security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Code Activity
57af33d9e7
gnupg/cipher
History
Werner Koch ff53cf06e9 Use ciphertext blinding for Elgamal decryption. 
* cipher/elgamal.c (USE_BLINDING): New.
(decrypt): Rewrite to use ciphertext blinding.
--

CVE-id: CVE-2014-3591

As a countermeasure to a new side-channel attacks on sliding windows
exponentiation we blind the ciphertext for Elgamal decryption.  This
is similar to what we are doing with RSA.

Unfortunately, the performance impact of Elgamal blinding is quite
noticeable: For a 3072 bit Elgamal key the decryption used to take
13ms; with the blinding it takes 24ms.  This has been measured using
time(1), calling gpg with a 100 byte message, and having gpg modified
to run the pubkey_decrypt function 100 times and finally scale the
result (using an i5-2410M CPU @ 2.30GHz TP 220).
2015-02-11 20:04:58 +01:00
..
algorithms.h Improved AES performance. 2008-03-22 17:01:37 +00:00
bithelp.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
blowfish.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
camellia-glue.c Add Camellia-192. 2008-04-17 17:40:30 +00:00
camellia.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
camellia.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
cast5.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
ChangeLog-2011 Rename all ChangeLog files to ChangeLog-2011. 2011-12-02 19:42:56 +01:00
cipher.c Add Camellia-192. 2008-04-17 17:40:30 +00:00
des.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
dsa.c Normalize the MPIs used as input to secret key functions. 2013-12-03 09:26:04 +01:00
dsa.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
dynload.c Removed some set but unused vars. 2011-08-09 10:54:22 +02:00
elgamal.c Use ciphertext blinding for Elgamal decryption. 2015-02-11 20:04:58 +01:00
elgamal.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
gost.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
gost.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
idea.c Fix idea.c for big endian CPUs. 2013-01-11 15:10:38 +01:00
Makefile.am Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
md5.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
md.c Use gcc pragmas to suppress some warnings. 2012-01-10 11:31:00 +01:00
primegen.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
pubkey.c Updated ZH po file. 2007-12-12 18:26:25 +00:00
rand-internal.h The rest of the VMS changes. 2010-09-28 15:55:24 +00:00
random.c Use blinding for the RSA secret operation. 2013-12-03 09:25:57 +01:00
random.h Use blinding for the RSA secret operation. 2013-12-03 09:25:57 +01:00
rijndael.c Fix strict-alias warnings for rijndael.c 2014-08-20 12:22:35 +02:00
rmd160.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
rmd160test.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
rmd.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
rndegd.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
rndlinux.c Fix a problem with select and high fds. 2015-01-19 16:46:05 +01:00
rndriscos.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
rndunix.c Fix a problem with select and high fds. 2015-01-19 16:46:05 +01:00
rndw32.c Fix typos in comments. 2012-01-24 09:48:17 +01:00
rsa.c Normalize the MPIs used as input to secret key functions. 2013-12-03 09:26:04 +01:00
rsa.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
sha1.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
sha256.c * sha256.c (sha224_get_info): 4880 has an error in the SHA-224 OID and 2007-11-28 23:00:11 +00:00
sha512.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
smallprime.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
twofish.c * algorithms.h, cast5.c, cipher.c, idea-stub.c, twofish.c, blowfish.c, 2004-10-12 17:35:50 +00:00