cipher: Fix ElGamal encryption for other implementations.
* cipher/elgamal.c (gen_k): Remove support of smaller K. (do_encrypt): Never use smaller K. (sign): Folllow the change of gen_k.
This change basically reverts encryption changes in two commits:
74386120dad6b3da62db37f7044267c8ef34689b
78531373a342aeb847950f404343a05e36022065
Use of smaller K for ephemeral key in ElGamal encryption is only good,
when we can guarantee that recipient's key is generated by our
implementation (or compatible).
For detail, please see:
Luca De Feo, Bertram Poettering, Alessandro Sorniotti, "On the (in)security of ElGamal in OpenPGP"; in the proceedings of CCS'2021.
CVE-id: CVE-2021-33560
- GnuPG-bug-id: T5328
- Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>