Clean house in cryptographic hashing code

- Remove dead code from php_crypt_r.c

  This code has been commented out since the file was added in 2008. It's safe to say
  that no-one is ever going to use it.

- Fix typo in comment in php_crypt_r.c

- Remove redundant Windows-only implementation of php_md5_crypt_r

  There is a portable implementation in the same file, which is selected if not
  building for Windows. But why should Windows have its own special implementation
  of this function at all? There doesn't seem to be any good reason.

  Better to use the portable implementation on all platforms.

- Don't define useless __CONST macro in php_crypt_r.h

  This preprocessor macro is not used anywhere.

- Add comment on functions for encoding data as Base64

- Remove dead code from crypt_blowfish.h

- Remove unneeded junk comments from crypt_freesec.c

- Remove dead code from crypt_blowfish.c

  This function has been commented out since 2011.

6 files changed, 6 insertions, 262 deletions

diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 18839624d4..e592d3bf55 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -81,6 +81,7 @@ PHP_MSHUTDOWN_FUNCTION(crypt) /* {{{ */
 
 static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
+/* Encode a string of bytes as Base64 */
 static void php_to64(char *s, int n) /* {{{ */
 {
 	while (--n >= 0) {
diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c
index 7f3a6fbb34..1f20debf28 100644
--- a/ext/standard/crypt_blowfish.c
+++ b/ext/standard/crypt_blowfish.c
@@ -872,33 +872,3 @@ char *php_crypt_blowfish_rn(const char *key, const char *setting,
 	__set_errno(EINVAL); /* pretend we don't support this hash type */
 	return NULL;
 }
-
-#if 0
-char *_crypt_gensalt_blowfish_rn(const char *prefix, unsigned long count,
-	const char *input, int size, char *output, int output_size)
-{
-	if (size < 16 || output_size < 7 + 22 + 1 ||
-	    (count && (count < 4 || count > 31)) ||
-	    prefix[0] != '$' || prefix[1] != '2' ||
-	    (prefix[2] != 'a' && prefix[2] != 'b' && prefix[2] != 'y')) {
-		if (output_size > 0) output[0] = '\0';
-		__set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL);
-		return NULL;
-	}
-
-	if (!count) count = 5;
-
-	output[0] = '$';
-	output[1] = '2';
-	output[2] = prefix[2];
-	output[3] = '$';
-	output[4] = '0' + count / 10;
-	output[5] = '0' + count % 10;
-	output[6] = '$';
-
-	BF_encode(&output[7], (const BF_word *)input, 16);
-	output[7 + 22] = '\0';
-
-	return output;
-}
-#endif
diff --git a/ext/standard/crypt_blowfish.h b/ext/standard/crypt_blowfish.h
index d540990fe1..a1150b5f66 100644
--- a/ext/standard/crypt_blowfish.h
+++ b/ext/standard/crypt_blowfish.h
@@ -17,15 +17,7 @@
 #ifndef _CRYPT_BLOWFISH_H
 #define _CRYPT_BLOWFISH_H
 
-#if 0
-extern int _crypt_output_magic(const char *setting, char *output, int size);
-#endif
 extern char *php_crypt_blowfish_rn(const char *key, const char *setting,
 	char *output, int size);
-#if 0
-extern char *_crypt_gensalt_blowfish_rn(const char *prefix,
-	unsigned long count,
-	const char *input, int size, char *output, int output_size);
-#endif
 
 #endif
diff --git a/ext/standard/crypt_freesec.c b/ext/standard/crypt_freesec.c
index 572e5127b1..6e94322626 100644
--- a/ext/standard/crypt_freesec.c
+++ b/ext/standard/crypt_freesec.c
@@ -170,8 +170,6 @@ static const u_char	bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
 
 static const unsigned char	ascii64[] =
 	 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-/*	  0000000000111111111122222222223333333333444444444455555555556666 */
-/*	  0123456789012345678901234567890123456789012345678901234567890123 */
 
 static u_char m_sbox[4][4096];
 static uint32_t psbox[4][256];
diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index 432657cf47..1e55f5f9b5 100644
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -41,20 +41,12 @@
 
 #include "php_crypt_r.h"
 #include "crypt_freesec.h"
-
-#if !PHP_WIN32
 #include "ext/standard/md5.h"
-#endif
 
 #ifdef ZTS
 MUTEX_T php_crypt_extended_init_lock;
 #endif
 
-/* TODO: enable it when enabling vista/2k8 mode in tsrm */
-#if 0
-CONDITION_VARIABLE initialized;
-#endif
-
 void php_init_crypt_r()
 {
 #ifdef ZTS
@@ -87,15 +79,15 @@ void _crypt_extended_init_r(void)
 #endif
 }
 
-/* MD% crypt implementation using the windows CryptoApi */
+/* MD5 crypt implementation using the windows CryptoApi */
 #define MD5_MAGIC "$1$"
 #define MD5_MAGIC_LEN 3
 
 static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
-static void
-to64(char *s, int32_t v, int n)
+/* Convert a 16/32 bit integer to Base64 string representation */
+static void to64(char *s, int32_t v, int n)
 {
 	while (--n >= 0) {
 		*s++ = itoa64[v & 0x3f];
@@ -103,194 +95,6 @@ to64(char *s, int32_t v, int n)
 	}
 }
 
-#ifdef PHP_WIN32
-char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
-	HCRYPTPROV hCryptProv;
-	HCRYPTHASH ctx, ctx1;
-	DWORD i, pwl, sl;
-	const BYTE magic_md5[4] = "$1$";
-	const DWORD magic_md5_len = 3;
-	DWORD        dwHashLen;
-	int pl;
-	__int32 l;
-	const char *sp = salt;
-	const char *ep = salt;
-	char *p = NULL;
-	char *passwd = out;
-	unsigned char final[16];
-
-	/* Acquire a cryptographic provider context handle. */
-	if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-		return NULL;
-	}
-
-	pwl = (DWORD) strlen(pw);
-
-	/* Refine the salt first */
-	sp = salt;
-
-	/* If it starts with the magic string, then skip that */
-	if (strncmp(sp, MD5_MAGIC, MD5_MAGIC_LEN) == 0) {
-		sp += MD5_MAGIC_LEN;
-	}
-
-	/* It stops at the first '$', max 8 chars */
-	for (ep = sp; *ep != '\0' && *ep != '$' && ep < (sp + 8); ep++);
-
-	/* get the length of the true salt */
-	sl = (DWORD)(ep - sp);
-
-	/* Create an empty hash object. */
-	if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &ctx)) {
-		goto _destroyProv;
-	}
-
-	/* The password first, since that is what is most unknown */
-	if(!CryptHashData(ctx, (BYTE *)pw, pwl, 0)) {
-		goto _destroyCtx0;
-	}
-
-	/* Then our magic string */
-	if(!CryptHashData(ctx, magic_md5, magic_md5_len, 0)) {
-		goto _destroyCtx0;
-	}
-
-	/* Then the raw salt */
-	if(!CryptHashData( ctx, (BYTE *)sp, sl, 0)) {
-		goto _destroyCtx0;
-	}
-
-	/* MD5(pw,salt,pw), valid. */
-	/* Then just as many characters of the MD5(pw,salt,pw) */
-	if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &ctx1)) {
-		goto _destroyCtx0;
-	}
-	if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
-		goto _destroyCtx1;
-	}
-	if(!CryptHashData(ctx1, (BYTE *)sp, sl, 0)) {
-		goto _destroyCtx1;
-	}
-	if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
-		goto _destroyCtx1;
-	}
-
-	dwHashLen = 16;
-	CryptGetHashParam(ctx1, HP_HASHVAL, final, &dwHashLen, 0);
-	/*  MD5(pw,salt,pw). Valid. */
-
-	for (pl = pwl; pl > 0; pl -= 16) {
-		CryptHashData(ctx, final, (DWORD)(pl > 16 ? 16 : pl), 0);
-	}
-
-	/* Don't leave anything around in vm they could use. */
-	ZEND_SECURE_ZERO(final, sizeof(final));
-
-	/* Then something really weird... */
-	for (i = pwl; i != 0; i >>= 1) {
-		if ((i & 1) != 0) {
-			CryptHashData(ctx, (const BYTE *)final, 1, 0);
-		} else {
-			CryptHashData(ctx, (const BYTE *)pw, 1, 0);
-		}
-	}
-
-	memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN);
-
-	if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, sp, sl + 1) != 0) {
-		goto _destroyCtx1;
-	}
-	passwd[MD5_MAGIC_LEN + sl] = '\0';
-	strcat_s(passwd, MD5_HASH_MAX_LEN, "$");
-
-	dwHashLen = 16;
-
-	/* Fetch the ctx hash value */
-	CryptGetHashParam(ctx, HP_HASHVAL, final, &dwHashLen, 0);
-
-	for (i = 0; i < 1000; i++) {
-		if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &ctx1)) {
-			goto _destroyCtx1;
-		}
-
-		if ((i & 1) != 0) {
-			if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
-				goto _destroyCtx1;
-			}
-		} else {
-			if(!CryptHashData(ctx1, (BYTE *)final, 16, 0)) {
-				goto _destroyCtx1;
-			}
-		}
-
-		if ((i % 3) != 0) {
-			if(!CryptHashData(ctx1, (BYTE *)sp, sl, 0)) {
-				goto _destroyCtx1;
-			}
-		}
-
-		if ((i % 7) != 0) {
-			if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
-				goto _destroyCtx1;
-			}
-		}
-
-		if ((i & 1) != 0) {
-			if(!CryptHashData(ctx1, (BYTE *)final, 16, 0)) {
-				goto _destroyCtx1;
-			}
-		} else {
-			if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
-				goto _destroyCtx1;
-			}
-		}
-
-		/* Fetch the ctx hash value */
-		dwHashLen = 16;
-		CryptGetHashParam(ctx1, HP_HASHVAL, final, &dwHashLen, 0);
-		if(!(CryptDestroyHash(ctx1))) {
-			goto _destroyCtx0;
-		}
-	}
-
-	ctx1 = (HCRYPTHASH) NULL;
-
-	p = passwd + sl + MD5_MAGIC_LEN + 1;
-
-	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
-	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
-	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
-	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
-	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
-	l = final[11]; to64(p,l,2); p += 2;
-
-	*p = '\0';
-
-	ZEND_SECURE_ZERO(final, sizeof(final));
-
-
-_destroyCtx1:
-	if (ctx1) {
-		if (!CryptDestroyHash(ctx1)) {
-
-		}
-	}
-
-_destroyCtx0:
-	CryptDestroyHash(ctx);
-
-_destroyProv:
-	/* Release the provider handle.*/
-	if(hCryptProv) {
-		if(!(CryptReleaseContext(hCryptProv, 0))) {
-			return NULL;
-		}
-	}
-
-	return out;
-}
-#else
-
 /*
  * MD5 password encryption.
  */
@@ -398,7 +202,3 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 	ZEND_SECURE_ZERO(final, sizeof(final));
 	return (passwd);
 }
-
-#undef MD5_MAGIC
-#undef MD5_MAGIC_LEN
-#endif
diff --git a/ext/standard/php_crypt_r.h b/ext/standard/php_crypt_r.h
index 20cf215dfd..8ea5282d82 100644
--- a/ext/standard/php_crypt_r.h
+++ b/ext/standard/php_crypt_r.h
@@ -17,28 +17,14 @@
 #ifndef _CRYPT_WIHN32_H_
 #define _CRYPT_WIHN32_H_
 
-#ifdef __cplusplus
-extern "C"
-{
-#endif
+BEGIN_EXTERN_C()
 #include "crypt_freesec.h"
 
-#ifndef __const
-#ifdef __GNUC__
-#define __CONST __const
-#else
-#define __CONST
-#endif
-#else
-#define __CONST __const
-#endif
-
 void php_init_crypt_r();
 void php_shutdown_crypt_r();
 
 extern void _crypt_extended_init_r(void);
 
-/*PHPAPI char* crypt(const char *key, const char *salt);*/
 PHPAPI char *php_crypt_r (const char *__key, const char *__salt, struct php_crypt_extended_data * __data);
 
 #define MD5_HASH_MAX_LEN 120
@@ -48,9 +34,6 @@ PHPAPI char *php_crypt_r (const char *__key, const char *__salt, struct php_cryp
 extern char * php_md5_crypt_r(const char *pw, const char *salt, char *out);
 extern char * php_sha512_crypt_r (const char *key, const char *salt, char *buffer, int buflen);
 extern char * php_sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen);
-
-#ifdef __cplusplus
-}
-#endif
+END_EXTERN_C()
 
 #endif /* _CRYPT_WIHN32_H_ */