[3.6] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526)ID: oval:org.secpod.oval:def:1800599 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version: libgcrypt 1.7.7 Reference: Patches: 1.7.x: Ed25519 signing and verification implemented in 1.6.0 with following refactorings.
Platform: |
Alpine Linux 3.6 |