Home GnuPG

cipher: Fix ElGamal encryption for other implementations.

Description

cipher: Fix ElGamal encryption for other implementations.

* cipher/elgamal.c (gen_k): Remove support of smaller K.
(do_encrypt): Never use smaller K.
(sign): Folllow the change of gen_k.

This change basically reverts encryption changes in two commits:

74386120dad6b3da62db37f7044267c8ef34689b
78531373a342aeb847950f404343a05e36022065

Use of smaller K for ephemeral key in ElGamal encryption is only good,
when we can guarantee that recipient's key is generated by our
implementation (or compatible).

For detail, please see:

Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
"On the (in)security of ElGamal in OpenPGP";
in the proceedings of  CCS'2021.

CVE-id: CVE-2021-33560

  • GnuPG-bug-id: T5328
  • Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on May 21 2021, 4:15 AM
Parents
rC14bb6d4ea0dc: cipher: Fix memory leaks for EdDSA.
Branches
Unknown
Tags
Unknown
Tasks
T5328: On the (in)security of Elgamal in OpenPGP