Asserts considered harmful (or GMP spills its sensitive information)

Niels Möller nisse at
Tue Jan 1 11:44:32 UTC 2019

Vincent Lefevre <vincent at> writes:

> If you
> don't like that, you can write a wrapper library that will sanitize
> all the inputs and implement error processing (e.g. where the return
> value contains an error code and the result, if any), and call this
> library instead of GMP.

Regarding invalid inputs, in the GMP sources, validity checks on
function inputs generally use the ASSERT macro, which is disabled by
default. Non-assert validity checks with a return value are used only
when the check is non-trivial, e.g., for the mpz_invert function which
requires arguments to be co-prime. All easy validity checks (null
pointers, divide by zero, and the like) are left as the responsibility
of the application.

In a few places, GMP sources use ASSERT_ALWAYS. This is for internal
consistency checks, or when deveolopers believe a condition is
arithmetically impossible, but really would like to get a bug report if
that belief turns out to be wrong.

The assert that Jeffrey has hit is in sec_powm.c, 

  ASSERT_ALWAYS (enb >= windowsize);

As far as I can see, "enb" is the input argument to the win_size function,
and "windowsize" is the return value. I'm waiting for more information,
since it works fine in my build. Possible explanations I see are

1. Invalid configuration of POWM_SEC_TABLE (used by the win_size function).

2. Some general memory-overwrite problem, due to too small scratch
   space or something like that.

I interpret this ASSERT_ALWAYS as a way to check that POWM_SEC_TABLE is


Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.

More information about the gmp-bugs mailing list