cipher: Fix ElGamal encryption for other implementations.
3462280f2e23
Actions

Description

cipher: Fix ElGamal encryption for other implementations.

* cipher/elgamal.c (gen_k): Remove support of smaller K.
(do_encrypt): Never use smaller K.
(sign): Folllow the change of gen_k.

Cherry-pick master commit of:
632d80ef30e13de6926d503aa697f92b5dbfbc5e

This change basically reverts encryption changes in two commits:

74386120dad6b3da62db37f7044267c8ef34689b
78531373a342aeb847950f404343a05e36022065

Use of smaller K for ephemeral key in ElGamal encryption is only good,
when we can guarantee that recipient's key is generated by our
implementation (or compatible).

For detail, please see:

Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
"On the (in)security of ElGamal in OpenPGP";
in the proceedings of  CCS'2021.

CVE-id: CVE-2021-33560

GnuPG-bug-id: T5328
Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance

• gniibe

Authored on May 21 2021, 4:15 AM

Parents

rC8d3db6add149: Post release updates.

Branches

Unknown

Tags

Unknown

Tasks

T5328: On the (in)security of Elgamal in OpenPGP

Event Timeline

• gniibe committed rC3462280f2e23: cipher: Fix ElGamal encryption for other implementations. (authored by • gniibe).May 26 2021, 6:52 AM

• gniibe added a task: T5328: On the (in)security of Elgamal in OpenPGP.Jun 3 2021, 7:09 PM

Changes (1)

Path

Size

cipher/

elgamal.c

rC3462280f2e23

View Options