https://gitlab.synchro.net/main/sbbs/-/commit/e8fa8a987d9ddbedc66df10e
Modified Files:
src/ssh/CMakeLists.txt README.md api-design-4254.md audit-4251.md audit-4253.md audit-dsohowto.md client.c src/ssh/comp/none.c none.h src/ssh/deucessh-algorithms.h deucessh-auth.h src/ssh/enc/aes256-ctr.c aes256-ctr.h none.c none.h src/ssh/kex/curve25519-sha256.c curve25519-sha256.h dh-gex-sha256.c dh-gex-sha256.h src/ssh/key_algo/rsa-sha2-256.c rsa-sha2-256.h ssh-ed25519.c ssh-ed25519.h src/ssh/mac/hmac-sha2-256.c hmac-sha2-256.h none.c none.h src/ssh/server.c ssh-trans.c src/ssh/test/test_algo_enc.c test_algo_key.c test_algo_mac.c test_alloc.c test_auth.c test_conn.c test_dhgex_provider.h test_enc.h test_mac.h test_selftest.c test_transport.c test_transport_errors.c
Log Message:
DSO best practices: linker hardening, sw_ver rodata, dssh_ prefix

Applied all recommendations from audit-dsohowto.md:

- Added ELF shared library flags: -Wl,-z,relro,-z,now (Full RELRO),
--hash-style=gnu, -Bsymbolic-functions, -O2 (string merging),
-fno-semantic-interposition

- Changed sw_ver from const char * const (pointer + relocation)
to const char [] (embedded in rodata, zero relocations)

- Renamed all unprefixed public symbols to use dssh_ prefix:
register_*() -> dssh_register_*(), ssh_ed25519_*() ->
dssh_ed25519_*(), rsa_sha2_256_*() -> dssh_rsa_sha2_256_*()

Updated all documentation, headers, source, tests, and examples.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net