Commit 362758d
committed
SignatureEd25519: fix vulnerability in net.i2p.crypto:eddsa:0.3.0
net.i2p.crypto:eddsa:0.3.0 has a bug and omits a crucial check in
signature verification. This was reported as CVE-2020-36843[1]
(signature malleability).
The problem affects signature verification, but luckily the missing
check can also be performed outside of the library. With this commit
we do so and verify that the second 32 bytes of the signature is
actually in the range [0..L),[2] with L the order as given in RFC
7748.[3]
This means that the use of net.i2p.crypto:eddsa:0.3.0, if used for
ed25519 signatures via Apache MINA SSHD, is safe and **not** subject of
CVE-2020-36843. Of course, vulnerability scanners will still report the
vulnerability.
Note that Apache MINA SSHD has only a completely optional dependency on
net.i2p.crypto:eddsa:0.3.0. If that artifact is not present in the
application using Apache MINA SSHD, Apache MINA SSHD will still work. In
that case, ed25519 is supported via Bouncy Castle.
[1] https://www.cve.org/CVERecord?id=CVE-2020-36843
[2] https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.7
[3] https://www.rfc-editor.org/rfc/rfc7748.html#section-4.11 parent 084e69b commit 362758d
2 files changed
Lines changed: 42 additions & 0 deletions
File tree
- sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
37 | 40 | | |
38 | 41 | | |
39 | 42 | | |
| |||
Lines changed: 39 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| 21 | + | |
| 22 | + | |
21 | 23 | | |
22 | 24 | | |
23 | 25 | | |
| |||
27 | 29 | | |
28 | 30 | | |
29 | 31 | | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
30 | 42 | | |
31 | 43 | | |
32 | 44 | | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
33 | 72 | | |
0 commit comments