Re: Asserts considered harmful (or GMP spills its sensitive information)

2019-01-01 Thread Vincent Lefevre
On 2019-01-01 11:22:56 +0100, Joerg Arndt wrote: > * Vincent Lefevre [Jan 01. 2019 11:11]: > > [...] > > > > > > Second, the SIGABRT terminates the process and can write a core file. > > > > That's the default behavior, but you can trap SIGABRT if you want. > > From man 3 abort: > If the

Re: Asserts considered harmful (or GMP spills its sensitive information)

2019-01-01 Thread Jeffrey Walton
On Mon, Dec 31, 2018 at 2:16 PM Vincent Lefevre wrote: > > On 2018-12-31 13:03:27 -0500, Jeffrey Walton wrote: > > The GMP library uses asserts to crash a program at runtime when > > presented with data it did not expect. The library also ignores user > > requests to remove asserts using Posix's

Re: [oss-security] Asserts considered harmful (or GMP spills its sensitive information)

2019-01-01 Thread Matthew Fernandez
> On Dec 31, 2018, at 11:38, Jeffrey Walton wrote: > > On Mon, Dec 31, 2018 at 2:16 PM Vincent Lefevre > wrote: >> >> On 2018-12-31 13:03:27 -0500, Jeffrey Walton wrote: > >>> This is the first point of unwanted data egress. Sensitive information >>> like user

Re: [ADMIN] Foul language and swearwords

2019-01-01 Thread Niels Möller
t...@gmplib.org (Torbjörn Granlund) writes: > We have rejected a couple of messages sent to this list on a recent > subject because they contained profanity. > > Keeping a reasonably civil tone is required on these mailing list. One might also want to refer to the recently published

Re: Asserts considered harmful (or GMP spills its sensitive information)

2019-01-01 Thread Niels Möller
Jeffrey Walton writes: > The GMP library uses asserts to crash a program at runtime when > presented with data it did not expect. The library also ignores user > requests to remove asserts using Posix's -DNDEBUG. Posix asserts are a > deugging aide intended for developement, and using them in

Re: Asserts considered harmful (or GMP spills its sensitive information)

2019-01-01 Thread Vincent Lefevre
On 2018-12-31 14:38:17 -0500, Jeffrey Walton wrote: > On Mon, Dec 31, 2018 at 2:16 PM Vincent Lefevre wrote: > > > > On 2018-12-31 13:03:27 -0500, Jeffrey Walton wrote: > > > The GMP library uses asserts to crash a program at runtime when > > > presented with data it did not expect. The library

Re: mini-gmp: error: no previous prototype for 'mpz_lucas_mod'

2019-01-01 Thread Niels Möller
"Marco Bodrato" writes: > The wrapper you propose is more elegant than the workaround I used. > I removed the _TESTING definition and pushed it: > > https://gmplib.org/repo/gmp/rev/14649658a790 Thanks! Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.

Re: Asserts considered harmful (or GMP spills its sensitive information)

2019-01-01 Thread Niels Möller
Vincent Lefevre writes: > If you > don't like that, you can write a wrapper library that will sanitize > all the inputs and implement error processing (e.g. where the return > value contains an error code and the result, if any), and call this > library instead of GMP. Regarding invalid inputs,

Re: Asserts considered harmful (or GMP spills its sensitive information)

2019-01-01 Thread Torbjörn Granlund
The assert that Jeffrey has hit is in sec_powm.c, ASSERT_ALWAYS (enb >= windowsize); As far as I can see, "enb" is the input argument to the win_size function, and "windowsize" is the return value. I'm waiting for more information, since it works fine in my build. Possible