[Help-gnutls] Re: PKCS#8 incompatibility? between OpenSSL and GnuTLS

Simon Josefsson simon at josefsson.org
Wed Jun 10 16:24:12 CEST 2009

Hi Tomas.  I identified the problem, and it happens when an addition in
the PKCS#12 string-to-key algorithm results in a small result due to MSB
being 00, which happens on average for 1 out of 128 random inputs -- not
1 out of 256 because the code is run in a loop that does two iterations,
so the problem is triggered if the MSB is 00 in either loop.

See patch:

This patch will be part of the soon to be released v2.8.1.

Thanks again for the good bug report of an interesting problem.


More information about the Gnutls-help mailing list