https://gitlab.synchro.net/main/sbbs/-/commit/ccae5b20f5540890d652d140
Modified Files:
src/ssh/README.md TODO.md deucessh-algorithms.h deucessh-kex.h src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c dh-gex-sha256.h mlkem768x25519-sha256.c sntrup761x25519-sha512.c src/ssh/server.c ssh-trans.c ssh-trans.h src/ssh/test/test_alloc.c test_dhgex_provider.h test_transport.c
Log Message:
Built-in RFC 3526 default provider for DH-GEX, generic dssh_kex_set_ctx() API
DH-GEX previously leaked algo-specific details (struct dssh_dh_gex_provider, dssh_dh_gex_set_provider()) into the public API, breaking the register-and- forget model every other algorithm uses. Now DH-GEX works out of the box:
- Add RFC 3526 groups 14-18 (2048-8192-bit) to the DH-GEX module with a
built-in default_select_group() that picks the best fit for the client's
requested min/preferred/max range
- Add void *ctx field to dssh_kex_s (mirrors dssh_key_algo_s pattern)
- Add dssh_kex_set_ctx() public API for optional override (global, pre-init,
same gate as dssh_key_algo_set_ctx())
- Remove per-session dssh_dh_gex_set_provider() and kex_ctx from transport
state; struct dssh_dh_gex_provider moves to kex/dh-gex-sha256.h only
- Remove 65 lines of DH-GEX boilerplate from server.c demo
- Add TODO item 84: investigate DH-GEX group size vs cipher strength mismatch
Co-Authored-By: Claude Opus 4.6 (1M context) <
noreply@anthropic.com>
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net