diff -r 8582c03efdc9 sys/man/1/sum --- a/sys/man/1/sum Sun May 30 14:30:50 2021 +0200 +++ b/sys/man/1/sum Sun May 30 08:04:21 2021 -0700 @@ -92,3 +92,5 @@ .IR cmp (1), .IR wc (1), .IR sechash (2) +.SH BUGS +md5 and SHA-1 are considered broken and should not be used diff -r 8582c03efdc9 sys/man/2/des --- a/sys/man/2/des Sun May 30 14:30:50 2021 +0200 +++ b/sys/man/2/des Sun May 30 08:04:21 2021 -0700 @@ -60,6 +60,8 @@ .B void des64to56(uchar *k64, uchar *k56) .SH DESCRIPTION +This tool is deprecated and should not be used. +.PP The Digital Encryption Standard (DES) is a shared-key or symmetric encryption algorithm using either a 56-bit key for single DES or three 56-bit keys for triple DES. @@ -142,8 +144,8 @@ Electronic Frontier Foundation, O'Reilly, 1998 .SH BUGS -Single DES can be realistically broken by brute-force; +DES can be realistically broken by brute-force; its 56-bit key is just too short. -It should not be used in new code, which should probably use +It should not be used. use .IR aes (2) -instead, or at least triple DES. +instead. diff -r 8582c03efdc9 sys/man/2/rc4 --- a/sys/man/2/rc4 Sun May 30 14:30:50 2021 +0200 +++ b/sys/man/2/rc4 Sun May 30 08:04:21 2021 -0700 @@ -53,3 +53,5 @@ .IR sechash (2), .IR prime (2), .IR rand (2) +.SH BUGS +rc4 is considered broken and should not be used. diff -r 8582c03efdc9 sys/man/2/sechash --- a/sys/man/2/sechash Sun May 30 14:30:50 2021 +0200 +++ b/sys/man/2/sechash Sun May 30 08:04:21 2021 -0700 @@ -172,3 +172,5 @@ .TP .B /lib/rfc/rfc2104 HMAC specification +.SH BUGS +md4, md5 and SHA-1 are considered broken and should not be used diff -r 8582c03efdc9 sys/src/9/port/devtls.c --- a/sys/src/9/port/devtls.c Sun May 30 14:30:50 2021 +0200 +++ b/sys/src/9/port/devtls.c Sun May 30 08:04:21 2021 -0700 @@ -21,7 +21,7 @@ MaxRecLen = 1<<14, /* max payload length of a record layer message */ MaxCipherRecLen = MaxRecLen + 2048, RecHdrLen = 5, - MaxMacLen = SHA2_256dlen, + MaxMacLen = SHA2_512dlen, /* protocol versions we can accept */ SSL3Version = 0x0300, @@ -227,7 +227,6 @@ static void alertHand(TlsRec*, char *); static TlsRec *newtls(Chan *c); static TlsRec *mktlsrec(void); -static DigestState*sslmac_md5(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s); static DigestState*sslmac_sha1(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s); static DigestState*nomac(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s); static int sslPackAAD(u64int, uchar*, uchar*); @@ -241,10 +240,7 @@ static void tlsSetState(TlsRec *tr, int new, int old); static void rcvAlert(TlsRec *tr, int err); static void sendAlert(TlsRec *tr, int err); -static void rcvError(TlsRec *tr, int err, char *msg, ...); -static int rc4enc(Secret *sec, uchar *buf, int n); -static int des3enc(Secret *sec, uchar *buf, int n); -static int des3dec(Secret *sec, uchar *buf, int n); +static void rcvError(TlsRec *tr, int err, char *msg, ...);; static int aesenc(Secret *sec, uchar *buf, int n); static int aesdec(Secret *sec, uchar *buf, int n); static int ccpoly_aead_enc(Secret *sec, uchar *aad, int aadlen, uchar *reciv, uchar *data, int len); @@ -1393,17 +1389,6 @@ }; static void -initmd5key(Hashalg *ha, int version, Secret *s, uchar *p) -{ - s->maclen = ha->maclen; - if(version == SSL3Version) - s->mac = sslmac_md5; - else - s->mac = hmac_md5; - memmove(s->mackey, p, ha->maclen); -} - -static void initclearmac(Hashalg *, int, Secret *s, uchar *) { s->mac = nomac; @@ -1430,12 +1415,33 @@ memmove(s->mackey, p, ha->maclen); } +static void +initsha2_384key(Hashalg *ha, int version, Secret *s, uchar *p) +{ + if(version == SSL3Version) + error("sha384 cannot be used with SSL"); + s->maclen = ha->maclen; + s->mac = hmac_sha2_384; + memmove(s->mackey, p, ha->maclen); +} + +static void +initsha2_512key(Hashalg *ha, int version, Secret *s, uchar *p) +{ + if(version == SSL3Version) + error("sha512 cannot be used with SSL"); + s->maclen = ha->maclen; + s->mac = hmac_sha2_512; + memmove(s->mackey, p, ha->maclen); +} + static Hashalg hashtab[] = { { "clear", 0, initclearmac, }, - { "md5", MD5dlen, initmd5key, }, { "sha1", SHA1dlen, initsha1key, }, { "sha256", SHA2_256dlen, initsha2_256key, }, + { "sha384", SHA2_384dlen, initsha2_384key, }, + { "sha512", SHA2_512dlen, initsha2_512key, }, { 0 } }; @@ -1461,25 +1467,6 @@ }; static void -initRC4key(Encalg *ea, Secret *s, uchar *p, uchar *) -{ - s->enckey = secalloc(sizeof(RC4state)); - s->enc = rc4enc; - s->dec = rc4enc; - setupRC4state(s->enckey, p, ea->keylen); -} - -static void -initDES3key(Encalg *, Secret *s, uchar *p, uchar *iv) -{ - s->enckey = secalloc(sizeof(DES3state)); - s->enc = des3enc; - s->dec = des3dec; - s->block = 8; - setupDES3state(s->enckey, (uchar(*)[8])p, iv); -} - -static void initAESkey(Encalg *ea, Secret *s, uchar *p, uchar *iv) { s->enckey = secalloc(sizeof(AESstate)); @@ -1529,8 +1516,6 @@ static Encalg encrypttab[] = { { "clear", 0, 0, initclearenc }, - { "rc4_128", 128/8, 0, initRC4key }, - { "3des_ede_cbc", 3 * 8, 8, initDES3key }, { "aes_128_cbc", 128/8, 16, initAESkey }, { "aes_256_cbc", 256/8, 16, initAESkey }, { "ccpoly64_aead", 256/8, 0, initccpolykey }, @@ -2049,12 +2034,6 @@ return n; } -static int -rc4enc(Secret *sec, uchar *buf, int n) -{ - rc4(sec->enckey, buf, n); - return n; -} static int tlsunpad(uchar *buf, int n, int block) @@ -2095,21 +2074,7 @@ buf[n++] = pad; return nn; } - -static int -des3enc(Secret *sec, uchar *buf, int n) -{ - n = blockpad(buf, n, 8); - des3CBCencrypt(buf, n, sec->enckey); - return n; -} -static int -des3dec(Secret *sec, uchar *buf, int n) -{ - des3CBCdecrypt(buf, n, sec->enckey); - return (*sec->unpad)(buf, n, 8); -} static int aesenc(Secret *sec, uchar *buf, int n) @@ -2256,12 +2221,6 @@ return sslmac_x(p, len, key, klen, digest, s, sha1, SHA1dlen, 40); } -static DigestState* -sslmac_md5(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s) -{ - return sslmac_x(p, len, key, klen, digest, s, md5, MD5dlen, 48); -} - static int sslPackAAD(u64int seq, uchar *hdr, uchar *aad) {