Use of custom memory allocators
simon at josefsson.org
Thu Dec 4 20:37:44 CET 2008
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>> The real problem however is the use of gcry_set_allocation_handler.
>> This installs a new memory allocator defaulting to to standard
>> malloc/free. Well, for an application using just gnutls this might not
>> be a problem (unless in FIPS mode). However if an application is using
>> gnutls directly or indirectly (e.g. through openldap) and also making
>> direct use of libgcrypt this will change the standard Libgcrypt memory
>> allocators or those set by the actual application. This is a security
>> problem because by using a plain malloc and free it is not anymore
>> guaranteed that all sensitive data is zeroes out as soon as needed.
>> If you really, really want to set other Libgcrypt allocation handlers,
>> you need to do it in the above initalization block and before setting
>> the finished flag. (I'll add an extra sentence to the manual.)
> To be honest I don't remember why is this code there. I recollect that
> libgcrypt required to set those allocation functions and didn't work
> otherwise but this was literally ages ago :) Can libgcrypt work without
> setting the memory allocation functions?
If I remove that code, using any application that uses the GnuTLS
library with some functions just dies:
jas at mocca:~/src/gnutls/src master$ ./certtool -p
Generating a 2048 bit RSA private key...
Ohhhh jeeee: operation is not possible without initialized secure memory
jas at mocca:~/src/gnutls/src master$
Is there a recommended way how to resolve this problem?
More information about the Gcrypt-devel