diff --git a/ed25519-java-CVE-2020-36843.patch b/ed25519-java-CVE-2020-36843.patch new file mode 100644 index 0000000..7711d3f --- /dev/null +++ b/ed25519-java-CVE-2020-36843.patch @@ -0,0 +1,39 @@ +--- ed25519-java-0.3.0/src/net/i2p/crypto/eddsa/EdDSAEngine.java 2025-03-14 14:47:43.404137953 +0100 ++++ ed25519-java-0.3.0/src/net/i2p/crypto/eddsa/EdDSAEngine.java 2025-03-14 14:50:31.859888550 +0100 +@@ -12,6 +12,7 @@ + package net.i2p.crypto.eddsa; + + import java.io.ByteArrayOutputStream; ++import java.math.BigInteger; + import java.nio.ByteBuffer; + import java.security.InvalidAlgorithmParameterException; + import java.security.InvalidKeyException; +@@ -29,6 +30,7 @@ + import net.i2p.crypto.eddsa.math.Curve; + import net.i2p.crypto.eddsa.math.GroupElement; + import net.i2p.crypto.eddsa.math.ScalarOps; ++import net.i2p.crypto.eddsa.math.bigint.BigIntegerLittleEndianEncoding; + + /** + * Signing and verification for EdDSA. +@@ -69,6 +71,8 @@ + public final class EdDSAEngine extends Signature { + public static final String SIGNATURE_ALGORITHM = "NONEwithEdDSA"; + ++ private static final BigInteger ORDER = new BigInteger("2").pow(252).add(new BigInteger("27742317777372353535851937790883648493")); ++ + private MessageDigest digest; + private ByteArrayOutputStream baos; + private EdDSAKey key; +@@ -306,6 +310,11 @@ + h = key.getParams().getScalarOps().reduce(h); + + byte[] Sbyte = Arrays.copyOfRange(sigBytes, b/8, b/4); ++ // RFC 8032 ++ BigInteger Sbigint = (new BigIntegerLittleEndianEncoding()).toBigInteger(Sbyte); ++ if (Sbigint.compareTo(ORDER) >= 0) ++ return false; ++ + // R = SB - H(Rbar,Abar,M)A + GroupElement R = key.getParams().getB().doubleScalarMultiplyVariableTime( + ((EdDSAPublicKey) key).getNegativeA(), h, Sbyte); diff --git a/ed25519-java.changes b/ed25519-java.changes index afff17e..a4bcff2 100644 --- a/ed25519-java.changes +++ b/ed25519-java.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Mar 14 13:57:24 UTC 2025 - Fridrich Strba + +- Added patch: + * ed25519-java-CVE-2020-36843.patch + + backport commit https://github.com/i2p/i2p.i2p/commit/ + /d7d1dcb5399c61cf2916ccc45aa25b0209c88712 + + Fixes bsc#1239551, CVE-2020-36843: no check performed on + scalar to avoid signature malleability + ------------------------------------------------------------------- Wed Oct 30 09:18:41 UTC 2024 - Fridrich Strba diff --git a/ed25519-java.spec b/ed25519-java.spec index 3483ecf..7247d9d 100644 --- a/ed25519-java.spec +++ b/ed25519-java.spec @@ -1,7 +1,7 @@ # # spec file for package ed25519-java # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,7 @@ Source0: https://github.com/str4d/ed25519-java/archive/v%{version}/%{name Source1: %{name}-build.xml Patch0: 0001-EdDSAEngine.initVerify-Handle-any-non-EdDSAPublicKey.patch Patch1: 0002-Disable-test-that-relies-on-internal-sun-JDK-classes.patch +Patch2: %{name}-CVE-2020-36843.patch BuildRequires: ant BuildRequires: fdupes BuildRequires: java-devel >= 1.8 @@ -57,6 +58,7 @@ This package contains javadoc for %{name}. cp %{SOURCE1} build.xml %patch -P 0 -p1 %patch -P 1 -p1 +%patch -P 2 -p1 %build ant jar javadoc