[openssh-commits] [openssh] 02/02: upstream: factor out encoding of a raw ed25519 signature into its
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Jul 25 09:23:28 AEST 2025
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 1641ab8744f500f55f12155d03f1a3116aaea374
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Thu Jul 24 06:12:08 2025 +0000
upstream: factor out encoding of a raw ed25519 signature into its
ssh form into a separate function
OpenBSD-Commit-ID: 3711c6d6b52dde0bd1f17884da5cddb8716f1b64
---
ssh-ed25519.c | 37 ++++++++++++++++++++++++++++++-------
sshkey.h | 4 +++-
2 files changed, 33 insertions(+), 8 deletions(-)
diff --git a/ssh-ed25519.c b/ssh-ed25519.c
index 22d8db026..c8caa2221 100644
--- a/ssh-ed25519.c
+++ b/ssh-ed25519.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ed25519.c,v 1.19 2022/10/28 00:44:44 djm Exp $ */
+/* $OpenBSD: ssh-ed25519.c,v 1.20 2025/07/24 06:12:08 djm Exp $ */
/*
* Copyright (c) 2013 Markus Friedl <markus at openbsd.org>
*
@@ -149,10 +149,9 @@ ssh_ed25519_sign(struct sshkey *key,
const char *alg, const char *sk_provider, const char *sk_pin, u_int compat)
{
u_char *sig = NULL;
- size_t slen = 0, len;
+ size_t slen = 0;
unsigned long long smlen;
int r, ret;
- struct sshbuf *b = NULL;
if (lenp != NULL)
*lenp = 0;
@@ -173,13 +172,40 @@ ssh_ed25519_sign(struct sshkey *key,
r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
goto out;
}
+ if ((r = ssh_ed25519_encode_store_sig(sig, smlen - datalen,
+ sigp, lenp)) != 0)
+ goto out;
+
+ /* success */
+ r = 0;
+ out:
+ freezero(sig, slen);
+ return r;
+}
+
+int
+ssh_ed25519_encode_store_sig(const u_char *sig, size_t slen,
+ u_char **sigp, size_t *lenp)
+{
+ struct sshbuf *b = NULL;
+ int r = -1;
+ size_t len;
+
+ if (lenp != NULL)
+ *lenp = 0;
+ if (sigp != NULL)
+ *sigp = NULL;
+
+ if (slen != crypto_sign_ed25519_BYTES)
+ return SSH_ERR_INVALID_ARGUMENT;
+
/* encode signature */
if ((b = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 ||
- (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)
+ (r = sshbuf_put_string(b, sig, slen)) != 0)
goto out;
len = sshbuf_len(b);
if (sigp != NULL) {
@@ -195,9 +221,6 @@ ssh_ed25519_sign(struct sshkey *key,
r = 0;
out:
sshbuf_free(b);
- if (sig != NULL)
- freezero(sig, slen);
-
return r;
}
diff --git a/sshkey.h b/sshkey.h
index 13309416b..77253bc4e 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.68 2025/07/24 05:44:55 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.69 2025/07/24 06:12:08 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -319,6 +319,8 @@ int ssh_rsa_encode_store_sig(int, const u_char *, size_t,
u_char **, size_t *);
int ssh_ecdsa_encode_store_sig(const struct sshkey *,
const BIGNUM *, const BIGNUM *, u_char **, size_t *);
+int ssh_ed25519_encode_store_sig(const u_char *, size_t,
+ u_char **, size_t *);
/* XXX should be internal, but used by ssh-keygen */
int ssh_rsa_complete_crt_parameters(const BIGNUM *, const BIGNUM *,
const BIGNUM *, const BIGNUM *, BIGNUM **, BIGNUM **);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list