len = strlen (key); + if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0) + { + char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32)); + key = copied_key = + memcpy (tmp + __alignof__ (md5_uint32) + - (tmp - (char *) 0) % __alignof__ (md5_uint32), + key, key_len); + assert ((key - (char *) 0) % __alignof__ (md5_uint32) == 0); + } + + if ((salt - (char *) 0) % __alignof__ (md5_uint32) != 0) + { + char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32)); + salt = copied_salt = + memcpy (tmp + __alignof__ (md5_uint32) + - (tmp - (char *) 0) % __alignof__ (md5_uint32), + salt, salt_len); + assert ((salt - (char *) 0) % __alignof__ (md5_uint32) == 0); + } + /* Prepare for the real work. */ __md5_init_ctx (&ctx); @@ -195,21 +219,30 @@ /* Clear the buffer for the intermediate result so that people attaching to processes or reading core dumps cannot get any - information. */ - memset (alt_result, '\0', sizeof (alt_result)); + information. We do it in this way to clear correct_words[] + inside the MD5 implementation as well. */ + __md5_init_ctx (&ctx); + __md5_finish_ctx (&ctx, alt_result); + memset (&ctx, '\0', sizeof (ctx)); + memset (&alt_ctx, '\0', sizeof (alt_ctx)); + if (copied_key != NULL) + memset (copied_key, '\0', key_len); + if (copied_salt != NULL) + memset (copied_salt, '\0', salt_len); return buffer; } +static char *buffer; + char * __md5_crypt (const char *key, const char *salt) { /* We don't want to have an arbitrary limit in the size of the password. We can compute the size of the result in advance and so we can prepare the buffer we pass to `md5_crypt_r'. */ - static char *buffer = NULL; - static int buflen = 0; + static int buflen; int needed = 3 + strlen (salt) + 1 + 26 + 1; if (buflen < needed) @@ -220,4 +253,12 @@ } return __md5_crypt_r (key, salt, buffer, buflen); +} + + +static void +__attribute__ ((__destructor__)) +free_mem (void) +{ + free (buffer); } --- glibc-2.1.3/md5-crypt/md5.c 2000/03/04 00:47:30 1.1 +++ glibc-2.1.3/md5-crypt/md5.c 2000/07/04 18:22:44 1.2 @@ -1,6 +1,6 @@ -/* md5.c - Functions to compute MD5 message digest of files or memory blocks +/* Functions to compute MD5 message digest of files or memory blocks. according to the definition of MD5 in RFC 1321 from April 1992. - Copyright (C) 1995, 1996, 1997, 1999 Free Software Foundation, Inc. + Copyright (C) 1995, 1996, 1997, 1999, 2000 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -217,6 +217,8 @@ size_t len; struct md5_ctx *ctx; { + //const void aligned_buffer = buffer; + /* When we already have some bits in our internal buffer concatenate both inputs first. */ if (ctx->buflen != 0) @@ -224,16 +226,20 @@ size_t left_over = ctx->buflen; size_t add = 128 - left_over > len ? len : 128 - left_over; + /* Only put full words in the buffer. */ + add -= add % __alignof__ (md5_uint32); + memcpy (&ctx->buffer[left_over], buffer, add); ctx->buflen += add; - if (left_over + add > 64) + if (ctx->buflen > 64) { - md5_process_block (ctx->buffer, (left_over + add) & ~63, ctx); + md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx); + + ctx->buflen &= 63; /* The regions in the following copy operation cannot overlap. */ memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63], - (left_over + add) & 63); - ctx->buflen = (left_over + add) & 63; + ctx->buflen); } buffer = (const char *) buffer + add; @@ -251,8 +257,17 @@ /* Move remaining bytes in internal buffer. */ if (len > 0) { - memcpy (ctx->buffer, buffer, len); - ctx->buflen = len; + size_t left_over = ctx->buflen; + + memcpy (&ctx->buffer[left_over], buffer, len); + left_over += len; + if (left_over >= 64) + { + md5_process_block (ctx->buffer, 64, ctx); + left_over -= 64; + memcpy (ctx->buffer, &ctx->buffer[64], left_over); + } + ctx->buflen = left_over; } } --- glibc-2.1.3/md5-crypt/md5.h 2000/03/04 00:47:30 1.1 +++ glibc-2.1.3/md5-crypt/md5.h 2000/07/04 18:22:44 1.2 @@ -1,6 +1,6 @@ /* Declaration of functions and data types used for MD5 sum computing library functions. - Copyright (C) 1995, 1996, 1997, 1999 Free Software Foundation, Inc. + Copyright (C) 1995, 1996, 1997, 1999, 2000 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -87,7 +87,7 @@ md5_uint32 total[2]; md5_uint32 buflen; - char buffer[128]; + char buffer[128] __attribute__ ((__aligned__ (__alignof__ (md5_uint32)))); }; /*