I've checked for ifdef on ifndef of NSS_ECC_MORE_THAN_SUITE_B. Ther are
located in several .h and .c files:
- sslimpl.h
- sslcon.c
- ssl3ecc.c
- ssl3con.c
- softkver.h
- secsign.c
- p7decode.c
- nss.h
- fipstest.c
- ecl-curve.h
- ecl.c
- cmssiginfo.c
- certutil.c

Manual patching of files of interest can make things build again, but
can someone answer the following questions:
- What is the reason for not defining all known-curves in ecl-curve.h ?
- What is the reason for intentional breaking of build with
NSS_ECC_MORE_THAN_SUITE_B ( #error)? (is it safe to override this?)
- Is this file already updated in source control (I am using 3.12 release)?
- What are the plans related to support of EC in future releases?
- Is ec supported in 3.12 build shipped with Firefox 3.0.x?

Regards,

Momcilo Majic

Kaspar Brand wrote:
> [re-sent through different SMTP host, since the first one was rejected]
> 
> Nelson B wrote:
>>> In those, I get "certutil: signing of data failed: security library: 
>>> invalid algorithm.". For the rest, I get ": An I/O error occurred 
>>> during security authorization."
>> Sounds like something isn't right.
> 
> Since NSS doesn't currently compile with NSS_ECC_MORE_THAN_SUITE_B, I
> guess this here should be changed
> (http://lxr.mozilla.org/security/source/security/nss/lib/cryptohi/secsign.c#92):
> 
>>  92 #ifndef NSS_ECC_MORE_THAN_SUITE_B
>>  93     if (key->keyType == ecKey) {
>>  94         PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
>>  95         return 0;
>>  96     }
>>  97 #endif
> 
> After applying the attached patch,
> 
>   certutil -R -o ecdsa.req -s "CN=ECDSA" -k ec -q nistp521 -s "CN=ECDSA"
> 
> works as intended (as do -q nistp256 and -q nistp384).
> 
> Kaspar
> 
> 
> 
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to