Drift between libgmp and gpg's version

Werner Koch wk at gnupg.org
Sun Oct 3 19:58:30 CEST 1999

Jason Gunthorpe <jgg at ualberta.ca> writes:

> It just came to my attention that GnuPG's modified version of gmp doesn't
> include some of the patches to the assembly core that we at Debian use.

I tried to figure out from where to get the latest GMP release but it
seems, that 2.0.2 is still the latest avaible from the FSF.

I have not looked into the Debian sources (I gave my last CDs away to
friend, who is working on a Logo and found no time to download them)
and frankly, I need an FSF version.

> Werner, have you thought about not using a full gmp with only some
> modified portions, but instead linking to the system gmp for the routines
> that are common? Probably enabled by a configure option or somesuch.

Yes but I won't do it.  The MPI functions from GnuPG are hacked all
over the way to allow for this non-swapable memory (e.g. can't use alloca)
and have been extended with some very crypto realted functions.  The
MPI library used by GnuPG is only a fraction of the whole GMP stuff.

> Even better would be to just get the gmp upstream to integrate a means to
> do secured allocations, lots of crypto stuff would benifit from that.

I think it is mucht to complicate to audit a GMP with the needed
enhancements for GnuPG. 

We really need to have support for new CPUs and the patches needed for
the new -O s (longlong.h).

Werner Koch at guug.de           www.gnupg.org           keyid 621CC013

More information about the Gnupg-devel mailing list