--- /n/sources/plan9/sys/src/9/port/devtls.c	Fri Jul 29 23:15:03 2011
+++ /sys/src/9/port/devtls.c	Sat Oct 29 00:00:00 2011
@@ -218,6 +218,10 @@
 static TlsRec	*mktlsrec(void);
 static DigestState*sslmac_md5(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
 static DigestState*sslmac_sha1(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
+static DigestState*sslmac_sha2_224(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
+static DigestState*sslmac_sha2_256(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
+static DigestState*sslmac_sha2_384(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
+static DigestState*sslmac_sha2_512(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
 static DigestState*nomac(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
 static void	sslPackMac(Secret *sec, uchar *mackey, uchar *seq, uchar *header, uchar *body, int len, uchar *mac);
 static void	tlsPackMac(Secret *sec, uchar *mackey, uchar *seq, uchar *header, uchar *body, int len, uchar *mac);
@@ -1380,11 +1384,59 @@
 	memmove(s->mackey, p, ha->maclen);
 }
 
+static void
+initsha2_224key(Hashalg *ha, int version, Secret *s, uchar *p)
+{
+	s->maclen = ha->maclen;
+	if(version == SSL3Version)
+		s->mac = sslmac_sha2_224;
+	else
+		s->mac = hmac_sha2_224;
+	memmove(s->mackey, p, ha->maclen);
+}
+
+static void
+initsha2_256key(Hashalg *ha, int version, Secret *s, uchar *p)
+{
+	s->maclen = ha->maclen;
+	if(version == SSL3Version)
+		s->mac = sslmac_sha2_256;
+	else
+		s->mac = hmac_sha2_256;
+	memmove(s->mackey, p, ha->maclen);
+}
+
+static void
+initsha2_384key(Hashalg *ha, int version, Secret *s, uchar *p)
+{
+	s->maclen = ha->maclen;
+	if(version == SSL3Version)
+		s->mac = sslmac_sha2_384;
+	else
+		s->mac = hmac_sha2_384;
+	memmove(s->mackey, p, ha->maclen);
+}
+
+static void
+initsha2_512key(Hashalg *ha, int version, Secret *s, uchar *p)
+{
+	s->maclen = ha->maclen;
+	if(version == SSL3Version)
+		s->mac = sslmac_sha2_512;
+	else
+		s->mac = hmac_sha2_512;
+	memmove(s->mackey, p, ha->maclen);
+}
+
 static Hashalg hashtab[] =
 {
 	{ "clear", 0, initclearmac, },
 	{ "md5", MD5dlen, initmd5key, },
 	{ "sha1", SHA1dlen, initsha1key, },
+	{ "sha2_224", SHA2_224dlen, initsha2_224key, },
+	{ "sha2_256", SHA2_256dlen, initsha2_256key, },
+	{ "sha2_384", SHA2_384dlen, initsha2_384key, },
+	{ "sha2_512", SHA2_512dlen, initsha2_512key, },
 	{ 0 }
 };
 
@@ -2096,6 +2148,30 @@
 sslmac_sha1(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s)
 {
 	return sslmac_x(p, len, key, klen, digest, s, sha1, SHA1dlen, 40);
+}
+
+static DigestState*
+sslmac_sha2_224(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s)
+{
+	return sslmac_x(p, len, key, klen, digest, s, sha2_224, SHA2_224dlen, 56);
+}
+
+static DigestState*
+sslmac_sha2_256(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s)
+{
+	return sslmac_x(p, len, key, klen, digest, s, sha2_256, SHA2_256dlen, 64);
+}
+
+static DigestState*
+sslmac_sha2_384(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s)
+{
+	return sslmac_x(p, len, key, klen, digest, s, sha2_384, SHA2_384dlen, 96);
+}
+
+static DigestState*
+sslmac_sha2_512(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s)
+{
+	return sslmac_x(p, len, key, klen, digest, s, sha2_512, SHA2_512dlen, 128);
 }
 
 static DigestState*
--- /n/sources/plan9/sys/man/3/tls	Fri Jul 29 23:09:30 2011
+++ /sys/man/3/tls	Sat Oct 29 00:00:00 2011
@@ -265,9 +265,13 @@
 and
 .BR 'aes_256_cbc' .
 Currently implemented hashing algorithms are
-.B 'md5'
-and
-.BR 'sha1' .
+.BR 'md5' ,
+.BR 'sha1' ,
+.BR 'sha2-224' ,
+.BR 'sha2-256' ,
+.B 'sha2-384'
+ and
+.BR 'sha2-512' .
 .SH "SEE ALSO"
 .IR listen (8),
 .IR dial (2),