Hi Hanno, thanks for your feedback. That's a great use-case of ecl as standalone library. Removal of ecl as a library is part of a bigger effort to clean up NSS and make it easier to use.
As far as I can see the low level elliptic curve calculation functions > aren't exposed as public functions in NSS itself. You're right. But dropping ecl builds goes together with the work in [1], which allows you to build NSS with FREEBL_TEST=1 (the exact name might change) that provides you with an NSS build (a freebl library) that exposes all internal functions. This makes testing of NSS (in particular freebl internals) simpler and allows you to do for example the things you used the standalone ecl library for. Would this work for you? The only difference would be the library you link against and that you have to build all of NSS. Cheers, Franziskus [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1253910 On Tue, May 31, 2016 at 3:05 AM, Hanno Böck <ha...@hboeck.de> wrote: > Hi, > > On Thu, 26 May 2016 11:27:04 +0200 > Franziskus Kiefer <fkie...@mozilla.com> wrote: > > > we intend to drop support for standalone ecl builds in NSS [1]. Before > > doing this we'd like to get feedback if anyone's still doing this. > > > > So if you're still building ecl, please let us know. > > I recently used the ecl standalone build to fuzz elliptic curve > implementations. While this didn't find bugs in nss, it found a couple > in another TLS implementation (Nettle) [1]. > > The fuzzing code is here: > https://github.com/hannob/bignum-fuzz/blob/master/point-fuzz.c > > As far as I can see the low level elliptic curve calculation functions > aren't exposed as public functions in NSS itself. Therefore removing the > possibility to build libecl would make it significantly harder to test > the underlying functionality. Therefore I'd strongly oppose removing it > unless there is any alternative for testing that's equally simple and > that I'm not aware of. > > [1] > > https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: BBB51E42 > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
