From URL: While working on PowerPC support (D490 D491 D492 D493) I noticed that the C implementation of AES is vulnerable to side-channel attacks. (described below) My patches are not vulnerable to this, but users of libgcrypt on PowerPC *before* my patches are. -- Following upstream development, question from WK; "Andreas, I wonder on which grounds you assigned a CVE for this claimed side-channel attack. The mentioned paper is about an old RSA side-channel and not on AES. I would like to see more facts than the reference to a guy who knows PPC pretty well." (fwiw, andreas didn't assign the CVE)
Upstream closed as wontfix: "As of now we doubt that the proposed patch helps and we even fear that it could make things worst. Thus, as long as there is we have no description of an attack we won't do anything about it."
(In reply to John Helmert III (ajak) from comment #1) > Upstream closed as wontfix: > > "As of now we doubt that the proposed patch helps and we even fear that it > could make things worst. Thus, as long as there is we have no description of > an attack we won't do anything about it." Let's do that then.