Asserts considered harmful (or GMP spills its sensitive information)
tg at gmplib.org
Thu Jan 3 21:46:18 UTC 2019
Jeffrey Walton <noloader at gmail.com> writes:
Here's what I witness on a BananaPi and a couple of other boards. Can
you provide info on the ARM boards you are using? I have about 8 of
them for testing, and I may be able to duplicate your [successful]
Marco and others have told you to read the GMP manual. People have
explained what you do wrong and it is clear that you know very well why
your CFLAGS messing breaks things. Yet, you insist on spreading the lie
that GMP "does not build".
Returning a failure from mpn_sec_powm would be a most welcomed
You have repeated this several times already.
The GMP API is what it is. If you don't like it, well, we're so sorry.
It would be a welcomed improvement if GMP does it in
other places, too. Crashing is least welcomed behavior for many uses
cases, including those where availability and confidentiality is a
You have repeated this several times, and people have patiently replied
and explained how to handle this safely.
Gracefully handling failure serves several purposes. First, returning
failure is what developers expect to happen.
Really? Did you talk to them?
If a program uses a function incorrectly then it is expected to
fail. Developers are usually good about checking return values at call
I have yet to find one program which checks all return values.
Second, when GMP crashes it is setting a policy for the application.
Any API sets policies.
We've had enough of your nagging and aggressiveness and your threats in
private email. Your messages to the GMP lists will henceforth be
Please encrypt, key id 0xC8601622
More information about the gmp-bugs