xcrypt 0.1.0

data/ext/libxcrypt/lib/alg-md5.c

@@ -0,0 +1,291 @@
+/*
+ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
+ * MD5 Message-Digest Algorithm (RFC 1321).
+ *
+ * Homepage:
+ * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
+ *
+ * Author:
+ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
+ *
+ * This software was written by Alexander Peslyak in 2001.  No copyright is
+ * claimed, and the software is hereby placed in the public domain.
+ * In case this attempt to disclaim copyright and place the software in the
+ * public domain is deemed null and void, then the software is
+ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
+ * general public under the following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
+ *
+ * (This is a heavily cut-down "BSD license".)
+ *
+ * This differs from Colin Plumb's older public domain implementation in that
+ * no exactly 32-bit integer data type is required (any 32-bit or wider
+ * unsigned integer data type will do), there's no compile-time endianness
+ * configuration, and the function prototypes match OpenSSL's.  No code from
+ * Colin Plumb's implementation has been reused; this comment merely compares
+ * the properties of the two independent implementations.
+ *
+ * The primary goals of this implementation are portability and ease of use.
+ * It is meant to be fast, but not as fast as possible.  Some known
+ * optimizations are not included to reduce source code size and avoid
+ * compile-time configuration.
+ */
+
+#include "crypt-port.h"
+
+#if INCLUDE_md5crypt || INCLUDE_sunmd5
+
+#include "alg-md5.h"
+
+/*
+ * The basic MD5 functions.
+ *
+ * F and G are optimized compared to their RFC 1321 definitions for
+ * architectures that lack an AND-NOT instruction, just like in Colin Plumb's
+ * implementation.
+ */
+#define F(x, y, z)			((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z)			((y) ^ ((z) & ((x) ^ (y))))
+#define H(x, y, z)			(((x) ^ (y)) ^ (z))
+#define H2(x, y, z)			((x) ^ ((y) ^ (z)))
+#define I(x, y, z)			((y) ^ ((x) | ~(z)))
+
+/*
+ * The MD5 transformation for all four rounds.
+ */
+#define STEP(f, a, b, c, d, x, t, s) \
+	(a) += f((b), (c), (d)) + (x) + (t); \
+	(a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \
+	(a) += (b);
+
+/*
+ * SET reads 4 input bytes in little-endian byte order and stores them in a
+ * properly aligned word in host byte order.
+ *
+ * The check for little-endian architectures that tolerate unaligned memory
+ * accesses is just an optimization.  Nothing will break if it fails to detect
+ * a suitable architecture.
+ *
+ * Unfortunately, this optimization may be a C strict aliasing rules violation
+ * if the caller's data buffer has effective type that cannot be aliased by
+ * MD5_u32plus.  In practice, this problem may occur if these MD5 routines are
+ * inlined into a calling function, or with future and dangerously advanced
+ * link-time optimizations.  For the time being, keeping these MD5 routines in
+ * their own translation unit avoids the problem.
+ */
+#if 0 /* defined(__i386__) || defined(__x86_64__) || defined(__vax__) */
+#define SET(n) \
+	(*(const MD5_u32plus *)&ptr[(n) * 4])
+#define GET(n) \
+	SET(n)
+#else
+#define SET(n) \
+	(ctx->block[(n)] = \
+	(MD5_u32plus)ptr[(n) * 4] | \
+	((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \
+	((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \
+	((MD5_u32plus)ptr[(n) * 4 + 3] << 24))
+#define GET(n) \
+	(ctx->block[(n)])
+#endif
+
+/*
+ * This processes one or more 64-byte data blocks, but does NOT update the bit
+ * counters.  There are no alignment requirements.
+ */
+static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
+{
+	const unsigned char *ptr;
+	MD5_u32plus a, b, c, d;
+	MD5_u32plus saved_a, saved_b, saved_c, saved_d;
+
+	ptr = (const unsigned char *)data;
+
+	a = ctx->a;
+	b = ctx->b;
+	c = ctx->c;
+	d = ctx->d;
+
+	do {
+		saved_a = a;
+		saved_b = b;
+		saved_c = c;
+		saved_d = d;
+
+/* Round 1 */
+		STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7)
+		STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12)
+		STEP(F, c, d, a, b, SET(2), 0x242070db, 17)
+		STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22)
+		STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7)
+		STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12)
+		STEP(F, c, d, a, b, SET(6), 0xa8304613, 17)
+		STEP(F, b, c, d, a, SET(7), 0xfd469501, 22)
+		STEP(F, a, b, c, d, SET(8), 0x698098d8, 7)
+		STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12)
+		STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17)
+		STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22)
+		STEP(F, a, b, c, d, SET(12), 0x6b901122, 7)
+		STEP(F, d, a, b, c, SET(13), 0xfd987193, 12)
+		STEP(F, c, d, a, b, SET(14), 0xa679438e, 17)
+		STEP(F, b, c, d, a, SET(15), 0x49b40821, 22)
+
+/* Round 2 */
+		STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5)
+		STEP(G, d, a, b, c, GET(6), 0xc040b340, 9)
+		STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14)
+		STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20)
+		STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5)
+		STEP(G, d, a, b, c, GET(10), 0x02441453, 9)
+		STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14)
+		STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20)
+		STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5)
+		STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9)
+		STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14)
+		STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20)
+		STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5)
+		STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9)
+		STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14)
+		STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20)
+
+/* Round 3 */
+		STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4)
+		STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11)
+		STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16)
+		STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23)
+		STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4)
+		STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11)
+		STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16)
+		STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23)
+		STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4)
+		STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11)
+		STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16)
+		STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23)
+		STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4)
+		STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11)
+		STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16)
+		STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23)
+
+/* Round 4 */
+		STEP(I, a, b, c, d, GET(0), 0xf4292244, 6)
+		STEP(I, d, a, b, c, GET(7), 0x432aff97, 10)
+		STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15)
+		STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21)
+		STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6)
+		STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10)
+		STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15)
+		STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21)
+		STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6)
+		STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10)
+		STEP(I, c, d, a, b, GET(6), 0xa3014314, 15)
+		STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21)
+		STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6)
+		STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10)
+		STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15)
+		STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21)
+
+		a += saved_a;
+		b += saved_b;
+		c += saved_c;
+		d += saved_d;
+
+		ptr += 64;
+	} while (size -= 64);
+
+	ctx->a = a;
+	ctx->b = b;
+	ctx->c = c;
+	ctx->d = d;
+
+	return ptr;
+}
+
+void MD5_Init(MD5_CTX *ctx)
+{
+	ctx->a = 0x67452301;
+	ctx->b = 0xefcdab89;
+	ctx->c = 0x98badcfe;
+	ctx->d = 0x10325476;
+
+	ctx->lo = 0;
+	ctx->hi = 0;
+}
+
+void MD5_Update(MD5_CTX *ctx, const void *data, size_t size)
+{
+	MD5_u32plus saved_lo;
+	unsigned long used, available;
+
+	saved_lo = ctx->lo;
+	if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
+		ctx->hi++;
+	ctx->hi += (MD5_u32plus) size >> 29;
+
+	used = saved_lo & 0x3f;
+
+	if (used) {
+		available = 64 - used;
+
+		if (size < available) {
+			memcpy(&ctx->buffer[used], data, size);
+			return;
+		}
+
+		memcpy(&ctx->buffer[used], data, available);
+		data = (const unsigned char *)data + available;
+		size -= available;
+		body(ctx, ctx->buffer, 64);
+	}
+
+	if (size >= 64) {
+		data = body(ctx, data, size & ~(unsigned long)0x3f);
+		size &= 0x3f;
+	}
+
+	memcpy(ctx->buffer, data, size);
+}
+
+#define OUT(dst, src) \
+	(dst)[0] = (unsigned char)(src); \
+	(dst)[1] = (unsigned char)((src) >> 8); \
+	(dst)[2] = (unsigned char)((src) >> 16); \
+	(dst)[3] = (unsigned char)((src) >> 24);
+
+void MD5_Final(uint8_t result[16], MD5_CTX *ctx)
+{
+	unsigned long used, available;
+
+	used = ctx->lo & 0x3f;
+
+	ctx->buffer[used++] = 0x80;
+
+	available = 64 - used;
+
+	if (available < 8) {
+		memset(&ctx->buffer[used], 0, available);
+		body(ctx, ctx->buffer, 64);
+		used = 0;
+		available = 64;
+	}
+
+	memset(&ctx->buffer[used], 0, available - 8);
+
+	ctx->lo <<= 3;
+	OUT(&ctx->buffer[56], ctx->lo)
+	OUT(&ctx->buffer[60], ctx->hi)
+
+	body(ctx, ctx->buffer, 64);
+
+	OUT(&result[0], ctx->a)
+	OUT(&result[4], ctx->b)
+	OUT(&result[8], ctx->c)
+	OUT(&result[12], ctx->d)
+
+	explicit_bzero(ctx, sizeof(*ctx));
+}
+
+#endif

data/ext/libxcrypt/lib/alg-md5.h

@@ -0,0 +1,43 @@
+/*
+ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
+ * MD5 Message-Digest Algorithm (RFC 1321).
+ *
+ * Homepage:
+ * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
+ *
+ * Author:
+ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
+ *
+ * This software was written by Alexander Peslyak in 2001.  No copyright is
+ * claimed, and the software is hereby placed in the public domain.
+ * In case this attempt to disclaim copyright and place the software in the
+ * public domain is deemed null and void, then the software is
+ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
+ * general public under the following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
+ *
+ * See md5.c for more information.
+ */
+
+#ifndef _CRYPT_ALG_MD5_H
+#define _CRYPT_ALG_MD5_H 1
+
+/* Any 32-bit or wider unsigned integer data type will do */
+typedef uint32_t MD5_u32plus;
+
+typedef struct {
+	MD5_u32plus lo, hi;
+	MD5_u32plus a, b, c, d;
+	uint8_t buffer[64];
+	MD5_u32plus block[16];
+} MD5_CTX;
+
+extern void MD5_Init(MD5_CTX *ctx);
+extern void MD5_Update(MD5_CTX *ctx, const void *data, size_t size);
+extern void MD5_Final(uint8_t result[16], MD5_CTX *ctx);
+
+#endif /* alg-md5.h */

data/ext/libxcrypt/lib/alg-sha1.c

@@ -0,0 +1,288 @@
+/*
+SHA-1 in C
+By Steve Reid <sreid@sea-to-sky.net>
+100% Public Domain
+
+-----------------
+Modified 7/98
+By James H. Brown <jbrown@burgoyne.com>
+Still 100% Public Domain
+
+Corrected a problem which generated improper hash values on 16 bit machines
+Routine SHA1Update changed from
+  void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len)
+to
+  void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned long len)
+
+The 'len' parameter was declared an int which works fine on 32 bit machines.
+However, on 16 bit machines an int is too small for the shifts being done
+against
+it.  This caused the hash function to generate incorrect values if len was
+greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update().
+
+Since the file IO in main() reads 16K at a time, any file 8K or larger would
+be guaranteed to generate the wrong hash (e.g. Test Vector #3,
+a million "a"s).
+
+I also changed the declaration of variables i & j in SHA1Update to
+unsigned long from unsigned int for the same reason.
+
+These changes should make no difference to any 32 bit implementations since
+an int and a long are the same size in those environments.
+
+--
+I also corrected a few compiler warnings generated by Borland C.
+1. Added #include <process.h> for exit() prototype
+2. Removed unused variable 'j' in SHA1Final
+3. Changed exit(0) to return(0) at end of main.
+
+ALL changes I made can be located by searching for comments containing 'JHB'
+-----------------
+Modified 8/98
+By Steve Reid <sreid@sea-to-sky.net>
+Still 100% public domain
+
+1- Removed #include <process.h> and used return() instead of exit()
+2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall)
+3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net
+
+-----------------
+Modified 4/01
+By Saul Kravitz <Saul.Kravitz@celera.com>
+Still 100% PD
+Modified to run on Compaq Alpha hardware.
+
+-----------------
+Modified 07/2002
+By Ralph Giles <giles@ghostscript.com>
+Still 100% public domain
+modified for use with stdint types, autoconf
+code cleanup, removed attribution comments
+switched SHA1Final() argument order for consistency
+use SHA1_ prefix for public api
+move public api to sha1.h
+
+-----------------
+Modified 10/2017
+By Björn Esser <besser82@fedoraproject.org>
+Still 100% public domain
+modified for use with libxcrypt
+*/
+
+#include "crypt-port.h"
+#include "alg-sha1.h"
+
+#if INCLUDE_sha1crypt
+
+#define SHA1_DIGEST_SIZE 20
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+/* I got the idea of expanding during the round function from SSLeay */
+/* FIXME: can we do this in an endian-proof way? */
+#if XCRYPT_USE_BIGENDIAN
+#define blk0(i) block.l[i]
+#else
+#define blk0(i) (block.l[i] = (rol(block.l[i],24)&0xFF00FF00) \
+    |(rol(block.l[i],8)&0x00FF00FF))
+#endif
+#define blk(i) (block.l[i&15] = rol(block.l[(i+13)&15]^block.l[(i+8)&15] \
+    ^block.l[(i+2)&15]^block.l[i&15],1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+
+
+/* Hash a single 512-bit block. This is the core of the algorithm. */
+static void
+sha1_do_transform (uint32_t state[5], const uint8_t buffer[64])
+{
+  uint32_t a, b, c, d, e;
+  typedef union
+  {
+    uint8_t c[64];
+    uint32_t l[16];
+  } CHAR64LONG16;
+  CHAR64LONG16 block;
+
+  memcpy (&block, buffer, 64);
+
+  /* Copy context->state[] to working vars */
+  a = state[0];
+  b = state[1];
+  c = state[2];
+  d = state[3];
+  e = state[4];
+
+  /* 4 rounds of 20 operations each. Loop unrolled. */
+  R0(a,b,c,d,e, 0);
+  R0(e,a,b,c,d, 1);
+  R0(d,e,a,b,c, 2);
+  R0(c,d,e,a,b, 3);
+  R0(b,c,d,e,a, 4);
+  R0(a,b,c,d,e, 5);
+  R0(e,a,b,c,d, 6);
+  R0(d,e,a,b,c, 7);
+  R0(c,d,e,a,b, 8);
+  R0(b,c,d,e,a, 9);
+  R0(a,b,c,d,e,10);
+  R0(e,a,b,c,d,11);
+  R0(d,e,a,b,c,12);
+  R0(c,d,e,a,b,13);
+  R0(b,c,d,e,a,14);
+  R0(a,b,c,d,e,15);
+  R1(e,a,b,c,d,16);
+  R1(d,e,a,b,c,17);
+  R1(c,d,e,a,b,18);
+  R1(b,c,d,e,a,19);
+  R2(a,b,c,d,e,20);
+  R2(e,a,b,c,d,21);
+  R2(d,e,a,b,c,22);
+  R2(c,d,e,a,b,23);
+  R2(b,c,d,e,a,24);
+  R2(a,b,c,d,e,25);
+  R2(e,a,b,c,d,26);
+  R2(d,e,a,b,c,27);
+  R2(c,d,e,a,b,28);
+  R2(b,c,d,e,a,29);
+  R2(a,b,c,d,e,30);
+  R2(e,a,b,c,d,31);
+  R2(d,e,a,b,c,32);
+  R2(c,d,e,a,b,33);
+  R2(b,c,d,e,a,34);
+  R2(a,b,c,d,e,35);
+  R2(e,a,b,c,d,36);
+  R2(d,e,a,b,c,37);
+  R2(c,d,e,a,b,38);
+  R2(b,c,d,e,a,39);
+  R3(a,b,c,d,e,40);
+  R3(e,a,b,c,d,41);
+  R3(d,e,a,b,c,42);
+  R3(c,d,e,a,b,43);
+  R3(b,c,d,e,a,44);
+  R3(a,b,c,d,e,45);
+  R3(e,a,b,c,d,46);
+  R3(d,e,a,b,c,47);
+  R3(c,d,e,a,b,48);
+  R3(b,c,d,e,a,49);
+  R3(a,b,c,d,e,50);
+  R3(e,a,b,c,d,51);
+  R3(d,e,a,b,c,52);
+  R3(c,d,e,a,b,53);
+  R3(b,c,d,e,a,54);
+  R3(a,b,c,d,e,55);
+  R3(e,a,b,c,d,56);
+  R3(d,e,a,b,c,57);
+  R3(c,d,e,a,b,58);
+  R3(b,c,d,e,a,59);
+  R4(a,b,c,d,e,60);
+  R4(e,a,b,c,d,61);
+  R4(d,e,a,b,c,62);
+  R4(c,d,e,a,b,63);
+  R4(b,c,d,e,a,64);
+  R4(a,b,c,d,e,65);
+  R4(e,a,b,c,d,66);
+  R4(d,e,a,b,c,67);
+  R4(c,d,e,a,b,68);
+  R4(b,c,d,e,a,69);
+  R4(a,b,c,d,e,70);
+  R4(e,a,b,c,d,71);
+  R4(d,e,a,b,c,72);
+  R4(c,d,e,a,b,73);
+  R4(b,c,d,e,a,74);
+  R4(a,b,c,d,e,75);
+  R4(e,a,b,c,d,76);
+  R4(d,e,a,b,c,77);
+  R4(c,d,e,a,b,78);
+  R4(b,c,d,e,a,79);
+
+  /* Add the working vars back into context.state[] */
+  state[0] += a;
+  state[1] += b;
+  state[2] += c;
+  state[3] += d;
+  state[4] += e;
+
+  /* Wipe variables */
+  a = b = c = d = e = 0;
+}
+
+
+/* SHA1Init - Initialize new context */
+void
+sha1_init_ctx (struct sha1_ctx* ctx)
+{
+  /* SHA1 initialization constants */
+  ctx->state[0] = 0x67452301;
+  ctx->state[1] = 0xEFCDAB89;
+  ctx->state[2] = 0x98BADCFE;
+  ctx->state[3] = 0x10325476;
+  ctx->state[4] = 0xC3D2E1F0;
+  ctx->count[0] = ctx->count[1] = 0;
+}
+
+
+/* Run your data through this. */
+void
+sha1_process_bytes (const void *buffer, struct sha1_ctx *ctx, size_t size)
+{
+  const uint8_t *data = buffer;
+  size_t j = (ctx->count[0] >> 3) & 63;
+
+  if ((ctx->count[0] += (uint32_t)size << 3) < ((uint32_t)size << 3)) ctx->count[1]++;
+  ctx->count[1] += (uint32_t)(size >> 29);
+  if ((j + size) > 63)
+    {
+      const size_t i = 64 - j;
+      memcpy (&ctx->buffer[j], data, i);
+      sha1_do_transform (ctx->state, ctx->buffer);
+      j = 0;
+      size = size > i ? size - i : 0;
+      data += i;
+      while (size > 63)
+        {
+          sha1_do_transform (ctx->state, data);
+          size -= 64;
+          data += 64;
+        }
+    }
+  memcpy (&ctx->buffer[j], data, size);
+}
+
+
+/* Add padding and return the message digest. */
+void *
+sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf)
+{
+  uint32_t i;
+  uint8_t  finalcount[8];
+
+  for (i = 0; i < 8; i++)
+    {
+      finalcount[i] = (unsigned char)((ctx->count[(i >= 4 ? 0 : 1)]
+                                       >> ((3-(i & 3)) * 8) ) & 255);  /* Endian independent */
+    }
+  sha1_process_bytes ((const uint8_t *)"\200", ctx, 1);
+  while ((ctx->count[0] & 504) != 448)
+    sha1_process_bytes ((const uint8_t *)"\0", ctx, 1);
+  sha1_process_bytes (finalcount, ctx, 8);  /* Should cause a sha1_do_transform() */
+  for (i = 0; i < SHA1_DIGEST_SIZE; i++)
+    {
+      *((uint8_t *)resbuf + i) = (uint8_t)((ctx->state[i>>2]
+                                            >> ((3-(i & 3)) * 8) ) & 255);
+    }
+
+  /* Wipe variables */
+  i = 0;
+  explicit_bzero (ctx, sizeof (struct sha1_ctx));
+  explicit_bzero (finalcount, 8);  /* SWR */
+
+  return resbuf;
+}
+
+#endif

data/ext/libxcrypt/lib/alg-sha1.h

@@ -0,0 +1,34 @@
+/*
+ * This is an implementation of the National Institute of Standards
+ * and Technology US Secure Hash Algorithm 1 (SHA1).
+ *
+ * Public api for steve reid's public domain SHA-1 implementation.
+ * This file is in the public domain.
+ */
+
+#ifndef _CRYPT_ALG_SHA1_H
+#define _CRYPT_ALG_SHA1_H 1
+
+/* Structure to save state of computation between the single steps.  */
+struct sha1_ctx
+{
+  uint32_t state[5];
+  uint32_t count[2];
+  uint8_t  buffer[64];
+};
+
+/* Initialize structure containing state of computation.
+   (RFC 3174, 6.1)  */
+extern void sha1_init_ctx (struct sha1_ctx *ctx);
+
+/* Starting with the result of former calls of this function (or the
+   initialization function) update the context for the next LEN bytes
+   starting at BUFFER.  LEN does not need to be a multiple of 64.  */
+extern void sha1_process_bytes (const void *buffer, struct sha1_ctx *ctx, size_t size);
+
+/* Process the remaining bytes in the buffer and write the finalized
+   hash to RESBUF, which should point to 20 bytes of storage.  All
+   data written to CTX is erased before returning from the function.  */
+extern void *sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf);
+
+#endif