ripemd160 HMAC

[farika]

Hello,

Normally openssh 7.4 support theses macs :
Ssh -q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Why Win32-openssh don't support ripemd ? Can you add this HMAC ? I found references to this Mac in the code.

OpenSSH-Win32> ./ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Thanks

[manojampalam]

This is due to
#ifdef HAVE_EVP_RIPEMD160
{ "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
{ "[email protected]", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
#endif

HAVE_EVP_RIPEMD160 is not defined for the Windows project yet.
Do you know if OpenSSL 1.0.2* supports this?

If so, its a matter of defining this in config.h.vs

[farika]

Thanks for you answer. Yes it's ok for OpenSSL. https://wiki.openssl.org/index.php/Manual:Ripemd(3)
$ openssl list-message-digest-commands
md4
md5
mdc2
rmd160
sha
sha1
$ openssl rmd160 /usr/bin/openssl
RIPEMD160(/usr/bin/openssl)

Before using Win32-Openssh I used the openssh version 7.4 by mls (cygwin) which supports the ripemd. It is useful on some old servers without SHA256 and to avoid the SHA-1 .

[manojampalam]

Fixed in 0.0.9.0