Convert enc_md5 to use a vendored MD5 library.

6 files changed, 383 insertions, 283 deletions

diff --git a/modules/encryption/enc_md5.cpp b/modules/encryption/enc_md5.cpp
index a05e3aa13..69665f3bc 100644
--- a/modules/encryption/enc_md5.cpp
+++ b/modules/encryption/enc_md5.cpp
@@ -14,292 +14,29 @@
 #include "module.h"
 #include "modules/encryption.h"
 
-/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
-rights reserved.
-
-License to copy and use this software is granted provided that it
-is identified as the "RSA Data Security, Inc. MD5 Message-Digest
-Algorithm" in all material mentioning or referencing this software
-or this function.
-
-License is also granted to make and use derivative works provided
-that such works are identified as "derived from the RSA Data
-Security, Inc. MD5 Message-Digest Algorithm" in all material
-mentioning or referencing the derived work.
-
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
-
-These notices must be retained in any copies of any part of this
-documentation and/or software.
- */
-
-static unsigned char PADDING[64] = {
-	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/* F, G, H and I are basic MD5 functions.
- */
-inline static unsigned F(unsigned x, unsigned y, unsigned z) { return (x & y) | (~x & z); }
-inline static unsigned G(unsigned x, unsigned y, unsigned z) { return (x & z) | (y & ~z); }
-inline static unsigned H(unsigned x, unsigned y, unsigned z) { return x ^ y ^ z; }
-inline static unsigned I(unsigned x, unsigned y, unsigned z) { return y ^ (x | ~z); }
-
-/* ROTATE_LEFT rotates x left n bits.
- */
-inline static unsigned ROTATE_LEFT(unsigned x, unsigned n) { return (x << n) | (x >> (32 - n)); }
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
- * Rotation is separate from addition to prevent recomputation.
- */
-inline static void FF(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned x, unsigned s, unsigned ac)
-{
-	a += F(b, c, d) + x + ac;
-	a = ROTATE_LEFT(a, s);
-	a += b;
-}
-inline static void GG(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned x, unsigned s, unsigned ac)
-{
-	a += G(b, c, d) + x + ac;
-	a = ROTATE_LEFT(a, s);
-	a += b;
-}
-inline static void HH(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned x, unsigned s, unsigned ac)
-{
-	a += H(b, c, d) + x + ac;
-	a = ROTATE_LEFT(a, s);
-	a += b;
-}
-inline static void II(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned x, unsigned s, unsigned ac)
-{
-	a += I(b, c, d) + x + ac;
-	a = ROTATE_LEFT(a, s);
-	a += b;
-}
-
-static const uint32_t md5_iv[4] =
-{
-	0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476
-};
+#include "md5/md5.c"
 
 class MD5Context final
 	: public Encryption::Context
 {
-	unsigned state[4]; /* state (ABCD) */
-	unsigned count[2]; /* number of bits, modulo 2^64 (lsb first) */
-	unsigned char buffer[64]; /* input buffer */
-
-	/* Constants for MD5Transform routine.
-	 */
-	enum
-	{
-		S11 = 7,
-		S12 = 12,
-		S13 = 17,
-		S14 = 22,
-		S21 = 5,
-		S22 = 9,
-		S23 = 14,
-		S24 = 20,
-		S31 = 4,
-		S32 = 11,
-		S33 = 16,
-		S34 = 23,
-		S41 = 6,
-		S42 = 10,
-		S43 = 15,
-		S44 = 21
-	};
-
-	/* MD5 basic transformation. Transforms state based on block.
-	 */
-	void Transform(const unsigned char block[64])
-	{
-		unsigned a = state[0], b = state[1], c = state[2], d = state[3], x[16];
-
-		Decode(x, block, 64);
-
-		/* Round 1 */
-		FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
-		FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
-		FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
-		FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
-		FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
-		FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
-		FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
-		FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
-		FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
-		FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
-		FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
-		FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
-		FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
-		FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
-		FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
-		FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
-		/* Round 2 */
-		GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
-		GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
-		GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
-		GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
-		GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
-		GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
-		GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
-		GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
-		GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
-		GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
-		GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
-		GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
-		GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
-		GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
-		GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
-		GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
-
-		/* Round 3 */
-		HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
-		HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
-		HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
-		HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
-		HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
-		HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
-		HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
-		HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
-		HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
-		HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
-		HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
-		HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
-		HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
-		HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
-		HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
-		HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
-
-		/* Round 4 */
-		II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
-		II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
-		II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
-		II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
-		II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
-		II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
-		II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
-		II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
-		II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
-		II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
-		II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
-		II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
-		II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
-		II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
-		II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
-		II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
-
-		state[0] += a;
-		state[1] += b;
-		state[2] += c;
-		state[3] += d;
-
-		/* Zeroize sensitive information. */
-		memset(x, 0, sizeof(x));
-	}
-
-	/* Encodes input (unsigned) into output (unsigned char). Assumes len is
-	 * a multiple of 4.
-	 */
-	static void Encode(unsigned char *output, unsigned *input, unsigned len)
-	{
-		for (unsigned i = 0, j = 0; j < len; ++i, j += 4)
-		{
-			output[j] = static_cast<unsigned char>(input[i] & 0xff);
-			output[j + 1] = static_cast<unsigned char>((input[i] >> 8) & 0xff);
-			output[j + 2] = static_cast<unsigned char>((input[i] >> 16) & 0xff);
-			output[j + 3] = static_cast<unsigned char>((input[i] >> 24) & 0xff);
-		}
-	}
-
-	/* Decodes input (unsigned char) into output (unsigned). Assumes len is
-	 * a multiple of 4.
-	 */
-	static void Decode(unsigned *output, const unsigned char *input, unsigned len)
-	{
-		for (unsigned i = 0, j = 0; j < len; ++i, j += 4)
-			output[i] = static_cast<unsigned>(input[j]) | (static_cast<unsigned>(input[j + 1]) << 8) | (static_cast<unsigned>(input[j + 2]) << 16) | (static_cast<unsigned>(input[j + 3]) << 24);
-	}
+private:
+	MD5_CTX context;
 
 public:
 	MD5Context()
 	{
-		for (int i = 0; i < 4; ++i)
-			this->state[i] = md5_iv[i];
-
-		this->count[0] = this->count[1] = 0;
-		memset(this->buffer, 0, sizeof(this->buffer));
+		MD5_Init(&context);
 	}
 
-	/* MD5 block update operation. Continues an MD5 message-digest
-	 * operation, processing another message block, and updating the
-	 * context.
-	 */
 	void Update(const unsigned char *input, size_t len) override
 	{
-		unsigned i, index, partLen;
-
-		/* Compute number of bytes mod 64 */
-		index = (this->count[0] >> 3) & 0x3F;
-
-		/* Update number of bits */
-		if ((this->count[0] += len << 3) < (len << 3))
-			++this->count[1];
-		this->count[1] += len >> 29;
-
-		partLen = 64 - index;
-
-		/* Transform as many times as possible. */
-		if (len >= partLen)
-		{
-			memcpy(&this->buffer[index], input, partLen);
-			this->Transform(this->buffer);
-
-			for (i = partLen; i + 63 < len; i += 64)
-				this->Transform(&input[i]);
-
-			index = 0;
-		}
-		else
-			i = 0;
-
-		/* Buffer remaining input */
-		memcpy(&this->buffer[index], &input[i], len - i);
+		MD5_Update(&context, input, len);
 	}
 
-	/* MD5 finalization. Ends an MD5 message-digest opera
-	 * the message digest and zeroizing the context.
-	 */
 	Anope::string Finalize() override
 	{
-		unsigned char bits[8];
-		unsigned index, padLen;
-
-		/* Save number of bits */
-		this->Encode(bits, this->count, 8);
-
-		/* Pad out to 56 mod 64. */
-		index = (this->count[0] >> 3) & 0x3f;
-		padLen = index < 56 ? 56 - index : 120 - index;
-		this->Update(PADDING, padLen);
-
-		/* Append length (before padding) */
-		this->Update(bits, 8);
-		unsigned char digest[16]; /* final digest */
-		/* Store state in digest */
-		this->Encode(digest, this->state, 16);
-
-		/* Zeroize sensitive information. */
-		memset(this->state, 0, sizeof(this->state));
-		memset(this->count, 0, sizeof(this->count));
-		memset(this->buffer, 0, sizeof(this->buffer));
-
+		unsigned char digest[16];
+		MD5_Final(digest, &context);
 		return Anope::string(reinterpret_cast<const char *>(&digest), sizeof(digest));
 	}
 };
@@ -321,34 +58,33 @@ public:
 
 	EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) override
 	{
-		Anope::string buf = "md5:" + Anope::Hex(md5provider.Encrypt(src));
-
-		Log(LOG_DEBUG_2) << "(enc_md5) hashed password from [" << src << "] to [" << buf << "]";
-		dest = buf;
+		auto enc = "md5:" + Anope::Hex(md5provider.Encrypt(src));
+		Log(LOG_DEBUG_2) << "(enc_md5) hashed password from [" << src << "] to [" << enc << "]";
+		dest = enc;
 		return EVENT_ALLOW;
 	}
 
 	void OnCheckAuthentication(User *, IdentifyRequest *req) override
 	{
-		const NickAlias *na = NickAlias::Find(req->GetAccount());
+		const auto *na = NickAlias::Find(req->GetAccount());
 		if (na == NULL)
 			return;
-		NickCore *nc = na->nc;
 
-		size_t pos = nc->pass.find(':');
+		NickCore *nc = na->nc;
+		auto pos = nc->pass.find(':');
 		if (pos == Anope::string::npos)
 			return;
+
 		Anope::string hash_method(nc->pass.begin(), nc->pass.begin() + pos);
 		if (!hash_method.equals_cs("md5"))
 			return;
 
-		Anope::string buf;
-		this->OnEncrypt(req->GetPassword(), buf);
-		if (nc->pass.equals_cs(buf))
+		Anope::string enc;
+		this->OnEncrypt(req->GetPassword(), enc);
+		if (nc->pass.equals_cs(enc))
 		{
-			/* if we are NOT the first module in the list,
-			 * we want to re-encrypt the pass with the new encryption
-			 */
+			// If we are NOT the first encryption module we want to re-encrypt
+			// the password with the primary encryption method.
 			if (ModuleManager::FindFirstOf(ENCRYPTION) != this)
 				Anope::Encrypt(req->GetPassword(), nc->pass);
 			req->Success(this);
diff --git a/vendor/README.md b/vendor/README.md
index dc979d39c..321fb24d8 100644
--- a/vendor/README.md
+++ b/vendor/README.md
@@ -11,3 +11,13 @@ This directory contains vendored dependencies that are shipped with Anope to avo
 **Version** &mdash; v1.3
 
 **Website** &mdash; [https://www.openwall.com/crypt/](https://www.openwall.com/crypt/)
+
+## md5
+
+**Author** &mdash; [Solar Designer](mailto:solar@openwall.com)
+
+**License** &mdash; Cut-down BSD License
+
+**Version** &mdash; v2.0
+
+**Website** &mdash; [https://openwall.info/wiki/people/solar/software/public-domain-source-code/md5](https://openwall.info/wiki/people/solar/software/public-domain-source-code/md5)
diff --git a/vendor/md5/LICENSE b/vendor/md5/LICENSE
new file mode 100644
index 000000000..26de4493e
--- /dev/null
+++ b/vendor/md5/LICENSE
@@ -0,0 +1,8 @@
+Copyright (c) 1998-2017 Solar Designer <solar at openwall.com>
+Copyright (c) 2008 Grigoriy Strokin <grg at openwall.com>
+Copyright (c) 2011-2017 ABC <abc at openwall.com>
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted.
+
+There's ABSOLUTELY NO WARRANTY, express or implied.
diff --git a/vendor/md5/md5.c b/vendor/md5/md5.c
new file mode 100644
index 000000000..b235e17a5
--- /dev/null
+++ b/vendor/md5/md5.c
@@ -0,0 +1,291 @@
+/*
+ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
+ * MD5 Message-Digest Algorithm (RFC 1321).
+ *
+ * Homepage:
+ * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
+ *
+ * Author:
+ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
+ *
+ * This software was written by Alexander Peslyak in 2001.  No copyright is
+ * claimed, and the software is hereby placed in the public domain.
+ * In case this attempt to disclaim copyright and place the software in the
+ * public domain is deemed null and void, then the software is
+ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
+ * general public under the following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
+ *
+ * (This is a heavily cut-down "BSD license".)
+ *
+ * This differs from Colin Plumb's older public domain implementation in that
+ * no exactly 32-bit integer data type is required (any 32-bit or wider
+ * unsigned integer data type will do), there's no compile-time endianness
+ * configuration, and the function prototypes match OpenSSL's.  No code from
+ * Colin Plumb's implementation has been reused; this comment merely compares
+ * the properties of the two independent implementations.
+ *
+ * The primary goals of this implementation are portability and ease of use.
+ * It is meant to be fast, but not as fast as possible.  Some known
+ * optimizations are not included to reduce source code size and avoid
+ * compile-time configuration.
+ */
+
+#ifndef HAVE_OPENSSL
+
+#include <string.h>
+
+#include "md5.h"
+
+/*
+ * The basic MD5 functions.
+ *
+ * F and G are optimized compared to their RFC 1321 definitions for
+ * architectures that lack an AND-NOT instruction, just like in Colin Plumb's
+ * implementation.
+ */
+#define F(x, y, z)			((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z)			((y) ^ ((z) & ((x) ^ (y))))
+#define H(x, y, z)			(((x) ^ (y)) ^ (z))
+#define H2(x, y, z)			((x) ^ ((y) ^ (z)))
+#define I(x, y, z)			((y) ^ ((x) | ~(z)))
+
+/*
+ * The MD5 transformation for all four rounds.
+ */
+#define STEP(f, a, b, c, d, x, t, s) \
+	(a) += f((b), (c), (d)) + (x) + (t); \
+	(a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \
+	(a) += (b);
+
+/*
+ * SET reads 4 input bytes in little-endian byte order and stores them in a
+ * properly aligned word in host byte order.
+ *
+ * The check for little-endian architectures that tolerate unaligned memory
+ * accesses is just an optimization.  Nothing will break if it fails to detect
+ * a suitable architecture.
+ *
+ * Unfortunately, this optimization may be a C strict aliasing rules violation
+ * if the caller's data buffer has effective type that cannot be aliased by
+ * MD5_u32plus.  In practice, this problem may occur if these MD5 routines are
+ * inlined into a calling function, or with future and dangerously advanced
+ * link-time optimizations.  For the time being, keeping these MD5 routines in
+ * their own translation unit avoids the problem.
+ */
+#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
+#define SET(n) \
+	(*(MD5_u32plus *)&ptr[(n) * 4])
+#define GET(n) \
+	SET(n)
+#else
+#define SET(n) \
+	(ctx->block[(n)] = \
+	(MD5_u32plus)ptr[(n) * 4] | \
+	((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \
+	((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \
+	((MD5_u32plus)ptr[(n) * 4 + 3] << 24))
+#define GET(n) \
+	(ctx->block[(n)])
+#endif
+
+/*
+ * This processes one or more 64-byte data blocks, but does NOT update the bit
+ * counters.  There are no alignment requirements.
+ */
+static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
+{
+	const unsigned char *ptr;
+	MD5_u32plus a, b, c, d;
+	MD5_u32plus saved_a, saved_b, saved_c, saved_d;
+
+	ptr = (const unsigned char *)data;
+
+	a = ctx->a;
+	b = ctx->b;
+	c = ctx->c;
+	d = ctx->d;
+
+	do {
+		saved_a = a;
+		saved_b = b;
+		saved_c = c;
+		saved_d = d;
+
+/* Round 1 */
+		STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7)
+		STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12)
+		STEP(F, c, d, a, b, SET(2), 0x242070db, 17)
+		STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22)
+		STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7)
+		STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12)
+		STEP(F, c, d, a, b, SET(6), 0xa8304613, 17)
+		STEP(F, b, c, d, a, SET(7), 0xfd469501, 22)
+		STEP(F, a, b, c, d, SET(8), 0x698098d8, 7)
+		STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12)
+		STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17)
+		STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22)
+		STEP(F, a, b, c, d, SET(12), 0x6b901122, 7)
+		STEP(F, d, a, b, c, SET(13), 0xfd987193, 12)
+		STEP(F, c, d, a, b, SET(14), 0xa679438e, 17)
+		STEP(F, b, c, d, a, SET(15), 0x49b40821, 22)
+
+/* Round 2 */
+		STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5)
+		STEP(G, d, a, b, c, GET(6), 0xc040b340, 9)
+		STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14)
+		STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20)
+		STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5)
+		STEP(G, d, a, b, c, GET(10), 0x02441453, 9)
+		STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14)
+		STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20)
+		STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5)
+		STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9)
+		STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14)
+		STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20)
+		STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5)
+		STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9)
+		STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14)
+		STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20)
+
+/* Round 3 */
+		STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4)
+		STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11)
+		STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16)
+		STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23)
+		STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4)
+		STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11)
+		STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16)
+		STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23)
+		STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4)
+		STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11)
+		STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16)
+		STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23)
+		STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4)
+		STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11)
+		STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16)
+		STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23)
+
+/* Round 4 */
+		STEP(I, a, b, c, d, GET(0), 0xf4292244, 6)
+		STEP(I, d, a, b, c, GET(7), 0x432aff97, 10)
+		STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15)
+		STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21)
+		STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6)
+		STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10)
+		STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15)
+		STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21)
+		STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6)
+		STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10)
+		STEP(I, c, d, a, b, GET(6), 0xa3014314, 15)
+		STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21)
+		STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6)
+		STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10)
+		STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15)
+		STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21)
+
+		a += saved_a;
+		b += saved_b;
+		c += saved_c;
+		d += saved_d;
+
+		ptr += 64;
+	} while (size -= 64);
+
+	ctx->a = a;
+	ctx->b = b;
+	ctx->c = c;
+	ctx->d = d;
+
+	return ptr;
+}
+
+void MD5_Init(MD5_CTX *ctx)
+{
+	ctx->a = 0x67452301;
+	ctx->b = 0xefcdab89;
+	ctx->c = 0x98badcfe;
+	ctx->d = 0x10325476;
+
+	ctx->lo = 0;
+	ctx->hi = 0;
+}
+
+void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
+{
+	MD5_u32plus saved_lo;
+	unsigned long used, available;
+
+	saved_lo = ctx->lo;
+	if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
+		ctx->hi++;
+	ctx->hi += size >> 29;
+
+	used = saved_lo & 0x3f;
+
+	if (used) {
+		available = 64 - used;
+
+		if (size < available) {
+			memcpy(&ctx->buffer[used], data, size);
+			return;
+		}
+
+		memcpy(&ctx->buffer[used], data, available);
+		data = (const unsigned char *)data + available;
+		size -= available;
+		body(ctx, ctx->buffer, 64);
+	}
+
+	if (size >= 64) {
+		data = body(ctx, data, size & ~(unsigned long)0x3f);
+		size &= 0x3f;
+	}
+
+	memcpy(ctx->buffer, data, size);
+}
+
+#define OUT(dst, src) \
+	(dst)[0] = (unsigned char)(src); \
+	(dst)[1] = (unsigned char)((src) >> 8); \
+	(dst)[2] = (unsigned char)((src) >> 16); \
+	(dst)[3] = (unsigned char)((src) >> 24);
+
+void MD5_Final(unsigned char *result, MD5_CTX *ctx)
+{
+	unsigned long used, available;
+
+	used = ctx->lo & 0x3f;
+
+	ctx->buffer[used++] = 0x80;
+
+	available = 64 - used;
+
+	if (available < 8) {
+		memset(&ctx->buffer[used], 0, available);
+		body(ctx, ctx->buffer, 64);
+		used = 0;
+		available = 64;
+	}
+
+	memset(&ctx->buffer[used], 0, available - 8);
+
+	ctx->lo <<= 3;
+	OUT(&ctx->buffer[56], ctx->lo)
+	OUT(&ctx->buffer[60], ctx->hi)
+
+	body(ctx, ctx->buffer, 64);
+
+	OUT(&result[0], ctx->a)
+	OUT(&result[4], ctx->b)
+	OUT(&result[8], ctx->c)
+	OUT(&result[12], ctx->d)
+
+	memset(ctx, 0, sizeof(*ctx));
+}
+
+#endif
diff --git a/vendor/md5/md5.h b/vendor/md5/md5.h
new file mode 100644
index 000000000..2da44bf35
--- /dev/null
+++ b/vendor/md5/md5.h
@@ -0,0 +1,45 @@
+/*
+ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
+ * MD5 Message-Digest Algorithm (RFC 1321).
+ *
+ * Homepage:
+ * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
+ *
+ * Author:
+ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
+ *
+ * This software was written by Alexander Peslyak in 2001.  No copyright is
+ * claimed, and the software is hereby placed in the public domain.
+ * In case this attempt to disclaim copyright and place the software in the
+ * public domain is deemed null and void, then the software is
+ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
+ * general public under the following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
+ *
+ * See md5.c for more information.
+ */
+
+#ifdef HAVE_OPENSSL
+#include <openssl/md5.h>
+#elif !defined(_MD5_H)
+#define _MD5_H
+
+/* Any 32-bit or wider unsigned integer data type will do */
+typedef unsigned int MD5_u32plus;
+
+typedef struct {
+	MD5_u32plus lo, hi;
+	MD5_u32plus a, b, c, d;
+	unsigned char buffer[64];
+	MD5_u32plus block[16];
+} MD5_CTX;
+
+extern void MD5_Init(MD5_CTX *ctx);
+extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
+extern void MD5_Final(unsigned char *result, MD5_CTX *ctx);
+
+#endif
diff --git a/vendor/update.toml b/vendor/update.toml
index 6a41ec287..70330253b 100644
--- a/vendor/update.toml
+++ b/vendor/update.toml
@@ -6,3 +6,13 @@ license = "Public Domain"
 tarball = "https://www.openwall.com/crypt/crypt_blowfish-1.3.tar.gz"
 version = "v1.3"
 website = "https://www.openwall.com/crypt/"
+
+[md5]
+author  = "Solar Designer"
+depth   = 1
+email   = "solar@openwall.com"
+files   = "{LICENSE,md5/md5.[ch]}"
+license = "Cut-down BSD License"
+tarball = "https://www.openwall.com/blists/blists-2.0.tar.gz"
+version = "v2.0"
+website = "https://openwall.info/wiki/people/solar/software/public-domain-source-code/md5"