1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-s

    From Deucе@VERT to Git commit to main/sbbs/master on Tue Mar 24 20:58:43 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/a8e8e3d732e1fc2bebf884fb
    Modified Files:
    src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-sha2-256.c src/ssh/ssh-auth.c ssh-trans.c src/ssh/test/test_alloc.c
    Log Message:
    Break sequential allocation chains into per-call checks

    Sequential OpenSSL/allocation calls that all executed regardless of
    which one failed produced identical call counts for consecutive N
    values, triggering false plateau detection in iterate tests. The ossl/kex_server test was exiting after only 3 failure points instead
    of exercising all ~37.

    Break all grouped allocation chains into per-call checks with early
    return on failure:
    - dh-gex: BN_bin2bn(p)+BN_bin2bn(g), BN_CTX_new+3×BN_new (client+server)
    - curve25519: EVP_PKEY_new_raw_public_key+EVP_PKEY_CTX_new
    - rsa pubkey: malloc(e_buf)+malloc(n_buf)
    - ssh-trans newkeys: 6-alloc key derivation chain
    - ssh-trans init: 4-alloc packet buffer chain
    - ssh-auth KBI: 5-alloc prompt array chain

    Also fix alloc/session_init test where break-after-success fell
    through to error path (masked by the false plateau).

    DH-GEX branch coverage: 57.81% → 78.52% (-53 missed branches).
    Overall: 509 → 449 missed branches (79.79% → 82.17%).

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Mar 25 23:06:00 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/c4f45ec61d6977c200170917
    Modified Files:
    src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-sha2-256.c src/ssh/ssh-auth.c ssh-chan.c ssh-conn.c ssh-trans.c
    Log Message:
    Guard all arithmetic against overflow and underflow

    Every size computation before malloc is now checked against
    SIZE_MAX to prevent wrapping on platforms with small size_t.
    Cumulative counters (bytes_since_rekey, bytebuf total, msgqueue total_bytes/count) use saturating adds. Channel capacity
    doubling checks SIZE_MAX/2 and SIZE_MAX/sizeof(*).

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Mar 25 23:06:00 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/ae4a4c90d0e7cdd7a860cb40
    Modified Files:
    src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c src/ssh/key_algo/rsa-sha2-256.c ssh-ed25519.c src/ssh/ssh-arch.c ssh-auth.c ssh-conn.c ssh-trans.c
    Log Message:
    Check return value of every dssh_serialize/parse call

    Every call to dssh_serialize_uint32, dssh_parse_uint32, and other serialize/parse functions now has its return value checked. Functions
    use a single ret/pv variable declared at function scope, reused for
    each call. Local SER/HASH_U32 macros reduce boilerplate in
    serialization-heavy functions.

    serialize_namelist_from_str changed from void to int.
    Removed #ifndef DSSH_TESTING guards around parse checks in KEX
    modules — return values are always checked regardless of build mode.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net