xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

devtls: reject SHA2_256 mac for SSL, but TLS is fine

Browse source 
sha256 is only defined for TLS1.2, however, technically, theres
no reason not to use it in TLS1.0/TLS1.1. the choice is up to
tlshand and pushtls, not the kernel.
This commit is contained in:
cinap_lenrek 2015-10-28 17:09:22 +01:00
parent 93d63dc1f3
commit cd3053a3cc
1 changed files with 2 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
sys/src/9/port/devtls.c
View file

@ -1421,12 +1421,9 @@ initsha1key(Hashalg *ha, int version, Secret *s, uchar *p)
static void static void
initsha2_256key(Hashalg *ha, int version, Secret *s, uchar *p) initsha2_256key(Hashalg *ha, int version, Secret *s, uchar *p)
{ {
if(version == SSL3Version)
error("sha256 cannot be used with SSL");
s->maclen = ha->maclen; s->maclen = ha->maclen;
/* only TLS 1.2 has SHA256. */
if(version != TLS12Version)
error("sha256 is TLS 1.2 only");
s->mac = hmac_sha2_256; s->mac = hmac_sha2_256;
memmove(s->mackey, p, ha->maclen); memmove(s->mackey, p, ha->maclen);
} }