[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

checkpassword MD5 patch now available with CRAM-MD5 goodness!



Hi again,

Here is a replacement for my previous patch. This one cleans up the code a bit
and adds some new features -- most notably, CRAM-MD5 support. It also expands
on the logging detail a bit, in that it explicitly generates a syslog entry
when a user has an empty password, or when non-PLAIN passwords are neither 13
chars (CRYPT) nor 32 chars (MD5). It also allows logging of the failed password
when SHOW_FAIL is defined. This is handy when you get those calls from your
users where they swear they're typing in their password correctly, and you
swear they aren't. Now you can watch the syslog and see exactly what they're
actually trying to use.

Instructions:

tar xzf checkpassword-0.90.tar.gz
cd checkpassword-0.90
patch -p1 < checkpassword-0.90-sql.latest.patch
patch -p1 < this_patch
$EDITOR sqltype.h sql.headers sql.lib conf-cc
make

If you want CRAM-MD5, add -DCRAM_MD5 to the conf-cc file. Otherwise, you'll get
standard CRYPT/MD5 processing.

If you want the failed password logging, add -DSHOW_FAIL to conf-cc.

Note: The passwords in your database need to be plain text if you want to use
CRAM-MD5.

I think adding DIGEST-MD5

Cheers,

-- 
Alex Howansky
Wankwood Associates
http://www.wankwood.com/

diff -Nu checkpassword-0.90-sql/Makefile checkpassword-0.90-new/Makefile
--- checkpassword-0.90-sql/Makefile	Tue Oct 28 00:26:50 2003
+++ checkpassword-0.90-new/Makefile	Mon Oct 27 23:53:32 2003
@@ -160,6 +160,10 @@
 compile hier.c auto_home.h
 	./compile hier.c

+hmac_md5.o: \
+compile hmac_md5.c hmac_md5.h
+	./compile hmac_md5.c
+
 install: \
 load install.o hier.o auto_home.o unix.a byte.a
 	./load install hier.o auto_home.o unix.a byte.a
@@ -207,6 +211,10 @@
 	) > makelib
 	chmod 755 makelib

+md5c.o: \
+compile md5c.c md5.h
+	./compile md5c.c
+
 open_read.o: \
 compile open_read.c open.h
 	./compile open_read.c
@@ -309,13 +317,15 @@
 buffer_get.o buffer_put.o env.o error.o error_str.o open_read.o \
 open_trunc.o pathexec_env.o pathexec_run.o prot.o stralloc_cat.o \
 stralloc_catb.o stralloc_cats.o stralloc_eady.o stralloc_opyb.o \
-stralloc_opys.o stralloc_pend.o strerr_die.o strerr_sys.o
+stralloc_opys.o stralloc_pend.o strerr_die.o strerr_sys.o md5c.o \
+hmac_md5.o
 	./makelib unix.a alloc.o alloc_re.o buffer.o buffer_2.o \
 	buffer_copy.o buffer_get.o buffer_put.o env.o error.o \
 	error_str.o open_read.o open_trunc.o pathexec_env.o \
 	pathexec_run.o prot.o stralloc_cat.o stralloc_catb.o \
-	stralloc_cats.o stralloc_eady.o stralloc_opyb.o \
-	stralloc_opys.o stralloc_pend.o strerr_die.o strerr_sys.o
+	stralloc_cats.o stralloc_eady.o stralloc_opyb.o md5c.o \
+	stralloc_opys.o stralloc_pend.o strerr_die.o strerr_sys.o \
+	hmac_md5.o

 # Copied from Qmail 1.03
 haswaitp.h: \
diff -Nu checkpassword-0.90-sql/TARGETS checkpassword-0.90-new/TARGETS
--- checkpassword-0.90-sql/TARGETS	Tue Oct 28 00:26:50 2003
+++ checkpassword-0.90-new/TARGETS	Mon Oct 27 23:53:32 2003
@@ -63,3 +63,5 @@
 wait_pid.o
 checksmtpauth.o
 checksmtpauth
+md5c.o
+hmac_md5.o
diff -Nu checkpassword-0.90-sql/checkpassword.c checkpassword-0.90-new/checkpassword.c
--- checkpassword-0.90-sql/checkpassword.c	Tue Oct 28 00:26:50 2003
+++ checkpassword-0.90-new/checkpassword.c	Tue Oct 28 00:18:28 2003
@@ -3,8 +3,16 @@
 #include "pathexec.h"
 #include "prot.h"
 #include <sys/stat.h>
+#include <string.h>
+#include "global.h"
+#include "md5.h"
+#ifdef CRAM_MD5
+#include "hmac_md5.h"
+#endif

+#ifdef CRAM_MD5
 extern char *crypt();
+#endif
 #include <pwd.h>
 static struct passwd *pw;

@@ -27,12 +35,20 @@

 static char up[513];
 static int uplen;
+static char hex[] = "0123456789abcdef";

 main(int argc,char **argv)
 {
   char *login;
   char *password;
+#ifdef CRAM_MD5
+  char *response;
+#else
   char *encrypted;
+  MD5_CTX context;
+#endif
+  unsigned char md5_bin[16];
+  char md5_asc[33];
   char *stored;
   int r;
   int i;
@@ -63,6 +79,9 @@
   password = up + i;
   if (i >= uplen) _exit(2);
   while (up[i++]) if (i >= uplen) _exit(2);
+#if CRAM_MD5
+  response = up + i;
+#endif

   really_use_db=sql_get_config(&sqlconfig);
   virtual_host=login;
@@ -124,13 +143,79 @@
     }
   }
   if (!stored) _exit(1);
-
-  encrypted = crypt(password,stored);
-
-  if (!*stored || strcmp(encrypted,stored)) {
-     syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password");
-    _exit(1);
+
+  if (!*stored) {
+     syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: empty password");
+     _exit(1);
+  }
+
+#ifdef CRAM_MD5
+  if (strlen(response) == 32 && *response != '<') {
+    hmac_md5(password, strlen(password), stored, strlen(stored), md5_bin);
+
+    for (i = 0; i < 16; i++) {
+      md5_asc[i << 1] = hex[md5_bin[i] >> 4];
+      md5_asc[(i << 1) + 1] = hex[md5_bin[i] & 0x0f];
+    }
+    md5_asc[32] = '\0';
+
+    if (strcmp(md5_asc, response)) {
+#ifdef SHOW_FAIL
+       syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password (CRAM-MD5) [%s]", response);
+#else
+       syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password (CRAM-MD5)");
+#endif
+      _exit(1);
+    }
+  } else {
+    if (strcmp(password, stored)) {
+#ifdef SHOW_FAIL
+       syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password (PLAIN) [%s]", password);
+#else
+       syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password (PLAIN)");
+#endif
+      _exit(1);
+    }
   }
+#else
+  if (strlen(stored) == 13) {
+    encrypted = (char *)crypt(password,stored);
+    if (strcmp(encrypted,stored)) {
+#ifdef SHOW_FAIL
+       syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password (CRYPT) [%s]", password);
+#else
+       syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password (CRYPT)");
+#endif
+      _exit(1);
+    }
+  } else {
+    if (strlen(stored) == 32) {
+      MD5Init(&context);
+      MD5Update(&context, password, strlen(password));
+      MD5Final(md5_bin, &context);
+      for (i = 0; i < 16; i++) {
+        md5_asc[i << 1] = hex[md5_bin[i] >> 4];
+        md5_asc[(i << 1) + 1] = hex[md5_bin[i] & 0x0f];
+      }
+      md5_asc[32] = '\0';
+      if (strcmp(md5_asc,stored)) {
+#ifdef SHOW_FAIL
+         syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password (MD5) [%s]", password);
+#else
+         syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: bad password (MD5)");
+#endif
+        _exit(1);
+      }
+    } else {
+#ifdef SHOW_FAIL
+         syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: unsupported password format [%s]", password);
+#else
+         syslog (LOG_NOTICE | LOG_MAIL, "Authentication failed: unsupported password format");
+#endif
+        _exit(1);
+    }
+  }
+#endif

 #ifndef SMTP_AUTH
   if(stat(pw->pw_dir,&st) != 0 && sqlconfig.autohomedir &&
diff -Nu checkpassword-0.90-sql/global.h checkpassword-0.90-new/global.h
--- checkpassword-0.90-sql/global.h	Wed Dec 31 19:00:00 1969
+++ checkpassword-0.90-new/global.h	Mon Oct 27 23:53:32 2003
@@ -0,0 +1,48 @@
+/* GLOBAL.H - RSAREF types and constants */
+
+#include <string.h>
+
+/* Copyright (C) RSA Laboratories, a division of RSA Data Security,
+     Inc., created 1991. All rights reserved.
+ */
+
+#ifndef _GLOBAL_H_
+#define _GLOBAL_H_ 1
+
+/* PROTOTYPES should be set to one if and only if the compiler supports
+     function argument prototyping.
+   The following makes PROTOTYPES default to 1 if it has not already been
+     defined as 0 with C compiler flags.
+ */
+#ifndef PROTOTYPES
+#define PROTOTYPES 1
+#endif
+
+/* POINTER defines a generic pointer type */
+typedef unsigned char *POINTER;
+
+/* UINT2 defines a two byte word */
+typedef unsigned short int UINT2;
+
+/* UINT4 defines a four byte word */
+typedef unsigned long int UINT4;
+
+#ifndef NULL_PTR
+#define NULL_PTR ((POINTER)0)
+#endif
+
+#ifndef UNUSED_ARG
+#define UNUSED_ARG(x) x = *(&x);
+#endif
+
+/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
+   If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
+     returns an empty list.
+ */
+#if PROTOTYPES
+#define PROTO_LIST(list) list
+#else
+#define PROTO_LIST(list) ()
+#endif
+
+#endif /* end _GLOBAL_H_ */
diff -Nu checkpassword-0.90-sql/hmac_md5.c checkpassword-0.90-new/hmac_md5.c
--- checkpassword-0.90-sql/hmac_md5.c	Wed Dec 31 19:00:00 1969
+++ checkpassword-0.90-new/hmac_md5.c	Mon Oct 27 23:53:32 2003
@@ -0,0 +1,42 @@
+#include "global.h"
+#include "md5.h"
+
+/* See RFC2104 */
+
+void hmac_md5 (unsigned char *text, int text_len, unsigned char *key, int key_len, unsigned char *digest)
+{
+    MD5_CTX context;
+    unsigned char k_ipad[65];
+    unsigned char k_opad[65];
+    unsigned char tk[16];
+    int i;
+
+    if (key_len > 64) {
+        MD5_CTX tctx;
+        MD5Init(&tctx);
+        MD5Update(&tctx, key, key_len);
+        MD5Final(tk, &tctx);
+        key = tk;
+        key_len = 16;
+    }
+
+    bzero(k_ipad, sizeof k_ipad);
+    bzero(k_opad, sizeof k_opad);
+    bcopy(key, k_ipad, key_len);
+    bcopy(key, k_opad, key_len);
+
+    for (i = 0; i < 64; i++) {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    MD5Init(&context);
+    MD5Update(&context, k_ipad, 64);
+    MD5Update(&context, text, text_len);
+    MD5Final(digest, &context);
+
+    MD5Init(&context);
+    MD5Update(&context, k_opad, 64);
+    MD5Update(&context, digest, 16);
+    MD5Final(digest, &context);
+}
diff -Nu checkpassword-0.90-sql/hmac_md5.h checkpassword-0.90-new/hmac_md5.h
--- checkpassword-0.90-sql/hmac_md5.h	Wed Dec 31 19:00:00 1969
+++ checkpassword-0.90-new/hmac_md5.h	Mon Oct 27 23:53:32 2003
@@ -0,0 +1 @@
+void hmac_md5( unsigned char* text, int text_len, unsigned char* key, int key_len, unsigned char* digest);
diff -Nu checkpassword-0.90-sql/md5.h checkpassword-0.90-new/md5.h
--- checkpassword-0.90-sql/md5.h	Wed Dec 31 19:00:00 1969
+++ checkpassword-0.90-new/md5.h	Mon Oct 27 23:53:32 2003
@@ -0,0 +1,49 @@
+/* MD5.H - header file for MD5C.C
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+
+#ifndef _MD5_H_
+#define _MD5_H_ 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* MD5 context. */
+typedef struct {
+  UINT4 state[4];                                   /* state (ABCD) */
+  UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
+  unsigned char buffer[64];                         /* input buffer */
+} MD5_CTX;
+
+void MD5Init PROTO_LIST ((MD5_CTX *));
+void MD5Update PROTO_LIST
+  ((MD5_CTX *, unsigned char *, unsigned int));
+void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff -Nu checkpassword-0.90-sql/md5c.c checkpassword-0.90-new/md5c.c
--- checkpassword-0.90-sql/md5c.c	Wed Dec 31 19:00:00 1969
+++ checkpassword-0.90-new/md5c.c	Mon Oct 27 23:53:32 2003
@@ -0,0 +1,334 @@
+/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+
+#include "global.h"
+#include "md5.h"
+
+/* Constants for MD5Transform routine.
+ */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+
+static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64]));
+static void Encode PROTO_LIST
+  ((unsigned char *, UINT4 *, unsigned int));
+static void Decode PROTO_LIST
+  ((UINT4 *, unsigned char *, unsigned int));
+static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int));
+static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int));
+
+static unsigned char PADDING[64] = {
+  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits.
+ */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
+   Rotation is separate from addition to prevent recomputation.
+ */
+#define FF(a, b, c, d, x, s, ac) { \
+    (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define GG(a, b, c, d, x, s, ac) { \
+    (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define HH(a, b, c, d, x, s, ac) { \
+    (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define II(a, b, c, d, x, s, ac) { \
+    (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+
+/* MD5 initialization. Begins an MD5 operation, writing a new context.
+ */
+void MD5Init (context)
+MD5_CTX *context;                                        /* context */
+{
+  context->count[0] = context->count[1] = 0;
+
+  /* Load magic initialization constants.
+   */
+  context->state[0] = 0x67452301;
+  context->state[1] = 0xefcdab89;
+  context->state[2] = 0x98badcfe;
+  context->state[3] = 0x10325476;
+}
+
+/* MD5 block update operation. Continues an MD5 message-digest
+     operation, processing another message block, and updating the
+     context.
+ */
+void MD5Update (context, input, inputLen)
+MD5_CTX *context;                                        /* context */
+unsigned char *input;                                /* input block */
+unsigned int inputLen;                     /* length of input block */
+{
+  unsigned int i, index, partLen;
+
+  /* Compute number of bytes mod 64 */
+  index = (unsigned int)((context->count[0] >> 3) & 0x3F);
+
+  /* Update number of bits */
+  if ((context->count[0] += ((UINT4)inputLen << 3))
+      < ((UINT4)inputLen << 3))
+    context->count[1]++;
+  context->count[1] += ((UINT4)inputLen >> 29);
+
+  partLen = 64 - index;
+
+  /* Transform as many times as possible.
+   */
+  if (inputLen >= partLen) {
+    MD5_memcpy
+      ((POINTER)&context->buffer[index], (POINTER)input, partLen);
+    MD5Transform (context->state, context->buffer);
+
+    for (i = partLen; i + 63 < inputLen; i += 64)
+      MD5Transform (context->state, &input[i]);
+
+    index = 0;
+  }
+  else
+    i = 0;
+
+  /* Buffer remaining input */
+  MD5_memcpy
+    ((POINTER)&context->buffer[index], (POINTER)&input[i],
+     inputLen-i);
+}
+
+/* MD5 finalization. Ends an MD5 message-digest operation, writing the
+     the message digest and zeroizing the context.
+ */
+void MD5Final (digest, context)
+unsigned char digest[16];                         /* message digest */
+MD5_CTX *context;                                       /* context */
+{
+  unsigned char bits[8];
+  unsigned int index, padLen;
+
+  /* Save number of bits */
+  Encode (bits, context->count, 8);
+
+  /* Pad out to 56 mod 64.
+   */
+  index = (unsigned int)((context->count[0] >> 3) & 0x3f);
+  padLen = (index < 56) ? (56 - index) : (120 - index);
+  MD5Update (context, PADDING, padLen);
+
+  /* Append length (before padding) */
+  MD5Update (context, bits, 8);
+
+  /* Store state in digest */
+  Encode (digest, context->state, 16);
+
+  /* Zeroize sensitive information.
+   */
+  MD5_memset ((POINTER)context, 0, sizeof (*context));
+}
+
+/* MD5 basic transformation. Transforms state based on block.
+ */
+static void MD5Transform (state, block)
+UINT4 state[4];
+unsigned char block[64];
+{
+  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
+
+  Decode (x, block, 64);
+
+  /* Round 1 */
+  FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
+  FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
+  FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
+  FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
+  FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
+  FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
+  FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
+  FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
+  FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
+  FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
+  FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
+  FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
+  FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
+  FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
+  FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
+  FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
+
+  /* Round 2 */
+  GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
+  GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
+  GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
+  GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
+  GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
+  GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
+  GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
+  GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
+  GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
+  GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
+  GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
+  GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
+  GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
+  GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
+  GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
+  GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
+
+  /* Round 3 */
+  HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
+  HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
+  HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
+  HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
+  HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
+  HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
+  HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
+  HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
+  HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
+  HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
+  HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
+  HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
+  HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
+  HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
+  HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
+  HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
+
+  /* Round 4 */
+  II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
+  II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
+  II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
+  II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
+  II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
+  II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
+  II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
+  II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
+  II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
+  II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
+  II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
+  II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
+  II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
+  II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
+  II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
+  II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
+
+  state[0] += a;
+  state[1] += b;
+  state[2] += c;
+  state[3] += d;
+
+  /* Zeroize sensitive information.
+   */
+  MD5_memset ((POINTER)x, 0, sizeof (x));
+}
+
+/* Encodes input (UINT4) into output (unsigned char). Assumes len is
+     a multiple of 4.
+ */
+static void Encode (output, input, len)
+unsigned char *output;
+UINT4 *input;
+unsigned int len;
+{
+  unsigned int i, j;
+
+  for (i = 0, j = 0; j < len; i++, j += 4) {
+    output[j] = (unsigned char)(input[i] & 0xff);
+    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
+    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
+    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
+  }
+}
+
+/* Decodes input (unsigned char) into output (UINT4). Assumes len is
+     a multiple of 4.
+ */
+static void Decode (output, input, len)
+UINT4 *output;
+unsigned char *input;
+unsigned int len;
+{
+  unsigned int i, j;
+
+  for (i = 0, j = 0; j < len; i++, j += 4)
+    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
+      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
+}
+
+/* Note: Replace "for loop" with standard memcpy if possible.
+ */
+static void MD5_memcpy (output, input, len)
+POINTER output;
+POINTER input;
+unsigned int len;
+{
+  unsigned int i;
+
+  for (i = 0; i < len; i++)
+    output[i] = input[i];
+}
+
+/* Note: Replace "for loop" with standard memset if possible.
+ */
+static void MD5_memset (output, value, len)
+POINTER output;
+int value;
+unsigned int len;
+{
+  unsigned int i;
+
+  for (i = 0; i < len; i++)
+    ((char *)output)[i] = (char)value;
+}