Last Comment Bug 328228 - mismatches in certutil ECC curves
: mismatches in certutil ECC curves
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: 3.11
: All All
: P2 normal (vote)
: 3.11.1
Assigned To: Nelson Bolyard (seldom reads bugmail)
: Jason Reid
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-22 13:00 PST by jyri
Modified: 2006-02-24 17:46 PST (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Fix the typo "secp169k1" (1.93 KB, patch)
2006-02-22 13:32 PST, Wan-Teh Chang
vipul.gupta: review+
julien.pierre: review+
Details | Diff | Review

Description jyri 2006-02-22 13:00:19 PST
User-Agent:       Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5

certutil has a few mismatches on ECC curve names:

certutil shows a curve "secp169k1" which is a typo, should be secp160k1.

Also noticed that while it has "prime192v1", it doesn't list "prime256v1". This one is less important since both "secp256r1" and "nistp256" are aliases for the same curve so those can be used instead to achieve the same result.

Seems there is some separate mapping table in certutil, which allows these discrepancies to exist. Aside from fixing the typos/details above directly, it'd be best to set up the code so it automatically inherits the available curve names from the list of ones that are implemented. That way there would be no possibility of typos or discrepancies and certutil would always be up to date if in the future curves are added (or removed).


Reproducible: Always

Steps to Reproduce:
certutil -H
Comment 1 Wan-Teh Chang 2006-02-22 13:32:06 PST
Created attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"

The typo "secp169k1" also exists in blapitest.c.

There is indeed a mapping table in certutil.
blapitest has a copy of the same mapping table,
and I recently copied the table to fipstest.
It is a good idea to move the mapping table to
a library.
Comment 2 Wan-Teh Chang 2006-02-22 13:32:57 PST
Please reassign.  Thanks.
Comment 3 Vipul Gupta 2006-02-22 14:06:29 PST
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"

Thanks for taking care of this so quickly.
Comment 4 Wan-Teh Chang 2006-02-22 14:20:04 PST
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"

I checked in this patch on the NSS trunk (3.12) and
NSS_3_11_BRANCH (3.11.1).
Comment 5 Nelson Bolyard (seldom reads bugmail) 2006-02-22 15:56:20 PST
I think this is fixed now.  Reopen if you disagree.
Comment 6 Wan-Teh Chang 2006-02-22 16:01:24 PST
The only remaining issues are to add "prime256v1"
and to move the curve name mapping tables in
bltest, certutil, and fipstest to a library.
You can choose to not fix these.
Comment 7 Wan-Teh Chang 2006-02-24 11:42:26 PST
Comment on attachment 212802 [details] [diff] [review]
Fix the typo "secp169k1"

Julien, to verify that secp169k1 is a typo, search
for "secp169k1" and "secp160k1" in the SEC 2 standard
from SECG:
http://www.secg.org/download/aid-386/sec2_final.pdf.
You can use draft-ietf-tls-ecc-12.txt as a substitute.

Note You need to log in before you can comment on or make changes to this bug.