User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5 Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5 certutil has a few mismatches on ECC curve names: certutil shows a curve "secp169k1" which is a typo, should be secp160k1. Also noticed that while it has "prime192v1", it doesn't list "prime256v1". This one is less important since both "secp256r1" and "nistp256" are aliases for the same curve so those can be used instead to achieve the same result. Seems there is some separate mapping table in certutil, which allows these discrepancies to exist. Aside from fixing the typos/details above directly, it'd be best to set up the code so it automatically inherits the available curve names from the list of ones that are implemented. That way there would be no possibility of typos or discrepancies and certutil would always be up to date if in the future curves are added (or removed). Reproducible: Always Steps to Reproduce: certutil -H
Created attachment 212802 [details] [diff] [review] Fix the typo "secp169k1" The typo "secp169k1" also exists in blapitest.c. There is indeed a mapping table in certutil. blapitest has a copy of the same mapping table, and I recently copied the table to fipstest. It is a good idea to move the mapping table to a library.
Please reassign. Thanks.
Comment on attachment 212802 [details] [diff] [review] Fix the typo "secp169k1" Thanks for taking care of this so quickly.
Comment on attachment 212802 [details] [diff] [review] Fix the typo "secp169k1" I checked in this patch on the NSS trunk (3.12) and NSS_3_11_BRANCH (3.11.1).
I think this is fixed now. Reopen if you disagree.
The only remaining issues are to add "prime256v1" and to move the curve name mapping tables in bltest, certutil, and fipstest to a library. You can choose to not fix these.
Comment on attachment 212802 [details] [diff] [review] Fix the typo "secp169k1" Julien, to verify that secp169k1 is a typo, search for "secp169k1" and "secp160k1" in the SEC 2 standard from SECG: http://www.secg.org/download/aid-386/sec2_final.pdf. You can use draft-ietf-tls-ecc-12.txt as a substitute.