Use of custom memory allocators

Simon Josefsson simon at josefsson.org
Thu Dec 4 20:37:44 CET 2008


Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

>> The real problem however is the use of gcry_set_allocation_handler.
>> This installs a new memory allocator defaulting to to standard
>> malloc/free.  Well, for an application using just gnutls this might not
>> be a problem (unless in FIPS mode).  However if an application is using
>> gnutls directly or indirectly (e.g. through openldap) and also making
>> direct use of libgcrypt this will change the standard Libgcrypt memory
>> allocators or those set by the actual application.  This is a security
>> problem because by using a plain malloc and free it is not anymore
>> guaranteed that all sensitive data is zeroes out as soon as needed.
>> 
>> If you really, really want to set other Libgcrypt allocation handlers,
>> you need to do it in the above initalization block and before setting
>> the finished flag.  (I'll add an extra sentence to the manual.)
>
> To be honest I don't remember why is this code there. I recollect that
> libgcrypt required to set those allocation functions and didn't work
> otherwise but this was literally ages ago :) Can libgcrypt work without
> setting the memory allocation functions?

If I remove that code, using any application that uses the GnuTLS
library with some functions just dies:

jas at mocca:~/src/gnutls/src master$ ./certtool -p
Generating a 2048 bit RSA private key...
Ohhhh jeeee: operation is not possible without initialized secure memory
Aborted
jas at mocca:~/src/gnutls/src master$ 

Is there a recommended way how to resolve this problem?

/Simon




More information about the Gcrypt-devel mailing list