Drift between libgmp and gpg's version
wk at gnupg.org
Sun Oct 3 19:58:30 CEST 1999
Jason Gunthorpe <jgg at ualberta.ca> writes:
> It just came to my attention that GnuPG's modified version of gmp doesn't
> include some of the patches to the assembly core that we at Debian use.
I tried to figure out from where to get the latest GMP release but it
seems, that 2.0.2 is still the latest avaible from the FSF.
I have not looked into the Debian sources (I gave my last CDs away to
friend, who is working on a Logo and found no time to download them)
and frankly, I need an FSF version.
> Werner, have you thought about not using a full gmp with only some
> modified portions, but instead linking to the system gmp for the routines
> that are common? Probably enabled by a configure option or somesuch.
Yes but I won't do it. The MPI functions from GnuPG are hacked all
over the way to allow for this non-swapable memory (e.g. can't use alloca)
and have been extended with some very crypto realted functions. The
MPI library used by GnuPG is only a fraction of the whole GMP stuff.
> Even better would be to just get the gmp upstream to integrate a means to
> do secured allocations, lots of crypto stuff would benifit from that.
I think it is mucht to complicate to audit a GMP with the needed
enhancements for GnuPG.
We really need to have support for new CPUs and the patches needed for
the new -O s (longlong.h).
Werner Koch at guug.de www.gnupg.org keyid 621CC013
More information about the Gnupg-devel