https://gitlab.synchro.net/main/sbbs/-/commit/d9850762cfaeccd8aacff87d
Added Files:
src/ssh/key_algo/rsa-sha2-512.c src/ssh/mac/hmac-sha2-512.c
Modified Files:
src/ssh/CMakeLists.txt deucessh-algorithms.h ssh-trans.c src/ssh/test/CMakeLists.txt test_algo_mac.c test_alloc.c test_auth.c test_conn.c test_dhgex_provider.h test_selftest.c test_thread_errors.c test_transport.c
Log Message:
Add rsa-sha2-512 and hmac-sha2-512 algorithm modules (RFC 8332/6668)
New modules: rsa-sha2-512 (RSASSA-PKCS1-v1_5 + SHA-512 host key) and hmac-sha2-512 (64-byte digest/key HMAC). Both use modern OpenSSL 3.0+
provider APIs with no deprecated interfaces.
Fix pre-existing bug in derive_and_apply_keys(): key sizes, block sizes,
and MAC digest sizes were read from the c2s algorithm only and applied
to both directions. When c2s and s2c negotiate different-sized algorithms
(now possible with hmac-sha2-512 vs hmac-sha2-256), this caused heap
buffer over-reads on the s2c integrity key. Split all shared variables
into per-direction variants and use sess->trans.client to select the
correct digest size for rx MAC verification buffers.
Test suite expanded from 8 to 12 KEX/key variants (adds rsa512 across
all 4 KEX methods). Includes RFC 4231 HMAC-SHA-512 test vectors,
registration tests, and alloc failure tests. 2624 tests, 0 failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <
noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net