Closed
Bug 328228
Opened 19 years ago
Closed 19 years ago
mismatches in certutil ECC curves
Categories
(NSS :: Tools, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: jyri, Assigned: nelson)
Details
Attachments
(1 file)
|
1.93 KB,
patch
|
vipul.gupta
:
review+
julien.pierre
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5
certutil has a few mismatches on ECC curve names:
certutil shows a curve "secp169k1" which is a typo, should be secp160k1.
Also noticed that while it has "prime192v1", it doesn't list "prime256v1". This one is less important since both "secp256r1" and "nistp256" are aliases for the same curve so those can be used instead to achieve the same result.
Seems there is some separate mapping table in certutil, which allows these discrepancies to exist. Aside from fixing the typos/details above directly, it'd be best to set up the code so it automatically inherits the available curve names from the list of ones that are implemented. That way there would be no possibility of typos or discrepancies and certutil would always be up to date if in the future curves are added (or removed).
Reproducible: Always
Steps to Reproduce:
certutil -H
|
||
Comment 1•19 years ago
|
||
The typo "secp169k1" also exists in blapitest.c.
There is indeed a mapping table in certutil.
blapitest has a copy of the same mapping table,
and I recently copied the table to fipstest.
It is a good idea to move the mapping table to
a library.
Attachment #212802 -
Flags: review?(vipul.gupta)
|
|
||
Comment 2•19 years ago
|
||
Please reassign. Thanks.
Assignee: wtchang → nelson
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 3•19 years ago
|
||
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"
Thanks for taking care of this so quickly.
Attachment #212802 -
Flags: review?(vipul.gupta) → review+
|
|
||
Comment 4•19 years ago
|
||
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"
I checked in this patch on the NSS trunk (3.12) and
NSS_3_11_BRANCH (3.11.1).
|
Assignee | |
Comment 5•19 years ago
|
||
I think this is fixed now. Reopen if you disagree.
Status: NEW → RESOLVED
Closed: 19 years ago
OS: Solaris → All
Priority: -- → P2
Hardware: Sun → All
Resolution: --- → FIXED
Target Milestone: --- → 3.11.1
Version: unspecified → 3.11
|
|
||
Comment 6•19 years ago
|
||
The only remaining issues are to add "prime256v1"
and to move the curve name mapping tables in
bltest, certutil, and fipstest to a library.
You can choose to not fix these.
|
|
||
Comment 7•19 years ago
|
||
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"
Julien, to verify that secp169k1 is a typo, search
for "secp169k1" and "secp160k1" in the SEC 2 standard
from SECG:
http://www.secg.org/download/aid-386/sec2_final.pdf.
You can use draft-ietf-tls-ecc-12.txt as a substitute.
Attachment #212802 -
Flags: review?(julien.pierre.bugs)
|
||
Updated•19 years ago
|
Attachment #212802 -
Flags: review?(julien.pierre.bugs) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•