[re-sent through different SMTP host, since the first one was rejected]
Nelson B wrote:
>> In those, I get "certutil: signing of data failed: security library:
>> invalid algorithm.". For the rest, I get ": An I/O error occurred
>> during security authorization."
>
> Sounds like something isn't right.
Since NSS doesn't currently compile with NSS_ECC_MORE_THAN_SUITE_B, I
guess this here should be changed
(http://lxr.mozilla.org/security/source/security/nss/lib/cryptohi/secsign.c#92):
> 92 #ifndef NSS_ECC_MORE_THAN_SUITE_B
> 93 if (key->keyType == ecKey) {
> 94 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
> 95 return 0;
> 96 }
> 97 #endif
After applying the attached patch,
certutil -R -o ecdsa.req -s "CN=ECDSA" -k ec -q nistp521 -s "CN=ECDSA"
works as intended (as do -q nistp256 and -q nistp384).
Kaspar
Index: mozilla/security/nss/lib/cryptohi/secsign.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v
retrieving revision 1.14.2.3
diff -p -u -r1.14.2.3 secsign.c
--- mozilla/security/nss/lib/cryptohi/secsign.c 28 Apr 2006 03:35:29 -0000
1.14.2.3
+++ mozilla/security/nss/lib/cryptohi/secsign.c 13 Jan 2007 09:06:25 -0000
@@ -157,7 +157,7 @@ SGN_NewContext(SECOidTag alg, SECKEYPriv
return 0;
}
-#ifndef NSS_ECC_MORE_THAN_SUITE_B
+#ifndef NSS_ENABLE_ECC
if (key->keyType == ecKey) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return 0;
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
