<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: 0.875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>
<div class="content">
<p style="color: #777777;">
<a href="https://gitlab.com/nielsmoller" style="color: #1068bf;">Niels Möller</a>
<a href="https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1072006989" style="color: #1068bf;">commented</a>:
</p>
<div class="md" style="color: #303030; word-wrap: break-word;">
<p dir="auto" style="color: #303030; margin: 0 0 16px;" align="initial">I don't see any really easy solution. Some comments:</p>
<ol dir="auto" style="text-align: initial; margin: 0; padding: 0;">
<li style="margin-top: 0; line-height: 1.6em; margin-left: 25px; padding-left: 3px;">Moving to using mpn interfaces exclusively in Nettle would be nice, but it's not going to happen anytime soon. mpz_t is used in the DSA and RSA implementation, and in many public key interfaces. So first step would be to introduce interfaces that pass byte strings rather than mpz_t bignums.</li>
<li style="line-height: 1.6em; margin-left: 25px; padding-left: 3px;">Note that there are also some direct calls to gmp allocation functions, via TMP_GMP_ALLOC.</li>
<li style="line-height: 1.6em; margin-left: 25px; padding-left: 3px;">In general I'm not that fond of application level zeroization of sensitive data. I think it ought to be the job of the operating system to protect the application's memory, by isolation between processes, and by encrypting data with some short-lived key if RAM contents is paged to disk. But I realize that there may still be some need for this, since encrypted paging isn't widely used (as far as I'm aware), and in particular for users that like to save all system state to disk for hibernation, vm migration, or the like.</li>
<li style="line-height: 1.6em; margin-left: 25px; padding-left: 3px;">There are also plenty of temporary stack allocations, which don't have any zeroization.</li>
</ol>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1072006989" style="color: #1068bf;">view it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com" style="color: #1068bf;">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/5dd49963e74ddbe563241144d9f52b93/unsubscribe" target="_blank" rel="noopener noreferrer" style="color: #1068bf;">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link" style="color: #1068bf;">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link" style="color: #1068bf;">Help</a>
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1072006989"}}</script>
</p>
</div>
</body>
</html>