Remove SHA384 HMAC

This is not supported by OpenSSH and not recommended to be implemented either. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2025-11-27 13:21:11 +03:00 · 2019-02-21 16:29:21 +00:00
parent 46d15b3161
commit 369051a5b4
6 changed files with 1 additions and 14 deletions
--- a/doc/mainpage.dox
+++ b/doc/mainpage.dox
@@ -23,7 +23,7 @@ The libssh library provides:
 - <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256,ssh-dss
 - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, none
 - <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none
- - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-384, hmac-sha2-512, hmac-md5, none
+ - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5, none
 - <strong>Authentication</strong>: none, password, public-key, keyboard-interactive, <i>gssapi-with-mic</i>
 - <strong>Channels</strong>: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem, <i>auth-agent-req@openssh.com</i>
 - <strong>Global Requests</strong>: tcpip-forward, forwarded-tcpip
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -44,7 +44,6 @@ enum ssh_mac_e {
 enum ssh_hmac_e {
  SSH_HMAC_SHA1 = 1,
  SSH_HMAC_SHA256,
-  SSH_HMAC_SHA384,
  SSH_HMAC_SHA512,
  SSH_HMAC_MD5,
  SSH_HMAC_AEAD_POLY1305,
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -425,9 +425,6 @@ HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
    case SSH_HMAC_SHA256:
      HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
      break;
-    case SSH_HMAC_SHA384:
-      HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);
-      break;
    case SSH_HMAC_SHA512:
      HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
      break;
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -283,9 +283,6 @@ HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
    case SSH_HMAC_SHA256:
      gcry_md_open(&c, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
      break;
-    case SSH_HMAC_SHA384:
-      gcry_md_open(&c, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC);
-      break;
    case SSH_HMAC_SHA512:
      gcry_md_open(&c, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC);
      break;
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@@ -466,9 +466,6 @@ HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type)
        case SSH_HMAC_SHA256:
            md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
            break;
-        case SSH_HMAC_SHA384:
-            md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
-            break;
        case SSH_HMAC_SHA512:
            md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
            break;
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -58,7 +58,6 @@
 static struct ssh_hmac_struct ssh_hmac_tab[] = {
  { "hmac-sha1",     SSH_HMAC_SHA1 },
  { "hmac-sha2-256", SSH_HMAC_SHA256 },
-  { "hmac-sha2-384", SSH_HMAC_SHA384 },
  { "hmac-sha2-512", SSH_HMAC_SHA512 },
  { "hmac-md5",      SSH_HMAC_MD5 },
  { "aead-poly1305", SSH_HMAC_AEAD_POLY1305 },
@@ -76,8 +75,6 @@ size_t hmac_digest_len(enum ssh_hmac_e type) {
      return SHA_DIGEST_LEN;
    case SSH_HMAC_SHA256:
      return SHA256_DIGEST_LEN;
-    case SSH_HMAC_SHA384:
-      return SHA384_DIGEST_LEN;
    case SSH_HMAC_SHA512:
      return SHA512_DIGEST_LEN;
    case SSH_HMAC_MD5: