Bug 1459887 (CVE-2017-9526)

Summary:	CVE-2017-9526 libgcrypt: Possible timing attack on EdDSA session key
Product:	[Other] Security Response	Reporter:	Adam Mariš <amaris>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED NOTABUG	QA Contact:
Severity:	low	Docs Contact:
Priority:	low
Version:	unspecified	CC:	bmcclain, cfergeau, dblechte, eedri, erik-fedora, lsurette, mgoldboi, michal.skrivanek, rdieter, rh-spice-bugs, rjones, srevivo, tmraz, ykaul
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	libgcrypt 1.7.7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-06-08 03:14:55 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1459888, 1459889, 1459890
Bug Blocks:

Description Adam Mariš 2017-06-08 13:04:25 UTC

An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library.

Upstream fixes:

master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b

1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56

Comment 1 Adam Mariš 2017-06-08 13:05:18 UTC

Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 1459890]


Created mingw-libgcrypt tracking bugs for this issue:

Affects: epel-7 [bug 1459888]
Affects: fedora-all [bug 1459889]

Comment 2 Adam Mariš 2017-06-08 13:08:01 UTC

Statement:

This issue did not affect the versions of libgcrypt as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include support for EdDSA cipher.