[git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-112-g5feaf1c

by NIIBE Yutaka cvs at cvs.gnupg.org
Tue Jul 4 02:44:10 CEST 2017


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  5feaf1cc8f22c1f8d19a34850d86fe190f1432e2 (commit)
      from  8725c99ffa41778f382ca97233183bcd687bb0ce (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Jul 4 09:33:46 2017 +0900

    mpi: Fix mpi_set_secure.
    
    * mpi/mpiutil.c (mpi_set_secure): Allocate by ->alloced.
    
    --
    
    The code was simply wrong.  The question is if (1) it allocates
    (possibly) more or (2) modifi ->alloced.  The choice is (1).
    
    Because we have routines of mpi_set_cond and mpi_swap_cond which
    assume no change for the allocated length of limbs, no surprise is
    better.  See _gcry_mpi_ec_mul_point for concrete example for those
    routines.  That's for constant-time computation.
    
    Debian-bug-id: 866964
    Suggested-by: Mark Wooding <mdw at distorted.org.uk>
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index 6dee0b9..3ae84c3 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -256,7 +256,7 @@ mpi_set_secure( gcry_mpi_t a )
       gcry_assert (!ap);
       return;
     }
-  bp = mpi_alloc_limb_space (a->nlimbs, 1);
+  bp = mpi_alloc_limb_space (a->alloced, 1);
   MPN_COPY( bp, ap, a->nlimbs );
   a->d = bp;
   _gcry_mpi_free_limb_space (ap, a->alloced);

-----------------------------------------------------------------------

Summary of changes:
 mpi/mpiutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org




More information about the Gnupg-commits mailing list