|
|
The GMP computers are maintained by a single person on a volunteer basis. The ongoing Intel CPU bug debacle with Meltdown, Spectre, Foreshadow, MDS, the jCC/cache-line bug, Fallout, LVI, Portsmash, etc, etc, and the ME backdoor is making the main GMP server far from as secure as we'd like it to be.
The system which runs this web server as well as mail server, mailing list server, firewall, etc, has an Intel E5-1650 v2 which is affected by most of the bugs/backdoors mentioned above. Please keep that in mind when using the resources here.
Please understand that we don't take security lightly, but that we effectively are DoS'ed by sloppy/malicious engineering.
Thanks to a very generous donation from Christian Calderon, the GMP project now has a brand new, AMD Epyc server which will replace the old server. This is great for GMP, not only because of the old server's hardware security issues, but also since the new server is 3x more powerful than the old one.
The new server will be replacing the old server as soon as we have had time to install all subsystems, which we expect will happen by mid April.
Here are the specs of the system Christian has given us:
- Supermicro barebone 1114S-WTRT
- AMD Epyc 7402P 24-core CPU
- 256 GiB of ECC RAM
- 1.6 TB PCIe SSD disk (Samsung PM1735)
GMP is a free library for arbitrary precision arithmetic, operating on signed integers, rational numbers, and floating-point numbers. There is no practical limit to the precision except the ones implied by the available memory in the machine GMP runs on. GMP has a rich set of functions, and the functions have a regular interface.
The main target applications for GMP are cryptography applications and research, Internet security applications, algebra systems, computational algebra research, etc.
GMP is carefully designed to be as fast as possible, both for small operands and for huge operands. The speed is achieved by using fullwords as the basic arithmetic type, by using fast algorithms, with highly optimised assembly code for the most common inner loops for a lot of CPUs, and by a general emphasis on speed.
The first GMP release was made in 1991. It is continually developed and maintained, with a new release about once a year.
Since version 6, GMP is distributed under the dual licenses, GNU LGPL v3 and GNU GPL v2. These licenses make the library free to use, share, and improve, and allow you to pass on the result. The GNU licenses give freedoms, but also set firm restrictions on the use with non-free programs.
GMP is part of the GNU project. For more information about the GNU project, please see the official GNU web site.
GMP's main target platforms are Unix-type systems, such as GNU/Linux, Solaris, HP-UX, Mac OS X/Darwin, BSD, AIX, etc. It also is known to work on Windows in both 32-bit and 64-bit mode.
GMP is brought to you by a team listed in the manual.
GMP is carefully developed and maintained, both technically and legally. We of course inspect and test contributed code carefully, but equally importantly we make sure we have the legal right to distribute the contributions, meaning users can safely use GMP. To achieve this, we will ask contributors to sign paperwork where they allow us to distribute their work.
There are several categories of functions in GMP:
mpz
). There are about 150
arithmetic and logic functions in this category. mpq
). This category consists of
about 35 functions, but all mpz
functions can be used
too, by applying them to the numerator and denominator separately. mpf
). This is the GMP
function category to use if the C type `double' doesn't give enough
precision for an application. There are about 70 functions in this
category. New projects should strongly consider using the much more
complete GMP extension library mpfr
instead of mpf. mpn
category. No memory management is performed; the caller
must ensure enough space is available for the results. The set of
functions is not always regular, nor is the calling interface. These
functions accept input arguments in the form of pairs consisting of a
pointer to the least significant word, and an integral size telling how
many limbs (= words) there are in that argument. The functions in the
other categories call mpn for almost all their calculations. Of these
functions about 60 are public.
GMP 6.2.1 lz, 2020558 bytes xz, 2027316 bytes zstd, 2101289 bytes Main site, gmplib.org, via https gmp-6.2.1.tar.lz gmp-6.2.1.tar.xz gmp-6.2.1.tar.zst USA, ftp.gnu.org, via https gmp-6.2.1.tar.lz gmp-6.2.1.tar.xz gmp-6.2.1.tar.zst
To try to verify that the file you have downloaded has not been tampered with, you can check that the GnuPG signature matches the contents of the file. Use your GnuPG software or a key server directly to get the key that was used for creating the signature. Starting from the repackaging of gmp-5.1.0 as gmp-5.1.0a.tar.* the following key is used to sign GMP releases:
Key ID: 0x28C67298
Key type: 2560 bit RSA
Fingerprint: 343C 2FF0 FBEE 5EC2 EDBE F399 F359 9FF8 28C6 7298
Instead of using a release, you may also get the latest code from the GMP repositories. This will require some more work compared to using a release.
Please first see the manual on how to report bugs. The proper address for bug reports is gmp-bugs at gmplib.org.
Most problems with GMP these days are due to problems not in GMP, but with the compiler used for compiling the GMP sources. This is a major concern to the GMP project, since an incorrect computation is an incorrect computation, whether caused by a GMP bug or a compiler bug. We fight this by making the GMP testsuite have great coverage, so that it should catch every possible miscompilation.
List Subscribe URL Archive URL Purpose gmp-bugs gmplib.org/mailman/listinfo/gmp-bugs gmplib.org/list-archives/gmp-bugs/ Bug reports (not questions!). See manual. gmp-announce gmplib.org/mailman/listinfo/gmp-announce gmplib.org/list-archives/gmp-announce/ Announcements from the developers (very little traffic) gmp-discuss gmplib.org/mailman/listinfo/gmp-discuss gmplib.org/list-archives/gmp-discuss/ Questions, Help, Discussions gmp-devel gmplib.org/mailman/listinfo/gmp-devel gmplib.org/list-archives/gmp-devel/ Technical discussions between developers gmp-commit gmplib.org/mailman/listinfo/gmp-commit gmplib.org/list-archives/gmp-commit/ Commit messages
Note that we perform spam and virus filtering of these lists. The lists have been 100% spam-free during the last years.
We're blocking all mail from PR China, since 99% of the spam arriving to the GMP moderators emanates from PR China. If you are affected but have a legitimate reason to send mail to the GMP project, e.g., if you work at a university or corporation with an interest in GMP, please let us know; we will open access for you.
The current stable release is 6.2.1, released 2020-11-14.
mpn_set_str
is incorrect and
incomplete wrt allocation requirements.
Patch.
mpn_sbpi1_div_qr_sec
and
mpn_sbpi1_div_r_sec
compute incorrect results for some
operands. With uniformly distributed random operands, the error is very
hard to trigger, and for the intended use of these functions, operands can
be expected to appear as such random operands from these functions'
perspective. Patch.
mpz_powm_ui
computes garbage if the base
argument is over 15000 decimal or the mod argument is at least 7500 decimal
digits. No other GMP powm function is affected.
Patch.
distcheck
target which creates a world-writable directory.
This target is not used in the GMP release process, but it is a potential
security problem affecting users who invoke this make target. This
problem (and no other) is corrected in the gmp-5.1.0a.tar.* set of
files. For patches to older GMP versions, please see the Info on older GMP releases.
Please see the GMPng page for information on what we're working on.