core: Use FreeBSD's public domain SHA1 instead of OpenSSL's so that jettisoning OpenSSL is an option.

GNUmakefile

@@ -16,9 +16,9 @@ MAKEFLAGS += --no-builtin-rules
 ## LD := Linker.
 ## ANDROID_SDK := Path to the Android SDK.
 
-VERSION_CODE := 43
-VERSION_CODE_IOS := 17
-VERSION_NUMBER := 0.2025.9
+VERSION_CODE := 44
+VERSION_CODE_IOS := 18
+VERSION_NUMBER := 0.2025.10-wip
 VERSION_NAME := This program kills fascists.
 
 IPHONEOS_VERSION_MIN=14.0

apps/ssb.json

@@ -1,5 +1,5 @@
 {
 	"type": "tildefriends-app",
 	"emoji": "🦀",
-	"previous": "&IDzjVQjtPyhesUrl45qkZFjzWl0xVlj+2M/XXQRvXO0=.sha256"
+	"previous": "&01jXxJgs24zTcJk+csXeUWfm/MQ/+94Zy7K0r2OYmWw=.sha256"
 }

apps/ssb/tf-message.js

@@ -644,6 +644,35 @@ class TfMessageElement extends LitElement {
 		return result;
 	}
 
+	channel_group_by_author() {
+		let sorted = this.message.messages
+			.map((x) => [
+				x.author,
+				x.content.subscribed ? 'subscribed to' : 'unsubscribed from',
+				x.content.channel,
+				x,
+			])
+			.sort();
+		let result = [];
+		let last;
+		let group;
+		for (let row of sorted) {
+			if (last && last[0] == row[0] && last[1] == row[1]) {
+				group.push(row[2]);
+			} else {
+				if (group) {
+					result.push({author: last[0], action: last[1], channels: group});
+				}
+				last = row;
+				group = [row[2]];
+			}
+		}
+		if (group) {
+			result.push({author: last[0], action: last[1], channels: group});
+		}
+		return result;
+	}
+
 	allow_unread() {
 		return (
 			this.channel == '@' ||
@@ -719,6 +748,55 @@ class TfMessageElement extends LitElement {
 					</button>
 				`);
 			}
+		} else if (this.message?.type === 'channel_group') {
+			if (this.expanded[this.expanded_key()]) {
+				return this.render_frame(html`
+					<div class="w3-padding">
+						${this.message.messages.map(
+							(x) =>
+								html`<tf-message
+									.message=${x}
+									whoami=${this.whoami}
+									.users=${this.users}
+									.drafts=${this.drafts}
+									.expanded=${this.expanded}
+									channel=${this.channel}
+									channel_unread=${this.channel_unread}
+								></tf-message>`
+						)}
+					</div>
+					<button
+						class="w3-button w3-theme-d1 w3-block w3-bar"
+						style="box-sizing: border-box"
+						@click=${() => self.set_expanded(false)}
+					>
+						Collapse
+					</button>
+				`);
+			} else {
+				return this.render_frame(html`
+					<div class="w3-padding">
+						${this.channel_group_by_author().map(
+							(x) => html`
+								<div>
+									<tf-user id=${x.author} .users=${this.users}></tf-user>
+									${x.action}
+									${x.channels.map(
+										(y) => html` <tf-tag tag=${'#' + y}></tf-tag> `
+									)}
+								</div>
+							`
+						)}
+					</div>
+					<button
+						class="w3-button w3-theme-d1 w3-block w3-bar"
+						style="box-sizing: border-box"
+						@click=${() => self.set_expanded(true)}
+					>
+						Expand
+					</button>
+				`);
+			}
 		} else if (this.message.placeholder) {
 			return this.render_frame(
 				html`<div>

apps/ssb/tf-news.js

@@ -160,11 +160,29 @@ class TfNewsElement extends LitElement {
 		return recursive_sort(roots, true);
 	}
 
-	group_following(messages) {
+	group_messages(messages) {
 		let result = [];
 		let group = [];
+		let type = undefined;
 		for (let message of messages) {
-			if (message?.content?.type === 'contact') {
+			if (
+				message?.content?.type === 'contact' ||
+				message?.content?.type === 'channel'
+			) {
+				if (type && message.content.type !== type) {
+					if (group.length == 1) {
+						result.push(group[0]);
+						group = [];
+					} else if (group.length > 1) {
+						result.push({
+							rowid: Math.max(...group.map((x) => x.rowid)),
+							type: `${type}_group`,
+							messages: group,
+						});
+						group = [];
+					}
+				}
+				type = message.content.type;
 				group.push(message);
 			} else {
 				if (group.length == 1) {
@@ -173,12 +191,13 @@ class TfNewsElement extends LitElement {
 				} else if (group.length > 1) {
 					result.push({
 						rowid: Math.max(...group.map((x) => x.rowid)),
-						type: 'contact_group',
+						type: `${type}_group`,
 						messages: group,
 					});
 					group = [];
 				}
 				result.push(message);
+				type = undefined;
 			}
 		}
 		if (group.length == 1) {
@@ -187,7 +206,7 @@ class TfNewsElement extends LitElement {
 		} else if (group.length > 1) {
 			result.push({
 				rowid: Math.max(...group.map((x) => x.rowid)),
-				type: 'contact_group',
+				type: `${type}_group`,
 				messages: group,
 			});
 		}
@@ -200,7 +219,7 @@ class TfNewsElement extends LitElement {
 
 	load_and_render(messages) {
 		let messages_by_id = this.process_messages(messages);
-		let final_messages = this.group_following(
+		let final_messages = this.group_messages(
 			this.finalize_messages(messages_by_id)
 		);
 		let unread_rowid = -1;

apps/welcome.json

@@ -1,5 +1,5 @@
 {
 	"type": "tildefriends-app",
 	"emoji": "👋",
-	"previous": "&5NkMRSgcMqCYF3xcLOBmaytkoxfV9zx4br7JladKPTs=.sha256"
+	"previous": "&ijyL/pyTwguBd9njagU7Vpc/1EyRermZuzrlq1mnzbY=.sha256"
 }

apps/welcome/index.html

@@ -104,7 +104,7 @@
 												src="googleplay.svg"
 												style="height: 2em; margin: 0"
 											/>
-											Get it on Google Play (Open Testing)
+											Get it on Google Play
 										</a>
 										<a
 											class="w3-button w3-round-large w3-padding w3-blue-gray w3-margin-top"
@@ -298,7 +298,7 @@
 
 		<!-- Technlology Section -->
 		<div class="w3-container w3-padding-64 w3-light-grey w3-center">
-			<h1 class="w3-jumbo"><b>Built the Old Fashioned Way</b></h1>
+			<h1 class="w3-jumbo"><b>Built to Last</b></h1>
 			<p>
 				Tilde Friends strives to use only simple and widely adopted dependencies
 				in order to keep it easy to build for all sorts of platforms and

default.nix

@@ -25,14 +25,14 @@
 }:
 pkgs.stdenv.mkDerivation rec {
   pname = "tildefriends";
-  version = "0.2025.8";
+  version = "0.2025.9";
 
   src = pkgs.fetchFromGitea {
     domain = "dev.tildefriends.net";
     owner = "cory";
     repo = "tildefriends";
     rev = "v${version}";
-    hash = "sha256-N/5lp8RL19B6Z43kRxx7c01WVJkK44a/wwNgRJPk5uI=";
+    hash = "sha256-1nhsfhdOO5HIiiTMb+uROB8nDPL/UpOYm52hZ/OpPyk=";
     fetchSubmodules = true;
   };
 

flake.lock

@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756217674,
-        "narHash": "sha256-TH1SfSP523QI7kcPiNtMAEuwZR3Jdz0MCDXPs7TS8uo=",
+        "lastModified": 1758589230,
+        "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4e7667a90c167f7a81d906e5a75cba4ad8bee620",
+        "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0",
         "type": "github"
       },
       "original": {

src/android/AndroidManifest.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
 	package="com.unprompted.tildefriends"
-	android:versionCode="43"
-	android:versionName="0.2025.9">
+	android:versionCode="44"
+	android:versionName="0.2025.10-wip">
 	<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
 	<uses-permission android:name="android.permission.INTERNET"/>
 	<application

src/bcrypt.js.c

@@ -1,42 +0,0 @@
-#include "bcrypt.js.h"
-
-#include "task.h"
-
-#include "ow-crypt.h"
-#include "quickjs.h"
-#include "uv.h"
-
-static JSValue _crypt_hashpw(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
-{
-	const char* key = JS_ToCString(context, argv[0]);
-	const char* salt = JS_ToCString(context, argv[1]);
-	char output[7 + 22 + 31 + 1];
-	char* hash = crypt_rn(key, salt, output, sizeof(output));
-	JSValue result = JS_NewString(context, hash);
-	JS_FreeCString(context, key);
-	JS_FreeCString(context, salt);
-	return result;
-}
-
-static JSValue _crypt_gensalt(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
-{
-	int length = 0;
-	JS_ToInt32(context, &length, argv[0]);
-	char buffer[16];
-	tf_task_t* task = tf_task_get(context);
-	size_t bytes = uv_random(tf_task_get_loop(task), &(uv_random_t) { 0 }, buffer, sizeof(buffer), 0, NULL) == 0 ? sizeof(buffer) : 0;
-	char output[7 + 22 + 1];
-	char* salt = crypt_gensalt_rn("$2b$", length, buffer, bytes, output, sizeof(output));
-	JSValue result = JS_NewString(context, salt);
-	return result;
-}
-
-void tf_bcrypt_register(JSContext* context)
-{
-	JSValue global = JS_GetGlobalObject(context);
-	JSValue bcrypt = JS_NewObject(context);
-	JS_SetPropertyStr(context, global, "bCrypt", bcrypt);
-	JS_SetPropertyStr(context, bcrypt, "hashpw", JS_NewCFunction(context, _crypt_hashpw, "hashpw", 2));
-	JS_SetPropertyStr(context, bcrypt, "gensalt", JS_NewCFunction(context, _crypt_gensalt, "gensalt", 1));
-	JS_FreeValue(context, global);
-}

src/bcrypt.js.h

@@ -1,19 +0,0 @@
-#pragma once
-
-/**
-** \defgroup bcrypt_js bCrypt
-** Exposes bcrypt to script, where it is used for hashing and verifying
-** passwords.
-** @{
-*/
-
-/** A JS context. */
-typedef struct JSContext JSContext;
-
-/**
-** Register the bcrypt script interface.
-** @param context The JS context.
-*/
-void tf_bcrypt_register(JSContext* context);
-
-/** @} */

src/httpd.js.c

@@ -4,6 +4,7 @@
 #include "http.h"
 #include "log.h"
 #include "mem.h"
+#include "sha1.h"
 #include "ssb.db.h"
 #include "task.h"
 #include "tls.h"
@@ -14,8 +15,6 @@
 #include "sodium/crypto_sign.h"
 #include "sodium/utils.h"
 
-#include <openssl/sha.h>
-
 #define CYAN "\e[1;36m"
 #define MAGENTA "\e[1;35m"
 #define YELLOW "\e[1;33m"
@@ -169,8 +168,13 @@ static JSValue _httpd_websocket_upgrade(JSContext* context, JSValueConst this_va
 		uint8_t* key_magic = alloca(size);
 		memcpy(key_magic, header_sec_websocket_key, key_length);
 		memcpy(key_magic + key_length, k_magic, 36);
+
 		uint8_t digest[20];
-		SHA1(key_magic, size, digest);
+		SHA1_CTX sha1 = { 0 };
+		SHA1Init(&sha1);
+		SHA1Update(&sha1, key_magic, size);
+		SHA1Final(digest, &sha1);
+
 		char key[41] = { 0 };
 		tf_base64_encode(digest, sizeof(digest), key, sizeof(key));
 

src/ios/Info.plist

@@ -13,13 +13,13 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>0.2025.9</string>
+	<string>0.2025.10</string>
 	<key>CFBundleSupportedPlatforms</key>
 	<array>
 		<string>iPhoneOS</string>
 	</array>
 	<key>CFBundleVersion</key>
-	<string>17</string>
+	<string>18</string>
 	<key>DTPlatformName</key>
 	<string>iphoneos</string>
 	<key>LSRequiresIPhoneOS</key>

src/sha1.c

@@ -0,0 +1,329 @@
+/*
+ * SHA1 hash implementation and interface functions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "sha1.h"
+
+#include <stddef.h>
+#include <string.h>
+
+/* ===== start - public domain SHA1 implementation ===== */
+
+/*
+SHA-1 in C
+By Steve Reid <sreid@sea-to-sky.net>
+100% Public Domain
+
+-----------------
+Modified 7/98
+By James H. Brown <jbrown@burgoyne.com>
+Still 100% Public Domain
+
+Corrected a problem which generated improper hash values on 16 bit machines
+Routine SHA1Update changed from
+	void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int
+len)
+to
+	void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned
+long len)
+
+The 'len' parameter was declared an int which works fine on 32 bit machines.
+However, on 16 bit machines an int is too small for the shifts being done
+against it.  This caused the hash function to generate incorrect values if len
+was greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update().
+
+Since the file IO in main() reads 16K at a time, any file 8K or larger would be
+guaranteed to generate the wrong hash (e.g. Test Vector #3, a million "a"s).
+
+I also changed the declaration of variables i & j in SHA1Update to unsigned
+long from unsigned int for the same reason.
+
+These changes should make no difference to any 32 bit implementations since an
+int and a long are the same size in those environments.
+
+--
+I also corrected a few compiler warnings generated by Borland C.
+1. Added #include <process.h> for exit() prototype
+2. Removed unused variable 'j' in SHA1Final
+3. Changed exit(0) to return(0) at end of main.
+
+ALL changes I made can be located by searching for comments containing 'JHB'
+-----------------
+Modified 8/98
+By Steve Reid <sreid@sea-to-sky.net>
+Still 100% public domain
+
+1- Removed #include <process.h> and used return() instead of exit()
+2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall)
+3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net
+
+-----------------
+Modified 4/01
+By Saul Kravitz <Saul.Kravitz@celera.com>
+Still 100% PD
+Modified to run on Compaq Alpha hardware.
+
+-----------------
+Modified 4/01
+By Jouni Malinen <j@w1.fi>
+Minor changes to match the coding style used in Dynamics.
+
+Modified September 24, 2004
+By Jouni Malinen <j@w1.fi>
+Fixed alignment issue in SHA1Transform when SHA1HANDSOFF is defined.
+
+-----------------
+Modified September 29, 2025
+By Cory McWilliams <cory@tildefriends.net>
+Adapted from
+https://web.mit.edu/freebsd/head/contrib/wpa/src/crypto/sha1-internal.c.
+Modified to build outside of FreeBSD.  Updated with clang-format.
+
+*/
+
+/*
+Test Vectors (from FIPS PUB 180-1)
+"abc"
+  A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+  84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+A million repetitions of "a"
+  34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+*/
+
+#define SHA1HANDSOFF
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+/* I got the idea of expanding during the round function from SSLeay */
+#ifndef WORDS_BIGENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | (rol(block->l[i], 8) & 0x00FF00FF))
+#else
+#define blk0(i) block->l[i]
+#endif
+#define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v, w, x, y, z, i) \
+	z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \
+	w = rol(w, 30);
+#define R1(v, w, x, y, z, i) \
+	z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \
+	w = rol(w, 30);
+#define R2(v, w, x, y, z, i) \
+	z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \
+	w = rol(w, 30);
+#define R3(v, w, x, y, z, i) \
+	z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \
+	w = rol(w, 30);
+#define R4(v, w, x, y, z, i) \
+	z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \
+	w = rol(w, 30);
+
+#ifdef VERBOSE /* SAK */
+void SHAPrintContext(SHA1_CTX* context, char* msg)
+{
+	printf("%s (%d,%d) %x %x %x %x %x\n", msg, context->count[0], context->count[1], context->state[0], context->state[1], context->state[2], context->state[3], context->state[4]);
+}
+#endif
+
+/* Hash a single 512-bit block. This is the core of the algorithm. */
+
+void SHA1Transform(uint32_t state[5], const unsigned char buffer[64])
+{
+	uint32_t a, b, c, d, e;
+	typedef union
+	{
+		unsigned char c[64];
+		uint32_t l[16];
+	} CHAR64LONG16;
+	CHAR64LONG16* block;
+#ifdef SHA1HANDSOFF
+	CHAR64LONG16 workspace;
+	block = &workspace;
+	memcpy(block, buffer, 64);
+#else
+	block = (CHAR64LONG16*)buffer;
+#endif
+	/* Copy context->state[] to working vars */
+	a = state[0];
+	b = state[1];
+	c = state[2];
+	d = state[3];
+	e = state[4];
+	/* 4 rounds of 20 operations each. Loop unrolled. */
+	R0(a, b, c, d, e, 0);
+	R0(e, a, b, c, d, 1);
+	R0(d, e, a, b, c, 2);
+	R0(c, d, e, a, b, 3);
+	R0(b, c, d, e, a, 4);
+	R0(a, b, c, d, e, 5);
+	R0(e, a, b, c, d, 6);
+	R0(d, e, a, b, c, 7);
+	R0(c, d, e, a, b, 8);
+	R0(b, c, d, e, a, 9);
+	R0(a, b, c, d, e, 10);
+	R0(e, a, b, c, d, 11);
+	R0(d, e, a, b, c, 12);
+	R0(c, d, e, a, b, 13);
+	R0(b, c, d, e, a, 14);
+	R0(a, b, c, d, e, 15);
+	R1(e, a, b, c, d, 16);
+	R1(d, e, a, b, c, 17);
+	R1(c, d, e, a, b, 18);
+	R1(b, c, d, e, a, 19);
+	R2(a, b, c, d, e, 20);
+	R2(e, a, b, c, d, 21);
+	R2(d, e, a, b, c, 22);
+	R2(c, d, e, a, b, 23);
+	R2(b, c, d, e, a, 24);
+	R2(a, b, c, d, e, 25);
+	R2(e, a, b, c, d, 26);
+	R2(d, e, a, b, c, 27);
+	R2(c, d, e, a, b, 28);
+	R2(b, c, d, e, a, 29);
+	R2(a, b, c, d, e, 30);
+	R2(e, a, b, c, d, 31);
+	R2(d, e, a, b, c, 32);
+	R2(c, d, e, a, b, 33);
+	R2(b, c, d, e, a, 34);
+	R2(a, b, c, d, e, 35);
+	R2(e, a, b, c, d, 36);
+	R2(d, e, a, b, c, 37);
+	R2(c, d, e, a, b, 38);
+	R2(b, c, d, e, a, 39);
+	R3(a, b, c, d, e, 40);
+	R3(e, a, b, c, d, 41);
+	R3(d, e, a, b, c, 42);
+	R3(c, d, e, a, b, 43);
+	R3(b, c, d, e, a, 44);
+	R3(a, b, c, d, e, 45);
+	R3(e, a, b, c, d, 46);
+	R3(d, e, a, b, c, 47);
+	R3(c, d, e, a, b, 48);
+	R3(b, c, d, e, a, 49);
+	R3(a, b, c, d, e, 50);
+	R3(e, a, b, c, d, 51);
+	R3(d, e, a, b, c, 52);
+	R3(c, d, e, a, b, 53);
+	R3(b, c, d, e, a, 54);
+	R3(a, b, c, d, e, 55);
+	R3(e, a, b, c, d, 56);
+	R3(d, e, a, b, c, 57);
+	R3(c, d, e, a, b, 58);
+	R3(b, c, d, e, a, 59);
+	R4(a, b, c, d, e, 60);
+	R4(e, a, b, c, d, 61);
+	R4(d, e, a, b, c, 62);
+	R4(c, d, e, a, b, 63);
+	R4(b, c, d, e, a, 64);
+	R4(a, b, c, d, e, 65);
+	R4(e, a, b, c, d, 66);
+	R4(d, e, a, b, c, 67);
+	R4(c, d, e, a, b, 68);
+	R4(b, c, d, e, a, 69);
+	R4(a, b, c, d, e, 70);
+	R4(e, a, b, c, d, 71);
+	R4(d, e, a, b, c, 72);
+	R4(c, d, e, a, b, 73);
+	R4(b, c, d, e, a, 74);
+	R4(a, b, c, d, e, 75);
+	R4(e, a, b, c, d, 76);
+	R4(d, e, a, b, c, 77);
+	R4(c, d, e, a, b, 78);
+	R4(b, c, d, e, a, 79);
+	/* Add the working vars back into context.state[] */
+	state[0] += a;
+	state[1] += b;
+	state[2] += c;
+	state[3] += d;
+	state[4] += e;
+	/* Wipe variables */
+	a = b = c = d = e = 0;
+#ifdef SHA1HANDSOFF
+	memset(block, 0, 64);
+#endif
+}
+
+/* SHA1Init - Initialize new context */
+
+void SHA1Init(SHA1_CTX* context)
+{
+	/* SHA1 initialization constants */
+	context->state[0] = 0x67452301;
+	context->state[1] = 0xEFCDAB89;
+	context->state[2] = 0x98BADCFE;
+	context->state[3] = 0x10325476;
+	context->state[4] = 0xC3D2E1F0;
+	context->count[0] = context->count[1] = 0;
+}
+
+/* Run your data through this. */
+
+void SHA1Update(SHA1_CTX* context, const void* _data, uint32_t len)
+{
+	uint32_t i, j;
+	const unsigned char* data = _data;
+
+#ifdef VERBOSE
+	SHAPrintContext(context, "before");
+#endif
+	j = (context->count[0] >> 3) & 63;
+	if ((context->count[0] += len << 3) < (len << 3))
+		context->count[1]++;
+	context->count[1] += (len >> 29);
+	if ((j + len) > 63)
+	{
+		memcpy(&context->buffer[j], data, (i = 64 - j));
+		SHA1Transform(context->state, context->buffer);
+		for (; i + 63 < len; i += 64)
+		{
+			SHA1Transform(context->state, &data[i]);
+		}
+		j = 0;
+	}
+	else
+		i = 0;
+	memcpy(&context->buffer[j], &data[i], len - i);
+#ifdef VERBOSE
+	SHAPrintContext(context, "after ");
+#endif
+}
+
+/* Add padding and return the message digest. */
+
+void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
+{
+	uint32_t i;
+	unsigned char finalcount[8];
+
+	for (i = 0; i < 8; i++)
+	{
+		/* Endian independent */
+		finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] >> ((3 - (i & 3)) * 8)) & 255);
+	}
+	SHA1Update(context, (unsigned char*)"\200", 1);
+	while ((context->count[0] & 504) != 448)
+	{
+		SHA1Update(context, (unsigned char*)"\0", 1);
+	}
+	/* Should cause a SHA1Transform() */
+	SHA1Update(context, finalcount, 8);
+	for (i = 0; i < 20; i++)
+	{
+		digest[i] = (unsigned char)((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255);
+	}
+	/* Wipe variables */
+	i = 0;
+	memset(context->buffer, 0, 64);
+	memset(context->state, 0, 20);
+	memset(context->count, 0, 8);
+	memset(finalcount, 0, 8);
+}
+
+/* ===== end - public domain SHA1 implementation ===== */

src/sha1.h

@@ -0,0 +1,71 @@
+/*
+ * SHA1 internal definitions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+/**
+** \defgroup sha1 SHA1
+** SHA1 API.
+** Adapted from
+** https://web.mit.edu/freebsd/head/contrib/wpa/src/crypto/sha1_i.h by Cory
+** McWilliams 2025-09-28.
+** @{
+*/
+
+#ifndef SHA1_I_H
+#define SHA1_I_H
+
+#include <inttypes.h>
+
+/**
+** SHA1 context struct.
+*/
+struct SHA1Context
+{
+	/** SHA1 state. */
+	uint32_t state[5];
+	/** SHA1 count. */
+	uint32_t count[2];
+	/** SHA1 buffer. */
+	unsigned char buffer[64];
+};
+
+/**
+** SHA1 context.
+*/
+typedef struct SHA1Context SHA1_CTX;
+
+/**
+** Initialize a SHA1 context.
+** @param context The context.
+*/
+void SHA1Init(struct SHA1Context* context);
+
+/**
+** Calculate an ongoing hash for a block of data.
+** @param context The SHA1 context.
+** @param data The data to hash.
+** @param len The length of data.
+*/
+void SHA1Update(struct SHA1Context* context, const void* data, uint32_t len);
+
+/**
+** Calculate the final hash digest.
+** @param digest Populated with the digest.
+** @param context The SHA1 context.
+*/
+void SHA1Final(unsigned char digest[20], struct SHA1Context* context);
+
+/**
+** Perform a SHA1 transformation.
+** @param state The SHA1 state.
+** @param buffer The data.
+*/
+void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]);
+
+#endif /* SHA1_I_H */
+
+/** @} */

src/task.c

@@ -1,7 +1,6 @@
 #include "task.h"
 
 #include "api.js.h"
-#include "bcrypt.js.h"
 #include "database.js.h"
 #include "file.js.h"
 #include "httpd.js.h"
@@ -1728,7 +1727,6 @@ void tf_task_activate(tf_task_t* task)
 		tf_trace_set_write_callback(task->_trace, _tf_task_trace_to_parent, task);
 	}
 
-	tf_bcrypt_register(context);
 	tf_util_register(context);
 	JS_SetPropertyStr(context, global, "exit", JS_NewCFunction(context, _tf_task_exit, "exit", 1));
 	JS_SetPropertyStr(context, global, "version", JS_NewCFunction(context, _tf_task_version, "version", 0));

src/version.h

@@ -1,2 +1,2 @@
-#define VERSION_NUMBER "0.2025.9"
+#define VERSION_NUMBER "0.2025.10-wip"
 #define VERSION_NAME "This program kills fascists."