| From: Kai Engert <k...@kuix.de> | Date: Mon, 01 Dec 2014 15:59:26 +0100 | Subject: [ANNOUNCE] NSS 3.17.3 Release
| NSS 3.17.3 source distributions are also available on ftp.mozilla.org | for secure HTTPS download: | https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_3_RTM/src/ I didn't see any documentation for the API / C functions within the tar ball. Where would it be? Googling doesn't get me much. I can use this to browse the source code: <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_functions> Unfortunately, the code appears opaque to me. For example, I wanted to know what PK11_GenerateKeyPair does: http://mxr.mozilla.org/security/ident?i=PK11_GenerateKeyPair => http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11akey.c#1488 the definition mostly calls PK11_GenerateKeyPairWithFlags http://mxr.mozilla.org/security/ident?i=PK11_GenerateKeyPairWithFlags => http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11akey.c#1477 the definition mostly calls PK11_GenerateKeyPairWithOpFlags http://mxr.mozilla.org/security/ident?i=PK11_GenerateKeyPairWithOpFlags => http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11akey.c#1021 This one is long and hard to read because the browser doesn't render indentation properly. It looks as if the work is passed on to PK11_GenerateKeyPair. But that's where we started! I must have taken a wrong turn. I would find it a lot simpler if there was a man page for each function. I might do better if I understood some of the basic abstractions. Like "slot". Getting even more concrete, I'm reading code that is using this call: privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, &dhp, &pubk, PR_FALSE, PR_TRUE, lsw_return_nss_password_file_info()); pubk seems to be an output parameter (SECKEYPrivateKey*). I cannot tell if it is also an input parameter too: the code sets it to NULL before the call, and I cannot tell if that is redundant. Furthermore, I don't know what this output is. I think that the function is just doing exponentiation and that there should only be one output (in privk). dhp is an input and contains the prime and base (generator) for the exponentiation. I'm sure that this is a dumb / naive set of questions. Just the sort of thing that should be met with the response "Read The Fine Manual". Could you point me towards it? Thanks. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto