Asserts considered harmful (or GMP spills its sensitive information)
nisse at lysator.liu.se
Tue Jan 1 11:44:32 UTC 2019
Vincent Lefevre <vincent at vinc17.net> writes:
> If you
> don't like that, you can write a wrapper library that will sanitize
> all the inputs and implement error processing (e.g. where the return
> value contains an error code and the result, if any), and call this
> library instead of GMP.
Regarding invalid inputs, in the GMP sources, validity checks on
function inputs generally use the ASSERT macro, which is disabled by
default. Non-assert validity checks with a return value are used only
when the check is non-trivial, e.g., for the mpz_invert function which
requires arguments to be co-prime. All easy validity checks (null
pointers, divide by zero, and the like) are left as the responsibility
of the application.
In a few places, GMP sources use ASSERT_ALWAYS. This is for internal
consistency checks, or when deveolopers believe a condition is
arithmetically impossible, but really would like to get a bug report if
that belief turns out to be wrong.
The assert that Jeffrey has hit is in sec_powm.c,
ASSERT_ALWAYS (enb >= windowsize);
As far as I can see, "enb" is the input argument to the win_size function,
and "windowsize" is the return value. I'm waiting for more information,
since it works fine in my build. Possible explanations I see are
1. Invalid configuration of POWM_SEC_TABLE (used by the win_size function).
2. Some general memory-overwrite problem, due to too small scratch
space or something like that.
I interpret this ASSERT_ALWAYS as a way to check that POWM_SEC_TABLE is
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
More information about the gmp-bugs