Red Hat Bugzilla – Bug 1459887
CVE-2017-9526 libgcrypt: Possible timing attack on EdDSA session key
Last modified: 2017-09-12 11:25:50 EDT
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library.
Created libgcrypt tracking bugs for this issue:
Affects: fedora-all [bug 1459890]
Created mingw-libgcrypt tracking bugs for this issue:
Affects: epel-7 [bug 1459888]
Affects: fedora-all [bug 1459889]
This issue did not affect the versions of libgcrypt as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include support for EdDSA cipher.