add MD5

69dbe50d · Geoff Simmons · fd7238ea · 69dbe50d · 69dbe50d · 69dbe50d
Commit 69dbe50d authored Feb 14, 2016 by Geoff Simmons
8 changed files
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -10,6 +10,8 @@ libvmod_blobdigest_la_SOURCES = \
 	vmod_blobdigest.c \
 	byte_order.h \
 	byte_order.c \
+	md5.h \
+	md5.c \
 	sha256.h \
 	sha256.c \
 	sha512.h \

--- a/src/gen_enum_parse.pl
+++ b/src/gen_enum_parse.pl
@@ -4,6 +4,7 @@ use strict;
 use warnings;

 my @vals = (qw(
+	MD5
 	SHA224
 	SHA256
 	SHA384

--- a/src/md5.c
+++ b/src/md5.c
+/* md5.c - an implementation of the MD5 algorithm, based on RFC 1321.
+ *
+ * Copyright: 2007-2012 Aleksey Kravchenko <rhash.admin@gmail.com>
+ *
+ * Permission is hereby granted,  free of charge,  to any person  obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction,  including without limitation
+ * the rights to  use, copy, modify,  merge, publish, distribute, sublicense,
+ * and/or sell copies  of  the Software,  and to permit  persons  to whom the
+ * Software is furnished to do so.
+ *
+ * This program  is  distributed  in  the  hope  that it will be useful,  but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  Use this program  at  your own risk!
+ */
+
+#include <string.h>
+#include "byte_order.h"
+#include "md5.h"
+
+/**
+ * Initialize context before calculaing hash.
+ *
+ * @param ctx context to initialize
+ */
+void rhash_md5_init(md5_ctx *ctx)
+{
+	ctx->length = 0;
+
+	/* initialize state */
+	ctx->hash[0] = 0x67452301;
+	ctx->hash[1] = 0xefcdab89;
+	ctx->hash[2] = 0x98badcfe;
+	ctx->hash[3] = 0x10325476;
+}
+
+/* First, define four auxiliary functions that each take as input
+ * three 32-bit words and returns a 32-bit word.*/
+
+/* F(x,y,z) = ((y XOR z) AND x) XOR z - is faster then original version */
+#define MD5_F(x, y, z) ((((y) ^ (z)) & (x)) ^ (z))
+#define MD5_G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define MD5_H(x, y, z) ((x) ^ (y) ^ (z))
+#define MD5_I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* transformations for rounds 1, 2, 3, and 4. */
+#define MD5_ROUND1(a, b, c, d, x, s, ac) { \
+	(a) += MD5_F((b), (c), (d)) + (x) + (ac); \
+	(a) = ROTL32((a), (s)); \
+	(a) += (b); \
+}
+#define MD5_ROUND2(a, b, c, d, x, s, ac) { \
+	(a) += MD5_G((b), (c), (d)) + (x) + (ac); \
+	(a) = ROTL32((a), (s)); \
+	(a) += (b); \
+}
+#define MD5_ROUND3(a, b, c, d, x, s, ac) { \
+	(a) += MD5_H((b), (c), (d)) + (x) + (ac); \
+	(a) = ROTL32((a), (s)); \
+	(a) += (b); \
+}
+#define MD5_ROUND4(a, b, c, d, x, s, ac) { \
+	(a) += MD5_I((b), (c), (d)) + (x) + (ac); \
+	(a) = ROTL32((a), (s)); \
+	(a) += (b); \
+}
+
+/**
+ * The core transformation. Process a 512-bit block.
+ * The function has been taken from RFC 1321 with little changes.
+ *
+ * @param state algorithm state
+ * @param x the message block to process
+ */
+static void rhash_md5_process_block(unsigned state[4], const unsigned* x)
+{
+	register unsigned a, b, c, d;
+	a = state[0];
+	b = state[1];
+	c = state[2];
+	d = state[3];
+
+	MD5_ROUND1(a, b, c, d, x[ 0],  7, 0xd76aa478);
+	MD5_ROUND1(d, a, b, c, x[ 1], 12, 0xe8c7b756);
+	MD5_ROUND1(c, d, a, b, x[ 2], 17, 0x242070db);
+	MD5_ROUND1(b, c, d, a, x[ 3], 22, 0xc1bdceee);
+	MD5_ROUND1(a, b, c, d, x[ 4],  7, 0xf57c0faf);
+	MD5_ROUND1(d, a, b, c, x[ 5], 12, 0x4787c62a);
+	MD5_ROUND1(c, d, a, b, x[ 6], 17, 0xa8304613);
+	MD5_ROUND1(b, c, d, a, x[ 7], 22, 0xfd469501);
+	MD5_ROUND1(a, b, c, d, x[ 8],  7, 0x698098d8);
+	MD5_ROUND1(d, a, b, c, x[ 9], 12, 0x8b44f7af);
+	MD5_ROUND1(c, d, a, b, x[10], 17, 0xffff5bb1);
+	MD5_ROUND1(b, c, d, a, x[11], 22, 0x895cd7be);
+	MD5_ROUND1(a, b, c, d, x[12],  7, 0x6b901122);
+	MD5_ROUND1(d, a, b, c, x[13], 12, 0xfd987193);
+	MD5_ROUND1(c, d, a, b, x[14], 17, 0xa679438e);
+	MD5_ROUND1(b, c, d, a, x[15], 22, 0x49b40821);
+
+	MD5_ROUND2(a, b, c, d, x[ 1],  5, 0xf61e2562);
+	MD5_ROUND2(d, a, b, c, x[ 6],  9, 0xc040b340);
+	MD5_ROUND2(c, d, a, b, x[11], 14, 0x265e5a51);
+	MD5_ROUND2(b, c, d, a, x[ 0], 20, 0xe9b6c7aa);
+	MD5_ROUND2(a, b, c, d, x[ 5],  5, 0xd62f105d);
+	MD5_ROUND2(d, a, b, c, x[10],  9,  0x2441453);
+	MD5_ROUND2(c, d, a, b, x[15], 14, 0xd8a1e681);
+	MD5_ROUND2(b, c, d, a, x[ 4], 20, 0xe7d3fbc8);
+	MD5_ROUND2(a, b, c, d, x[ 9],  5, 0x21e1cde6);
+	MD5_ROUND2(d, a, b, c, x[14],  9, 0xc33707d6);
+	MD5_ROUND2(c, d, a, b, x[ 3], 14, 0xf4d50d87);
+	MD5_ROUND2(b, c, d, a, x[ 8], 20, 0x455a14ed);
+	MD5_ROUND2(a, b, c, d, x[13],  5, 0xa9e3e905);
+	MD5_ROUND2(d, a, b, c, x[ 2],  9, 0xfcefa3f8);
+	MD5_ROUND2(c, d, a, b, x[ 7], 14, 0x676f02d9);
+	MD5_ROUND2(b, c, d, a, x[12], 20, 0x8d2a4c8a);
+
+	MD5_ROUND3(a, b, c, d, x[ 5],  4, 0xfffa3942);
+	MD5_ROUND3(d, a, b, c, x[ 8], 11, 0x8771f681);
+	MD5_ROUND3(c, d, a, b, x[11], 16, 0x6d9d6122);
+	MD5_ROUND3(b, c, d, a, x[14], 23, 0xfde5380c);
+	MD5_ROUND3(a, b, c, d, x[ 1],  4, 0xa4beea44);
+	MD5_ROUND3(d, a, b, c, x[ 4], 11, 0x4bdecfa9);
+	MD5_ROUND3(c, d, a, b, x[ 7], 16, 0xf6bb4b60);
+	MD5_ROUND3(b, c, d, a, x[10], 23, 0xbebfbc70);
+	MD5_ROUND3(a, b, c, d, x[13],  4, 0x289b7ec6);
+	MD5_ROUND3(d, a, b, c, x[ 0], 11, 0xeaa127fa);
+	MD5_ROUND3(c, d, a, b, x[ 3], 16, 0xd4ef3085);
+	MD5_ROUND3(b, c, d, a, x[ 6], 23,  0x4881d05);
+	MD5_ROUND3(a, b, c, d, x[ 9],  4, 0xd9d4d039);
+	MD5_ROUND3(d, a, b, c, x[12], 11, 0xe6db99e5);
+	MD5_ROUND3(c, d, a, b, x[15], 16, 0x1fa27cf8);
+	MD5_ROUND3(b, c, d, a, x[ 2], 23, 0xc4ac5665);
+
+	MD5_ROUND4(a, b, c, d, x[ 0],  6, 0xf4292244);
+	MD5_ROUND4(d, a, b, c, x[ 7], 10, 0x432aff97);
+	MD5_ROUND4(c, d, a, b, x[14], 15, 0xab9423a7);
+	MD5_ROUND4(b, c, d, a, x[ 5], 21, 0xfc93a039);
+	MD5_ROUND4(a, b, c, d, x[12],  6, 0x655b59c3);
+	MD5_ROUND4(d, a, b, c, x[ 3], 10, 0x8f0ccc92);
+	MD5_ROUND4(c, d, a, b, x[10], 15, 0xffeff47d);
+	MD5_ROUND4(b, c, d, a, x[ 1], 21, 0x85845dd1);
+	MD5_ROUND4(a, b, c, d, x[ 8],  6, 0x6fa87e4f);
+	MD5_ROUND4(d, a, b, c, x[15], 10, 0xfe2ce6e0);
+	MD5_ROUND4(c, d, a, b, x[ 6], 15, 0xa3014314);
+	MD5_ROUND4(b, c, d, a, x[13], 21, 0x4e0811a1);
+	MD5_ROUND4(a, b, c, d, x[ 4],  6, 0xf7537e82);
+	MD5_ROUND4(d, a, b, c, x[11], 10, 0xbd3af235);
+	MD5_ROUND4(c, d, a, b, x[ 2], 15, 0x2ad7d2bb);
+	MD5_ROUND4(b, c, d, a, x[ 9], 21, 0xeb86d391);
+
+	state[0] += a;
+	state[1] += b;
+	state[2] += c;
+	state[3] += d;
+}
+
+/**
+ * Calculate message hash.
+ * Can be called repeatedly with chunks of the message to be hashed.
+ *
+ * @param ctx the algorithm context containing current hashing state
+ * @param msg message chunk
+ * @param size length of the message chunk
+ */
+void rhash_md5_update(md5_ctx *ctx, const unsigned char* msg, size_t size)
+{
+	unsigned index = (unsigned)ctx->length & 63;
+	ctx->length += size;
+
+	/* fill partial block */
+	if (index) {
+		unsigned left = md5_block_size - index;
+		le32_copy((char*)ctx->message, index, msg, (size < left ? size : left));
+		if (size < left) return;
+
+		/* process partial block */
+		rhash_md5_process_block(ctx->hash, ctx->message);
+		msg  += left;
+		size -= left;
+	}
+	while (size >= md5_block_size) {
+		unsigned* aligned_message_block;
+		if (IS_LITTLE_ENDIAN && IS_ALIGNED_32(msg)) {
+			/* the most common case is processing a 32-bit aligned message
+			on a little-endian CPU without copying it */
+			aligned_message_block = (unsigned*)msg;
+		} else {
+			le32_copy(ctx->message, 0, msg, md5_block_size);
+			aligned_message_block = ctx->message;
+		}
+
+		rhash_md5_process_block(ctx->hash, aligned_message_block);
+		msg  += md5_block_size;
+		size -= md5_block_size;
+	}
+	if (size) {
+		/* save leftovers */
+		le32_copy(ctx->message, 0, msg, size);
+	}
+}
+
+/**
+ * Store calculated hash into the given array.
+ *
+ * @param ctx the algorithm context containing current hashing state
+ * @param result calculated hash in binary form
+ */
+void rhash_md5_final(md5_ctx *ctx, unsigned char* result)
+{
+	unsigned index = ((unsigned)ctx->length & 63) >> 2;
+	unsigned shift = ((unsigned)ctx->length & 3) * 8;
+
+	/* pad message and run for last block */
+
+	/* append the byte 0x80 to the message */
+	ctx->message[index]   &= ~(0xFFFFFFFF << shift);
+	ctx->message[index++] ^= 0x80 << shift;
+
+	/* if no room left in the message to store 64-bit message length */
+	if (index > 14) {
+		/* then fill the rest with zeros and process it */
+		while (index < 16) {
+			ctx->message[index++] = 0;
+		}
+		rhash_md5_process_block(ctx->hash, ctx->message);
+		index = 0;
+	}
+	while (index < 14) {
+		ctx->message[index++] = 0;
+	}
+	ctx->message[14] = (unsigned)(ctx->length << 3);
+	ctx->message[15] = (unsigned)(ctx->length >> 29);
+	rhash_md5_process_block(ctx->hash, ctx->message);
+
+	if (result) le32_copy(result, 0, &ctx->hash, 16);
+}
--- a/src/md5.h
+++ b/src/md5.h
+/* md5.h */
+#ifndef MD5_HIDER
+#define MD5_HIDER
+
+#include <stdint.h>
+#include <unistd.h>
+
+#define md5_block_size 64
+#define md5_hash_size  16
+
+/* algorithm context */
+typedef struct md5_ctx
+{
+	unsigned message[md5_block_size / 4]; /* 512-bit buffer for leftovers */
+	uint64_t length;   /* number of processed bytes */
+	unsigned hash[4];  /* 128-bit algorithm internal hashing state */
+} md5_ctx;
+
+/* hash functions */
+
+void rhash_md5_init(md5_ctx *ctx);
+void rhash_md5_update(md5_ctx *ctx, const unsigned char* msg, size_t size);
+void rhash_md5_final(md5_ctx *ctx, unsigned char result[16]);
+
+#endif /* MD5_HIDER */
--- a/src/tests/md5.vtc
+++ b/src/tests/md5.vtc
+# looks like -*- vcl -*-
+
+varnishtest "MD5 hash"
+
+# VMOD blobcode must be installed
+
+varnish v1 -vcl {
+	import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
+	import blobcode;
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		# RFC2202 test cases
+		new k1 = blobcode.blob(HEX, "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+		new rfc2202t1 = blobdigest.hmac(MD5, k1.get());
+
+		new k2 = blobcode.blob(IDENTITY, "Jefe");
+		new rfc2202t2 = blobdigest.hmac(MD5, k2.get());
+
+		new k3 = blobcode.blob(HEX, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+		new rfc2202t3 = blobdigest.hmac(MD5, k3.get());
+
+		new k4 = blobcode.blob(HEX,
+		          "0102030405060708090a0b0c0d0e0f10111213141516171819");
+		new rfc2202t4 = blobdigest.hmac(MD5, k4.get());
+
+		new k5 = blobcode.blob(HEX, "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
+		new rfc2202t5 = blobdigest.hmac(MD5, k5.get());
+
+		new k6 = blobcode.blob(HEX,
+"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+		new rfc2202t6 = blobdigest.hmac(MD5, k6.get());
+	}
+
+	sub vcl_recv {
+		return(synth(200));
+	}
+
+	sub vcl_synth {
+		set resp.http.empty
+		  = blobcode.encode(HEXUC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY, "")));
+
+		set resp.http.a
+		  = blobcode.encode(HEXUC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY, "a")));
+
+		set resp.http.abc
+		  = blobcode.encode(HEXUC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY, "abc")));
+
+		set resp.http.msgdigest
+		  = blobcode.encode(HEXUC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY,
+		                                    "message digest")));
+
+		set resp.http.alphalc
+		  = blobcode.encode(HEXUC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY,
+				    "abcdefghijklmnopqrstuvwxyz")));
+
+		set resp.http.alphasoup
+		  = blobcode.encode(HEXUC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY,
+		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")));
+
+		set resp.http.alphanum
+		  = blobcode.encode(HEXUC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY,
+	    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")));
+
+		set resp.http.digits
+		  = blobcode.encode(HEXUC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY,
+"12345678901234567890123456789012345678901234567890123456789012345678901234567890")));
+
+		set resp.http.pangram
+		  = blobcode.encode(HEXLC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY,
+			"The quick brown fox jumps over the lazy dog")));
+
+		set resp.http.pangramperiod
+		  = blobcode.encode(HEXLC, blobdigest.hash(MD5,
+		                    blobcode.decode(IDENTITY,
+			"The quick brown fox jumps over the lazy dog.")));
+
+		# all 256 byte values in ascending, big-endian order
+		set resp.http.allbytes
+		  = blobcode.encode(HEXLC, blobdigest.hash(MD5,
+		                    blobcode.decode(BASE64,
+"AQACAQMCBAMFBAYFBwYIBwkICgkLCgwLDQwODQ8OEA8REBIRExIUExUUFhUXFhgXGRgaGRsaHBsdHB4dHx4gHyEgIiEjIiQjJSQmJScmKCcpKCopKyosKy0sLi0vLjAvMTAyMTMyNDM1NDY1NzY4Nzk4Ojk7Ojw7PTw+PT8+QD9BQEJBQ0JEQ0VERkVHRkhHSUhKSUtKTEtNTE5NT05QT1FQUlFTUlRTVVRWVVdWWFdZWFpZW1pcW11cXl1fXmBfYWBiYWNiZGNlZGZlZ2ZoZ2loamlramxrbWxubW9ucG9xcHJxc3J0c3V0dnV3dnh3eXh6eXt6fHt9fH59f36Afw==")));
+
+		set resp.http.rfc2202t1 = blobcode.encode(HEXLC,
+		         rfc2202t1.hmac(blobcode.decode(IDENTITY, "Hi There")));
+
+		set resp.http.rfc2202t2
+		  = blobcode.encode(HEXLC,
+		                    rfc2202t2.hmac(blobcode.decode(IDENTITY,
+				    "what do ya want for nothing?")));
+
+		set resp.http.rfc2202t3
+		  = blobcode.encode(HEXLC,
+		                    rfc2202t3.hmac(blobcode.decode(HEX,
+"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
+
+		set resp.http.rfc2202t4
+		  = blobcode.encode(HEXLC,
+		                    rfc2202t4.hmac(blobcode.decode(HEX,
+"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
+
+		set resp.http.rfc2202t5
+		  = blobcode.encode(HEXLC,
+		                    rfc2202t5.hmac(blobcode.decode(IDENTITY,
+				                      "Test With Truncation")));
+
+		set resp.http.rfc2202t6
+		  = blobcode.encode(HEXLC,
+		                    rfc2202t6.hmac(blobcode.decode(IDENTITY,
+		    "Test Using Larger Than Block-Size Key - Hash Key First")));
+
+		/*
+		 * Test case 7 uses the same key as 6, so we'll re-use
+		 * object rfc2202t6. This tests repeated use of the same
+		 * internal hash contexts.
+		 */
+		set resp.http.rfc2202t7
+		  = blobcode.encode(HEXLC,
+		                    rfc2202t6.hmac(blobcode.decode(IDENTITY,
+"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data")));
+
+    	}
+} -start
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 200
+
+	# from librhash
+	expect resp.http.empty == "D41D8CD98F00B204E9800998ECF8427E"
+	expect resp.http.a == "0CC175B9C0F1B6A831C399E269772661"
+	expect resp.http.abc == "900150983CD24FB0D6963F7D28E17F72"
+	expect resp.http.msgdigest == "F96B697D7CB7938D525A2F31AAF161D0"
+	expect resp.http.alphalc == "C3FCD3D76192E4007DFB496CCA67E13B"
+	expect resp.http.alphanum == "D174AB98D277D9F5A5611C2C9F419D9F"
+	expect resp.http.digits == "57EDF4A22BE3C955AC49DA2E2107B67A"
+
+	# from Wikipedia
+	expect resp.http.pangram == "9e107d9d372bb6826bd81d3542a419d6"
+	expect resp.http.pangramperiod == "e4d909c290d0fb1ca068ffaddf22cbd0"
+
+	# verified with: base64 -d | md5sum
+	expect resp.http.allbytes == "2553b585b093fa52dd2526595bb2fb0d"
+
+	# RFC2202 test cases
+	expect resp.http.rfc2202t1 == "9294727a3638bb1c13f48ef8158bfc9d"
+	expect resp.http.rfc2202t2 == "750c783e6ab0b503eaa86e310a5db738"
+	expect resp.http.rfc2202t3 == "56be34521d144c88dbb8c733f0e8b3f6"
+	expect resp.http.rfc2202t4 == "697eaf0aca3a3aea3a75164746ffaa79"
+	expect resp.http.rfc2202t5 == "56461ef2342edc00f9bab995690efd4c"
+	expect resp.http.rfc2202t6 == "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"
+	expect resp.http.rfc2202t7 == "6f630fad67cda0ee1fb1f562db3aa53e"
+} -run
--- a/src/vmod_blobdigest.c
+++ b/src/vmod_blobdigest.c
@@ -81,6 +81,9 @@ static void
 init(const enum algorithm hash, hash_ctx * const hctx)
 {
 	switch(hash) {
+	case MD5:
+		rhash_md5_init(&hctx->md5);
+		break;
 	case SHA224:
 		rhash_sha224_init(&hctx->sha224);
 		break;
@@ -103,6 +106,9 @@ update(const enum algorithm hash, hash_ctx *restrict const hctx,
       const uint8_t *restrict const msg, const size_t len)
 {
 	switch(hash) {
+	case MD5:
+		rhash_md5_update(&hctx->md5, msg, len);
+		break;
 	case SHA224:
 		rhash_sha256_update(&hctx->sha224, msg, len);
 		break;
@@ -123,6 +129,9 @@ final(const enum algorithm hash, hash_ctx *restrict const hctx,
      uint8_t *restrict result)
 {
 	switch(hash) {
+	case MD5:
+		rhash_md5_final(&hctx->md5, result);
+		break;
 	case SHA224:
 		rhash_sha256_final(&hctx->sha224, result);
 		break;

--- a/src/vmod_blobdigest.h
+++ b/src/vmod_blobdigest.h
@@ -28,11 +28,13 @@
 #include <sys/types.h>

 #include "parse_algorithm.h"
+#include "md5.h"
 #include "vsha256.h"
 #include "sha256.h"
 #include "sha512.h"

 typedef union hash_ctx {
+	md5_ctx		md5;
 	sha256_ctx	sha224;
 	SHA256_CTX	sha256;
 	sha512_ctx	sha512;
@@ -42,6 +44,10 @@ static const struct hashspec {
 	const size_t digestsz;
 	const size_t blocksz;
 } hashspec[] = {
+	[MD5] = {
+		md5_hash_size,
+		md5_block_size,
+	},
 	[SHA224] = {
 		sha224_hash_size,
 		sha256_block_size,

--- a/src/vmod_blobdigest.vcc
+++ b/src/vmod_blobdigest.vcc
@@ -9,7 +9,7 @@

 $Module blobdigest 3 digests and hmacs for the VCL blob type

-$Object hmac(ENUM {SHA224, SHA256, SHA384, SHA512} hash, BLOB key)
+$Object hmac(ENUM {MD5, SHA224, SHA256, SHA384, SHA512} hash, BLOB key)

 Prototype
 	new OBJ = blobdigest.hmac(ENUM hash, BLOB key)
@@ -31,7 +31,7 @@ Description
 Example
 	``set req.http.hmac = hmac.hmac(blobcode.decode(BASE64, "Zm9v"));``

-$Function BLOB hash(ENUM {SHA224, SHA256, SHA384, SHA512} hash, BLOB msg)
+$Function BLOB hash(ENUM {MD5, SHA224, SHA256, SHA384, SHA512} hash, BLOB msg)

 $Function STRING version()