The default bug view has changed. See this FAQ.

mismatches in certutil ECC curves



11 years ago
11 years ago


(Reporter: jyri, Assigned: Nelson Bolyard (seldom reads bugmail))


Firefox Tracking Flags

(Not tracked)



(1 attachment)



11 years ago
User-Agent:       Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5

certutil has a few mismatches on ECC curve names:

certutil shows a curve "secp169k1" which is a typo, should be secp160k1.

Also noticed that while it has "prime192v1", it doesn't list "prime256v1". This one is less important since both "secp256r1" and "nistp256" are aliases for the same curve so those can be used instead to achieve the same result.

Seems there is some separate mapping table in certutil, which allows these discrepancies to exist. Aside from fixing the typos/details above directly, it'd be best to set up the code so it automatically inherits the available curve names from the list of ones that are implemented. That way there would be no possibility of typos or discrepancies and certutil would always be up to date if in the future curves are added (or removed).

Reproducible: Always

Steps to Reproduce:
certutil -H

Comment 1

11 years ago
Created attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"

The typo "secp169k1" also exists in blapitest.c.

There is indeed a mapping table in certutil.
blapitest has a copy of the same mapping table,
and I recently copied the table to fipstest.
It is a good idea to move the mapping table to
a library.
Attachment #212802 - Flags: review?(vipul.gupta)

Comment 2

11 years ago
Please reassign.  Thanks.
Assignee: wtchang → nelson
Ever confirmed: true

Comment 3

11 years ago
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"

Thanks for taking care of this so quickly.
Attachment #212802 - Flags: review?(vipul.gupta) → review+

Comment 4

11 years ago
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"

I checked in this patch on the NSS trunk (3.12) and
NSS_3_11_BRANCH (3.11.1).

Comment 5

11 years ago
I think this is fixed now.  Reopen if you disagree.
Last Resolved: 11 years ago
OS: Solaris → All
Priority: -- → P2
Hardware: Sun → All
Resolution: --- → FIXED
Target Milestone: --- → 3.11.1
Version: unspecified → 3.11

Comment 6

11 years ago
The only remaining issues are to add "prime256v1"
and to move the curve name mapping tables in
bltest, certutil, and fipstest to a library.
You can choose to not fix these.

Comment 7

11 years ago
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"

Julien, to verify that secp169k1 is a typo, search
for "secp169k1" and "secp160k1" in the SEC 2 standard
from SECG:
You can use draft-ietf-tls-ecc-12.txt as a substitute.
Attachment #212802 - Flags: review?(julien.pierre.bugs)


11 years ago
Attachment #212802 - Flags: review?(julien.pierre.bugs) → review+
You need to log in before you can comment on or make changes to this bug.