Project

General

Profile

Bug #7432

Bug #7431: libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526)

[3.6] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526)

Added by Alicha CH over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
06/15/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the
long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library.

Fixed In Version:

libgcrypt 1.7.7

Reference:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9526

Patches:

1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
Curve Ed25519 signing and verification inplemented in 1.6.0 with
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6
and following refactorings.

Associated revisions

Revision b95bfcc9 (diff)
Added by Natanael Copa over 1 year ago

main/libgcrypt: security upgrade to 1.7.7 (CVE-2017-9526)

fixes #7432

History

#1 Updated by Natanael Copa over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH over 1 year ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF