simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Sat Nov 27 11:53:57 GMT 2021 

TL;DR:
  44055cd3 Withdraw support for SHA-512-256 in HTTP Digest.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2021-11-27 11:53:57

commit 44055cd36ef0ee7cf9b03d3ff6ec39e51bfa92b6
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=44055cd36ef0ee7cf9b03d3ff6ec39e51bfa92b6;hp=53f7da8ce74e998e9987fddbbd73e6910064e87d
Author: Simon Tatham <anakin at pobox.com>
Date:   Sat Nov 27 11:41:00 2021 +0000

    Withdraw support for SHA-512-256 in HTTP Digest.
    
    I was dubious about it to begin with, when I found that RFC 7616's
    example seemed to be treating it as a 256-bit truncation of SHA-512,
    and not the thing FIPS 180-4 section 6.7 specifies as "SHA-512/256"
    (which also changes the initial hash state). Having failed to get a
    clarifying response from the RFC authors, I had the idea this morning
    of testing other HTTP clients to see what _they_ thought that hash
    function meant, and then at least I could go with an existing
    in-practice consensus.
    
    There is no in-practice consensus. Firefox doesn't support that
    algorithm at all (but they do support SHA-256); wget doesn't support
    anything that RFC 7616 added to the original RFC 2617. But the prize
    for weirdness goes to curl, which does accept the name "SHA-512-256"
    and ... treats it as an alias for SHA-256!
    
    So I think the situation among real clients is too confusing to even
    try to work with, and I'm going to stop adding to it. PuTTY will
    follow Firefox's policy: if a proxy server asks for SHA-256 digests
    we'll happily provide them, but if they ask for SHA-512-256 we'll
    refuse on the grounds that it's not clear enough what it means.

 proxy/cproxy.c        | 12 ++++++--
 proxy/cproxy.h        | 79 ++++++++++++++++++++++++++++++++++++++++++++++++---
 proxy/http.c          | 17 +++++++++--
 proxy/nocproxy.c      |  4 ++-
 test/cryptsuite.py    |  8 ++++++
 test/testcrypt-enum.h |  2 +-
 6 files changed, 111 insertions(+), 11 deletions(-)

More information about the tartarus-commits mailing list