If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Only require NSS_ENABLE_ECC to allow signing data with EC keys

RESOLVED FIXED in 3.15

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
11 years ago
5 years ago

People

(Reporter: Kaspar Brand, Assigned: Wan-Teh Chang)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [SMIME-ECC], URL)

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

11 years ago
Created attachment 252152 [details] [diff] [review]
Patch to enable signing with EC keys when NSS is compiled for Basic ECC

In nss/lib/cryptohi/secsign.c, using an EC key for signing is currently ifdef'ed by NSS_ECC_MORE_THAN_SUITE_B:

 92 #ifndef NSS_ECC_MORE_THAN_SUITE_B
 93     if (key->keyType == ecKey) {
 94         PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
 95         return 0;
 96     }
 97 #endif

(http://lxr.mozilla.org/security/source/security/nss/lib/cryptohi/secsign.c#92)

I believe this should be changed to #ifndef NSS_ENABLE_ECC, as proposed by the attached patch.

Otherwise, several certutil commands don't work for ECC certificates / certificate requests (e.g. -R, cf. the recent thread "ECDSA certs?" on mozilla.dev.tech.crypto), or mod_nss can't really be configured to work with ECDHE_ECDSA (NSS_Initialize() will fail).

Comment 1

11 years ago
I have verified that certutil with using the supported ECDSA does not work without this patch and that the patch seems to at least allow cert requests to be written.

Updated

11 years ago
Assignee: nobody → julien.pierre.boogz

Updated

11 years ago
Attachment #252152 - Flags: superreview?(nelson)
Attachment #252152 - Flags: review+

Updated

11 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
There is a disagreement among some of the contributors to NSS concerning
what operations may be done with ECC without infringing on certain ECC
patents.  Based on http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf ,
some of the contributors have chosen to believe that all uses of ECC, 
except the uses defined in the RFCs for TLS and IPSec, are potentially 
patent infringing.  Consequently, the "Basic ECC" builds that are used in 
all Mozilla clients, use ECC only in the TLS protocol itself, and in cert
signature verification, and use only the curves named in that document.

I expect that one of the developers who holds that position will resolve
this bug WONTFIX.  (I expected that months ago, and still do.)

Any who disagree with that position are free to take it up with the NSS
contributors who hold that position, but NOT IN THIS BUG.  
Comment on attachment 252152 [details] [diff] [review]
Patch to enable signing with EC keys when NSS is compiled for Basic ECC

I find no technical fault with this patch, but I will not give it sr+ while
the controversy remains in dispute, to keep the peace.
Attachment #252152 - Flags: superreview?(nelson)

Comment 4

11 years ago
I am not advocating whether or not Certicom's patent(s) cover a particular use of ECC or what Mozilla should do about it. However:
<blockquote>
Based on http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf ,
some of the contributors have chosen to believe that all uses of ECC, 
except the uses defined in the RFCs for TLS and IPSec, are potentially 
patent infringing.
</blockquote>
To me, that IPR statement says that Certicom believes that some of the uses of ECC in TLS and IPsec would infringe on thir patent(s) and that Certicom may take action against organizations that disagree with them. I am not sure how to read the statement in any other way.
Bob, people are calling for this in the newsgroup again.
There's a reviewed patch.  At this point, I believe RH is holding it up.
I think you agreed to revisit this issue.  Please do.
Assignee: julien.pierre.boogz → rrelyea
Version: trunk → 3.11.1
I think this should be given priority. Without this change, ECC certificates basically don't work in libssl. In particular, you cannot use a ECC client cetificate and you cannot use ECDHE_ECDSA mode.

Also, it is impossible to successfully run the test suite with NSS_ENABLE_ECC unless the testsuite is hacked so that certutil uses its own private copy of softoken built with NSS_ECC_MORE_THAN_SUITE_B. (certutil creates ECC certificates that are used to test the rest of the ECC code.)

Comment 7

7 years ago
May we ask Certicom for clarification, would ECC signing infringe their patents ?

Comment 8

7 years ago
I don't have any opinion on what is or is not infringed by any given patent or on whether any given patent license is compatible with the license(s) under which NSS is distributed, but have Certicom's more recent IPR disclosures been considered with respect to this issue?  Certicom has posted a lot of IPR disclosures to the IETF web site (https://datatracker.ietf.org/ipr) since June 2007, and these more recent disclosures mention many more protocols than were mentioned in http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf.

Comment 9

6 years ago
The above referenced Certicom document is now updated by http://www.certicom.com/images/pdfs/certicom%20-ipr-contribution-to-ietfsept08.pdf (referenced from https://datatracker.ietf.org/ipr/1004/).

It's a similar document to the previous one, the important part is that *it* *extends* the royalty free patent license to the use of ECC inside CMS (and SSH).

AFAIK the only actual use of signature in Mozilla products is in Thunderbird for CMS signing, so that is clearly no more a problem. We might need to find a way to warn other users of NSS wishing to use signature for a different usage than CMS.
Please do not discuss any of those non-technical issues in this bug, in any other bug in bugzilla outside of the Legal component (which you might not be able to access, in which case nobody reading this bug can do anything about it), in any Mozilla mailing list other than mozilla.legal, or in any (private) email to engineers. We are not the ones that deal with that kind of stuff. I don't mean to be unfriendly and I appreciate that you are trying to help, but such comments need to be directed to the appropriate channels. Thanks!
Whiteboard: [SMIME-ECC]

Comment 11

5 years ago
The patch in 838778 is more correct, so I'm closing this bug as a dup of 838778 even though this bug is older.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 838778
(Assignee)

Comment 12

5 years ago
Created attachment 733429 [details] [diff] [review]
Patch to enable signing with EC keys when NSS is compiled for Basic ECC, v2

I got Bob's verbal approval for this change.

https://hg.mozilla.org/projects/nss/rev/0198afefa09a
Attachment #252152 - Attachment is obsolete: true
Attachment #733429 - Flags: review?(rrelyea)
Attachment #733429 - Flags: checked-in+
(Assignee)

Comment 13

5 years ago
Bob: sorry about the mid-air collision.  I was moving my patch
to this bug and converting bug 838778 to a tracking bug.
Assignee: rrelyea → wtc
Blocks: 838778
Priority: -- → P2
Resolution: DUPLICATE → FIXED
Target Milestone: --- → 3.15

Comment 14

5 years ago
Comment on attachment 733429 [details] [diff] [review]
Patch to enable signing with EC keys when NSS is compiled for Basic ECC, v2

r+ rrelyea, though I believe I've r+ an idential patch today in another but.
Attachment #733429 - Flags: review?(rrelyea) → review+
You need to log in before you can comment on or make changes to this bug.