oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Asserts considered harmful (or GMP spills its sensitive information)

From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 1 Jan 2019 11:49:02 -0500
On Tue, Jan 1, 2019 at 11:45 AM Jeffrey Walton <noloader () gmail com> wrote:


On Tue, Jan 1, 2019 at 11:19 AM Torbjörn Granlund <tg () gmplib org> wrote:


  The assert that Jeffrey has hit is in sec_powm.c,

    ASSERT_ALWAYS (enb >= windowsize);

  As far as I can see, "enb" is the input argument to the win_size function,
  and "windowsize" is the return value. I'm waiting for more information,
  since it works fine in my build. Possible explanations I see are

A reasonable assumption is that this user has modified the sources to
cause this bug.  The motive would be to support his auxesis about how
insecure GMP is.


My bad, I did not mean to imply this was a problem with GMP only. GMP
has a lot of company, like GnuPG and OpenSSL.


    s/OpenSSL/libsodium/
Previous By Date Next
Previous By Thread Next

Current thread: