[3.6] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526)
An attacker who learns the EdDSA session key from side-channel
observation during the signing process, can easily recover the
long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library.
Fixed In Version:
Curve Ed25519 signing and verification inplemented in 1.6.0 with
and following refactorings.
(from redmine: issue id 7432, created on 2017-06-15, closed on 2017-07-05)
- parent #7431 (closed)
- Revision b95bfcc9 by Natanael Copa on 2017-06-16T12:30:50Z:
main/libgcrypt: security upgrade to 1.7.7 (CVE-2017-9526) fixes #7432