From 704c296e81dacc6cfec8490cfecb8e6ec43bedd8 Mon Sep 17 00:00:00 2001
From: Franz-Stefan Preiss <franzstefan@dfinity.org>
Date: Sat, 28 Jun 2025 00:11:41 +0200
Subject: [PATCH 1/2] Add advisory for timing variability in
 curve25519-dalek-ng

---
 .../curve25519-dalek-ng/RUSTSEC-0000-0000.md  | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md

diff --git a/crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md b/crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..5d37e4148
--- /dev/null
+++ b/crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md
@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "curve25519-dalek-ng"
+date = "2025-06-27"
+url = "https://rustsec.org/advisories/RUSTSEC-2024-0344"
+references = ["https://github.com/dalek-cryptography/curve25519-dalek/pull/659"]
+categories = ["crypto-failure"]
+related = ["RUSTSEC-2024-0344"]
+
+[versions]
+patched = []
+```
+
+# Timing variability of RUSTSEC-2024-0344 also applicable to `curve25519-dalek-ng`
+
+[`curve25519-dalek-ng`](https://crates.io/crates/curve25519-dalek-ng) is a fork of [`curve25519-dalek`](https://crates.io/crates/curve25519-dalek) that was created at a time when it was still vulnerable to the timing variability reported in [RUSTSEC-2024-0344](https://rustsec.org/advisories/RUSTSEC-2024-0344).
+
+Timing variability of any kind is problematic when working with  potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets.
+
+To patch the vulnerability, backports of
+* https://github.com/dalek-cryptography/curve25519-dalek/pull/659, and
+* https://github.com/dalek-cryptography/curve25519-dalek/pull/661
+
+are required for `curve25519-dalek-ng`. For the former, [zkcrypto/curve25519-dalek-ng/pull/25](https://github.com/zkcrypto/curve25519-dalek-ng/pull/25) exists since Aug 14, 2024, but it remains open and unanswered. Because of this, to date, there is no patched version available.
+
+Crates that use `curve25519-dalek-ng`'s `Scalar` for private key operations are also vulnerable. An example of such a crate is [`ed25519-consensus`](https://crates.io/crates/ed25519-consensus).
\ No newline at end of file

From e17a4022e6ce4aae61841d06232eea515722c188 Mon Sep 17 00:00:00 2001
From: Franz-Stefan Preiss <franzstefan@dfinity.org>
Date: Sat, 28 Jun 2025 00:48:41 +0200
Subject: [PATCH 2/2] Also mention PRs 662 and 665 for backports

---
 crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md b/crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md
index 5d37e4148..0bb654066 100644
--- a/crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md
+++ b/crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md
@@ -19,9 +19,12 @@ patched = []
 Timing variability of any kind is problematic when working with  potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets.
 
 To patch the vulnerability, backports of
-* https://github.com/dalek-cryptography/curve25519-dalek/pull/659, and
-* https://github.com/dalek-cryptography/curve25519-dalek/pull/661
+* [curve25519-dalek/pull/659](https://github.com/dalek-cryptography/curve25519-dalek/pull/659) and [curve25519-dalek/pull/661](https://github.com/dalek-cryptography/curve25519-dalek/pull/661), or the subsequent
+* [curve25519-dalek/pull/662](https://github.com/dalek-cryptography/curve25519-dalek/pull/662), or the subsequent
+* [curve25519-dalek/pull/665](https://github.com/dalek-cryptography/curve25519-dalek/pull/665)
 
-are required for `curve25519-dalek-ng`. For the former, [zkcrypto/curve25519-dalek-ng/pull/25](https://github.com/zkcrypto/curve25519-dalek-ng/pull/25) exists since Aug 14, 2024, but it remains open and unanswered. Because of this, to date, there is no patched version available.
+are required for `curve25519-dalek-ng`.
+
+A patch attempt exists with [zkcrypto/curve25519-dalek-ng/pull/25](https://github.com/zkcrypto/curve25519-dalek-ng/pull/25) since Aug 14, 2024, but it remains open and unanswered. To date, there is no patched version available.
 
 Crates that use `curve25519-dalek-ng`'s `Scalar` for private key operations are also vulnerable. An example of such a crate is [`ed25519-consensus`](https://crates.io/crates/ed25519-consensus).
\ No newline at end of file