aboutsummaryrefslogtreecommitdiffstats
path: root/cipher/elgamal.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-02-11Use ciphertext blinding for Elgamal decryption.Werner Koch1-14/+49
* cipher/elgamal.c (USE_BLINDING): New. (decrypt): Rewrite to use ciphertext blinding. -- CVE-id: CVE-2014-3591 As a countermeasure to a new side-channel attacks on sliding windows exponentiation we blind the ciphertext for Elgamal decryption. This is similar to what we are doing with RSA. Unfortunately, the performance impact of Elgamal blinding is quite noticeable: For a 3072 bit Elgamal key the decryption used to take 13ms; with the blinding it takes 24ms. This has been measured using time(1), calling gpg with a 100 byte message, and having gpg modified to run the pubkey_decrypt function 100 times and finally scale the result (using an i5-2410M CPU @ 2.30GHz TP 220).
2013-12-03Normalize the MPIs used as input to secret key functions.Werner Koch1-0/+3
* cipher/rsa.c (secret): Normalize the INPUT. (rsa_decrypt): Pass reduced data to secret. * cipher/elgamal.c (decrypt): Normalize A and B. * cipher/dsa.c (sign): Normalize HASH. -- mpi_normalize is in general not required because extra leading zeroes do not harm the computation. However, adding extra all zero limbs or padding with multiples of N may be useful in side-channel attacks. In particular they are used by the acoustic crypt-analysis. This is an extra pre-caution which alone would not be sufficient to mitigate the described attack. CVE-id: CVE-2013-4576 Signed-off-by: Werner Koch <[email protected]>
2007-10-23Switched to GPLv3.Werner Koch1-4/+2
Updated gettext.
2006-12-11Removed the use of g10defs.h.Werner Koch1-9/+9
This required some code cleanups and the introduction of a few accessor ducntions in mpi.
2005-07-27Converted all m_free to xfree etc.Werner Koch1-7/+7
2005-05-31Updated FSF street address and preparations for a release candidate.Werner Koch1-1/+2
2004-01-17* pubkey.c (setup_pubkey_table), elgamal.c (sign, verify, test_keys,David Shaw1-161/+3
elg_sign, elg_verify, elg_get_info): Remove the last bits of Elgamal type 20 support.
2003-12-17* dsa.h, dsa.c (dsa_verify), elgamal.h, elgamal.c (elg_verify), rsa.h,David Shaw1-3/+1
rsa.c (rsa_verify), pubkey.c (dummy_verify, pubkey_verify): Remove old unused code.
2003-11-27* pubkey.c (pubkey_sign): Return an error if an ElGamal key is used.Werner Koch1-27/+32
* elgamal.c (gen_k): New arg SMALL_K. (sign): Use it here with SMALL_K set to false (do_encrypt): and here with SMALL_K set to true.
2003-05-24* bithelp.h, des.c, random.c, rndlinux.c, sha1.c, blowfish.c, elgamal.c,David Shaw1-12/+10
rijndael.c, rndunix.c, sha256.c, cast5.c, idea-stub.c, rmd160.c, rndw32.c, sha512.c, md5.c, rmd160test.c, rsa.c, tiger.c: Edit all preprocessor instructions to remove whitespace before the '#'. This is not required by C89, but there are some compilers out there that don't like it.
2002-06-29Update head to match stable 1.0David Shaw1-0/+666
2000-12-19Removed files from the HEAD revision, because they are now in anotherWerner Koch1-661/+0
repository
2000-11-14Some configuration changesWerner Koch1-14/+14
2000-07-14See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner KochWerner Koch1-40/+101
1999-12-08See ChangeLog: Wed Dec 8 21:58:32 CET 1999 Werner KochWerner Koch1-10/+10
1999-11-19See ChangeLog: Fri Nov 19 17:15:20 CET 1999 Werner KochWerner Koch1-7/+1
1999-11-15See ChangeLog: Mon Nov 15 21:36:02 CET 1999 Werner KochWerner Koch1-12/+17
1999-11-13See ChangeLog: Sat Nov 13 17:44:23 CET 1999 Werner KochWerner Koch1-20/+21
1999-10-26See ChangeLog: Tue Oct 26 14:10:21 CEST 1999 Werner KochWerner Koch1-1/+3
1999-07-15See ChangeLog: Thu Jul 15 10:15:35 CEST 1999 Werner KochWerner Koch1-0/+12
1999-07-02See ChangeLog: Fri Jul 2 11:45:54 CEST 1999 Werner KochWerner Koch1-9/+32
1999-07-01See ChangeLog: Thu Jul 1 12:47:31 CEST 1999 Werner KochWerner Koch1-4/+11
1999-04-18See ChangeLog: Sun Apr 18 10:11:28 CEST 1999 Werner KochWerner Koch1-1/+6
1999-02-16See ChangeLog: Tue Feb 16 14:10:02 CET 1999 Werner KochWerner Koch1-7/+7
1998-12-23See ChangeLog: Wed Dec 23 13:34:22 CET 1998 Werner KochWerner Koch1-3/+3
1998-08-07chnages done at the trainWerner Koch1-4/+18
1998-07-06intermediate releaseWerner Koch1-4/+8
1998-06-15extensions are now working and fixed a lot of bugsWerner Koch1-1/+2
1998-06-13gnupg extension are now workingWerner Koch1-37/+192
1998-05-05add DSA key generationWerner Koch1-2/+2
1998-04-14applied Mathews typo and grammar fixesWerner Koch1-2/+2
1998-04-02release 0.2.14Werner Koch1-6/+18
1998-03-19some cleanupsWerner Koch1-1/+6
1998-02-24Renamed to GNUPGV-0-2-8Werner Koch1-4/+4
1998-02-11bug fixesWerner Koch1-0/+10
1998-02-11a couple of changes; but some parts are now brokenWerner Koch1-8/+20
1998-02-09release 0.2.3Werner Koch1-2/+4
1998-02-03Fixed a few bugsWerner Koch1-0/+3
1997-12-20very first releaseWerner Koch1-1/+1
1997-12-19better prime number generator. improved ELG key generationWerner Koch1-9/+13
1997-12-12added option file handlingWerner Koch1-21/+44
1997-12-09fingerprints and self signatures addedWerner Koch1-2/+2
1997-12-01List and check sigs worksWerner Koch1-16/+16
1997-11-24ElGamal funktioniert und ist defaultWerner Koch1-12/+257
1997-11-18initially checkinWerner Koch1-0/+61
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 12:58:21 +0000