2.5.7 gnutls_x509_privkey_generate() returns GNUTLS_E_INVALID_REQUEST

Simon Josefsson simon at josefsson.org
Thu Sep 25 11:45:13 CEST 2008

"Nikos Mavrogiannopoulos" <nmav at gnutls.org> writes:

> I don't like mallocs for short sized buffers I think it is better to
> use a fixed buffer that will have maximum size enough to hold data.

I agree.  Some of the buffers in gnutls_constate.c and gnutls_mpi.c are
arbitrary sized though, but have natural upper limits.  Maybe you could
re-apply your patch without using C99 but instead using some CPP define
that holds the largest possible value?  The gnutls_mpi.c code could
probably use a cut-off, if users request a random mpi larger than, say,
16k bits, then use gnutls_secure_malloc.


More information about the Gnutls-devel mailing list