Added replacement MD4 implementation

winpr/CMakeLists.txt

@@ -66,6 +66,7 @@ option(WITH_SMARTCARD_INSPECT "Enable SmartCard API Inspector" OFF)
 option(WITH_DEBUG_MUTEX "Print mutex debug messages" ${DEFAULT_DEBUG_OPTION})
 option(WITH_ICU "Use ICU for unicode conversion" OFF)
 option(WITH_GSSAPI "Compile support for kerberos authentication. (EXPERIMENTAL)" OFF)
+option(WITH_INTERNAL_MD4 "Use compiled in md4 hash functions instead of OpenSSL/MBedTLS" OFF)
 if ( (WITH_GSSAPI) AND (NOT GSS_FOUND))
 	message(WARNING "-DWITH_GSSAPI=ON is set, but not GSSAPI implementation was found, disabling")
 elseif(WITH_GSSAPI)

winpr/include/config/config.h.in

@@ -29,6 +29,7 @@
 #cmakedefine WITH_NATIVE_SSPI
 #cmakedefine WITH_ICU
 #cmakedefine WITH_SPNEGO
+#cmakedefine WITH_INTERNAL_MD4
 
 #cmakedefine WITH_DEBUG_NTLM
 #cmakedefine WITH_DEBUG_THREADS

winpr/libwinpr/crypto/CMakeLists.txt

@@ -15,13 +15,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-winpr_module_add(
+set(SRCS
 	hash.c
 	rand.c
 	cipher.c
 	cert.c
 	crypto.c
-	crypto.h)
+	crypto.h
+)
+if (WITH_INTERNAL_MD4)
+    list(APPEND SRCS md4.c md4.h)
+endif()
+
+winpr_module_add(
+    ${SRCS}
+)
 
 if(OPENSSL_FOUND)
 	winpr_include_directory_add(${OPENSSL_INCLUDE_DIR})

winpr/libwinpr/crypto/hash.c

@@ -19,7 +19,7 @@
 #include <winpr/config.h>
 
 #include <winpr/crt.h>
-
+#include <winpr/assert.h>
 #include <winpr/crypto.h>
 
 #ifdef WITH_OPENSSL
@@ -37,6 +37,10 @@
 #include <mbedtls/md.h>
 #endif
 
+#if defined(WITH_INTERNAL_MD4)
+#include "md4.h"
+#endif
+
 /**
  * HMAC
  */
@@ -336,34 +340,56 @@ out:
  * Generic Digest API
  */
 
-WINPR_DIGEST_CTX* winpr_Digest_New(void)
+struct winpr_digest_ctx_private_st
 {
-	WINPR_DIGEST_CTX* ctx = NULL;
+	WINPR_MD_TYPE md;
+
+#if defined(WITH_INTERNAL_MD4)
+	WINPR_MD4_CTX md4;
+#endif
 #if defined(WITH_OPENSSL)
 	EVP_MD_CTX* mdctx;
+#endif
+#if defined(WITH_MBEDTLS)
+	mbedtls_md_context_t* mdctx;
+#endif
+};
+
+WINPR_DIGEST_CTX* winpr_Digest_New(void)
+{
+	WINPR_DIGEST_CTX* ctx = calloc(1, sizeof(WINPR_DIGEST_CTX));
+	if (!ctx)
+		return NULL;
+
+#if defined(WITH_OPENSSL)
 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
-	mdctx = EVP_MD_CTX_create();
+	ctx->mdctx = EVP_MD_CTX_create();
 #else
-	mdctx = EVP_MD_CTX_new();
+	ctx->mdctx = EVP_MD_CTX_new();
 #endif
-	ctx = (WINPR_DIGEST_CTX*)mdctx;
+	if (!ctx->mdctx)
+		goto fail;
+
 #elif defined(WITH_MBEDTLS)
-	mbedtls_md_context_t* mdctx;
-	mdctx = (mbedtls_md_context_t*)calloc(1, sizeof(mbedtls_md_context_t));
+	ctx->mdctx = (mbedtls_md_context_t*)calloc(1, sizeof(mbedtls_md_context_t));
 
-	if (mdctx)
-		mbedtls_md_init(mdctx);
+	if (!ctx->mdctx)
+		goto fail;
 
-	ctx = (WINPR_DIGEST_CTX*)mdctx;
+	mbedtls_md_init(ctx->mdctx);
 #endif
 	return ctx;
+
+fail:
+	winpr_Digest_Free(ctx);
 }
 
 #if defined(WITH_OPENSSL)
 static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, const EVP_MD* evp)
 {
-	EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
+	WINPR_ASSERT(ctx);
+	EVP_MD_CTX* mdctx = ctx->mdctx;
 
 	if (!mdctx || !evp)
 		return FALSE;
@@ -377,7 +403,8 @@ static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, const EVP_MD* evp)
 #elif defined(WITH_MBEDTLS)
 static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
 {
-	mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*)ctx;
+	WINPR_ASSERT(ctx);
+	mbedtls_md_context_t* mdctx = ctx->mdctx;
 	mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md);
 	const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md_type);
 
@@ -401,15 +428,16 @@ static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
 
 BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
 {
+	WINPR_ASSERT(ctx);
+
 #if defined(WITH_OPENSSL)
-	EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
 	const EVP_MD* evp = winpr_openssl_get_evp_md(md);
 
 	/* Only MD5 is supported for FIPS allow override */
 	if (md != WINPR_MD_MD5)
 		return FALSE;
 
-	EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+	EVP_MD_CTX_set_flags(ctx->mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 	return winpr_Digest_Init_Internal(ctx, evp);
 #elif defined(WITH_MBEDTLS)
 
@@ -423,6 +451,20 @@ BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
 
 BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
 {
+	WINPR_ASSERT(ctx);
+
+	ctx->md = md;
+	switch (md)
+	{
+#if defined(WITH_INTERNAL_MD4)
+		case WINPR_MD_MD4:
+			winpr_MD4_Init(&ctx->md4);
+			return TRUE;
+#endif
+		default:
+			break;
+	}
+
 #if defined(WITH_OPENSSL)
 	const EVP_MD* evp = winpr_openssl_get_evp_md(md);
 	return winpr_Digest_Init_Internal(ctx, evp);
@@ -433,14 +475,27 @@ BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
 
 BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen)
 {
+	WINPR_ASSERT(ctx);
+
+	switch (ctx->md)
+	{
+#if defined(WITH_INTERNAL_MD4)
+		case WINPR_MD_MD4:
+			winpr_MD4_Update(&ctx->md4, input, ilen);
+			return TRUE;
+#endif
+		default:
+			break;
+	}
+
 #if defined(WITH_OPENSSL)
-	EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
+	EVP_MD_CTX* mdctx = ctx->mdctx;
 
 	if (EVP_DigestUpdate(mdctx, input, ilen) != 1)
 		return FALSE;
 
 #elif defined(WITH_MBEDTLS)
-	mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*)ctx;
+	mbedtls_md_context_t* mdctx = ctx->mdctx;
 
 	if (mbedtls_md_update(mdctx, input, ilen) != 0)
 		return FALSE;
@@ -451,14 +506,30 @@ BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen)
 
 BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t olen)
 {
+	WINPR_ASSERT(ctx);
+
+	switch (ctx->md)
+	{
+#if defined(WITH_INTERNAL_MD4)
+		case WINPR_MD_MD4:
+			if (olen < WINPR_MD4_DIGEST_LENGTH)
+				return FALSE;
+			winpr_MD4_Final(output, &ctx->md4);
+			return TRUE;
+#endif
+
+		default:
+			break;
+	}
+
 #if defined(WITH_OPENSSL)
-	EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
+	EVP_MD_CTX* mdctx = ctx->mdctx;
 
 	if (EVP_DigestFinal_ex(mdctx, output, NULL) == 1)
 		return TRUE;
 
 #elif defined(WITH_MBEDTLS)
-	mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*)ctx;
+	mbedtls_md_context_t* mdctx = ctx->mdctx;
 
 	if (mbedtls_md_finish(mdctx, output) == 0)
 		return TRUE;
@@ -470,28 +541,25 @@ BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t olen)
 void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx)
 {
 #if defined(WITH_OPENSSL)
-	EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
-
-	if (mdctx)
+	if (ctx->mdctx)
 	{
 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
-		EVP_MD_CTX_destroy(mdctx);
+		EVP_MD_CTX_destroy(ctx->mdctx);
 #else
-		EVP_MD_CTX_free(mdctx);
+		EVP_MD_CTX_free(ctx->mdctx);
 #endif
 	}
 
 #elif defined(WITH_MBEDTLS)
-	mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*)ctx;
-
-	if (mdctx)
+	if (ctx->mdctx)
 	{
-		mbedtls_md_free(mdctx);
-		free(mdctx);
+		mbedtls_md_free(ctx->mdctx);
+		free(ctx->mdctx);
 	}
 
 #endif
+	free(ctx);
 }
 
 BOOL winpr_Digest_Allow_FIPS(WINPR_MD_TYPE md, const BYTE* input, size_t ilen, BYTE* output,

winpr/libwinpr/crypto/md4.c

@@ -0,0 +1,266 @@
+/*
+ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
+ * MD4 Message-Digest Algorithm (RFC 1320).
+ *
+ * Homepage:
+ * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
+ *
+ * Author:
+ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
+ *
+ * This software was written by Alexander Peslyak in 2001.  No copyright is
+ * claimed, and the software is hereby placed in the public domain.
+ * In case this attempt to disclaim copyright and place the software in the
+ * public domain is deemed null and void, then the software is
+ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
+ * general public under the following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
+ *
+ * (This is a heavily cut-down "BSD license".)
+ *
+ * This differs from Colin Plumb's older public domain implementation in that
+ * no exactly 32-bit integer data type is required (any 32-bit or wider
+ * unsigned integer data type will do), there's no compile-time endianness
+ * configuration, and the function prototypes match OpenSSL's.  No code from
+ * Colin Plumb's implementation has been reused; this comment merely compares
+ * the properties of the two independent implementations.
+ *
+ * The primary goals of this implementation are portability and ease of use.
+ * It is meant to be fast, but not as fast as possible.  Some known
+ * optimizations are not included to reduce source code size and avoid
+ * compile-time configuration.
+ */
+
+#include <string.h>
+
+#include "md4.h"
+
+/*
+ * The basic MD4 functions.
+ *
+ * F and G are optimized compared to their RFC 1320 definitions, with the
+ * optimization for F borrowed from Colin Plumb's MD5 implementation.
+ */
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z) (((x) & ((y) | (z))) | ((y) & (z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+
+/*
+ * The MD4 transformation for all three rounds.
+ */
+#define STEP(f, a, b, c, d, x, s)  \
+	(a) += f((b), (c), (d)) + (x); \
+	(a) = (((a) << (s)) | (((a)&0xffffffff) >> (32 - (s))));
+
+/*
+ * SET reads 4 input bytes in little-endian byte order and stores them in a
+ * properly aligned word in host byte order.
+ *
+ * The check for little-endian architectures that tolerate unaligned memory
+ * accesses is just an optimization.  Nothing will break if it fails to detect
+ * a suitable architecture.
+ *
+ * Unfortunately, this optimization may be a C strict aliasing rules violation
+ * if the caller's data buffer has effective type that cannot be aliased by
+ * winpr_MD4_u32plus.  In practice, this problem may occur if these MD4 routines are
+ * inlined into a calling function, or with future and dangerously advanced
+ * link-time optimizations.  For the time being, keeping these MD4 routines in
+ * their own translation unit avoids the problem.
+ */
+#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
+#define SET(n) (*(winpr_MD4_u32plus*)&ptr[(n)*4])
+#define GET(n) SET(n)
+#else
+#define SET(n)                                                                                    \
+	(ctx->block[(n)] = (winpr_MD4_u32plus)ptr[(n)*4] | ((winpr_MD4_u32plus)ptr[(n)*4 + 1] << 8) | \
+	                   ((winpr_MD4_u32plus)ptr[(n)*4 + 2] << 16) |                                \
+	                   ((winpr_MD4_u32plus)ptr[(n)*4 + 3] << 24))
+#define GET(n) (ctx->block[(n)])
+#endif
+
+/*
+ * This processes one or more 64-byte data blocks, but does NOT update the bit
+ * counters.  There are no alignment requirements.
+ */
+static const void* body(WINPR_MD4_CTX* ctx, const void* data, unsigned long size)
+{
+	const unsigned char* ptr;
+	winpr_MD4_u32plus a, b, c, d;
+	winpr_MD4_u32plus saved_a, saved_b, saved_c, saved_d;
+	const winpr_MD4_u32plus ac1 = 0x5a827999, ac2 = 0x6ed9eba1;
+
+	ptr = (const unsigned char*)data;
+
+	a = ctx->a;
+	b = ctx->b;
+	c = ctx->c;
+	d = ctx->d;
+
+	do
+	{
+		saved_a = a;
+		saved_b = b;
+		saved_c = c;
+		saved_d = d;
+
+		/* Round 1 */
+		STEP(F, a, b, c, d, SET(0), 3)
+		STEP(F, d, a, b, c, SET(1), 7)
+		STEP(F, c, d, a, b, SET(2), 11)
+		STEP(F, b, c, d, a, SET(3), 19)
+		STEP(F, a, b, c, d, SET(4), 3)
+		STEP(F, d, a, b, c, SET(5), 7)
+		STEP(F, c, d, a, b, SET(6), 11)
+		STEP(F, b, c, d, a, SET(7), 19)
+		STEP(F, a, b, c, d, SET(8), 3)
+		STEP(F, d, a, b, c, SET(9), 7)
+		STEP(F, c, d, a, b, SET(10), 11)
+		STEP(F, b, c, d, a, SET(11), 19)
+		STEP(F, a, b, c, d, SET(12), 3)
+		STEP(F, d, a, b, c, SET(13), 7)
+		STEP(F, c, d, a, b, SET(14), 11)
+		STEP(F, b, c, d, a, SET(15), 19)
+
+		/* Round 2 */
+		STEP(G, a, b, c, d, GET(0) + ac1, 3)
+		STEP(G, d, a, b, c, GET(4) + ac1, 5)
+		STEP(G, c, d, a, b, GET(8) + ac1, 9)
+		STEP(G, b, c, d, a, GET(12) + ac1, 13)
+		STEP(G, a, b, c, d, GET(1) + ac1, 3)
+		STEP(G, d, a, b, c, GET(5) + ac1, 5)
+		STEP(G, c, d, a, b, GET(9) + ac1, 9)
+		STEP(G, b, c, d, a, GET(13) + ac1, 13)
+		STEP(G, a, b, c, d, GET(2) + ac1, 3)
+		STEP(G, d, a, b, c, GET(6) + ac1, 5)
+		STEP(G, c, d, a, b, GET(10) + ac1, 9)
+		STEP(G, b, c, d, a, GET(14) + ac1, 13)
+		STEP(G, a, b, c, d, GET(3) + ac1, 3)
+		STEP(G, d, a, b, c, GET(7) + ac1, 5)
+		STEP(G, c, d, a, b, GET(11) + ac1, 9)
+		STEP(G, b, c, d, a, GET(15) + ac1, 13)
+
+		/* Round 3 */
+		STEP(H, a, b, c, d, GET(0) + ac2, 3)
+		STEP(H, d, a, b, c, GET(8) + ac2, 9)
+		STEP(H, c, d, a, b, GET(4) + ac2, 11)
+		STEP(H, b, c, d, a, GET(12) + ac2, 15)
+		STEP(H, a, b, c, d, GET(2) + ac2, 3)
+		STEP(H, d, a, b, c, GET(10) + ac2, 9)
+		STEP(H, c, d, a, b, GET(6) + ac2, 11)
+		STEP(H, b, c, d, a, GET(14) + ac2, 15)
+		STEP(H, a, b, c, d, GET(1) + ac2, 3)
+		STEP(H, d, a, b, c, GET(9) + ac2, 9)
+		STEP(H, c, d, a, b, GET(5) + ac2, 11)
+		STEP(H, b, c, d, a, GET(13) + ac2, 15)
+		STEP(H, a, b, c, d, GET(3) + ac2, 3)
+		STEP(H, d, a, b, c, GET(11) + ac2, 9)
+		STEP(H, c, d, a, b, GET(7) + ac2, 11)
+		STEP(H, b, c, d, a, GET(15) + ac2, 15)
+
+		a += saved_a;
+		b += saved_b;
+		c += saved_c;
+		d += saved_d;
+
+		ptr += 64;
+	} while (size -= 64);
+
+	ctx->a = a;
+	ctx->b = b;
+	ctx->c = c;
+	ctx->d = d;
+
+	return ptr;
+}
+
+void winpr_MD4_Init(WINPR_MD4_CTX* ctx)
+{
+	ctx->a = 0x67452301;
+	ctx->b = 0xefcdab89;
+	ctx->c = 0x98badcfe;
+	ctx->d = 0x10325476;
+
+	ctx->lo = 0;
+	ctx->hi = 0;
+}
+
+void winpr_MD4_Update(WINPR_MD4_CTX* ctx, const void* data, unsigned long size)
+{
+	winpr_MD4_u32plus saved_lo;
+	unsigned long used, available;
+
+	saved_lo = ctx->lo;
+	if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
+		ctx->hi++;
+	ctx->hi += size >> 29;
+
+	used = saved_lo & 0x3f;
+
+	if (used)
+	{
+		available = 64 - used;
+
+		if (size < available)
+		{
+			memcpy(&ctx->buffer[used], data, size);
+			return;
+		}
+
+		memcpy(&ctx->buffer[used], data, available);
+		data = (const unsigned char*)data + available;
+		size -= available;
+		body(ctx, ctx->buffer, 64);
+	}
+
+	if (size >= 64)
+	{
+		data = body(ctx, data, size & ~(unsigned long)0x3f);
+		size &= 0x3f;
+	}
+
+	memcpy(ctx->buffer, data, size);
+}
+
+#define OUT(dst, src)                        \
+	(dst)[0] = (unsigned char)(src);         \
+	(dst)[1] = (unsigned char)((src) >> 8);  \
+	(dst)[2] = (unsigned char)((src) >> 16); \
+	(dst)[3] = (unsigned char)((src) >> 24);
+
+void winpr_MD4_Final(unsigned char* result, WINPR_MD4_CTX* ctx)
+{
+	unsigned long used, available;
+
+	used = ctx->lo & 0x3f;
+
+	ctx->buffer[used++] = 0x80;
+
+	available = 64 - used;
+
+	if (available < 8)
+	{
+		memset(&ctx->buffer[used], 0, available);
+		body(ctx, ctx->buffer, 64);
+		used = 0;
+		available = 64;
+	}
+
+	memset(&ctx->buffer[used], 0, available - 8);
+
+	ctx->lo <<= 3;
+	OUT(&ctx->buffer[56], ctx->lo)
+	OUT(&ctx->buffer[60], ctx->hi)
+
+	body(ctx, ctx->buffer, 64);
+
+	OUT(&result[0], ctx->a)
+	OUT(&result[4], ctx->b)
+	OUT(&result[8], ctx->c)
+	OUT(&result[12], ctx->d)
+
+	memset(ctx, 0, sizeof(*ctx));
+}

winpr/libwinpr/crypto/md4.h

@@ -0,0 +1,46 @@
+/*
+ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
+ * MD4 Message-Digest Algorithm (RFC 1320).
+ *
+ * Homepage:
+ * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
+ *
+ * Author:
+ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
+ *
+ * This software was written by Alexander Peslyak in 2001.  No copyright is
+ * claimed, and the software is hereby placed in the public domain.
+ * In case this attempt to disclaim copyright and place the software in the
+ * public domain is deemed null and void, then the software is
+ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
+ * general public under the following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
+ *
+ * See md4.c for more information.
+ */
+
+#if !defined(WINPR_MD4_H)
+#define WINPR_MD4_H
+
+#include <winpr/wtypes.h>
+
+/* Any 32-bit or wider unsigned integer data type will do */
+typedef UINT32 winpr_MD4_u32plus;
+
+typedef struct
+{
+	winpr_MD4_u32plus lo, hi;
+	winpr_MD4_u32plus a, b, c, d;
+	unsigned char buffer[64];
+	winpr_MD4_u32plus block[16];
+} WINPR_MD4_CTX;
+
+extern void winpr_MD4_Init(WINPR_MD4_CTX* ctx);
+extern void winpr_MD4_Update(WINPR_MD4_CTX* ctx, const void* data, unsigned long size);
+extern void winpr_MD4_Final(unsigned char* result, WINPR_MD4_CTX* ctx);
+
+#endif