1 files changed, 420 insertions, 0 deletions
diff --git a/src/microhttpd_ws/sha1.c b/src/microhttpd_ws/sha1.c
new file mode 100644
index 00000000..910c1bdb
--- /dev/null
+++ b/src/microhttpd_ws/sha1.c
@@ -0,0 +1,420 @@
+/* sha1.c - Functions to compute SHA1 message digest of files or
+   memory blocks according to the NIST specification FIPS-180-1.
+   Copyright (C) 2000-2021 Free Software Foundation, Inc.
+   This program is free software; you can redistribute it and/or modify it
+   under the terms of the GNU General Public License as published by the
+   Free Software Foundation; either version 2, or (at your option) any
+   later version.
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
+/* Written by Scott G. Miller
+   Credits:
+      Robert Klep <robert@ilse.nl>  -- Expansion function fix
+*/
+/*#include <config.h>*/
+#include "sha1.h"
+#include <stddef.h>
+#include <string.h>
+#if USE_UNLOCKED_IO
+# include "unlocked-io.h"
+#endif
+#ifdef WORDS_BIGENDIAN
+# define SWAP(n) (n)
+#else
+# define SWAP(n) \
+    (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
+#endif
+#define BLOCKSIZE 4096
+#if BLOCKSIZE % 64 != 0
+# error "invalid BLOCKSIZE"
+#endif
+/* This array contains the bytes used to pad the buffer to the next
+   64-byte boundary.  (RFC 1321, 3.1: Step 1)  */
+static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
+/* Take a pointer to a 160 bit block of data (five 32 bit ints) and
+   initialize it to the start constants of the SHA1 algorithm.  This
+   must be called before using hash in the call to sha1_hash.  */
+void
+sha1_init_ctx (struct sha1_ctx *ctx)
+{
+  ctx->A = 0x67452301;
+  ctx->B = 0xefcdab89;
+  ctx->C = 0x98badcfe;
+  ctx->D = 0x10325476;
+  ctx->E = 0xc3d2e1f0;
+  ctx->total[0] = ctx->total[1] = 0;
+  ctx->buflen = 0;
+}
+/* Put result from CTX in first 20 bytes following RESBUF.  The result
+   must be in little endian byte order.
+   IMPORTANT: On some systems it is required that RESBUF is correctly
+   aligned for a 32-bit value.  */
+void *
+sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf)
+{
+  ((sha1_uint32 *) resbuf)[0] = SWAP (ctx->A);
+  ((sha1_uint32 *) resbuf)[1] = SWAP (ctx->B);
+  ((sha1_uint32 *) resbuf)[2] = SWAP (ctx->C);
+  ((sha1_uint32 *) resbuf)[3] = SWAP (ctx->D);
+  ((sha1_uint32 *) resbuf)[4] = SWAP (ctx->E);
+  return resbuf;
+}
+/* Process the remaining bytes in the internal buffer and the usual
+   prolog according to the standard and write the result to RESBUF.
+   IMPORTANT: On some systems it is required that RESBUF is correctly
+   aligned for a 32-bit value.  */
+void *
+sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf)
+{
+  /* Take yet unprocessed bytes into account.  */
+  sha1_uint32 bytes = ctx->buflen;
+  size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
+  /* Now count remaining bytes.  */
+  ctx->total[0] += bytes;
+  if (ctx->total[0] < bytes)
+    ++ctx->total[1];
+  /* Put the 64-bit file length in *bits* at the end of the buffer.  */
+  ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
+  ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
+  memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
+  /* Process last bytes.  */
+  sha1_process_block (ctx->buffer, size * 4, ctx);
+  return sha1_read_ctx (ctx, resbuf);
+}
+/* Compute SHA1 message digest for bytes read from STREAM.  The
+   resulting message digest number will be written into the 16 bytes
+   beginning at RESBLOCK.  */
+int
+sha1_stream (FILE *stream, void *resblock)
+{
+  struct sha1_ctx ctx;
+  char buffer[BLOCKSIZE + 72];
+  size_t sum;
+  /* Initialize the computation context.  */
+  sha1_init_ctx (&ctx);
+  /* Iterate over full file contents.  */
+  while (1)
+  {
+    /* We read the file in blocks of BLOCKSIZE bytes.  One call of the
+ computation function processes the whole buffer so that with the
+ next round of the loop another block can be read.  */
+    size_t n;
+    sum = 0;
+    /* Read block.  Take care for partial reads.  */
+    while (1)
+    {
+      n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
+      sum += n;
+      if (sum == BLOCKSIZE)
+        break;
+      if (n == 0)
+      {
+        /* Check for the error flag IFF N == 0, so that we don't
+     exit the loop after a partial read due to e.g., EAGAIN
+     or EWOULDBLOCK.  */
+        if (ferror (stream))
+          return 1;
+        goto process_partial_block;
+      }
+      /* We've read at least one byte, so ignore errors.  But always
+         check for EOF, since feof may be true even though N > 0.
+         Otherwise, we could end up calling fread after EOF.  */
+      if (feof (stream))
+        goto process_partial_block;
+    }
+    /* Process buffer with BLOCKSIZE bytes.  Note that
+    BLOCKSIZE % 64 == 0
+     */
+    sha1_process_block (buffer, BLOCKSIZE, &ctx);
+  }
+process_partial_block:;
+  /* Process any remaining bytes.  */
+  if (sum > 0)
+    sha1_process_bytes (buffer, sum, &ctx);
+  /* Construct result in desired memory.  */
+  sha1_finish_ctx (&ctx, resblock);
+  return 0;
+}
+/* Compute SHA1 message digest for LEN bytes beginning at BUFFER.  The
+   result is always in little endian byte order, so that a byte-wise
+   output yields to the wanted ASCII representation of the message
+   digest.  */
+void *
+sha1_buffer (const char *buffer, size_t len, void *resblock)
+{
+  struct sha1_ctx ctx;
+  /* Initialize the computation context.  */
+  sha1_init_ctx (&ctx);
+  /* Process whole buffer but last len % 64 bytes.  */
+  sha1_process_bytes (buffer, len, &ctx);
+  /* Put result in desired memory area.  */
+  return sha1_finish_ctx (&ctx, resblock);
+}
+void
+sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
+{
+  /* When we already have some bits in our internal buffer concatenate
+     both inputs first.  */
+  if (ctx->buflen != 0)
+  {
+    size_t left_over = ctx->buflen;
+    size_t add = 128 - left_over > len ? len : 128 - left_over;
+    memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
+    ctx->buflen += add;
+    if (ctx->buflen > 64)
+    {
+      sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
+      ctx->buflen &= 63;
+      /* The regions in the following copy operation cannot overlap.  */
+      memcpy (ctx->buffer,
+              &((char *) ctx->buffer)[(left_over + add) & ~63],
+              ctx->buflen);
+    }
+    buffer = (const char *) buffer + add;
+    len -= add;
+  }
+  /* Process available complete blocks.  */
+  if (len >= 64)
+  {
+#if ! _STRING_ARCH_unaligned
+# define alignof(type) offsetof (struct { char c; type x; }, x)
+# define UNALIGNED_P(p) (((size_t) p) % alignof (sha1_uint32) != 0)
+    if (UNALIGNED_P (buffer))
+      while (len > 64)
+      {
+        sha1_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
+        buffer = (const char *) buffer + 64;
+        len -= 64;
+      }
+    else
+#endif
+    {
+      sha1_process_block (buffer, len & ~63, ctx);
+      buffer = (const char *) buffer + (len & ~63);
+      len &= 63;
+    }
+  }
+  /* Move remaining bytes in internal buffer.  */
+  if (len > 0)
+  {
+    size_t left_over = ctx->buflen;
+    memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
+    left_over += len;
+    if (left_over >= 64)
+    {
+      sha1_process_block (ctx->buffer, 64, ctx);
+      left_over -= 64;
+      memmove (ctx->buffer, &ctx->buffer[16], left_over);
+    }
+    ctx->buflen = left_over;
+  }
+}
+/* --- Code below is the primary difference between md5.c and sha1.c --- */
+/* SHA1 round constants */
+#define K1 0x5a827999
+#define K2 0x6ed9eba1
+#define K3 0x8f1bbcdc
+#define K4 0xca62c1d6
+/* Round functions.  Note that F2 is the same as F4.  */
+#define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
+#define F2(B,C,D) (B ^ C ^ D)
+#define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
+#define F4(B,C,D) (B ^ C ^ D)
+/* Process LEN bytes of BUFFER, accumulating context into CTX.
+   It is assumed that LEN % 64 == 0.
+   Most of this code comes from GnuPG's cipher/sha1.c.  */
+void
+sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx)
+{
+  const sha1_uint32 *words = (const sha1_uint32*) buffer;
+  size_t nwords = len / sizeof (sha1_uint32);
+  const sha1_uint32 *endp = words + nwords;
+  sha1_uint32 x[16];
+  sha1_uint32 a = ctx->A;
+  sha1_uint32 b = ctx->B;
+  sha1_uint32 c = ctx->C;
+  sha1_uint32 d = ctx->D;
+  sha1_uint32 e = ctx->E;
+  /* First increment the byte count.  RFC 1321 specifies the possible
+     length of the file up to 2^64 bits.  Here we only compute the
+     number of bytes.  Do a double word increment.  */
+  ctx->total[0] += len;
+  ctx->total[1] += ((len >> 31) >> 1) + (ctx->total[0] < len);
+#define rol(x, n) (((x) << (n)) | ((sha1_uint32) (x) >> (32 - (n))))
+#define M(I) ( tm =   x[I&0x0f] ^ x[(I-14)&0x0f] \
+        ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
+         , (x[I&0x0f] = rol(tm, 1)) )
+#define R(A,B,C,D,E,F,K,M)  do { E += rol( A, 5 )     \
+              + F( B, C, D )  \
+              + K       \
+              + M;        \
+         B = rol( B, 30 );    \
+             } while(0)
+  while (words < endp)
+  {
+    sha1_uint32 tm;
+    int t;
+    for (t = 0; t < 16; t++)
+    {
+      x[t] = SWAP (*words);
+      words++;
+    }
+    R (a, b, c, d, e, F1, K1, x[ 0]);
+    R (e, a, b, c, d, F1, K1, x[ 1]);
+    R (d, e, a, b, c, F1, K1, x[ 2]);
+    R (c, d, e, a, b, F1, K1, x[ 3]);
+    R (b, c, d, e, a, F1, K1, x[ 4]);
+    R (a, b, c, d, e, F1, K1, x[ 5]);
+    R (e, a, b, c, d, F1, K1, x[ 6]);
+    R (d, e, a, b, c, F1, K1, x[ 7]);
+    R (c, d, e, a, b, F1, K1, x[ 8]);
+    R (b, c, d, e, a, F1, K1, x[ 9]);
+    R (a, b, c, d, e, F1, K1, x[10]);
+    R (e, a, b, c, d, F1, K1, x[11]);
+    R (d, e, a, b, c, F1, K1, x[12]);
+    R (c, d, e, a, b, F1, K1, x[13]);
+    R (b, c, d, e, a, F1, K1, x[14]);
+    R (a, b, c, d, e, F1, K1, x[15]);
+    R (e, a, b, c, d, F1, K1, M (16) );
+    R (d, e, a, b, c, F1, K1, M (17) );
+    R (c, d, e, a, b, F1, K1, M (18) );
+    R (b, c, d, e, a, F1, K1, M (19) );
+    R (a, b, c, d, e, F2, K2, M (20) );
+    R (e, a, b, c, d, F2, K2, M (21) );
+    R (d, e, a, b, c, F2, K2, M (22) );
+    R (c, d, e, a, b, F2, K2, M (23) );
+    R (b, c, d, e, a, F2, K2, M (24) );
+    R (a, b, c, d, e, F2, K2, M (25) );
+    R (e, a, b, c, d, F2, K2, M (26) );
+    R (d, e, a, b, c, F2, K2, M (27) );
+    R (c, d, e, a, b, F2, K2, M (28) );
+    R (b, c, d, e, a, F2, K2, M (29) );
+    R (a, b, c, d, e, F2, K2, M (30) );
+    R (e, a, b, c, d, F2, K2, M (31) );
+    R (d, e, a, b, c, F2, K2, M (32) );
+    R (c, d, e, a, b, F2, K2, M (33) );
+    R (b, c, d, e, a, F2, K2, M (34) );
+    R (a, b, c, d, e, F2, K2, M (35) );
+    R (e, a, b, c, d, F2, K2, M (36) );
+    R (d, e, a, b, c, F2, K2, M (37) );
+    R (c, d, e, a, b, F2, K2, M (38) );
+    R (b, c, d, e, a, F2, K2, M (39) );
+    R (a, b, c, d, e, F3, K3, M (40) );
+    R (e, a, b, c, d, F3, K3, M (41) );
+    R (d, e, a, b, c, F3, K3, M (42) );
+    R (c, d, e, a, b, F3, K3, M (43) );
+    R (b, c, d, e, a, F3, K3, M (44) );
+    R (a, b, c, d, e, F3, K3, M (45) );
+    R (e, a, b, c, d, F3, K3, M (46) );
+    R (d, e, a, b, c, F3, K3, M (47) );
+    R (c, d, e, a, b, F3, K3, M (48) );
+    R (b, c, d, e, a, F3, K3, M (49) );
+    R (a, b, c, d, e, F3, K3, M (50) );
+    R (e, a, b, c, d, F3, K3, M (51) );
+    R (d, e, a, b, c, F3, K3, M (52) );
+    R (c, d, e, a, b, F3, K3, M (53) );
+    R (b, c, d, e, a, F3, K3, M (54) );
+    R (a, b, c, d, e, F3, K3, M (55) );
+    R (e, a, b, c, d, F3, K3, M (56) );
+    R (d, e, a, b, c, F3, K3, M (57) );
+    R (c, d, e, a, b, F3, K3, M (58) );
+    R (b, c, d, e, a, F3, K3, M (59) );
+    R (a, b, c, d, e, F4, K4, M (60) );
+    R (e, a, b, c, d, F4, K4, M (61) );
+    R (d, e, a, b, c, F4, K4, M (62) );
+    R (c, d, e, a, b, F4, K4, M (63) );
+    R (b, c, d, e, a, F4, K4, M (64) );
+    R (a, b, c, d, e, F4, K4, M (65) );
+    R (e, a, b, c, d, F4, K4, M (66) );
+    R (d, e, a, b, c, F4, K4, M (67) );
+    R (c, d, e, a, b, F4, K4, M (68) );
+    R (b, c, d, e, a, F4, K4, M (69) );
+    R (a, b, c, d, e, F4, K4, M (70) );
+    R (e, a, b, c, d, F4, K4, M (71) );
+    R (d, e, a, b, c, F4, K4, M (72) );
+    R (c, d, e, a, b, F4, K4, M (73) );
+    R (b, c, d, e, a, F4, K4, M (74) );
+    R (a, b, c, d, e, F4, K4, M (75) );
+    R (e, a, b, c, d, F4, K4, M (76) );
+    R (d, e, a, b, c, F4, K4, M (77) );
+    R (c, d, e, a, b, F4, K4, M (78) );
+    R (b, c, d, e, a, F4, K4, M (79) );
+    a = ctx->A += a;
+    b = ctx->B += b;
+    c = ctx->C += c;
+    d = ctx->D += d;
+    e = ctx->E += e;
+  }
+}

diff --git a/src/microhttpd_ws/sha1.c b/src/microhttpd_ws/sha1.c new file mode 100644 index 00000000..910c1bdb --- /dev/null +++ b/src/microhttpd_ws/sha1.c
@@ -0,0 +1,420 @@
	1	/* sha1.c - Functions to compute SHA1 message digest of files or
	2	memory blocks according to the NIST specification FIPS-180-1.
	3
	4	Copyright (C) 2000-2021 Free Software Foundation, Inc.
	5
	6	This program is free software; you can redistribute it and/or modify it
	7	under the terms of the GNU General Public License as published by the
	8	Free Software Foundation; either version 2, or (at your option) any
	9	later version.
	10
	11	This program is distributed in the hope that it will be useful,
	12	but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	GNU General Public License for more details.
	15
	16	You should have received a copy of the GNU General Public License
	17	along with this program; if not, write to the Free Software Foundation,
	18	Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
	19
	20	/* Written by Scott G. Miller
	21	Credits:
	22	Robert Klep <robert@ilse.nl> -- Expansion function fix
	23	*/
	24
	25	/#include <config.h>/
	26
	27	#include "sha1.h"
	28
	29	#include <stddef.h>
	30	#include <string.h>
	31
	32	#if USE_UNLOCKED_IO
	33	# include "unlocked-io.h"
	34	#endif
	35
	36	#ifdef WORDS_BIGENDIAN
	37	# define SWAP(n) (n)
	38	#else
	39	# define SWAP(n) \
	40	(((n) << 24) \| (((n) & 0xff00) << 8) \| (((n) >> 8) & 0xff00) \| ((n) >> 24))
	41	#endif
	42
	43	#define BLOCKSIZE 4096
	44	#if BLOCKSIZE % 64 != 0
	45	# error "invalid BLOCKSIZE"
	46	#endif
	47
	48	/* This array contains the bytes used to pad the buffer to the next
	49	64-byte boundary. (RFC 1321, 3.1: Step 1) */
	50	static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
	51
	52
	53	/* Take a pointer to a 160 bit block of data (five 32 bit ints) and
	54	initialize it to the start constants of the SHA1 algorithm. This
	55	must be called before using hash in the call to sha1_hash. */
	56	void
	57	sha1_init_ctx (struct sha1_ctx *ctx)
	58	{
	59	ctx->A = 0x67452301;
	60	ctx->B = 0xefcdab89;
	61	ctx->C = 0x98badcfe;
	62	ctx->D = 0x10325476;
	63	ctx->E = 0xc3d2e1f0;
	64
	65	ctx->total[0] = ctx->total[1] = 0;
	66	ctx->buflen = 0;
	67	}
	68
	69
	70	/* Put result from CTX in first 20 bytes following RESBUF. The result
	71	must be in little endian byte order.
	72
	73	IMPORTANT: On some systems it is required that RESBUF is correctly
	74	aligned for a 32-bit value. */
	75	void *
	76	sha1_read_ctx (const struct sha1_ctx ctx, void resbuf)
	77	{
	78	((sha1_uint32 *) resbuf)[0] = SWAP (ctx->A);
	79	((sha1_uint32 *) resbuf)[1] = SWAP (ctx->B);
	80	((sha1_uint32 *) resbuf)[2] = SWAP (ctx->C);
	81	((sha1_uint32 *) resbuf)[3] = SWAP (ctx->D);
	82	((sha1_uint32 *) resbuf)[4] = SWAP (ctx->E);
	83
	84	return resbuf;
	85	}
	86
	87
	88	/* Process the remaining bytes in the internal buffer and the usual
	89	prolog according to the standard and write the result to RESBUF.
	90
	91	IMPORTANT: On some systems it is required that RESBUF is correctly
	92	aligned for a 32-bit value. */
	93	void *
	94	sha1_finish_ctx (struct sha1_ctx ctx, void resbuf)
	95	{
	96	/* Take yet unprocessed bytes into account. */
	97	sha1_uint32 bytes = ctx->buflen;
	98	size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
	99
	100	/* Now count remaining bytes. */
	101	ctx->total[0] += bytes;
	102	if (ctx->total[0] < bytes)
	103	++ctx->total[1];
	104
	105	/* Put the 64-bit file length in bits at the end of the buffer. */
	106	ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) \| (ctx->total[0] >> 29));
	107	ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
	108
	109	memcpy (&((char ) ctx->buffer)[bytes], fillbuf, (size - 2) 4 - bytes);
	110
	111	/* Process last bytes. */
	112	sha1_process_block (ctx->buffer, size * 4, ctx);
	113
	114	return sha1_read_ctx (ctx, resbuf);
	115	}
	116
	117
	118	/* Compute SHA1 message digest for bytes read from STREAM. The
	119	resulting message digest number will be written into the 16 bytes
	120	beginning at RESBLOCK. */
	121	int
	122	sha1_stream (FILE stream, void resblock)
	123	{
	124	struct sha1_ctx ctx;
	125	char buffer[BLOCKSIZE + 72];
	126	size_t sum;
	127
	128	/* Initialize the computation context. */
	129	sha1_init_ctx (&ctx);
	130
	131	/* Iterate over full file contents. */
	132	while (1)
	133	{
	134	/* We read the file in blocks of BLOCKSIZE bytes. One call of the
	135	computation function processes the whole buffer so that with the
	136	next round of the loop another block can be read. */
	137	size_t n;
	138	sum = 0;
	139
	140	/* Read block. Take care for partial reads. */
	141	while (1)
	142	{
	143	n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
	144
	145	sum += n;
	146
	147	if (sum == BLOCKSIZE)
	148	break;
	149
	150	if (n == 0)
	151	{
	152	/* Check for the error flag IFF N == 0, so that we don't
	153	exit the loop after a partial read due to e.g., EAGAIN
	154	or EWOULDBLOCK. */
	155	if (ferror (stream))
	156	return 1;
	157	goto process_partial_block;
	158	}
	159
	160	/* We've read at least one byte, so ignore errors. But always
	161	check for EOF, since feof may be true even though N > 0.
	162	Otherwise, we could end up calling fread after EOF. */
	163	if (feof (stream))
	164	goto process_partial_block;
	165	}
	166
	167	/* Process buffer with BLOCKSIZE bytes. Note that
	168	BLOCKSIZE % 64 == 0
	169	*/
	170	sha1_process_block (buffer, BLOCKSIZE, &ctx);
	171	}
	172
	173	process_partial_block:;
	174
	175	/* Process any remaining bytes. */
	176	if (sum > 0)
	177	sha1_process_bytes (buffer, sum, &ctx);
	178
	179	/* Construct result in desired memory. */
	180	sha1_finish_ctx (&ctx, resblock);
	181	return 0;
	182	}
	183
	184
	185	/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The
	186	result is always in little endian byte order, so that a byte-wise
	187	output yields to the wanted ASCII representation of the message
	188	digest. */
	189	void *
	190	sha1_buffer (const char buffer, size_t len, void resblock)
	191	{
	192	struct sha1_ctx ctx;
	193
	194	/* Initialize the computation context. */
	195	sha1_init_ctx (&ctx);
	196
	197	/* Process whole buffer but last len % 64 bytes. */
	198	sha1_process_bytes (buffer, len, &ctx);
	199
	200	/* Put result in desired memory area. */
	201	return sha1_finish_ctx (&ctx, resblock);
	202	}
	203
	204
	205	void
	206	sha1_process_bytes (const void buffer, size_t len, struct sha1_ctx ctx)
	207	{
	208	/* When we already have some bits in our internal buffer concatenate
	209	both inputs first. */
	210	if (ctx->buflen != 0)
	211	{
	212	size_t left_over = ctx->buflen;
	213	size_t add = 128 - left_over > len ? len : 128 - left_over;
	214
	215	memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
	216	ctx->buflen += add;
	217
	218	if (ctx->buflen > 64)
	219	{
	220	sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
	221
	222	ctx->buflen &= 63;
	223	/* The regions in the following copy operation cannot overlap. */
	224	memcpy (ctx->buffer,
	225	&((char *) ctx->buffer)[(left_over + add) & ~63],
	226	ctx->buflen);
	227	}
	228
	229	buffer = (const char *) buffer + add;
	230	len -= add;
	231	}
	232
	233	/* Process available complete blocks. */
	234	if (len >= 64)
	235	{
	236	#if ! _STRING_ARCH_unaligned
	237	# define alignof(type) offsetof (struct { char c; type x; }, x)
	238	# define UNALIGNED_P(p) (((size_t) p) % alignof (sha1_uint32) != 0)
	239	if (UNALIGNED_P (buffer))
	240	while (len > 64)
	241	{
	242	sha1_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
	243	buffer = (const char *) buffer + 64;
	244	len -= 64;
	245	}
	246	else
	247	#endif
	248	{
	249	sha1_process_block (buffer, len & ~63, ctx);
	250	buffer = (const char *) buffer + (len & ~63);
	251	len &= 63;
	252	}
	253	}
	254
	255	/* Move remaining bytes in internal buffer. */
	256	if (len > 0)
	257	{
	258	size_t left_over = ctx->buflen;
	259
	260	memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
	261	left_over += len;
	262	if (left_over >= 64)
	263	{
	264	sha1_process_block (ctx->buffer, 64, ctx);
	265	left_over -= 64;
	266	memmove (ctx->buffer, &ctx->buffer[16], left_over);
	267	}
	268	ctx->buflen = left_over;
	269	}
	270	}
	271
	272
	273	/* --- Code below is the primary difference between md5.c and sha1.c --- */
	274
	275	/* SHA1 round constants */
	276	#define K1 0x5a827999
	277	#define K2 0x6ed9eba1
	278	#define K3 0x8f1bbcdc
	279	#define K4 0xca62c1d6
	280
	281	/* Round functions. Note that F2 is the same as F4. */
	282	#define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
	283	#define F2(B,C,D) (B ^ C ^ D)
	284	#define F3(B,C,D) ( ( B & C ) \| ( D & ( B \| C ) ) )
	285	#define F4(B,C,D) (B ^ C ^ D)
	286
	287	/* Process LEN bytes of BUFFER, accumulating context into CTX.
	288	It is assumed that LEN % 64 == 0.
	289	Most of this code comes from GnuPG's cipher/sha1.c. */
	290
	291	void
	292	sha1_process_block (const void buffer, size_t len, struct sha1_ctx ctx)
	293	{
	294	const sha1_uint32 words = (const sha1_uint32) buffer;
	295	size_t nwords = len / sizeof (sha1_uint32);
	296	const sha1_uint32 *endp = words + nwords;
	297	sha1_uint32 x[16];
	298	sha1_uint32 a = ctx->A;
	299	sha1_uint32 b = ctx->B;
	300	sha1_uint32 c = ctx->C;
	301	sha1_uint32 d = ctx->D;
	302	sha1_uint32 e = ctx->E;
	303
	304	/* First increment the byte count. RFC 1321 specifies the possible
	305	length of the file up to 2^64 bits. Here we only compute the
	306	number of bytes. Do a double word increment. */
	307	ctx->total[0] += len;
	308	ctx->total[1] += ((len >> 31) >> 1) + (ctx->total[0] < len);
	309
	310	#define rol(x, n) (((x) << (n)) \| ((sha1_uint32) (x) >> (32 - (n))))
	311
	312	#define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
	313	^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
	314	, (x[I&0x0f] = rol(tm, 1)) )
	315
	316	#define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \
	317	+ F( B, C, D ) \
	318	+ K \
	319	+ M; \
	320	B = rol( B, 30 ); \
	321	} while(0)
	322
	323	while (words < endp)
	324	{
	325	sha1_uint32 tm;
	326	int t;
	327	for (t = 0; t < 16; t++)
	328	{
	329	x[t] = SWAP (*words);
	330	words++;
	331	}
	332
	333	R (a, b, c, d, e, F1, K1, x[ 0]);
	334	R (e, a, b, c, d, F1, K1, x[ 1]);
	335	R (d, e, a, b, c, F1, K1, x[ 2]);
	336	R (c, d, e, a, b, F1, K1, x[ 3]);
	337	R (b, c, d, e, a, F1, K1, x[ 4]);
	338	R (a, b, c, d, e, F1, K1, x[ 5]);
	339	R (e, a, b, c, d, F1, K1, x[ 6]);
	340	R (d, e, a, b, c, F1, K1, x[ 7]);
	341	R (c, d, e, a, b, F1, K1, x[ 8]);
	342	R (b, c, d, e, a, F1, K1, x[ 9]);
	343	R (a, b, c, d, e, F1, K1, x[10]);
	344	R (e, a, b, c, d, F1, K1, x[11]);
	345	R (d, e, a, b, c, F1, K1, x[12]);
	346	R (c, d, e, a, b, F1, K1, x[13]);
	347	R (b, c, d, e, a, F1, K1, x[14]);
	348	R (a, b, c, d, e, F1, K1, x[15]);
	349	R (e, a, b, c, d, F1, K1, M (16) );
	350	R (d, e, a, b, c, F1, K1, M (17) );
	351	R (c, d, e, a, b, F1, K1, M (18) );
	352	R (b, c, d, e, a, F1, K1, M (19) );
	353	R (a, b, c, d, e, F2, K2, M (20) );
	354	R (e, a, b, c, d, F2, K2, M (21) );
	355	R (d, e, a, b, c, F2, K2, M (22) );
	356	R (c, d, e, a, b, F2, K2, M (23) );
	357	R (b, c, d, e, a, F2, K2, M (24) );
	358	R (a, b, c, d, e, F2, K2, M (25) );
	359	R (e, a, b, c, d, F2, K2, M (26) );
	360	R (d, e, a, b, c, F2, K2, M (27) );
	361	R (c, d, e, a, b, F2, K2, M (28) );
	362	R (b, c, d, e, a, F2, K2, M (29) );
	363	R (a, b, c, d, e, F2, K2, M (30) );
	364	R (e, a, b, c, d, F2, K2, M (31) );
	365	R (d, e, a, b, c, F2, K2, M (32) );
	366	R (c, d, e, a, b, F2, K2, M (33) );
	367	R (b, c, d, e, a, F2, K2, M (34) );
	368	R (a, b, c, d, e, F2, K2, M (35) );
	369	R (e, a, b, c, d, F2, K2, M (36) );
	370	R (d, e, a, b, c, F2, K2, M (37) );
	371	R (c, d, e, a, b, F2, K2, M (38) );
	372	R (b, c, d, e, a, F2, K2, M (39) );
	373	R (a, b, c, d, e, F3, K3, M (40) );
	374	R (e, a, b, c, d, F3, K3, M (41) );
	375	R (d, e, a, b, c, F3, K3, M (42) );
	376	R (c, d, e, a, b, F3, K3, M (43) );
	377	R (b, c, d, e, a, F3, K3, M (44) );
	378	R (a, b, c, d, e, F3, K3, M (45) );
	379	R (e, a, b, c, d, F3, K3, M (46) );
	380	R (d, e, a, b, c, F3, K3, M (47) );
	381	R (c, d, e, a, b, F3, K3, M (48) );
	382	R (b, c, d, e, a, F3, K3, M (49) );
	383	R (a, b, c, d, e, F3, K3, M (50) );
	384	R (e, a, b, c, d, F3, K3, M (51) );
	385	R (d, e, a, b, c, F3, K3, M (52) );
	386	R (c, d, e, a, b, F3, K3, M (53) );
	387	R (b, c, d, e, a, F3, K3, M (54) );
	388	R (a, b, c, d, e, F3, K3, M (55) );
	389	R (e, a, b, c, d, F3, K3, M (56) );
	390	R (d, e, a, b, c, F3, K3, M (57) );
	391	R (c, d, e, a, b, F3, K3, M (58) );
	392	R (b, c, d, e, a, F3, K3, M (59) );
	393	R (a, b, c, d, e, F4, K4, M (60) );
	394	R (e, a, b, c, d, F4, K4, M (61) );
	395	R (d, e, a, b, c, F4, K4, M (62) );
	396	R (c, d, e, a, b, F4, K4, M (63) );
	397	R (b, c, d, e, a, F4, K4, M (64) );
	398	R (a, b, c, d, e, F4, K4, M (65) );
	399	R (e, a, b, c, d, F4, K4, M (66) );
	400	R (d, e, a, b, c, F4, K4, M (67) );
	401	R (c, d, e, a, b, F4, K4, M (68) );
	402	R (b, c, d, e, a, F4, K4, M (69) );
	403	R (a, b, c, d, e, F4, K4, M (70) );
	404	R (e, a, b, c, d, F4, K4, M (71) );
	405	R (d, e, a, b, c, F4, K4, M (72) );
	406	R (c, d, e, a, b, F4, K4, M (73) );
	407	R (b, c, d, e, a, F4, K4, M (74) );
	408	R (a, b, c, d, e, F4, K4, M (75) );
	409	R (e, a, b, c, d, F4, K4, M (76) );
	410	R (d, e, a, b, c, F4, K4, M (77) );
	411	R (c, d, e, a, b, F4, K4, M (78) );
	412	R (b, c, d, e, a, F4, K4, M (79) );
	413
	414	a = ctx->A += a;
	415	b = ctx->B += b;
	416	c = ctx->C += c;
	417	d = ctx->D += d;
	418	e = ctx->E += e;
	419	}
	420	}