src/ssh/deucessh-conn.h src/ssh/key_algo/rsa-sha2-256.c ssh-ed25519.c

BBS:      TELESC.NET.BR
Assunto:  src/ssh/deucessh-conn.h src/ssh/key_algo/rsa-sha2-256.c ssh-ed25519.c
De:       Deuc¨
Data:     Thu, 26 Mar 2026 03:45:38 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/3c2eb2443df8934ae295f2c3
Modified Files:
	src/ssh/deucessh-conn.h src/ssh/key_algo/rsa-sha2-256.c ssh-ed25519.c src/ssh/ssh-auth.c ssh-conn.c ssh-trans.c ssh.c
Log Message:
Final hardening: timing, scrubbing, threads, NULL, lifetime

1. Constant-time MAC: memcmp  CRYPTO_memcmp (timing side-channel)
2. Sensitive data scrubbing: cleanse_free() helper; OPENSSL_cleanse
   on shared_secret, session_id, exchange_hash, derived keys (27
   sites), passwords, stack MAC/tmp buffers before free/return
3. Thread safety: buf_mtx in send_data, send_extended_data,
   send_eof, send_close, maybe_replenish_window to prevent
   data races with demux thread on remote_window/eof/close flags
4. NULL checks: all ~40 DSSH_PUBLIC functions validate pointer
   parameters; parse helpers allow NULL data with data_len==0
5. Lifetime docs: channel handle rules in deucessh-conn.h
6. Zero-size write: bufsz==0 returns 0 (no empty DATA message)
7. Callback validation: set_callbacks rejects NULL tx/rx/rx_line

Co-Authored-By: Claude Opus 4.6 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]