Fix bug in _gcry_mpi_tdiv_q_2exp.

* mpi/mpi-internal.h (MPN_COPY_INCR): Make it work.
--

This bug has been with us since the version 0.0.0 of GnuPG.
Fortunately it only affects an optimized code path which is rarely
used in practice: If the shift size matches the size of a
limb (i.e.. 32 or 64); this is is_prime in primegen.c.  Over there the
Rabin-Miller test may fail with a probability of 2^-31 (that is if the
to be tested prime - 1 has the low 32 bits cleared).  In practice the
probability is even much less because we first do a Fermat test on the
randomly generated candidates which sorts out the majority of
composite numbers.

The bug in MPN_COPY_INCR was found by Sven Bjorn.

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit a7a9cdcaaf3979baa18dad51e722882581349f45)

2 files changed, 2 insertions, 1 deletions

diff --git a/THANKS b/THANKS
index 0f47d4fa..6a44eade 100644
--- a/THANKS
+++ b/THANKS
@@ -135,6 +135,7 @@ Steffen Ullrich 	   ccrlphr@xensei.com
 Steffen Zahn		   zahn@berlin.snafu.de
 Steven Bakker		   steven@icoe.att.com
 Susanne Schultz 	   schultz@hsp.de
+Sven Bjorn
 Szakats Istvan             szaki.ms@gmail.com
 Thiago Jung Bauermann	   jungmann@cwb.matrix.com.br
 Thomas Roessler 	   roessler@guug.de
diff --git a/mpi/mpi-internal.h b/mpi/mpi-internal.h
index e75b7c6d..8ba1d79e 100644
--- a/mpi/mpi-internal.h
+++ b/mpi/mpi-internal.h
@@ -92,7 +92,7 @@ typedef int mpi_size_t;        /* (must be a signed type) */
     do {				\
 	mpi_size_t _i;			\
 	for( _i = 0; _i < (n); _i++ )	\
-	    (d)[_i] = (d)[_i];		\
+	    (d)[_i] = (s)[_i];		\
     } while (0)
 
 #define MPN_COPY_DECR( d, s, n ) \