[gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Aug 21 09:35:33 CEST 2022

Daiki Ueno commented:

I agree in general. To ensure zeroization of sensitive materials in GnuTLS/Nettle while not sacrificing the GMP users, the current alternatives under discussion are:
- switch `mpz_` usage in Nettle and GnuTLS to using the low-level [`mpn_`](https://gmplib.org/manual/Low_002dlevel-Functions) functions, and implement zeroization directly
- link to a static library of GMP so the call to `mp_set_memory_functions` doesn't affect other GMP users

While the former would be better in the long run, it would require significant effort in porting. The latter would be simpler, though it would slightly increase the library size (see !1635 and the example usage in [nettle](https://gitlab.com/redhat/centos-stream/rpms/nettle/-/merge_requests/6/) and [gnutls](https://gitlab.com/redhat/centos-stream/rpms/gnutls/-/merge_requests/41) packages in CentOS Stream 9).

Tagging @tobhe @nielsmoller for further feedback.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071468742
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220821/a11d56d3/attachment-0001.html>

More information about the Gnutls-devel mailing list