/* * Pound - the reverse-proxy load-balancer * Copyright (C) 2002-2006 Apsis GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * Additionaly compiling, linking, and/or using OpenSSL is expressly allowed. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, * Boston, MA 02111-1307, USA. * * Contact information: * Apsis GmbH * P.O.Box * 8707 Uetikon am See * Switzerland * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch * ==================================================================== * This module contributed by Pete Shew (pete@shew.org) * This will check authorisation and if necessary respond * with a login page. * The first version simply asks for the answer to a question specified * in the service, but it should easily be possible to check user ID * and passwords against a password file, with permitted users/groups * specified for the servcie */ #include "pound.h" static int auth_send_logon_page(BIO * cl, LISTENER * lstn, char * OrigPage) ; static int auth_send_redirect(BIO * cl, LISTENER * lstn, char * OrigPage) ; static void make_cookie(LISTENER * lstn) ; void CalculateMD5(unsigned char *buffer, int length, unsigned char *checksum); static int Once = 0 ; static regex_t reCookie ; static regmatch_t matches[5]; /* * Called from http.c to check authorisation * * Check if have received the response to a logon page, and * if so, check the validity of the response. If valid send * a redirect response to the original page with the * cookie and return 0 ; * otherwise resend the logon page and return 0 ; * * If not a logon response, check to see if authentication needed * If not return 1 ; * * If autherntication needed, check if a valid "pound" cookie * is present and if so return 1 or 2 * * NOTE: two cookies are stored and the time of the first. If the first cookie * is older than ten minutes, both cookies are discarded. If the first cookie * is between five and ten minutes old, any second cookie is discarded, the first * becomes the second, and a new first is created and the time noted. * * Cookie matching is done on either the first or second cookie, and if on the * second, a note made to resend the set-cookie with the first one. (RC=2)_ * * Otherwise send the login page and return 0. */ int auth_check( BIO * cl, LISTENER * lstn, char ** headers) { int n ; int GoodCookie = 0 ; int RC = 1 ; /* default is carry on */ char * HisCookie ; char * Ptr ; /* Do this once the first time in */ if (Once == 0) { Once = 1 ; if (regcomp(&reCookie, "PoundAuth=([^;]+)", REG_NEWLINE | REG_EXTENDED)) { logmsg(LOG_ERR, "bad PoundAuthCookie Regex - aborted"); exit(1); } } /* Check for a login response */ Ptr = strstr(headers[0], "/auth.pound?response=") ; if (Ptr) { char Request[MAXBUF] ; char *Response, *OrigReq ; char * Ptr2 ; strcpy (Request, headers[0]) ; Response = Ptr + (Request-headers[0]) + 21 ; OrigReq = strchr(Response, '&') ; *(OrigReq++) = '\0' ; OrigReq = strchr(OrigReq, '=') + 1 ; Ptr = strchr(OrigReq, ' ') ; *Ptr = '\0' ; /* Urldecode */ for (Ptr2=Ptr=OrigReq; *Ptr; Ptr++, Ptr2++) { if (*Ptr == '+') { *Ptr2 = ' ' ; } else if (*Ptr == '%') { char c1 = *(++Ptr) - '0' ; if (c1 > 9) c1 -= 7 ; char c2 = *(++Ptr) - '0' ; if (c2 > 9) c2 -= 7 ; *Ptr2 = c1*16+c2 ; } else { *Ptr2 = *Ptr ; } } *Ptr2 = '\0' ; if (strcmp(Response, lstn->response)==0) { make_cookie(lstn) ; auth_send_redirect(cl, lstn, OrigReq) ; RC = 0 ; } else { auth_send_logon_page(cl, lstn, OrigReq) ; RC = 0 ; } /* Check if we need authentication */ } else if ((lstn->question != NULL) && (lstn->response != NULL)) { /* Make up a cookie that should match his cookie */ int len, outlen ; make_cookie(lstn) ; /* Now look for a cookie */ for(n = 1; n < MAXHEADERS && headers[n]; n++) { if (strncasecmp(headers[n], "Cookie:", 7)==0) { GoodCookie = 1 ; /* Maybe */ break ; } } /* we found a cookie header */ if (GoodCookie) { /* One time create the regex */ /* Look for our cookie and extract it */ if(!regexec(&reCookie, headers[n], 4, matches, 0)) { char Work1[256] ; len = matches[1].rm_eo - matches[1].rm_so ; strncpy(Work1, &(headers[n][matches[1].rm_so]), len) ; Work1[len] = '\0' ; if ((lstn->cookie1) && (strcmp(lstn->cookie1, Work1)==0)) /* Check it's OK */ GoodCookie = 1 ; else if ((lstn->cookie2) && (strcmp(lstn->cookie2, Work1)==0)) /* Check it's OK */ GoodCookie = 2 ; else GoodCookie = 0 ; } else { GoodCookie = 0 ; } } /* Now, did we find a cookie that looked good to us? */ /* if not we need to send the login screen */ if (GoodCookie == 0) { auth_send_logon_page(cl, lstn, headers[0]) ; } RC = GoodCookie ; } return RC ; /* 0=stop processing, 1=carry on, 2= carry on and set cookie */ } /* Generate and send the logon response */ int auth_send_logon_page(BIO * cl, LISTENER * lstn, char* OrigPage) { BIO_printf(cl, "HTTP/1.1 200 OK\r\n"); BIO_printf(cl, "Server: Pound\r\n"); BIO_printf(cl, "Date: Thu, 15th Feb 2007 11:32:22 GMT\r\n"); BIO_printf(cl, "Connection: keepalive\r\n"); BIO_printf(cl, "Content-Type: text/html;charset=ISO-8859-1\r\n"); BIO_printf(cl, "Cache-Control: no-cache\r\n"); BIO_printf(cl, "\r\n"); BIO_printf(cl, "Pound authorisation\r\n"); BIO_printf(cl, "\r\n"); BIO_printf(cl, "

Secure logon

\r\n

Please supply the answer to the following question

\r\n"); BIO_printf(cl, "
\r\n"); BIO_printf(cl, "

"); BIO_printf(cl, lstn->question); BIO_printf(cl, "

\r\n"); BIO_printf(cl, "
\r\n"); BIO_printf(cl, "\r\n"); BIO_printf(cl, "\r\n"); BIO_printf(cl, "
\r\n"); BIO_printf(cl, "
\r\n"); BIO_printf(cl, "\r\n"); BIO_flush(cl); return 1 ; } /* Generate and send the redirect with the cookie */ int auth_send_redirect(BIO * cl, LISTENER * lstn, char * OrigReq) { char * OrigPage ; char * Ptr ; OrigPage = OrigReq ; while (*OrigPage!=' ') OrigPage++ ; while (*OrigPage==' ') OrigPage++ ; Ptr = OrigPage + 1 ; while (*Ptr!=' ') Ptr++ ; *Ptr='\0' ; BIO_printf(cl, "HTTP/1.1 302 OK\r\n"); BIO_printf(cl, "Server: Pound\r\n"); BIO_printf(cl, "Date: Thu, 15th Feb 2007 11:32:22 GMT\r\n"); BIO_printf(cl, "Connection: keepalive\r\n"); BIO_printf(cl, "location: %s\r\n", OrigPage); BIO_printf(cl, "Content-Type: text/html;charset=ISO-8859-1\r\n"); BIO_printf(cl, "Cache-Control: no-cache\r\n"); BIO_printf(cl, "Set-Cookie: PoundAuth=%s\r\n", lstn->cookie1) ; BIO_printf(cl, "\r\n"); BIO_printf(cl, "Pound authorisation\r\n"); BIO_printf(cl, "\r\n"); BIO_printf(cl, "

Authorisation accepted

\r\n"); BIO_printf(cl, "\r\n"); BIO_flush(cl); return 1 ; } void make_cookie(LISTENER * lstn) { time_t Now = time(&Now) ; int len, outlen ; if ((lstn->cookie1 == NULL) || (lstn->cookietime + 300 < Now)) { char Work1[256] ; char Work2[256] ; if (lstn->cookie2) { free (lstn->cookie2) ; lstn->cookie2 = NULL ; } if ((lstn->cookie1) && (lstn->cookietime + 600 < Now)) { free (lstn->cookie1) ; lstn->cookie1 = NULL ; } else { lstn->cookie2 = lstn->cookie1 ; } lstn->cookietime = Now ; strcpy(Work1, ctime(&lstn->cookietime)) ; strcat(Work1, lstn->question) ; strcat(Work1, "$%^$&%$^&$") ; /* A bit of confusion */ strcat(Work1, lstn->response) ; strcat(Work1, "$%^$&%$^&$") ; /* A bit more of confusion */ len = strlen(Work1) ; CalculateMD5((unsigned char*) Work1, len, (unsigned char*) Work2); if ((lstn->cookie1 = strdup(Work2))==NULL) { logmsg(LOG_ERR, "check_auth: out of memory - aborted"); exit(1); } } } /* * I know there are other ways, but I didn't want to increase the * dependency for the sake of a little bit of code * * PETE SHEW */ /* Taken from ReHash (www.reichlsoft.de.vu) and released * under GPL/LGPL with permission from ReHash author * Dominik Reichl , Germany */ /* ********************************************************************** ** MD5.cpp ** ** ** ** - Style modified by Tony Ray, January 2001 ** ** Added support for randomizing initialization constants ** ** - Style modified by Dominik Reichl, April 2003 ** ** Optimized code ** ** ** ** MD5.c ** ** RSA Data Security, Inc. MD5 Message Digest Algorithm ** ** Created: 2/17/90 RLR ** ** Revised: 1/91 SRD,AJ,BSK,JT Reference C Version ** ********************************************************************** */ /* ********************************************************************** ** MD5.h -- Header file for implementation of MD5 ** ** RSA Data Security, Inc. MD5 Message Digest Algorithm ** ** Created: 2/17/90 RLR ** ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version ** ** Revised (for MD5): RLR 4/27/91 ** ** -- G modified to have y&~z instead of y&z ** ** -- FF, GG, HH modified to add in last register done ** ** -- Access pattern: round 2 works mod 5, round 3 works mod 3 ** ** -- distinct additive constant for each step ** ** -- round 4 added, working mod 7 ** ********************************************************************** */ /* Typedef a 32 bit type */ #ifndef UINT4 typedef unsigned long int UINT4; #endif /* Data structure for MD5 (Message Digest) computation */ typedef struct { UINT4 i[2]; /* Number of _bits_ handled mod 2^64 */ UINT4 buf[4]; /* Scratch buffer */ unsigned char in[64]; /* Input buffer */ unsigned char digest[16]; /* Actual digest after MD5Final call */ } MD5_CTX; /* Padding */ static unsigned char MD5_PADDING[64] = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; /* MD5_F, MD5_G and MD5_H are basic MD5 functions: selection, majority, parity */ #define MD5_F(x, y, z) (((x) & (y)) | ((~x) & (z))) #define MD5_G(x, y, z) (((x) & (z)) | ((y) & (~z))) #define MD5_H(x, y, z) ((x) ^ (y) ^ (z)) #define MD5_I(x, y, z) ((y) ^ ((x) | (~z))) /* ROTATE_LEFT rotates x left n bits */ #ifndef ROTATE_LEFT #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) #endif /* MD5_FF, MD5_GG, MD5_HH, and MD5_II transformations for rounds 1, 2, 3, and 4 */ /* Rotation is separate from addition to prevent recomputation */ #define MD5_FF(a, b, c, d, x, s, ac) {(a) += MD5_F ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } #define MD5_GG(a, b, c, d, x, s, ac) {(a) += MD5_G ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } #define MD5_HH(a, b, c, d, x, s, ac) {(a) += MD5_H ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } #define MD5_II(a, b, c, d, x, s, ac) {(a) += MD5_I ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } /* Constants for transformation */ #define MD5_S11 7 /* Round 1 */ #define MD5_S12 12 #define MD5_S13 17 #define MD5_S14 22 #define MD5_S21 5 /* Round 2 */ #define MD5_S22 9 #define MD5_S23 14 #define MD5_S24 20 #define MD5_S31 4 /* Round 3 */ #define MD5_S32 11 #define MD5_S33 16 #define MD5_S34 23 #define MD5_S41 6 /* Round 4 */ #define MD5_S42 10 #define MD5_S43 15 #define MD5_S44 21 /* Basic MD5 step. MD5_Transform buf based on in */ static void MD5_Transform (UINT4 *buf, UINT4 *in) { UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3]; /* Round 1 */ MD5_FF ( a, b, c, d, in[ 0], MD5_S11, (UINT4) 3614090360u); /* 1 */ MD5_FF ( d, a, b, c, in[ 1], MD5_S12, (UINT4) 3905402710u); /* 2 */ MD5_FF ( c, d, a, b, in[ 2], MD5_S13, (UINT4) 606105819u); /* 3 */ MD5_FF ( b, c, d, a, in[ 3], MD5_S14, (UINT4) 3250441966u); /* 4 */ MD5_FF ( a, b, c, d, in[ 4], MD5_S11, (UINT4) 4118548399u); /* 5 */ MD5_FF ( d, a, b, c, in[ 5], MD5_S12, (UINT4) 1200080426u); /* 6 */ MD5_FF ( c, d, a, b, in[ 6], MD5_S13, (UINT4) 2821735955u); /* 7 */ MD5_FF ( b, c, d, a, in[ 7], MD5_S14, (UINT4) 4249261313u); /* 8 */ MD5_FF ( a, b, c, d, in[ 8], MD5_S11, (UINT4) 1770035416u); /* 9 */ MD5_FF ( d, a, b, c, in[ 9], MD5_S12, (UINT4) 2336552879u); /* 10 */ MD5_FF ( c, d, a, b, in[10], MD5_S13, (UINT4) 4294925233u); /* 11 */ MD5_FF ( b, c, d, a, in[11], MD5_S14, (UINT4) 2304563134u); /* 12 */ MD5_FF ( a, b, c, d, in[12], MD5_S11, (UINT4) 1804603682u); /* 13 */ MD5_FF ( d, a, b, c, in[13], MD5_S12, (UINT4) 4254626195u); /* 14 */ MD5_FF ( c, d, a, b, in[14], MD5_S13, (UINT4) 2792965006u); /* 15 */ MD5_FF ( b, c, d, a, in[15], MD5_S14, (UINT4) 1236535329u); /* 16 */ /* Round 2 */ MD5_GG ( a, b, c, d, in[ 1], MD5_S21, (UINT4) 4129170786u); /* 17 */ MD5_GG ( d, a, b, c, in[ 6], MD5_S22, (UINT4) 3225465664u); /* 18 */ MD5_GG ( c, d, a, b, in[11], MD5_S23, (UINT4) 643717713u); /* 19 */ MD5_GG ( b, c, d, a, in[ 0], MD5_S24, (UINT4) 3921069994u); /* 20 */ MD5_GG ( a, b, c, d, in[ 5], MD5_S21, (UINT4) 3593408605u); /* 21 */ MD5_GG ( d, a, b, c, in[10], MD5_S22, (UINT4) 38016083u); /* 22 */ MD5_GG ( c, d, a, b, in[15], MD5_S23, (UINT4) 3634488961u); /* 23 */ MD5_GG ( b, c, d, a, in[ 4], MD5_S24, (UINT4) 3889429448u); /* 24 */ MD5_GG ( a, b, c, d, in[ 9], MD5_S21, (UINT4) 568446438u); /* 25 */ MD5_GG ( d, a, b, c, in[14], MD5_S22, (UINT4) 3275163606u); /* 26 */ MD5_GG ( c, d, a, b, in[ 3], MD5_S23, (UINT4) 4107603335u); /* 27 */ MD5_GG ( b, c, d, a, in[ 8], MD5_S24, (UINT4) 1163531501u); /* 28 */ MD5_GG ( a, b, c, d, in[13], MD5_S21, (UINT4) 2850285829u); /* 29 */ MD5_GG ( d, a, b, c, in[ 2], MD5_S22, (UINT4) 4243563512u); /* 30 */ MD5_GG ( c, d, a, b, in[ 7], MD5_S23, (UINT4) 1735328473u); /* 31 */ MD5_GG ( b, c, d, a, in[12], MD5_S24, (UINT4) 2368359562u); /* 32 */ /* Round 3 */ MD5_HH ( a, b, c, d, in[ 5], MD5_S31, (UINT4) 4294588738u); /* 33 */ MD5_HH ( d, a, b, c, in[ 8], MD5_S32, (UINT4) 2272392833u); /* 34 */ MD5_HH ( c, d, a, b, in[11], MD5_S33, (UINT4) 1839030562u); /* 35 */ MD5_HH ( b, c, d, a, in[14], MD5_S34, (UINT4) 4259657740u); /* 36 */ MD5_HH ( a, b, c, d, in[ 1], MD5_S31, (UINT4) 2763975236u); /* 37 */ MD5_HH ( d, a, b, c, in[ 4], MD5_S32, (UINT4) 1272893353u); /* 38 */ MD5_HH ( c, d, a, b, in[ 7], MD5_S33, (UINT4) 4139469664u); /* 39 */ MD5_HH ( b, c, d, a, in[10], MD5_S34, (UINT4) 3200236656u); /* 40 */ MD5_HH ( a, b, c, d, in[13], MD5_S31, (UINT4) 681279174u); /* 41 */ MD5_HH ( d, a, b, c, in[ 0], MD5_S32, (UINT4) 3936430074u); /* 42 */ MD5_HH ( c, d, a, b, in[ 3], MD5_S33, (UINT4) 3572445317u); /* 43 */ MD5_HH ( b, c, d, a, in[ 6], MD5_S34, (UINT4) 76029189u); /* 44 */ MD5_HH ( a, b, c, d, in[ 9], MD5_S31, (UINT4) 3654602809u); /* 45 */ MD5_HH ( d, a, b, c, in[12], MD5_S32, (UINT4) 3873151461u); /* 46 */ MD5_HH ( c, d, a, b, in[15], MD5_S33, (UINT4) 530742520u); /* 47 */ MD5_HH ( b, c, d, a, in[ 2], MD5_S34, (UINT4) 3299628645u); /* 48 */ /* Round 4 */ MD5_II ( a, b, c, d, in[ 0], MD5_S41, (UINT4) 4096336452u); /* 49 */ MD5_II ( d, a, b, c, in[ 7], MD5_S42, (UINT4) 1126891415u); /* 50 */ MD5_II ( c, d, a, b, in[14], MD5_S43, (UINT4) 2878612391u); /* 51 */ MD5_II ( b, c, d, a, in[ 5], MD5_S44, (UINT4) 4237533241u); /* 52 */ MD5_II ( a, b, c, d, in[12], MD5_S41, (UINT4) 1700485571u); /* 53 */ MD5_II ( d, a, b, c, in[ 3], MD5_S42, (UINT4) 2399980690u); /* 54 */ MD5_II ( c, d, a, b, in[10], MD5_S43, (UINT4) 4293915773u); /* 55 */ MD5_II ( b, c, d, a, in[ 1], MD5_S44, (UINT4) 2240044497u); /* 56 */ MD5_II ( a, b, c, d, in[ 8], MD5_S41, (UINT4) 1873313359u); /* 57 */ MD5_II ( d, a, b, c, in[15], MD5_S42, (UINT4) 4264355552u); /* 58 */ MD5_II ( c, d, a, b, in[ 6], MD5_S43, (UINT4) 2734768916u); /* 59 */ MD5_II ( b, c, d, a, in[13], MD5_S44, (UINT4) 1309151649u); /* 60 */ MD5_II ( a, b, c, d, in[ 4], MD5_S41, (UINT4) 4149444226u); /* 61 */ MD5_II ( d, a, b, c, in[11], MD5_S42, (UINT4) 3174756917u); /* 62 */ MD5_II ( c, d, a, b, in[ 2], MD5_S43, (UINT4) 718787259u); /* 63 */ MD5_II ( b, c, d, a, in[ 9], MD5_S44, (UINT4) 3951481745u); /* 64 */ buf[0] += a; buf[1] += b; buf[2] += c; buf[3] += d; } // Set pseudoRandomNumber to zero for RFC MD5 implementation void MD5Init (MD5_CTX *mdContext, unsigned long pseudoRandomNumber) { mdContext->i[0] = mdContext->i[1] = (UINT4)0; /* Load magic initialization constants */ mdContext->buf[0] = (UINT4)0x67452301 + (pseudoRandomNumber * 11); mdContext->buf[1] = (UINT4)0xefcdab89 + (pseudoRandomNumber * 71); mdContext->buf[2] = (UINT4)0x98badcfe + (pseudoRandomNumber * 37); mdContext->buf[3] = (UINT4)0x10325476 + (pseudoRandomNumber * 97); } void MD5Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen) { UINT4 in[16]; int mdi = 0; unsigned int i = 0, ii = 0; /* Compute number of bytes mod 64 */ mdi = (int)((mdContext->i[0] >> 3) & 0x3F); /* Update number of bits */ if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0]) mdContext->i[1]++; mdContext->i[0] += ((UINT4)inLen << 3); mdContext->i[1] += ((UINT4)inLen >> 29); while (inLen--) { /* Add new character to buffer, increment mdi */ mdContext->in[mdi++] = *inBuf++; /* Transform if necessary */ if (mdi == 0x40) { for (i = 0, ii = 0; i < 16; i++, ii += 4) in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | (((UINT4)mdContext->in[ii+2]) << 16) | (((UINT4)mdContext->in[ii+1]) << 8) | ((UINT4)mdContext->in[ii]); MD5_Transform (mdContext->buf, in); mdi = 0; } } } void MD5Final (MD5_CTX *mdContext) { UINT4 in[16]; int mdi = 0; unsigned int i = 0, ii = 0, padLen = 0; /* Save number of bits */ in[14] = mdContext->i[0]; in[15] = mdContext->i[1]; /* Compute number of bytes mod 64 */ mdi = (int)((mdContext->i[0] >> 3) & 0x3F); /* Pad out to 56 mod 64 */ padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi); MD5Update (mdContext, MD5_PADDING, padLen); /* Append length in bits and transform */ for (i = 0, ii = 0; i < 14; i++, ii += 4) in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | (((UINT4)mdContext->in[ii+2]) << 16) | (((UINT4)mdContext->in[ii+1]) << 8) | ((UINT4)mdContext->in[ii]); MD5_Transform (mdContext->buf, in); /* Store buffer in digest */ for (i = 0, ii = 0; i < 4; i++, ii += 4) { mdContext->digest[ii] = (unsigned char)( mdContext->buf[i] & 0xFF); mdContext->digest[ii+1] = (unsigned char)((mdContext->buf[i] >> 8) & 0xFF); mdContext->digest[ii+2] = (unsigned char)((mdContext->buf[i] >> 16) & 0xFF); mdContext->digest[ii+3] = (unsigned char)((mdContext->buf[i] >> 24) & 0xFF); } } void CalculateMD5(unsigned char *buffer, int length, unsigned char *checksum) { int i; MD5_CTX m_md5; MD5Init(&m_md5, 0); MD5Update(&m_md5, buffer, length); MD5Final(&m_md5); for (i = 0; i < 16; i++) sprintf((char*) checksum+i*2,"%02X", m_md5.digest[i]); }