[gnutls-devel] GnuTLS | Null Pointer Dereference in `wrap_nettle_mac_fast()` via `gnutls_hmac_fast()` (#1897)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Jun 5 01:56:07 CEST 2026
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/work_items/1897#note_3424212659
> `gnutls_hmac_fast(GNUTLS_MAC_SHA256, key, sizeof(key), NULL, 1, digest);`
This is an API mis-use, which is out of scope of our threat model: https://gitlab.com/gnutls/gnutls/-/blob/master/SECURITY.md?ref_type=heads#threat-model
If we were to address it, that would be adding an `assert` to be clear that it is a programming error of the application.
Please stop reporting issues in this class of problems.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1897#note_3424212659
You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/5-7t0uol693f10is4mgw9m11pux-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260604/e812c728/attachment.html>
More information about the Gnutls-devel
mailing list