An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Upstream fixes: master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b 1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
Created libgcrypt tracking bugs for this issue: Affects: fedora-all [bug 1459890] Created mingw-libgcrypt tracking bugs for this issue: Affects: epel-7 [bug 1459888] Affects: fedora-all [bug 1459889]
Statement: This issue did not affect the versions of libgcrypt as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include support for EdDSA cipher.