Closed Bug 1303986 Opened 8 years ago Closed 8 years ago

Make softoken handle curve 25519 correctly

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: franziskus, Assigned: franziskus)

Details

Attachments

(1 file, 1 obsolete file)

curve25519-followup1.patch
3.17 KB, patch
mt
: review+
Details | Diff | Splinter Review
softoken enables CKA_SIGN for all ec keys by default. This must not be the case for curve 25519.
Attached patch curve25519-followup1.patch (obsolete) — Splinter Review
don't perform sign/verify tests for curve 25519 keys
Attachment #8792891 - Flags: review?(martin.thomson)
Comment on attachment 8792891 [details] [diff] [review] curve25519-followup1.patch Review of attachment 8792891 [details] [diff] [review]: ----------------------------------------------------------------- Where are the tests?
Attachment #8792891 - Flags: review?(martin.thomson)
ok, here with a test. Note that it's necessary to use the database here in order to reproduce the setting as generating a key pair without a db works just fine (there we can set CKA_SIGN properly).
Attachment #8792891 - Attachment is obsolete: true
Attachment #8793304 - Flags: review?(martin.thomson)
Comment on attachment 8793304 [details] [diff] [review] curve25519-followup1.patch Review of attachment 8793304 [details] [diff] [review]: ----------------------------------------------------------------- ::: tests/ec/ectest.sh @@ +20,5 @@ > ############################## ectest_init ############################# > # local shell function to initialize this script > ######################################################################## > > +# set -v -e -x remove @@ +62,5 @@ > + done > + echo "Test sect571r1 key generation using certutil that should fail ..." > + certutil -G -d "${HOSTDIR}" -k ec -q sect571r1 -f "${R_PWFILE}" -z ${NOISE_FILE} > + if [ $? -eq 0 ]; then > + return 1 I confess that I don't know why this curve has to fail. @@ +72,5 @@ > +if [ $? -ne 0 ] ; then > + html_failed "ec(test certutil keygen) test" > +else > + html_passed "ec(test certutil keygen) test" > +fi I'd prefer if you moved the reporting to the function so that you can report with better granularity.
Attachment #8793304 - Flags: review?(martin.thomson) → review+
https://hg.mozilla.org/projects/nss/rev/f308ad30db42
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: