[gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Aug 22 09:38:02 CEST 2022

Niels Möller commented:

I don't see any really easy solution. Some comments:

1. Moving to using mpn interfaces exclusively in Nettle would be nice, but it's not going to happen anytime soon. mpz_t is used in the DSA and RSA implementation, and in many public key interfaces. So first step would be to introduce interfaces that pass byte strings rather than mpz_t bignums.
2. Note that there are also some direct calls to gmp allocation functions, via TMP_GMP_ALLOC.
3. In general I'm not that fond of application level zeroization of sensitive data.  I think it ought to be the job of the operating system to protect the application's memory, by isolation between processes, and by encrypting data with some short-lived key if RAM contents is paged to disk. But I realize that there may still be some need for this, since encrypted paging isn't widely used (as far as I'm aware), and in particular for users that like to save all system state to disk for hibernation, vm migration, or the like. 
4. There are also plenty of temporary stack allocations, which don't have any zeroization.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1072006989
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220822/3d8db043/attachment.html>

More information about the Gnutls-devel mailing list