aboutsummaryrefslogtreecommitdiffstats
path: root/cipher/elgamal.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use ciphertext blinding for Elgamal decryption.Werner Koch2015-02-111-14/+49
| | | | | | | | | | | | | | | | | | | * cipher/elgamal.c (USE_BLINDING): New. (decrypt): Rewrite to use ciphertext blinding. -- CVE-id: CVE-2014-3591 As a countermeasure to a new side-channel attacks on sliding windows exponentiation we blind the ciphertext for Elgamal decryption. This is similar to what we are doing with RSA. Unfortunately, the performance impact of Elgamal blinding is quite noticeable: For a 3072 bit Elgamal key the decryption used to take 13ms; with the blinding it takes 24ms. This has been measured using time(1), calling gpg with a 100 byte message, and having gpg modified to run the pubkey_decrypt function 100 times and finally scale the result (using an i5-2410M CPU @ 2.30GHz TP 220).
* Normalize the MPIs used as input to secret key functions.Werner Koch2013-12-031-0/+3
| | | | | | | | | | | | | | | | | | | * cipher/rsa.c (secret): Normalize the INPUT. (rsa_decrypt): Pass reduced data to secret. * cipher/elgamal.c (decrypt): Normalize A and B. * cipher/dsa.c (sign): Normalize HASH. -- mpi_normalize is in general not required because extra leading zeroes do not harm the computation. However, adding extra all zero limbs or padding with multiples of N may be useful in side-channel attacks. In particular they are used by the acoustic crypt-analysis. This is an extra pre-caution which alone would not be sufficient to mitigate the described attack. CVE-id: CVE-2013-4576 Signed-off-by: Werner Koch <[email protected]>
* Switched to GPLv3.Werner Koch2007-10-231-4/+2
| | | | | Updated gettext.
* Removed the use of g10defs.h.Werner Koch2006-12-111-9/+9
| | | | | | This required some code cleanups and the introduction of a few accessor ducntions in mpi.
* Converted all m_free to xfree etc.Werner Koch2005-07-271-7/+7
|
* Updated FSF street address and preparations for a release candidate.Werner Koch2005-05-311-1/+2
|
* * pubkey.c (setup_pubkey_table), elgamal.c (sign, verify, test_keys,David Shaw2004-01-171-161/+3
| | | | | | elg_sign, elg_verify, elg_get_info): Remove the last bits of Elgamal type 20 support.
* * dsa.h, dsa.c (dsa_verify), elgamal.h, elgamal.c (elg_verify), rsa.h,David Shaw2003-12-171-3/+1
| | | | | | rsa.c (rsa_verify), pubkey.c (dummy_verify, pubkey_verify): Remove old unused code.
* * pubkey.c (pubkey_sign): Return an error if an ElGamal key is used.Werner Koch2003-11-271-27/+32
| | | | | | | * elgamal.c (gen_k): New arg SMALL_K. (sign): Use it here with SMALL_K set to false (do_encrypt): and here with SMALL_K set to true.
* * bithelp.h, des.c, random.c, rndlinux.c, sha1.c, blowfish.c, elgamal.c,David Shaw2003-05-241-12/+10
| | | | | | | | rijndael.c, rndunix.c, sha256.c, cast5.c, idea-stub.c, rmd160.c, rndw32.c, sha512.c, md5.c, rmd160test.c, rsa.c, tiger.c: Edit all preprocessor instructions to remove whitespace before the '#'. This is not required by C89, but there are some compilers out there that don't like it.
* Update head to match stable 1.0David Shaw2002-06-291-0/+666
|
* Removed files from the HEAD revision, because they are now in anotherWerner Koch2000-12-191-661/+0
| | | | | repository
* Some configuration changesWerner Koch2000-11-141-14/+14
|
* See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner KochWerner Koch2000-07-141-40/+101
|
* See ChangeLog: Wed Dec 8 21:58:32 CET 1999 Werner KochWerner Koch1999-12-081-10/+10
|
* See ChangeLog: Fri Nov 19 17:15:20 CET 1999 Werner KochWerner Koch1999-11-191-7/+1
|
* See ChangeLog: Mon Nov 15 21:36:02 CET 1999 Werner KochWerner Koch1999-11-151-12/+17
|
* See ChangeLog: Sat Nov 13 17:44:23 CET 1999 Werner KochWerner Koch1999-11-131-20/+21
|
* See ChangeLog: Tue Oct 26 14:10:21 CEST 1999 Werner KochWerner Koch1999-10-261-1/+3
|
* See ChangeLog: Thu Jul 15 10:15:35 CEST 1999 Werner KochWerner Koch1999-07-151-0/+12
|
* See ChangeLog: Fri Jul 2 11:45:54 CEST 1999 Werner KochWerner Koch1999-07-021-9/+32
|
* See ChangeLog: Thu Jul 1 12:47:31 CEST 1999 Werner KochWerner Koch1999-07-011-4/+11
|
* See ChangeLog: Sun Apr 18 10:11:28 CEST 1999 Werner KochWerner Koch1999-04-181-1/+6
|
* See ChangeLog: Tue Feb 16 14:10:02 CET 1999 Werner KochWerner Koch1999-02-161-7/+7
|
* See ChangeLog: Wed Dec 23 13:34:22 CET 1998 Werner KochWerner Koch1998-12-231-3/+3
|
* chnages done at the trainWerner Koch1998-08-071-4/+18
|
* intermediate releaseWerner Koch1998-07-061-4/+8
|
* extensions are now working and fixed a lot of bugsWerner Koch1998-06-151-1/+2
|
* gnupg extension are now workingWerner Koch1998-06-131-37/+192
|
* add DSA key generationWerner Koch1998-05-051-2/+2
|
* applied Mathews typo and grammar fixesWerner Koch1998-04-141-2/+2
|
* release 0.2.14Werner Koch1998-04-021-6/+18
|
* some cleanupsWerner Koch1998-03-191-1/+6
|
* Renamed to GNUPGV-0-2-8Werner Koch1998-02-241-4/+4
|
* bug fixesWerner Koch1998-02-111-0/+10
|
* a couple of changes; but some parts are now brokenWerner Koch1998-02-111-8/+20
|
* release 0.2.3Werner Koch1998-02-091-2/+4
|
* Fixed a few bugsWerner Koch1998-02-031-0/+3
|
* very first releaseWerner Koch1997-12-201-1/+1
|
* better prime number generator. improved ELG key generationWerner Koch1997-12-191-9/+13
|
* added option file handlingWerner Koch1997-12-121-21/+44
|
* fingerprints and self signatures addedWerner Koch1997-12-091-2/+2
|
* List and check sigs worksWerner Koch1997-12-011-16/+16
|
* ElGamal funktioniert und ist defaultWerner Koch1997-11-241-12/+257
|
* initially checkinWerner Koch1997-11-181-0/+61
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 11:30:07 +0000