[sr #108155] GnuTLS doesn't accept passwords larger than 32; NSS and OpenSSL do

anonymous INVALID.NOREPLY at gnu.org
Wed Oct 10 00:42:21 CEST 2012


URL:
  <http://savannah.gnu.org/support/?108155>

                 Summary: GnuTLS doesn't accept passwords larger than 32; NSS
and OpenSSL do
                 Project: GnuTLS
            Submitted by: None
            Submitted on: Tue 09 Oct 2012 10:42:20 PM UTC
                Category: Core library
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: jclinton at google.com
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

> _gnutls_pkcs12_string_to_key():
>      pwlen = strlen (pw);
>    if (pwlen > 63 / 2)
>      {
>        gnutls_assert ();
>        return GNUTLS_E_INVALID_REQUEST;
>      }

Compatibility issue between NSS, OpenSSL and GnuTLS. Because of the above
snippet, passwords larger than 32 characters work fine in the former two; fail
in GnuTLS.





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108155>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





More information about the Gnutls-devel mailing list