oss-sec mailing list archives
Re: Asserts considered harmful (or GMP spills its sensitive information)
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 1 Jan 2019 11:49:02 -0500
On Tue, Jan 1, 2019 at 11:45 AM Jeffrey Walton <noloader () gmail com> wrote:
On Tue, Jan 1, 2019 at 11:19 AM Torbjörn Granlund <tg () gmplib org> wrote:The assert that Jeffrey has hit is in sec_powm.c, ASSERT_ALWAYS (enb >= windowsize); As far as I can see, "enb" is the input argument to the win_size function, and "windowsize" is the return value. I'm waiting for more information, since it works fine in my build. Possible explanations I see are A reasonable assumption is that this user has modified the sources to cause this bug. The motive would be to support his auxesis about how insecure GMP is.My bad, I did not mean to imply this was a problem with GMP only. GMP has a lot of company, like GnuPG and OpenSSL.
s/OpenSSL/libsodium/
Current thread:
- Re: Disabling ptrace, (continued)
- Re: Disabling ptrace Niels Möller (Jan 02)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Simon McVittie (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) halfdog (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 02)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) halfdog (Jan 02)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Simon McVittie (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Vincent Lefevre (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Torbjörn Granlund (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 06)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 06)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 03)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Torbjörn Granlund (Jan 03)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 03)