libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526)
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the
long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library.
Fixed In Version:¶
Curve Ed25519 signing and verification inplemented in 1.6.0 with
and following refactorings.