https://gitlab.synchro.net/main/sbbs/-/commit/5e399b546262c0f9b5c2847e
Modified Files:
src/ssh/NOTES.md README.md deucessh-key-algo.h src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c mlkem768x25519-sha256.c sntrup761x25519-sha512.c src/ssh/key_algo/rsa-sha2-256.c ssh-ed25519.c src/ssh/ssh-arch.c ssh-auth.c ssh-conn.c ssh-internal.h ssh-trans.c ssh-trans.h src/ssh/test/test_algo_key.c test_alloc.c test_auth.c test_transport.c test_transport_errors.c
Log Message:
Replace magic numbers with named constants; refactor key_algo API

Replace bare numeric literals throughout the library with DSSH_-prefixed macros: DSSH_VERSION_STRING_MAX, DSSH_KEXINIT_COOKIE_SIZE, DSSH_KEXINIT_NAMELIST_COUNT, DSSH_ALGO_NAME_MAX, DSSH_DISCONNECT_DESC_MAX, DSSH_ASCII_DEL, DSSH_MPINT_SIGN_BIT, DSSH_NAMELIST_BUF_SIZE, and DSSH_REQ_DATA_BUF_SIZE.

Replace inline string literals in dispatch comparisons with file-scope
static const char arrays (str_signal, str_session, method_password, etc.)
using DSSH_STRLEN() to keep lengths in sync with content.

Move MAC verification buffers from hardcoded [64] stack arrays to
session-level allocations sized to the negotiated digest_size, eliminating
the arbitrary size constant.

Refactor dssh_key_algo_pubkey to return a const pointer to a cached blob
in cbdata (computed once, reused), and dssh_key_algo_sign to malloc its
output (caller frees). This eliminates DSSH_HOST_KEY_BUF_SIZE and DSSH_SIGNATURE_BUF_SIZE entirely — no caller-side buffer size guessing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net