[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libgcrypt brain dead?

On Tue, 09 Mar 2010, Brian May wrote:
> A number of packages, such as openldap have been changed to support
> gnutls, instead of openssl, to avoid licensing issues in openssl.
> However, it appears that gnutls uses libgcrypt, and libgcrypt has
> several serious design issues.
> 1. libgcrypt doesn't cleanup properly on dlclose, and apparently won't
> fix the problem:


> 2. libgcrypt drops root privileges if called setuid on the assumption
> the only reason the program is setuid root is so it can lock memory.

Requirements for a core library that is going to be linked by other core
libraries, and used in NSS modules:

1. All public symbols MUST be versioned;

2. Must be thread-safe, and fully reentrant both at the function and at
   the _library_ level;

3. The entire library must work using contexts passed at every function
   call that needs one;

4. Must not change any global attributes of the process or of any other
   libraries it uses;

5. Must not link to any library that doesn't implement the above;

This is _hard_.  I am sure I forgot some...

> What is the solution? Should we go back to using openssl, at least
> with libraries such as openldap that are commonly used in pam and nss
> modules?

We'd have to move gnutls to some proper crypto library that behaves like
a proper library should, to really fix it.  And that does assume gnutls
itself does it properly...

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: