https://gitlab.synchro.net/main/sbbs/-/commit/39f00cbf60a49bf580e5efe0
Added Files:
src/ssh/test/dssh_test_alloc.c dssh_test_alloc.h
Modified Files:
src/ssh/CMakeLists.txt TODO.md src/ssh/kex/curve25519-sha256.c src/ssh/ssh-internal.h src/ssh/test/test_alloc.c
Log Message:
Add library-only test allocator; fix curve25519 double-free; iterative handshake test

New test infrastructure: dssh_test_alloc (macro-based allocator)
- ssh-internal.h redirects malloc/calloc/realloc to dssh_test_malloc
etc. via macros under DSSH_TESTING
- Only affects library code (OpenSSL doesn't include ssh-internal.h)
- Enables safe allocation failure injection during handshakes without
crashing OpenSSL's internal state

Bug fix: curve25519 double-free of shared_secret
- When exchange_hash malloc failed after shared_secret was stored in
sess->trans, the error path freed ss_copy but left shared_secret
pointing to it. dssh_transport_cleanup then freed it again.
- Found by valgrind under the new iterative handshake alloc test.
- Fixed: NULL out shared_secret on the error path (both client and
server sides).

New test: alloc/handshake_iterate
- Iterates N from 0..50, failing the Nth library malloc during a
two-threaded handshake. Uses a barrier to arm the allocator after
thread creation. Covers kexinit, peer_kexinit, newkeys key
derivation, and shared secret allocation failure paths.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net