static void __md5_Transform __P((u_int32_t [4], const unsigned char [64]));
-static const unsigned char __md5__magic[] = "$1$"; /* This string is magic for this algorithm. Having
- it this way, we can get better later on */
+#define MD5_MAGIC_STR "$1$"
+#define MD5_MAGIC_LEN (sizeof(MD5_MAGIC_STR) - 1)
+static const unsigned char __md5__magic[] = MD5_MAGIC_STR;
static const unsigned char __md5_itoa64[] = /* 0 ... 63 => ascii - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
context->state[3] = 0x10325476;
}
-/*
+/*
* MD5 block update operation. Continues an MD5 message-digest
* operation, processing another message block, and updating the
* context.
char *__md5_crypt(const unsigned char *pw, const unsigned char *salt)
{
/* Static stuff */
- static const unsigned char *sp, *ep;
- static char passwd[120], *p;
+ /* "$1$" + salt_up_to_8_chars + "$" + 22_bytes_of_hash + NUL */
+ static char passwd[3 + 8 + 1 + 22 + 1];
+ const unsigned char *sp, *ep;
+ char *p;
unsigned char final[17]; /* final[16] exists only to aid in looping */
- int sl,pl,i,__md5__magic_len,pw_len;
+ int sl,pl,i,pw_len;
struct MD5Context ctx,ctx1;
unsigned long l;
sp = salt;
/* If it starts with the magic string, then skip that */
- __md5__magic_len = strlen(__md5__magic);
- if(!strncmp(sp,__md5__magic,__md5__magic_len))
- sp += __md5__magic_len;
+ if(!strncmp(sp,__md5__magic,MD5_MAGIC_LEN))
+ sp += MD5_MAGIC_LEN;
/* It stops at the first '$', max 8 chars */
for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
__md5_Update(&ctx,pw,pw_len);
/* Then our magic string */
- __md5_Update(&ctx,__md5__magic,__md5__magic_len);
+ __md5_Update(&ctx,__md5__magic,MD5_MAGIC_LEN);
/* Then the raw salt */
__md5_Update(&ctx,sp,sl);
}
/* Now make the output string */
- strcpy(passwd,__md5__magic);
- strncat(passwd,sp,sl);
- strcat(passwd,"$");
+ strcpy(passwd,__md5__magic); /* 3 bytes */
+ strncpy(passwd+MD5_MAGIC_LEN,(char*)sp,sl); /* 8 or less */
+ passwd[MD5_MAGIC_LEN+sl] = '$';
__md5_Final(final,&ctx);
__md5_Final(final,&ctx1);
}
- p = passwd + strlen(passwd);
-
+ /* Add 5*4+2 = 22 bytes of hash, + NUL byte. */
+ p = passwd + MD5_MAGIC_LEN + sl + 1;
final[16] = final[5];
for ( i=0 ; i < 5 ; i++ ) {
l = (final[i]<<16) | (final[i+6]<<8) | final[i+12];
- __md5_to64(p,l,4); p += 4;
+ __md5_to64(p,l,4);
+ p += 4;
}
l = final[11];
- __md5_to64(p,l,2); p += 2;
+ __md5_to64(p,l,2);
+ p += 2;
*p = '\0';
/* Don't leave anything around in vm they could use. */