Use subgroup order in ElGamal encryption (GH #1059, CVE-2021-40530)

1 files changed, 8 insertions, 4 deletions

diff --git a/elgamal.h b/elgamal.h
index 8c37769d..c4e1732d 100644
--- a/elgamal.h
+++ b/elgamal.h
@@ -251,17 +251,21 @@ struct DL_PrivateKey_ElGamal : public BASE
 ///  If you need to <tt>Load</tt> an ElGamal key with the wrong OID then

 ///  see <A HREF="https://www.cryptopp.com/wiki/ElGamal">ElGamal</A> on

 ///  the Crypto++ wiki.

+/// \details At Crypto++ 8.6 ElGamalKeys were changed to use DL_CryptoKeys_ElGamal

+///  due to Issue 1069 and CVE-2021-40530. DL_CryptoKeys_ElGamal group parameters

+///  use the subgroup order, and not an estimated work factor.

 /// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/876">Issue 876</A>,

-///  <A HREF="https://github.com/weidai11/cryptopp/issues/567">Issue 567</A>

+///  <A HREF="https://github.com/weidai11/cryptopp/issues/567">Issue 567</A>,

+///  <A HREF="https://github.com/weidai11/cryptopp/issues/1059">Issue 1059</A>

 /// \since Crypto++ 1.0

 struct ElGamalKeys

 {

 	/// \brief Implements DL_GroupParameters interface

-	typedef DL_CryptoKeys_GFP::GroupParameters GroupParameters;

+	typedef DL_CryptoKeys_ElGamal::GroupParameters GroupParameters;

 	/// \brief Implements DL_PrivateKey interface

-	typedef DL_PrivateKey_ElGamal<DL_CryptoKeys_GFP::PrivateKey> PrivateKey;

+	typedef DL_PrivateKey_ElGamal<DL_CryptoKeys_ElGamal::PrivateKey> PrivateKey;

 	/// \brief Implements DL_PublicKey interface

-	typedef DL_PublicKey_ElGamal<DL_CryptoKeys_GFP::PublicKey> PublicKey;

+	typedef DL_PublicKey_ElGamal<DL_CryptoKeys_ElGamal::PublicKey> PublicKey;

 };

 

 /// \brief ElGamal encryption scheme with non-standard padding