[Help-gnutls] Re: PKCS#8 incompatibility? between OpenSSL and GnuTLS

Simon Josefsson simon at josefsson.org
Wed Jun 10 16:24:12 CEST 2009


Hi Tomas.  I identified the problem, and it happens when an addition in
the PKCS#12 string-to-key algorithm results in a small result due to MSB
being 00, which happens on average for 1 out of 128 random inputs -- not
1 out of 256 because the code is run in a loop that does two iterations,
so the problem is triggered if the MSB is 00 in either loop.

See patch:
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=dc901197329570394d75d82a5e9d82f17f56106a

This patch will be part of the soon to be released v2.8.1.

Thanks again for the good bug report of an interesting problem.

/Simon





More information about the Gnutls-help mailing list