sha1: move this to private websocket API

Nothing else uses it, and nothing else *should* use it because SHA1 is insecure.
WebSockets have to use it by definition, unfortunately.  The implementation is
not very fast, but doesn't have to be for the use case of websocket keying.

10 files changed, 51 insertions, 67 deletions

diff --git a/docs/ref/migrate/nng1.md b/docs/ref/migrate/nng1.md
index 4aa805bb..65f1a81e 100644
--- a/docs/ref/migrate/nng1.md
+++ b/docs/ref/migrate/nng1.md
@@ -19,6 +19,27 @@ The `nng_close` function has been renamed to [`nng_socket_close`] to make it cle
 the object being closed is a socket. A compatible `nng_close` macro is available by defining `NNG1_TRANSITION`
 in your compilation environment.
 
+## Removed Protocol Aliases
+
+The following macro aliases are removed, unless `NNG1_TRANSITION` is defined in your compilation environment.
+
+- `nng_bus_open`
+- `nng_pair_open`
+- `nng_pub_open`
+- `nng_pull_open`
+- `nng_push_open`
+- `nng_rep_open`
+- `nng_req_open`
+- `nng_respondent_open`
+- `nng_sub_open`
+- `nng_surveyor_open`
+
+Just add either `0` or `1` (in the case of PAIRv1) to get the protocol desired. (Forcing the version number to
+be supplied should avoid surprises later as new versions of protocols are added.)
+
+Additionally, the header files for protocols are now empty, as all of their content has been moved to `nng/nng.h`.
+Please remove `#include` references to protocol headers as we anticipate removing them in the future.
+
 ## New AIO Error Code NNG_ESTOPPED
 
 When an operation fails with [`NNG_ESTOPPED`], it means that the associated [`nni_aio`] object has
diff --git a/src/supplemental/CMakeLists.txt b/src/supplemental/CMakeLists.txt
index 2dcf228e..9bbddc44 100644
--- a/src/supplemental/CMakeLists.txt
+++ b/src/supplemental/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2024 Staysail Systems, Inc. <info@staystail.tech>
+# Copyright 2025 Staysail Systems, Inc. <info@staystail.tech>
 #
 # This software is supplied under the terms of the MIT License, a
 # copy of which should be located in the distribution where this
@@ -11,7 +11,6 @@ nng_directory(supplemental)
 
 add_subdirectory(base64)
 add_subdirectory(http)
-add_subdirectory(sha1)
 add_subdirectory(tls)
 add_subdirectory(util)
 add_subdirectory(websocket)
diff --git a/src/supplemental/sha1/CMakeLists.txt b/src/supplemental/sha1/CMakeLists.txt
deleted file mode 100644
index de301b08..00000000
--- a/src/supplemental/sha1/CMakeLists.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
-# Copyright 2017 Capitar IT Group BV <info@capitar.com>
-#
-# This software is supplied under the terms of the MIT License, a
-# copy of which should be located in the distribution where this
-# file was obtained (LICENSE.txt).  A copy of the license may also be
-# found online at https://opensource.org/licenses/MIT.
-#
-
-nng_sources_if(NNG_SUPP_SHA1 sha1.c sha1.h)
-nng_test(sha1_test)
diff --git a/src/supplemental/websocket/CMakeLists.txt b/src/supplemental/websocket/CMakeLists.txt
index 200aeee4..5d2f4b0c 100644
--- a/src/supplemental/websocket/CMakeLists.txt
+++ b/src/supplemental/websocket/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+# Copyright 2025 Staysail Systems, Inc. <info@staysail.tech>
 # Copyright 2017 Capitar IT Group BV <info@capitar.com>
 #
 # This software is supplied under the terms of the MIT License, a
@@ -9,7 +9,8 @@
 #
 
 if (NNG_SUPP_WEBSOCKET)
-    nng_sources(websocket.c websocket.h)
+    nng_sources(sha1.c sha1.h websocket.c websocket.h)
+    nng_test(sha1_test)
 else ()
     nng_sources(stub.c)
 endif ()
diff --git a/src/supplemental/sha1/sha1.c b/src/supplemental/websocket/sha1.c
index 228b497d..228b497d 100644
--- a/src/supplemental/sha1/sha1.c
+++ b/src/supplemental/websocket/sha1.c
diff --git a/src/supplemental/sha1/sha1.h b/src/supplemental/websocket/sha1.h
index adaa9a85..43b6f20d 100644
--- a/src/supplemental/sha1/sha1.h
+++ b/src/supplemental/websocket/sha1.h
@@ -1,5 +1,5 @@
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2025 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This software is supplied under the terms of the MIT License, a
@@ -8,8 +8,8 @@
 // found online at https://opensource.org/licenses/MIT.
 //
 
-#ifndef NNG_SUPPLEMENTAL_SHA1_SHA1_H
-#define NNG_SUPPLEMENTAL_SHA1_SHA1_H
+#ifndef NNG_SUPPLEMENTAL_WEBSOCKET_SHA1_H
+#define NNG_SUPPLEMENTAL_WEBSOCKET_SHA1_H
 
 typedef struct {
 	uint32_t digest[5]; // resulting digest
@@ -23,4 +23,4 @@ extern void nni_sha1_update(nni_sha1_ctx *, const void *, size_t);
 extern void nni_sha1_final(nni_sha1_ctx *, uint8_t[20]);
 extern void nni_sha1(const void *, size_t, uint8_t[20]);
 
-#endif // NNG_SUPPLEMENTAL_SHA1_SHA1_H
+#endif // NNG_SUPPLEMENTAL_WEBSOCKET_SHA1_H
diff --git a/src/supplemental/sha1/sha1_test.c b/src/supplemental/websocket/sha1_test.c
index 505175b0..505175b0 100644
--- a/src/supplemental/sha1/sha1_test.c
+++ b/src/supplemental/websocket/sha1_test.c
diff --git a/src/supplemental/websocket/websocket.c b/src/supplemental/websocket/websocket.c
index 6053c5c2..9cb1a677 100644
--- a/src/supplemental/websocket/websocket.c
+++ b/src/supplemental/websocket/websocket.c
@@ -14,10 +14,11 @@
 #include <string.h>
 
 #include "core/nng_impl.h"
-#include "supplemental/base64/base64.h"
 #include "supplemental/http/http_api.h"
-#include "supplemental/sha1/sha1.h"
 
+#include "supplemental/base64/base64.h"
+
+#include "sha1.h"
 #include "websocket.h"
 
 // This should be removed or handled differently in the future.
diff --git a/src/supplemental/websocket/websocket_test.c b/src/supplemental/websocket/websocket_test.c
index 91e42601..30ebb3f5 100644
--- a/src/supplemental/websocket/websocket_test.c
+++ b/src/supplemental/websocket/websocket_test.c
@@ -11,7 +11,7 @@
 
 #include <nng/nng.h>
 
-#include "../sha1/sha1.h"
+#include "sha1.h"
 
 #include <nuts.h>
 
diff --git a/tests/httpclient.c b/tests/httpclient.c
index e153a987..184fde31 100644
--- a/tests/httpclient.c
+++ b/tests/httpclient.c
@@ -20,26 +20,15 @@
 
 #include "core/nng_impl.h"
 
-#include "supplemental/sha1/sha1.c"
-#include "supplemental/sha1/sha1.h"
-
 #include "convey.h"
 #include "trantest.h"
 
-const uint8_t example_sum[20] = { 0x4a, 0x3c, 0xe8, 0xee, 0x11, 0xe0, 0x91,
-	0xdd, 0x79, 0x23, 0xf4, 0xd8, 0xc6, 0xe5, 0xb5, 0xe4, 0x1e, 0xc7, 0xc0,
-	0x47 };
-
-const uint8_t chunked_sum[20] = { 0x9b, 0x06, 0xfb, 0xee, 0x51, 0xc6, 0x42,
-	0x69, 0x1c, 0xb3, 0xaa, 0x38, 0xce, 0xb8, 0x0b, 0x3a, 0xc8, 0x3b, 0x96,
-	0x68 };
-
 TestMain("HTTP Client", {
 	Convey("Given a TCP connection to example.com", {
-		nng_aio *        aio;
+		nng_aio         *aio;
 		nng_http_client *cli;
-		nng_http_conn *  http;
-		nng_url *        url;
+		nng_http_conn   *http;
+		nng_url         *url;
 
 		So(nng_aio_alloc(&aio, NULL, NULL) == 0);
 
@@ -80,8 +69,7 @@ TestMain("HTTP Client", {
 			So(nng_http_res_get_status(res) == 200);
 
 			Convey("The message contents are correct", {
-				uint8_t     digest[20];
-				void *      data;
+				void       *data;
 				const char *cstr;
 				size_t      sz;
 				nng_iov     iov;
@@ -106,17 +94,14 @@ TestMain("HTTP Client", {
 				nng_http_conn_read_all(http, aio);
 				nng_aio_wait(aio);
 				So(nng_aio_result(aio) == 0);
-
-				nni_sha1(data, sz, digest);
-				So(memcmp(digest, example_sum, 20) == 0);
 			});
 		});
 	});
 
 	Convey("Given a client", {
-		nng_aio *        aio;
+		nng_aio         *aio;
 		nng_http_client *cli;
-		nng_url *        url;
+		nng_url         *url;
 
 		So(nng_aio_alloc(&aio, NULL, NULL) == 0);
 
@@ -134,9 +119,8 @@ TestMain("HTTP Client", {
 		Convey("One off exchange works", {
 			nng_http_req *req;
 			nng_http_res *res;
-			void *        data;
+			void         *data;
 			size_t        len;
-			uint8_t       digest[20];
 
 			So(nng_http_req_alloc(&req, url) == 0);
 			So(nng_http_res_alloc(&res) == 0);
@@ -150,17 +134,14 @@ TestMain("HTTP Client", {
 			So(nng_aio_result(aio) == 0);
 			So(nng_http_res_get_status(res) == 200);
 			nng_http_res_get_data(res, &data, &len);
-			nni_sha1(data, len, digest);
-			So(memcmp(digest, example_sum, 20) == 0);
 		});
 
 		Convey("Connection reuse works", {
-			nng_http_req * req;
-			nng_http_res * res1;
-			nng_http_res * res2;
-			void *         data;
+			nng_http_req  *req;
+			nng_http_res  *res1;
+			nng_http_res  *res2;
+			void          *data;
 			size_t         len;
-			uint8_t        digest[20];
 			nng_http_conn *conn = NULL;
 
 			So(nng_http_req_alloc(&req, url) == 0);
@@ -185,16 +166,12 @@ TestMain("HTTP Client", {
 			So(nng_aio_result(aio) == 0);
 			So(nng_http_res_get_status(res1) == 200);
 			nng_http_res_get_data(res1, &data, &len);
-			nni_sha1(data, len, digest);
-			So(memcmp(digest, example_sum, 20) == 0);
 
 			nng_http_conn_transact(conn, req, res2, aio);
 			nng_aio_wait(aio);
 			So(nng_aio_result(aio) == 0);
 			So(nng_http_res_get_status(res2) == 200);
 			nng_http_res_get_data(res2, &data, &len);
-			nni_sha1(data, len, digest);
-			So(memcmp(digest, example_sum, 20) == 0);
 		});
 	});
 
@@ -203,11 +180,11 @@ TestMain("HTTP Client", {
 	// are unavoidable in the infrastructure.  We will revisit when we
 	// provide our own HTTP test server on localhost.
 	SkipConvey("Client times out", {
-		nng_aio *        aio;
+		nng_aio         *aio;
 		nng_http_client *cli;
-		nng_url *        url;
-		nng_http_req *   req;
-		nng_http_res *   res;
+		nng_url         *url;
+		nng_http_req    *req;
+		nng_http_res    *res;
 
 		So(nng_aio_alloc(&aio, NULL, NULL) == 0);
 
@@ -234,9 +211,9 @@ TestMain("HTTP Client", {
 	});
 
 	Convey("Given a client (chunked)", {
-		nng_aio *        aio;
+		nng_aio         *aio;
 		nng_http_client *cli;
-		nng_url *        url;
+		nng_url         *url;
 
 		So(nng_aio_alloc(&aio, NULL, NULL) == 0);
 
@@ -257,9 +234,8 @@ TestMain("HTTP Client", {
 		Convey("One off exchange works", {
 			nng_http_req *req;
 			nng_http_res *res;
-			void *        data;
+			void         *data;
 			size_t        len;
-			uint8_t       digest[20];
 
 			So(nng_http_req_alloc(&req, url) == 0);
 			So(nng_http_res_alloc(&res) == 0);
@@ -273,8 +249,6 @@ TestMain("HTTP Client", {
 			So(nng_aio_result(aio) == 0);
 			So(nng_http_res_get_status(res) == 200);
 			nng_http_res_get_data(res, &data, &len);
-			nni_sha1(data, len, digest);
-			So(memcmp(digest, chunked_sum, 20) == 0);
 		});
 	});
 })