about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--filters/gentoo-ldap-authentication.lua4
-rw-r--r--filters/simple-authentication.lua4
2 files changed, 4 insertions, 4 deletions
diff --git a/filters/gentoo-ldap-authentication.lua b/filters/gentoo-ldap-authentication.lua
index 6d8eb3e..c1e382f 100644
--- a/filters/gentoo-ldap-authentication.lua
+++ b/filters/gentoo-ldap-authentication.lua
@@ -271,7 +271,7 @@ function validate_value(expected_field, cookie)
 	end
 
 	-- Lua hashes strings, so these comparisons are time invariant.
-	if hmac ~= crypto.hmac.digest("sha1", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
+	if hmac ~= crypto.hmac.digest("sha256", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
 		return nil
 	end
 
@@ -296,7 +296,7 @@ function secure_value(field, value, expiration)
 	value = url_encode(value)
 	field = url_encode(field)
 	authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
-	authstr = authstr .. "|" .. crypto.hmac.digest("sha1", authstr, secret)
+	authstr = authstr .. "|" .. crypto.hmac.digest("sha256", authstr, secret)
 	return authstr
 end
 
diff --git a/filters/simple-authentication.lua b/filters/simple-authentication.lua
index de34d09..596c041 100644
--- a/filters/simple-authentication.lua
+++ b/filters/simple-authentication.lua
@@ -231,7 +231,7 @@ function validate_value(expected_field, cookie)
 	end
 
 	-- Lua hashes strings, so these comparisons are time invariant.
-	if hmac ~= crypto.hmac.digest("sha1", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
+	if hmac ~= crypto.hmac.digest("sha256", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
 		return nil
 	end
 
@@ -256,7 +256,7 @@ function secure_value(field, value, expiration)
 	value = url_encode(value)
 	field = url_encode(field)
 	authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
-	authstr = authstr .. "|" .. crypto.hmac.digest("sha1", authstr, secret)
+	authstr = authstr .. "|" .. crypto.hmac.digest("sha256", authstr, secret)
 	return authstr
 end
 
Remove extended-join and invite-notifyJune McEnroe The remaining caps only generate new commands which can easily be filtered out when sending to clients so will be in the first pass of support. extended-join is probably safe to pass through unaltered, just causing extraneous parameters on JOIN commands, but maybe not. invite-notify reuses the INVITE command where the invited user is not self. 2019-11-09Maintain stateCaps and offer them to clientsJune McEnroe 2019-11-09Parse capabilitiesJune McEnroe The list that I've defined are the ones that I expect to be able to enable probably without any clients breaking... And of course server-time which pounce implements itself. 2019-11-09Avoid the reserved _A names with BIT macroJune McEnroe 2019-11-09Define macro for bit flag enumsJune McEnroe 2019-11-08Check that password is hashedJune McEnroe 2019-11-08Avoid calling getopt_long again after it returns -1June McEnroe On GNU, calling getopt_long again will reset optind back to the first non-option argument, which would cause an infinite loop of reading the same configurtion file forever. 2019-11-08Only change AWAY status for registered clientsJune McEnroe Turns out I did eventually fix this, because I may want to implement "passive clients" for logging or notification stuff, which wouldn't affect AWAY status either. 2019-11-07Just write the example normallyJune McEnroe 2019-11-07Include path in readlinkat errorJune McEnroe 2019-11-07Call clientConsume before clientRecvJune McEnroe This might reduce the frequency of a client getting its own message back because it was behind in the ring when it sent it. 2019-11-06Use -l:filename in Linux.mkJune McEnroe 2019-11-06Fix compat.h for #defined strlcpyJune McEnroe 2019-11-06Allow unsetting LIBRESSL_PREFIXJune McEnroe 2019-11-06Document calico service configurationJune McEnroe 2019-11-06Document SASL EXTERNAL configuration in more detailJune McEnroe 2019-11-06Document pounce service configurationJune McEnroe 2019-11-06Mention Darwin and GNU/Linux in READMEJune McEnroe 2019-11-06Assume LibreSSL from brew on DarwinJune McEnroe 2019-11-06Remove -DNO_EXPLICIT_BZERO from Darwin.mkJune McEnroe 2019-11-06Don't install rc scripts or dirs on LinuxJune McEnroe