[gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Aug 21 18:52:32 CEST 2022




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071554068

Daiki Ueno @dueno wrote
> the current alternatives under discussion are:
>
> -   switch mpz_ usage in Nettle and GnuTLS to using the low-level mpn_ functions, and implement zeroization directly
> -   link to a static library of GMP so the call to mp_set_memory_functions doesn't affect other GMP users
>
>While the former would be better in the long run, it would require significant effort in porting. The latter would be simpler, though it would slightly increase the library size (see !1635 and the example usage in nettle and gnutls packages in CentOS Stream 9).

Increased size is not the only downside, any (security, serious, ...) issue in GMP would only be fixed in GnuTLS _if_ it was rebuilt against a fixed version of GMP. (Increased memory usage is another, but less significant point.)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071554068
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220821/2755cad1/attachment.html>


More information about the Gnutls-devel mailing list