[git] GCRYPT - branch, LIBGCRYPT-1.8-BRANCH, updated. libgcrypt-1.8.2-13-g1a0289d

by Werner Koch cvs at cvs.gnupg.org
Sun Apr 29 18:19:56 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1.8-BRANCH has been updated
       via  1a0289daa408773e1a6cefb2562288245f49651c (commit)
       via  c5bed9df96337b1553cdcd4a85eec10e78b4d14a (commit)
      from  22db6237de00cafb85c0112073b55d0d750e6b03 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1a0289daa408773e1a6cefb2562288245f49651c
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Apr 29 18:01:24 2018 +0200

    build: Convince gcc not to delete NULL ptr checks.
    
    * configure.ac: Try to use -fno-delete-null-pointer-checks.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit 61dbb7c08ab11c10060e193b52e3e1d2ec6dd062)

diff --git a/configure.ac b/configure.ac
index 5396725..dfcd4ef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1851,8 +1851,19 @@ AC_ARG_ENABLE(optimization,
                          CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
                        fi])
 
+AC_MSG_NOTICE([checking for cc features])
 # CFLAGS mangling when using gcc.
 if test "$GCC" = yes; then
+    AC_MSG_CHECKING([if gcc supports -fno-delete-null-pointer-checks])
+    _gcc_cflags_save=$CFLAGS
+    CFLAGS="-fno-delete-null-pointer-checks"
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
+    AC_MSG_RESULT($_gcc_wopt)
+    CFLAGS=$_gcc_cflags_save;
+    if test x"$_gcc_wopt" = xyes ; then
+       CFLAGS="$CFLAGS -fno-delete-null-pointer-checks"
+    fi
+
     CFLAGS="$CFLAGS -Wall"
     if test "$USE_MAINTAINER_MODE" = "yes"; then
         CFLAGS="$CFLAGS -Wcast-align -Wshadow -Wstrict-prototypes"
@@ -1884,7 +1895,6 @@ if test "$GCC" = yes; then
           CFLAGS="$CFLAGS -Wpointer-arith"
         fi
     fi
-
 fi
 
 # Check whether as(1) supports a noeexecstack feature.  This test

commit c5bed9df96337b1553cdcd4a85eec10e78b4d14a
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Apr 28 18:30:53 2018 +0200

    prime: Avoid rare assertion failure in gcry_prime_check.
    
    * cipher/primegen.c (is_prime): Don't fail on the assert X > 1.
    --
    
    When using gcry_prime_check the function is_prime can be called with
    quite small candidates so there is a real chance that the random X
    values is indeed 0 or 1.  This would trigger the assert.  To avoid
    this we now retry in this case.
    
    Reported-by: Heiko Stamer
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit f3362f10f6f671246c38115ed12b0047966c200e)

diff --git a/cipher/primegen.c b/cipher/primegen.c
index c7977d1..ce5ad3c 100644
--- a/cipher/primegen.c
+++ b/cipher/primegen.c
@@ -935,20 +935,25 @@ is_prime (gcry_mpi_t n, int steps, unsigned int *count)
         }
       else
         {
-          _gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM );
-
-          /* Make sure that the number is smaller than the prime and
-             keep the randomness of the high bit. */
-          if ( mpi_test_bit ( x, nbits-2) )
+          /* We need to loop to avoid an X with value 0 or 1.  */
+          do
             {
-              mpi_set_highbit ( x, nbits-2); /* Clear all higher bits. */
-            }
-          else
-            {
-              mpi_set_highbit( x, nbits-2 );
-              mpi_clear_bit( x, nbits-2 );
+              _gcry_mpi_randomize (x, nbits, GCRY_WEAK_RANDOM);
+
+              /* Make sure that the number is smaller than the prime
+               * and keep the randomness of the high bit. */
+              if (mpi_test_bit (x, nbits-2))
+                {
+                  mpi_set_highbit (x, nbits-2); /* Clear all higher bits. */
+                }
+              else
+                {
+                  mpi_set_highbit (x, nbits-2);
+                  mpi_clear_bit (x, nbits-2);
+                }
             }
-          gcry_assert (mpi_cmp (x, nminus1) < 0 && mpi_cmp_ui (x, 1) > 0);
+          while (mpi_cmp_ui (x, 1) <= 0);
+          gcry_assert (mpi_cmp (x, nminus1) < 0);
 	}
       mpi_powm ( y, x, q, n);
       if ( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) )

-----------------------------------------------------------------------

Summary of changes:
 cipher/primegen.c | 29 +++++++++++++++++------------
 configure.ac      | 12 +++++++++++-
 2 files changed, 28 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org

More information about the Gnupg-commits mailing list