src/ssh/key_algo/rsa-sha2-512.c src/ssh/mac/hmac-sha2-512.csrc/ssh/CMa

BBS:      TELESC.NET.BR
Assunto:  src/ssh/key_algo/rsa-sha2-512.c src/ssh/mac/hmac-sha2-512.csrc/ssh/CMa
De:       Deuc¨
Data:     Tue, 31 Mar 2026 11:13:12 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/d9850762cfaeccd8aacff87d
Added Files:
	src/ssh/key_algo/rsa-sha2-512.c src/ssh/mac/hmac-sha2-512.c
Modified Files:
	src/ssh/CMakeLists.txt deucessh-algorithms.h ssh-trans.c src/ssh/test/CMakeLists.txt test_algo_mac.c test_alloc.c test_auth.c test_conn.c test_dhgex_provider.h test_selftest.c test_thread_errors.c test_transport.c
Log Message:
Add rsa-sha2-512 and hmac-sha2-512 algorithm modules (RFC 8332/6668)

New modules: rsa-sha2-512 (RSASSA-PKCS1-v1_5 + SHA-512 host key) and
hmac-sha2-512 (64-byte digest/key HMAC).  Both use modern OpenSSL 3.0+
provider APIs with no deprecated interfaces.

Fix pre-existing bug in derive_and_apply_keys(): key sizes, block sizes,
and MAC digest sizes were read from the c2s algorithm only and applied
to both directions.  When c2s and s2c negotiate different-sized algorithms
(now possible with hmac-sha2-512 vs hmac-sha2-256), this caused heap
buffer over-reads on the s2c integrity key.  Split all shared variables
into per-direction variants and use sess->trans.client to select the
correct digest size for rx MAC verification buffers.

Test suite expanded from 8 to 12 KEX/key variants (adds rsa512 across
all 4 KEX methods).  Includes RFC 4231 HMAC-SHA-512 test vectors,
registration tests, and alloc failure tests.  2624 tests, 0 failures.

Co-Authored-By: Claude Opus 4.6 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]