[gnutls-devel] GnuTLS | RFC: Use custom free/realloc for GMP to safely delete temporary secrets (!1554)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Mar 15 11:52:41 CET 2022



Tobias Heider created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1554

Project:Branches: tobhe/gnutls:gmp_alloc to gnutls/gnutls:master
Author:   Tobias Heider




I am trying to figure out to make sure that all intermediate products of cryptographic operations (e.g. private key generation) are safely zeroized.  FIPS140-3 requires zeroization of all intermediate key generation values as well as the internal RBG state, but I think this would also be useful hardening for normal operation.

gnutls outsources these cryptographic operations to nettle, which in turn uses GMP internally to
store a lot of sensitive data.
The [nettle documentation](http://www.lysator.liu.se/~nisse/nettle/nettle.html#index-rsa_005fprivate_005fkey_005fclear) for the `rsa_private_key_clear()` function mentions that the
caller can change the default behavior by overriding the GMP allocator as described [here](https://gmplib.org/manual/Custom-Allocation#Custom-Allocation).

This MR replaces the GMP `realloc()` and `free()` functions with safe alternatives that use
`explicit_bzero()` to zeroize any discarded memory.

Feedback and ideas for improvement welcome

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1554
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220315/53b6c31a/attachment.html>


More information about the Gnutls-devel mailing list