oss-sec mailing list archives
Re: Asserts considered harmful (or GMP spills its sensitive information)
From: tg () gmplib org (Torbjörn Granlund)
Date: Thu, 03 Jan 2019 22:46:18 +0100
Jeffrey Walton <noloader () gmail com> writes: Here's what I witness on a BananaPi and a couple of other boards. Can you provide info on the ARM boards you are using? I have about 8 of them for testing, and I may be able to duplicate your [successful] result. Marco and others have told you to read the GMP manual. People have explained what you do wrong and it is clear that you know very well why your CFLAGS messing breaks things. Yet, you insist on spreading the lie that GMP "does not build". Returning a failure from mpn_sec_powm would be a most welcomed improvement. You have repeated this several times already. The GMP API is what it is. If you don't like it, well, we're so sorry. It would be a welcomed improvement if GMP does it in other places, too. Crashing is least welcomed behavior for many uses cases, including those where availability and confidentiality is a concern. You have repeated this several times, and people have patiently replied and explained how to handle this safely. Gracefully handling failure serves several purposes. First, returning failure is what developers expect to happen. Really? Did you talk to them? If a program uses a function incorrectly then it is expected to fail. Developers are usually good about checking return values at call sites. I have yet to find one program which checks all return values. Second, when GMP crashes it is setting a policy for the application. Any API sets policies. We've had enough of your nagging and aggressiveness and your threats in private email. Your messages to the GMP lists will henceforth be automatically discarded. -- Torbjörn Please encrypt, key id 0xC8601622
Current thread:
- Re: Asserts considered harmful (or GMP spills its sensitive information), (continued)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Vincent Lefevre (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Torbjörn Granlund (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 06)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 06)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Vincent Lefevre (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 03)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Torbjörn Granlund (Jan 03)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 03)