Diff

Differences From Artifact [a03e9d2d38]:

To Artifact [e3f79ad8a1]:


            1  +/**************************** sha1.c ***************************/
            2  +/***************** See RFC 6234 for details. *******************/
            3  +/* Copyright (c) 2011 IETF Trust and the persons identified as */
            4  +/* authors of the code.  All rights reserved.                  */
            5  +/* See sha.h for terms of use and redistribution.              */
            6  +
     1      7   /*
     2         - *  sha1.c
     3         - *
     4      8    *  Description:
     5         - *      This file implements the Secure Hashing Algorithm 1 as
     6         - *      defined in FIPS PUB 180-1 published April 17, 1995.
            9  + *      This file implements the Secure Hash Algorithm SHA-1
           10  + *      as defined in the U.S. National Institute of Standards
           11  + *      and Technology Federal Information Processing Standards
           12  + *      Publication (FIPS PUB) 180-3 published in October 2008
           13  + *      and formerly defined in its predecessors, FIPS PUB 180-1
           14  + *      and FIP PUB 180-2.
     7     15    *
     8         - *      The SHA-1, produces a 160-bit message digest for a given
     9         - *      data stream.  It should take about 2**n steps to find a
    10         - *      message with the same digest as a given message and
    11         - *      2**(n/2) to find any two messages with the same digest,
    12         - *      when n is the digest size in bits.  Therefore, this
    13         - *      algorithm can serve as a means of providing a
           16  + *      A combined document showing all algorithms is available at
           17  + *              http://csrc.nist.gov/publications/fips/
           18  + *                     fips180-3/fips180-3_final.pdf
           19  + *
           20  + *      The SHA-1 algorithm produces a 160-bit message digest for a
           21  + *      given data stream that can serve as a means of providing a
    14     22    *      "fingerprint" for a message.
    15     23    *
    16     24    *  Portability Issues:
    17     25    *      SHA-1 is defined in terms of 32-bit "words".  This code
    18         - *      uses <stdint.h> (included via "sha1.h" to define 32 and 8
    19         - *      bit unsigned integer types.  If your C compiler does not
    20         - *      support 32 bit unsigned integers, this code is not
           26  + *      uses <stdint.h> (included via "sha.h") to define 32- and
           27  + *      8-bit unsigned integer types.  If your C compiler does
           28  + *      not support 32-bit unsigned integers, this code is not
    21     29    *      appropriate.
    22     30    *
    23     31    *  Caveats:
    24     32    *      SHA-1 is designed to work with messages less than 2^64 bits
    25         - *      long.  Although SHA-1 allows a message digest to be generated
    26         - *      for messages of any number of bits less than 2^64, this
    27         - *      implementation only works with messages with a length that is
    28         - *      a multiple of the size of an 8-bit character.
    29         - *
           33  + *      long.  This implementation uses SHA1Input() to hash the bits
           34  + *      that are a multiple of the size of an 8-bit octet, and then
           35  + *      optionally uses SHA1FinalBits() to hash the final few bits of
           36  + *      the input.
    30     37    */
    31     38   
    32         -#include "sha1.h"
           39  +#include "sha.h"
           40  +#include "sha-private.h"
    33     41   
    34     42   /*
    35     43    *  Define the SHA1 circular left shift macro
    36     44    */
    37         -#define SHA1CircularShift(bits,word) \
           45  +#define SHA1_ROTL(bits,word) \
    38     46                   (((word) << (bits)) | ((word) >> (32-(bits))))
    39     47   
    40         -/* Local Function Prototyptes */
    41         -static void SHA1PadMessage(SHA1Context *);
    42         -static void SHA1ProcessMessageBlock(SHA1Context *);
           48  +/*
           49  + * Add "length" to the length.
           50  + * Set Corrupted when overflow has occurred.
           51  + */
           52  +static uint32_t addTemp;
           53  +#define SHA1AddLength(context, length)                     \
           54  +    (addTemp = (context)->Length_Low,                      \
           55  +     (context)->Corrupted =                                \
           56  +        (((context)->Length_Low += (length)) < addTemp) && \
           57  +        (++(context)->Length_High == 0) ? shaInputTooLong  \
           58  +                                        : (context)->Corrupted )
           59  +
           60  +/* Local Function Prototypes */
           61  +static void SHA1ProcessMessageBlock(SHA1Context *context);
           62  +static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte);
           63  +static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte);
    43     64   
    44     65   /*
    45     66    *  SHA1Reset
    46     67    *
    47     68    *  Description:
    48     69    *      This function will initialize the SHA1Context in preparation
    49     70    *      for computing a new SHA1 message digest.
................................................................................
    52     73    *      context: [in/out]
    53     74    *          The context to reset.
    54     75    *
    55     76    *  Returns:
    56     77    *      sha Error Code.
    57     78    *
    58     79    */
    59         -static int SHA1Reset(SHA1Context *context)
           80  +int SHA1Reset(SHA1Context *context)
    60     81   {
    61         -    if (!context)
    62         -    {
    63         -        return shaNull;
    64         -    }
    65         -
    66         -    context->Length_Low             = 0;
    67         -    context->Length_High            = 0;
    68         -    context->Message_Block_Index    = 0;
    69         -
    70         -    context->Intermediate_Hash[0]   = 0x67452301;
    71         -    context->Intermediate_Hash[1]   = 0xEFCDAB89;
    72         -    context->Intermediate_Hash[2]   = 0x98BADCFE;
    73         -    context->Intermediate_Hash[3]   = 0x10325476;
    74         -    context->Intermediate_Hash[4]   = 0xC3D2E1F0;
    75         -
    76         -    context->Computed   = 0;
    77         -    context->Corrupted  = 0;
    78         -
    79         -    return shaSuccess;
    80         -}
    81         -
    82         -/*
    83         - *  SHA1Result
    84         - *
    85         - *  Description:
    86         - *      This function will return the 160-bit message digest into the
    87         - *      Message_Digest array  provided by the caller.
    88         - *      NOTE: The first octet of hash is stored in the 0th element,
    89         - *            the last octet of hash in the 19th element.
    90         - *
    91         - *  Parameters:
    92         - *      context: [in/out]
    93         - *          The context to use to calculate the SHA-1 hash.
    94         - *      Message_Digest: [out]
    95         - *          Where the digest is returned.
    96         - *
    97         - *  Returns:
    98         - *      sha Error Code.
    99         - *
   100         - */
   101         -static int SHA1Result( SHA1Context *context,
   102         -                uint8_t Message_Digest[SHA1HashSize])
   103         -{
   104         -    int i;
   105         -
   106         -    if (!context || !Message_Digest)
   107         -    {
   108         -        return shaNull;
   109         -    }
   110         -
   111         -    if (context->Corrupted)
   112         -    {
   113         -        return context->Corrupted;
   114         -    }
   115         -
   116         -    if (!context->Computed)
   117         -    {
   118         -        SHA1PadMessage(context);
   119         -        for(i=0; i<64; ++i)
   120         -        {
   121         -            /* message may be sensitive, clear it out */
   122         -            context->Message_Block[i] = 0;
   123         -        }
   124         -        context->Length_Low = 0;    /* and clear length */
   125         -        context->Length_High = 0;
   126         -        context->Computed = 1;
   127         -    }
   128         -
   129         -    for(i = 0; i < SHA1HashSize; ++i)
   130         -    {
   131         -        Message_Digest[i] = context->Intermediate_Hash[i>>2]
   132         -                            >> 8 * ( 3 - ( i & 0x03 ) );
   133         -    }
   134         -
   135         -    return shaSuccess;
           82  +  if (!context) return shaNull;
           83  +
           84  +  context->Length_High = context->Length_Low = 0;
           85  +  context->Message_Block_Index = 0;
           86  +
           87  +  /* Initial Hash Values: FIPS 180-3 section 5.3.1 */
           88  +  context->Intermediate_Hash[0]   = 0x67452301;
           89  +  context->Intermediate_Hash[1]   = 0xEFCDAB89;
           90  +  context->Intermediate_Hash[2]   = 0x98BADCFE;
           91  +  context->Intermediate_Hash[3]   = 0x10325476;
           92  +  context->Intermediate_Hash[4]   = 0xC3D2E1F0;
           93  +
           94  +  context->Computed   = 0;
           95  +  context->Corrupted  = shaSuccess;
           96  +
           97  +  return shaSuccess;
   136     98   }
   137     99   
   138    100   /*
   139    101    *  SHA1Input
   140    102    *
   141    103    *  Description:
   142    104    *      This function accepts an array of octets as the next portion
   143    105    *      of the message.
   144    106    *
   145    107    *  Parameters:
   146    108    *      context: [in/out]
   147         - *          The SHA context to update
   148         - *      message_array: [in]
   149         - *          An array of characters representing the next portion of
          109  + *          The SHA context to update.
          110  + *      message_array[ ]: [in]
          111  + *          An array of octets representing the next portion of
   150    112    *          the message.
   151    113    *      length: [in]
   152         - *          The length of the message in message_array
          114  + *          The length of the message in message_array.
   153    115    *
   154    116    *  Returns:
   155    117    *      sha Error Code.
   156    118    *
   157    119    */
   158         -static int SHA1Input(    SHA1Context    *context,
   159         -                  const uint8_t  *message_array,
   160         -                  unsigned       length)
          120  +int SHA1Input(SHA1Context *context,
          121  +    const uint8_t *message_array, unsigned length)
   161    122   {
   162         -    if (!length)
   163         -    {
   164         -        return shaSuccess;
   165         -    }
          123  +  if (!context) return shaNull;
          124  +  if (!length) return shaSuccess;
          125  +  if (!message_array) return shaNull;
          126  +  if (context->Computed) return context->Corrupted = shaStateError;
          127  +  if (context->Corrupted) return context->Corrupted;
   166    128   
   167         -    if (!context || !message_array)
   168         -    {
   169         -        return shaNull;
   170         -    }
   171         -
   172         -    if (context->Computed)
   173         -    {
   174         -        context->Corrupted = shaStateError;
   175         -
   176         -        return shaStateError;
   177         -    }
   178         -
   179         -    if (context->Corrupted)
   180         -    {
   181         -         return context->Corrupted;
   182         -    }
   183         -    while(length-- && !context->Corrupted)
   184         -    {
          129  +  while (length--) {
   185    130       context->Message_Block[context->Message_Block_Index++] =
   186         -                    (*message_array & 0xFF);
          131  +      *message_array;
   187    132   
   188         -    context->Length_Low += 8;
   189         -    if (context->Length_Low == 0)
   190         -    {
   191         -        context->Length_High++;
   192         -        if (context->Length_High == 0)
   193         -        {
   194         -            /* Message is too long */
   195         -            context->Corrupted = 1;
   196         -        }
   197         -    }
   198         -
   199         -    if (context->Message_Block_Index == 64)
   200         -    {
   201         -        SHA1ProcessMessageBlock(context);
   202         -    }
          133  +    if ((SHA1AddLength(context, 8) == shaSuccess) &&
          134  +      (context->Message_Block_Index == SHA1_Message_Block_Size))
          135  +      SHA1ProcessMessageBlock(context);
   203    136   
   204    137       message_array++;
   205         -    }
          138  +  }
   206    139   
   207         -    return shaSuccess;
          140  +  return context->Corrupted;
          141  +}
          142  +
          143  +/*
          144  + * SHA1FinalBits
          145  + *
          146  + * Description:
          147  + *   This function will add in any final bits of the message.
          148  + *
          149  + * Parameters:
          150  + *   context: [in/out]
          151  + *     The SHA context to update.
          152  + *   message_bits: [in]
          153  + *     The final bits of the message, in the upper portion of the
          154  + *     byte.  (Use 0b###00000 instead of 0b00000### to input the
          155  + *     three bits ###.)
          156  + *   length: [in]
          157  + *     The number of bits in message_bits, between 1 and 7.
          158  + *
          159  + * Returns:
          160  + *   sha Error Code.
          161  + */
          162  +int SHA1FinalBits(SHA1Context *context, uint8_t message_bits,
          163  +    unsigned int length)
          164  +{
          165  +  static uint8_t masks[8] = {
          166  +      /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
          167  +      /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
          168  +      /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
          169  +      /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
          170  +  };
          171  +
          172  +  static uint8_t markbit[8] = {
          173  +      /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
          174  +      /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
          175  +      /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
          176  +      /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
          177  +  };
          178  +
          179  +  if (!context) return shaNull;
          180  +  if (!length) return shaSuccess;
          181  +  if (context->Corrupted) return context->Corrupted;
          182  +  if (context->Computed) return context->Corrupted = shaStateError;
          183  +  if (length >= 8) return context->Corrupted = shaBadParam;
          184  +
          185  +  SHA1AddLength(context, length);
          186  +  SHA1Finalize(context,
          187  +    (uint8_t) ((message_bits & masks[length]) | markbit[length]));
          188  +
          189  +  return context->Corrupted;
          190  +}
          191  +
          192  +/*
          193  + * SHA1Result
          194  + *
          195  + * Description:
          196  + *   This function will return the 160-bit message digest
          197  + *   into the Message_Digest array provided by the caller.
          198  + *   NOTE:
          199  + *    The first octet of hash is stored in the element with index 0,
          200  + *      the last octet of hash in the element with index 19.
          201  + *
          202  + * Parameters:
          203  + *   context: [in/out]
          204  + *     The context to use to calculate the SHA-1 hash.
          205  + *   Message_Digest[ ]: [out]
          206  + *     Where the digest is returned.
          207  + *
          208  + * Returns:
          209  + *   sha Error Code.
          210  + *
          211  + */
          212  +int SHA1Result(SHA1Context *context,
          213  +    uint8_t Message_Digest[SHA1HashSize])
          214  +{
          215  +  int i;
          216  +
          217  +  if (!context) return shaNull;
          218  +  if (!Message_Digest) return shaNull;
          219  +  if (context->Corrupted) return context->Corrupted;
          220  +
          221  +  if (!context->Computed)
          222  +    SHA1Finalize(context, 0x80);
          223  +
          224  +  for (i = 0; i < SHA1HashSize; ++i)
          225  +    Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i>>2]
          226  +                                   >> (8 * ( 3 - ( i & 0x03 ) )));
          227  +
          228  +  return shaSuccess;
   208    229   }
   209    230   
   210    231   /*
   211         - *  SHA1ProcessMessageBlock
          232  + * SHA1ProcessMessageBlock
          233  + *
          234  + * Description:
          235  + *   This helper function will process the next 512 bits of the
          236  + *   message stored in the Message_Block array.
   212    237    *
   213         - *  Description:
   214         - *      This function will process the next 512 bits of the message
   215         - *      stored in the Message_Block array.
          238  + * Parameters:
          239  + *   context: [in/out]
          240  + *     The SHA context to update.
   216    241    *
   217         - *  Parameters:
   218         - *      None.
   219         - *
   220         - *  Returns:
   221         - *      Nothing.
          242  + * Returns:
          243  + *   Nothing.
   222    244    *
   223         - *  Comments:
   224         - *      Many of the variable names in this code, especially the
   225         - *      single character names, were used because those were the
   226         - *      names used in the publication.
   227         - *
   228         - *
          245  + * Comments:
          246  + *   Many of the variable names in this code, especially the
          247  + *   single character names, were used because those were the
          248  + *   names used in the Secure Hash Standard.
   229    249    */
   230    250   static void SHA1ProcessMessageBlock(SHA1Context *context)
   231    251   {
   232         -    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
   233         -                            0x5A827999,
   234         -                            0x6ED9EBA1,
   235         -                            0x8F1BBCDC,
   236         -                            0xCA62C1D6
   237         -                            };
   238         -    int           t;                 /* Loop counter                */
   239         -    uint32_t      temp;              /* Temporary word value        */
   240         -    uint32_t      W[80];             /* Word sequence               */
   241         -    uint32_t      A, B, C, D, E;     /* Word buffers                */
          252  +  /* Constants defined in FIPS 180-3, section 4.2.1 */
          253  +  const uint32_t K[4] = {
          254  +      0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
          255  +  };
          256  +
          257  +  int        t;               /* Loop counter */
          258  +  uint32_t   temp;            /* Temporary word value */
          259  +  uint32_t   W[80];           /* Word sequence */
          260  +  uint32_t   A, B, C, D, E;   /* Word buffers */
          261  +
          262  +  /*
          263  +   * Initialize the first 16 words in the array W
          264  +   */
          265  +  for (t = 0; t < 16; t++) {
          266  +    W[t]  = ((uint32_t)context->Message_Block[t * 4]) << 24;
          267  +    W[t] |= ((uint32_t)context->Message_Block[t * 4 + 1]) << 16;
          268  +    W[t] |= ((uint32_t)context->Message_Block[t * 4 + 2]) << 8;
          269  +    W[t] |= ((uint32_t)context->Message_Block[t * 4 + 3]);
          270  +  }
          271  +
          272  +  for (t = 16; t < 80; t++)
          273  +    W[t] = SHA1_ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
          274  +
          275  +  A = context->Intermediate_Hash[0];
          276  +  B = context->Intermediate_Hash[1];
          277  +  C = context->Intermediate_Hash[2];
          278  +  D = context->Intermediate_Hash[3];
          279  +  E = context->Intermediate_Hash[4];
          280  +
          281  +  for (t = 0; t < 20; t++) {
          282  +    temp = SHA1_ROTL(5,A) + SHA_Ch(B, C, D) + E + W[t] + K[0];
          283  +    E = D;
          284  +    D = C;
          285  +    C = SHA1_ROTL(30,B);
          286  +    B = A;
          287  +    A = temp;
          288  +  }
          289  +
          290  +  for (t = 20; t < 40; t++) {
          291  +    temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1];
          292  +    E = D;
          293  +    D = C;
          294  +    C = SHA1_ROTL(30,B);
          295  +    B = A;
          296  +    A = temp;
          297  +  }
   242    298   
   243         -    /*
   244         -     *  Initialize the first 16 words in the array W
   245         -     */
   246         -    for(t = 0; t < 16; t++)
   247         -    {
   248         -        W[t] = context->Message_Block[t * 4] << 24;
   249         -        W[t] |= context->Message_Block[t * 4 + 1] << 16;
   250         -        W[t] |= context->Message_Block[t * 4 + 2] << 8;
   251         -        W[t] |= context->Message_Block[t * 4 + 3];
   252         -    }
          299  +  for (t = 40; t < 60; t++) {
          300  +    temp = SHA1_ROTL(5,A) + SHA_Maj(B, C, D) + E + W[t] + K[2];
          301  +    E = D;
          302  +    D = C;
          303  +    C = SHA1_ROTL(30,B);
          304  +    B = A;
          305  +    A = temp;
          306  +  }
   253    307   
   254         -    for(t = 16; t < 80; t++)
   255         -    {
   256         -       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
   257         -    }
   258         -
   259         -    A = context->Intermediate_Hash[0];
   260         -    B = context->Intermediate_Hash[1];
   261         -    C = context->Intermediate_Hash[2];
   262         -    D = context->Intermediate_Hash[3];
   263         -    E = context->Intermediate_Hash[4];
   264         -
   265         -    for(t = 0; t < 20; t++)
   266         -    {
   267         -        temp =  SHA1CircularShift(5,A) +
   268         -                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
   269         -        E = D;
   270         -        D = C;
   271         -        C = SHA1CircularShift(30,B);
   272         -        B = A;
   273         -        A = temp;
   274         -    }
          308  +  for (t = 60; t < 80; t++) {
          309  +    temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[3];
          310  +    E = D;
          311  +    D = C;
          312  +    C = SHA1_ROTL(30,B);
          313  +    B = A;
          314  +    A = temp;
          315  +  }
   275    316   
   276         -    for(t = 20; t < 40; t++)
   277         -    {
   278         -        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
   279         -        E = D;
   280         -        D = C;
   281         -        C = SHA1CircularShift(30,B);
   282         -        B = A;
   283         -        A = temp;
   284         -    }
   285         -
   286         -    for(t = 40; t < 60; t++)
   287         -    {
   288         -        temp = SHA1CircularShift(5,A) +
   289         -               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
   290         -        E = D;
   291         -        D = C;
   292         -        C = SHA1CircularShift(30,B);
   293         -        B = A;
   294         -        A = temp;
   295         -    }
   296         -
   297         -    for(t = 60; t < 80; t++)
   298         -    {
   299         -        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
   300         -        E = D;
   301         -        D = C;
   302         -        C = SHA1CircularShift(30,B);
   303         -        B = A;
   304         -        A = temp;
   305         -    }
   306         -
   307         -    context->Intermediate_Hash[0] += A;
   308         -    context->Intermediate_Hash[1] += B;
   309         -    context->Intermediate_Hash[2] += C;
   310         -    context->Intermediate_Hash[3] += D;
   311         -    context->Intermediate_Hash[4] += E;
   312         -
   313         -    context->Message_Block_Index = 0;
          317  +  context->Intermediate_Hash[0] += A;
          318  +  context->Intermediate_Hash[1] += B;
          319  +  context->Intermediate_Hash[2] += C;
          320  +  context->Intermediate_Hash[3] += D;
          321  +  context->Intermediate_Hash[4] += E;
          322  +  context->Message_Block_Index = 0;
   314    323   }
   315    324   
          325  +/*
          326  + * SHA1Finalize
          327  + *
          328  + * Description:
          329  + *   This helper function finishes off the digest calculations.
          330  + *
          331  + * Parameters:
          332  + *   context: [in/out]
          333  + *     The SHA context to update.
          334  + *   Pad_Byte: [in]
          335  + *     The last byte to add to the message block before the 0-padding
          336  + *     and length.  This will contain the last bits of the message
          337  + *     followed by another single bit.  If the message was an
          338  + *     exact multiple of 8-bits long, Pad_Byte will be 0x80.
          339  + *
          340  + * Returns:
          341  + *   sha Error Code.
          342  + *
          343  + */
          344  +static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte)
          345  +{
          346  +  int i;
          347  +  SHA1PadMessage(context, Pad_Byte);
          348  +  /* message may be sensitive, clear it out */
          349  +  for (i = 0; i < SHA1_Message_Block_Size; ++i)
          350  +    context->Message_Block[i] = 0;
          351  +  context->Length_High = 0;     /* and clear length */
          352  +  context->Length_Low = 0;
          353  +  context->Computed = 1;
          354  +}
   316    355   
   317    356   /*
   318         - *  SHA1PadMessage
          357  + * SHA1PadMessage
          358  + *
          359  + * Description:
          360  + *   According to the standard, the message must be padded to the next
          361  + *   even multiple of 512 bits.  The first padding bit must be a '1'.
          362  + *   The last 64 bits represent the length of the original message.
          363  + *   All bits in between should be 0.  This helper function will pad
          364  + *   the message according to those rules by filling the Message_Block
          365  + *   array accordingly.  When it returns, it can be assumed that the
          366  + *   message digest has been computed.
   319    367    *
   320         - *  Description:
   321         - *      According to the standard, the message must be padded to an even
   322         - *      512 bits.  The first padding bit must be a '1'.  The last 64
   323         - *      bits represent the length of the original message.  All bits in
   324         - *      between should be 0.  This function will pad the message
   325         - *      according to those rules by filling the Message_Block array
   326         - *      accordingly.  It will also call the ProcessMessageBlock function
   327         - *      provided appropriately.  When it returns, it can be assumed that
   328         - *      the message digest has been computed.
          368  + * Parameters:
          369  + *   context: [in/out]
          370  + *     The context to pad.
          371  + *   Pad_Byte: [in]
          372  + *     The last byte to add to the message block before the 0-padding
          373  + *     and length.  This will contain the last bits of the message
          374  + *     followed by another single bit.  If the message was an
          375  + *     exact multiple of 8-bits long, Pad_Byte will be 0x80.
   329    376    *
   330         - *  Parameters:
   331         - *      context: [in/out]
   332         - *          The context to pad
   333         - *      ProcessMessageBlock: [in]
   334         - *          The appropriate SHA*ProcessMessageBlock function
   335         - *  Returns:
   336         - *      Nothing.
   337         - *
          377  + * Returns:
          378  + *   Nothing.
   338    379    */
   339         -
   340         -static void SHA1PadMessage(SHA1Context *context)
          380  +static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte)
   341    381   {
   342         -    /*
   343         -     *  Check to see if the current message block is too small to hold
   344         -     *  the initial padding bits and length.  If so, we will pad the
   345         -     *  block, process it, and then continue padding into a second
   346         -     *  block.
   347         -     */
   348         -    if (context->Message_Block_Index > 55)
   349         -    {
   350         -        context->Message_Block[context->Message_Block_Index++] = 0x80;
   351         -        while(context->Message_Block_Index < 64)
   352         -        {
   353         -            context->Message_Block[context->Message_Block_Index++] = 0;
   354         -        }
   355         -
   356         -        SHA1ProcessMessageBlock(context);
   357         -
   358         -        while(context->Message_Block_Index < 56)
   359         -        {
   360         -            context->Message_Block[context->Message_Block_Index++] = 0;
   361         -        }
   362         -    }
   363         -    else
   364         -    {
   365         -        context->Message_Block[context->Message_Block_Index++] = 0x80;
   366         -        while(context->Message_Block_Index < 56)
   367         -        {
   368         -            context->Message_Block[context->Message_Block_Index++] = 0;
   369         -        }
   370         -    }
   371         -
   372         -    /*
   373         -     *  Store the message length as the last 8 octets
   374         -     */
   375         -    context->Message_Block[56] = context->Length_High >> 24;
   376         -    context->Message_Block[57] = context->Length_High >> 16;
   377         -    context->Message_Block[58] = context->Length_High >> 8;
   378         -    context->Message_Block[59] = context->Length_High;
   379         -    context->Message_Block[60] = context->Length_Low >> 24;
   380         -    context->Message_Block[61] = context->Length_Low >> 16;
   381         -    context->Message_Block[62] = context->Length_Low >> 8;
   382         -    context->Message_Block[63] = context->Length_Low;
          382  +  /*
          383  +   * Check to see if the current message block is too small to hold
          384  +   * the initial padding bits and length.  If so, we will pad the
          385  +   * block, process it, and then continue padding into a second
          386  +   * block.
          387  +   */
          388  +  if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) {
          389  +    context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
          390  +    while (context->Message_Block_Index < SHA1_Message_Block_Size)
          391  +      context->Message_Block[context->Message_Block_Index++] = 0;
   383    392   
   384    393       SHA1ProcessMessageBlock(context);
          394  +  } else
          395  +    context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
          396  +
          397  +  while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8))
          398  +    context->Message_Block[context->Message_Block_Index++] = 0;
          399  +
          400  +  /*
          401  +   * Store the message length as the last 8 octets
          402  +   */
          403  +  context->Message_Block[56] = (uint8_t) (context->Length_High >> 24);
          404  +  context->Message_Block[57] = (uint8_t) (context->Length_High >> 16);
          405  +  context->Message_Block[58] = (uint8_t) (context->Length_High >> 8);
          406  +  context->Message_Block[59] = (uint8_t) (context->Length_High);
          407  +  context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24);
          408  +  context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16);
          409  +  context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8);
          410  +  context->Message_Block[63] = (uint8_t) (context->Length_Low);
          411  +
          412  +  SHA1ProcessMessageBlock(context);
   385    413   }
          414  +