gnutls_rsa_params_export_pkcs1 not thread safe

Nikos Mavrogiannopoulos nmav at
Sat Jul 23 20:30:07 CEST 2011

On 07/23/2011 05:27 PM, Sam Varshavchik wrote:

>> > A long and painful debugging session seems to indicate that the root
>> > of my problems is that gnutls_rsa_params_export_pkcs1() is not thread
>> > safe. I was invoking this function with the same
>> > gnutls_rsa_params_t, concurrently from multiple threads.
>> Thanks, there was some optimization in gnutls_rsa_params_t that caused
>> this issue. The attached patch should fix your problem.
>> However do you really need the gnutls_rsa_params_t? They are only
>> used for the RSA-EXPORT ciphersuites that shouldn't be used normally.
> I know -- this is some middleware that pregenerates temporary RSA keys,
> in case they are actually needed.

A quick fix for that without requiring a new version of gnutls would
be to use a gnutls_x509_privkey_t and generate 512-bit RSA keys to
export. That would be thread safe and equivalent in functionality.


More information about the Gnutls-help mailing list