# mpz_powm_sec not exist in Sage built libgmp.so.16 [closed]

(I already read question/25708/warning-message-when-with-notebook/ and question/25183/powminsecurewarning-how-do-i-rebuild-using-libgmp-5/, here some extra finding about gmp)

With Sage 7.1, I ran

sage: notebook(interface='', port=53432, automatic_login=False, secure=True)

:

/local/redhat/apps/sage-7.1/local/lib/python2.7/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.

_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
:

then looking number.py, line 57 to 58:

if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:

_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

$ ldd /local/redhat/apps/sage-7.1/local/lib/python2.7/site-packages/Crypto/PublicKey/_fastmath.so

linux-vdso.so.1 => (0x00007ffdefd4e000)

libgmp.so.16 => /local/redhat/apps/sage-7.1/local/lib/libgmp.so.16 (0x00007fbcfd25e000)

:

check libgmp.so (built by Sage)

$ nm -D /local/redhat/apps/sage-7.1/local/lib/libgmp.so.16 | grep mpz_powm

000000000002c110 T __gmpz_powm

000000000002ced0 T __gmpz_powm_ui

mpz_powm_sec isn't there, so the warning.

However, libgmp.so come from RHEL7:

nm -D /usr/lib64/libgmp.so.10 | grep mpz_powm

000000000001eef0 T __gmpz_powm

000000000001f9e0 T __gmpz_powm_sec

0000000000020040 T __gmpz_powm_ui

$ rpm -qf /usr/lib64/libgmp.so.10

gmp-6.0.0-12.el7_1.x86_64

Why libgmp built by Sage doesn't have mpz_powm_sec?

In Sage config.log:

configure:7024: result: gmp-5.1.3

In logs/install.log:

checking for __gmpz_init in -lgmp... yes

checking for __gmpz_init in -lmpir... yes

checking whether mpz_powm is declared... yes

checking whether mpz_powm_sec is declared... no

I couldn't find the source code Sage used to build libgmp.

I may find out the solution.

gmp is an optional package to Sage. So,

sage -i gmp

After that libgmp.so.10.1.3 appears in local/lib. Manually update libgmp.so link.Then in the Sage top tree,

make

(this'll take a while, will come back to confirm this fix the warning)

The message "You should rebuild using libgmp >= 5" isn't clear. It'd say "install optional package gmp then rebuild sage".

No, Sage is sort of hard-coded to use mpir, even gmp is present.

Someone please update local/lib/python2.7/site-packages/Crypto/Util/number.py to change the warning.