https://gitlab.synchro.net/main/sbbs/-/commit/2a7e4b3dd5e742986c2f6be1
Added Files:
src/ssh/enc/aes128-cbc-botan.c aes128-cbc-botan.cpp aes128-cbc-openssl.c
Modified Files:
src/ssh/CMakeLists.txt deucessh-algorithms.h
Log Message:
DeuceSSH: add aes128-cbc encryption module for Mystic compatibility
Mystic BBS only offers aes128-cbc on its SSH server, so DeuceSSH-based
clients connecting to Mystic must register it. This module should
not be enabled for general use Ä CBC is weaker than CTR (which is
why the original module list deliberately omitted it), and DeuceSSH-
based servers should continue offering only aes256-ctr.
Both backends:
- OpenSSL: EVP_CipherInit_ex / EVP_CipherUpdate (direction stored
in the OpenSSL ctx; same do_crypt for encrypt and decrypt slots)
- Botan: Botan::Cipher_Mode "AES-128/CBC/NoPadding", direction-bound
at create_or_throw
bufsz validated as a multiple of the 16-byte block on every call
(rx-side peer-controlled; tx-side ours but cheap to assert).
Co-Authored-By: Claude Opus 4.7 (1M context) <
noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net