Project

General

Profile

Bug #7431

libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526)

Added by Alicha CH almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
06/15/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the
long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library.

Fixed In Version:

libgcrypt 1.7.7

Reference:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9526

Patches:

1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
Curve Ed25519 signing and verification inplemented in 1.6.0 with
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6
and following refactorings.


Subtasks

Bug #7432: [3.6] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526) ClosedNatanael Copa

Bug #7433: [3.5] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526) ClosedNatanael Copa

Bug #7434: [3.4] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526) ClosedNatanael Copa

Bug #7435: [3.3] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526) ClosedNatanael Copa

History

#1 Updated by Alicha CH almost 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF