Hans Leidekker (@hans) commented about dlls/crypt32/pfx.c:
+ CertFreeCertificateContext( cert ); + return FALSE; + } + } + } + + params.cert_data = cert ? cert->pbCertEncoded : NULL; + params.cert_size = cert ? cert->cbCertEncoded : 0; + params.key_blob = key_blob; + params.key_blob_size = key_blob ? key_blob_size : 0; + params.password = password; + + /* GnuTLS encrypts the private key with a random salt, so the output + * size can vary between calls. Export once into a temporary buffer + * and handle the size query / copy on the Windows side. */ + { Right, and if you run the test multiple times it will occasionally fail. Output size appears to randomly vary up to 8 bytes in size and if the size query returns a smaller size then the next regular call needs it fails. I did some tests on Windows and while the size doesn't vary there's a fixed additional 8 bytes returned for the buffer size query. We can avoid the failures by also adding 8 bytes to the query size.
Then there's a quirk where native will return failure but still set last error to ERROR_SUCCESS when a buffer is supplied but the buffer size is too small. I have modified your patch according to my findings and pushed it here: https://gitlab.winehq.org/hans/wine/-/commit/339917e34c249eefa5accefd5c423fa... Feel free to take it if you agree. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10532#note_134913