├── README.md └── en-us └── docs └── mozilla └── projects └── nss ├── tools ├── vfyserv │ └── index.html ├── nss_tools_signver-tasks │ └── index.html ├── nss_tools_pk12util-tasks │ └── index.html ├── nss_tools_modutil-tasks │ └── index.html ├── nss_tools_dbck-tasks │ └── index.html └── nss_tools_certutil-tasks │ └── index.html ├── troubleshooting └── index.html ├── pkcs11 ├── index.html └── module_installation │ └── index.html ├── reference ├── building_and_installing_nss │ ├── index.html │ ├── sample_manual_installation │ │ └── index.html │ └── installation_guide │ │ └── index.html ├── nss_tools │ └── index.html ├── fc_logout │ └── index.html ├── fc_findobjectsfinal │ └── index.html ├── fc_closesession │ └── index.html ├── fc_getfunctionstatus │ └── index.html ├── fc_cancelfunction │ └── index.html ├── fc_destroyobject │ └── index.html ├── nss_tools__colon__vfyserv │ └── index.html ├── fc_digestinit │ └── index.html ├── fc_getobjectsize │ └── index.html ├── fc_decryptinit │ └── index.html ├── fc_closeallsessions │ └── index.html ├── fc_waitforslotevent │ └── index.html ├── fc_generaterandom │ └── index.html ├── fc_verifyinit │ └── index.html ├── fc_signrecoverinit │ └── index.html ├── fc_getmechanisminfo │ └── index.html ├── fc_verifyfinal │ └── index.html ├── fc_getmechanismlist │ └── index.html ├── fc_verifyrecoverinit │ └── index.html ├── fc_digestkey │ └── index.html ├── fc_setattributevalue │ └── index.html ├── fc_getslotlist │ └── index.html ├── nss_cryptographic_module │ └── index.html ├── fc_getattributevalue │ └── index.html ├── fc_signinit │ └── index.html ├── fc_decryptfinal │ └── index.html ├── fc_seedrandom │ └── index.html ├── fc_encryptfinal │ └── index.html ├── fc_findobjectsinit │ └── index.html ├── fc_createobject │ └── index.html ├── fc_getslotinfo │ └── index.html ├── fc_setpin │ └── index.html ├── fc_digestfinal │ └── index.html ├── fc_findobjects │ └── index.html ├── fc_signupdate │ └── index.html ├── fc_verifyupdate │ └── index.html ├── fc_signfinal │ └── index.html ├── fc_encryptinit │ └── index.html ├── fc_generatekey │ └── index.html ├── fc_digestupdate │ └── index.html ├── fc_getoperationstate │ └── index.html ├── fc_copyobject │ └── index.html ├── fc_encrypt │ └── index.html ├── fc_verify │ └── index.html ├── fc_decrypt │ └── index.html ├── fc_sign │ └── index.html ├── fc_digest │ └── index.html ├── fc_getfunctionlist │ └── index.html ├── fc_signrecover │ └── index.html ├── nss_functions │ └── index.html ├── fc_verifyrecover │ └── index.html ├── fc_derivekey │ └── index.html ├── fc_opensession │ └── index.html ├── fc_decryptupdate │ └── index.html ├── fc_encryptupdate │ └── index.html ├── fc_signencryptupdate │ └── index.html ├── fc_wrapkey │ └── index.html ├── fc_decryptdigestupdate │ └── index.html ├── fc_digestencryptupdate │ └── index.html ├── fc_decryptverifyupdate │ └── index.html ├── nss_key_functions │ └── index.html ├── fc_getsessioninfo │ └── index.html ├── fc_finalize │ └── index.html ├── fc_setoperationstate │ └── index.html ├── fc_initpin │ └── index.html └── fc_unwrapkey │ └── index.html ├── jss └── build_instructions_for_jss_4.4.x │ └── index.html ├── modutil-tasks.html └── index.html ├── nss_tech_notes └── index.html ├── nss_third-party_code └── index.html ├── nss_sample_code └── index.html ├── certverify_log └── index.html ├── new_nss_samples └── index.html ├── nss_3.59.1_release_notes └── index.html ├── nss_3.60.1_release_notes └── index.html ├── nss_3.36.4_release_notes └── index.html ├── cert_findcertbydercert └── index.html ├── nss_3.37.3release_notes └── index.html ├── blank_function └── index.html ├── nss_3.63.1_release_notes └── index.html ├── nss_3.22.3_release_notes └── index.html ├── nss_3.22.1_release_notes └── index.html ├── nss_3.31.1_release_notes └── index.html ├── nss_3.36.5_release_notes └── index.html ├── nss_3.29.3_release_notes └── index.html ├── code_coverage └── index.html ├── nss_3.52.1_release_notes └── index.html ├── nss_3.21.2_release_notes └── index.html ├── deprecated_ssl_functions └── index.html ├── nss_3.53.1_release_notes └── index.html ├── nss_3.44.4_release_notes └── index.html ├── nss_3.64_release_notes └── index.html ├── nss_3.30.1_release_notes └── index.html ├── nss_3.40.1_release_notes └── index.html ├── nss_3.36.6_release_notes └── index.html ├── cert_findcertbyissuerandsn └── index.html └── nss_3.17_release_notes └── index.html /README.md: -------------------------------------------------------------------------------- 1 | # nss-docs 2 | -------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/tools/vfyserv/index.html: -------------------------------------------------------------------------------- 1 |

NSS tools : vfyserv

Coming soon

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/troubleshooting/index.html: -------------------------------------------------------------------------------- 1 |

NSS troubleshooting

On this page, let's collect information on how to troubleshoot NSS at runtime. Debugging tips, how to enable tracing of the various modules, etc.

2 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/pkcs11/index.html: -------------------------------------------------------------------------------- 1 |

PKCS11

PKCS #11 information for implementors of cryptographic modules:

2 | 3 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/building_and_installing_nss/index.html: -------------------------------------------------------------------------------- 1 |

Building and installing NSS

This chapter describes how to build and install NSS.

2 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/tools/nss_tools_signver-tasks/index.html: -------------------------------------------------------------------------------- 1 |

NSS Tools signver-tasks

NSS Security Tools: signver Tasks

Newsgroup: mozilla.dev.tech.crypto

Task List

    2 |
  1. 3 | Remove private hash algortihms and replace with code in 4 | lib/hash, lib/crypto, and
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/tools/nss_tools_pk12util-tasks/index.html: -------------------------------------------------------------------------------- 1 |

NSS Tools pk12util-tasks

NSS Security Tools: pk12util Tasks

Newsgroup: mozilla.dev.tech.crypto

Task List

    2 |
  1. Need to migrate code to use an up-to-date version of NSS. 3 |
    2. 4 |
  2. Use NSS functions in pcertdb for handling older database
    3. 5 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/jss/build_instructions_for_jss_4.4.x/index.html: -------------------------------------------------------------------------------- 1 |

Build instructions for JSS 4.4.x

Build Instructions for JSS 4.4.x

Newsgroup: mozilla.dev.tech.crypto

2 | 3 |

To build JSS see Upstream JSS Build/Test Instructions

4 | 5 |

Next, you should read the instructions on using JSS.

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/tools/nss_tools_modutil-tasks/index.html: -------------------------------------------------------------------------------- 1 |

NSS Tools modutil-tasks

NSS Security Tools: modutil Tasks

Newsgroup: mozilla.dev.tech.crypto

Task List

    2 |
  1. The jar installation script is very fragile with respect to platform definitions (especially version numbers). A fix was made for "HPUX B.11.00," but issues may still arise for platforms like "Linux 2.2.12-20." Documentation needs to be explicit about the use of Fo
    2. 3 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/modutil-tasks.html/index.html: -------------------------------------------------------------------------------- 1 |

modutil-tasks.html

NSS Security Tools: modutil Tasks

Newsgroup: mozilla.dev.tech.crypto

Task List

    2 |
  1. 3 | The jar installation script is very fragile with respect 4 | to platform definitions (especially version numbers). A fix was 5 | made for "HPUX B.11.00," but issues may still arise for platforms 6 | like "Linux 2.2.12-20." Documentation needs to be explicit about 7 | the use of Fo
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/tools/nss_tools_dbck-tasks/index.html: -------------------------------------------------------------------------------- 1 |

NSS Tools dbck-tasks

NSS Security Tools: dbck Tasks

Newsgroup: mozilla.dev.tech.crypto 2 | 3 | 4 |

Task List

    5 |
  1. In analyze mode, there should be an option to create a file containing a graph of the certificate database without any information about the user's certificates (no common names, email addresses, etc.). This file could be mailed to a mail alias to assist in finding the source of database corruption. 6 |
    2. 7 |
  2. The dbck tool should be able to repair a currupted database. There should be command-line options and, perhaps, an interactive mode to allow determine which certificates to keep. 8 |
    3. 9 |
  3. The dbck tool should be able to update a databa
    4. 10 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_tech_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS Tech Notes

Newsgroup: mozilla.dev.tech.crypto

2 |

NSS technical notes provide latest information about new NSS features and supplementary documentation for advanced topics in programming with NSS.

3 |
    4 |
  1. TN1: How to use the NSS ASN.1 and QuickDER decoders.
    2. 5 |
  2. TN2: Using the PKCS #11 Module Logger.
    3. 6 |
  3. TN3: All About Certificate Extensions.
    4. 7 |
  4. TN4: Pulling certificate extension information out of SSL certificates.
    5. 8 |
  5. TN5: Using NSS to perform miscellaneous cryptographic operations.
    6. 9 |
  6. TN6: NSS .chk Files for the FIPS Mode.
    7. 10 |
  7. TN7: RSA Signing and Encryption with NSS.
    8. 11 |
  8. TN8: Background Information on libSSL's Cache Functions and SIDs.
    9. 12 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_third-party_code/index.html: -------------------------------------------------------------------------------- 1 |

NSS Third-Party Code

This is a list of third-party code included in the NSS repository, broken into two lists: Code that can be compiled into the NSS libraries, and code that is only used for testing.

2 | 3 |

Note that not all code that can be compiled into the NSS libraries necessarily is. Often this is configurable at build time, with various trade-offs.

Compiled In

Used for Tests

Downloaded by certain test tooling

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/nss_tools/index.html: -------------------------------------------------------------------------------- 1 |

NSS Tools Man Pages - work in progress

certutil certutil

2 | 3 |

pk12util pk12util

4 | 5 |

modutil modutil

6 | 7 |

crlutil crlutil

8 | 9 |

cmsutil cmsutil

10 | 11 |

vfychain vfychain

12 | 13 |

vfyserv vfyserv

14 | 15 |

ssltap ssltap

16 | 17 |

This is still a work in progress and in early stages. 

18 | 19 |

These man pages where generated from XML docbook files.

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_logout/index.html: -------------------------------------------------------------------------------- 1 |

FC_Logout

Name

FC_Logout - log a user out from a token. 2 |

Syntax 

CK_RV FC_Logout(
3 |   CK_SESSION_HANDLE hSession
4 | );
5 |

Parameters

hSession
[in] session handle. 6 |

Description

Logs the current user out of a USER_FUNCTIONS session. 7 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/building_and_installing_nss/sample_manual_installation/index.html: -------------------------------------------------------------------------------- 1 |

Sample manual installation


2 | The NSS build system does not include a target to install header files and shared libraries in the system directories, so this needs to be done manually. 3 |

After building NSS with "gmake nss_build_all", the resulting build can be found in the NSS source tree as follows: 4 |

5 | 10 |

where <OBJ-DIR> would vary according to the type of build and the platform. For example, <OBJ-DIR> for a debug build of NSS on the x86 platform with a Linux kernel version 2.6 with glibc would be: Linux2.6_x86_glibc_PTH_DBG.OBJ 11 |

From these directories, you can copy the files to any system (or other) directory. If the destination directories are not what's standard for the system (e.g. /usr/include, /usr/lib and /usr/bin for a Linux system), you need to edit the corresponding environment variables or compiler/linker arguments. 12 |

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_findobjectsfinal/index.html: -------------------------------------------------------------------------------- 1 |

FC_FindObjectsFinal

Name

FC_FindObjectsFinal - terminate an object search. 2 |

Syntax 

CK_RV FC_FindObjectsFinal(
3 |   CK_SESSION_HANDLE hSession,
4 | );
5 |

Parameters

hSession
[in] session handle. 6 |

Description

Clears the object search criteria for a session. 7 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_closesession/index.html: -------------------------------------------------------------------------------- 1 |

FC_CloseSession

Name

FC_CloseSession - close a session opened between an application and a token. 2 |

Syntax 

CK_RV FC_CloseSession(
3 |   CK_SESSION_HANDLE hSession
4 | );
5 |

Parameters

hSession
[in] the session handle to be closed. 6 |

Description

FC_CloseSession closes a session between an application and a token. 7 |

A user may call FC_CloseSession without logging into the token (to assume the NSS User role). 8 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getfunctionstatus/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetFunctionStatus

Name

FC_GetFunctionStatus - get the status of a function running in parallel 2 |

Syntax 

CK_RV FC_GetFunctionStatus(
3 |   CK_SESSION_HANDLE hSession
4 | );
5 |

Parameters

hSession
[in] session handle. 6 |

Description

FC_GetFunctionStatus is a legacy function that simply returns CKR_FUNCTION_NOT_PARALLEL. 7 |

Return value

FC_GetFunctionStatus always returns CKR_FUNCTION_NOT_PARALLEL. 8 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_cancelfunction/index.html: -------------------------------------------------------------------------------- 1 |

FC_CancelFunction

Name

FC_CancelFunction - cancel a function running in parallel 2 |

Syntax 

CK_RV FC_CancelFunction(
3 |   CK_SESSION_HANDLE hSession
4 | );
5 |

Parameters

hSession
[in] session handle. 6 |

Description

Parallel functions are not implemented. FC_CancelFunction is a legacy function that simply returns CKR_FUNCTION_NOT_PARALLEL. 7 |

Return value

FC_CancelFunction always returns CKR_FUNCTION_NOT_PARALLEL. 8 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_destroyobject/index.html: -------------------------------------------------------------------------------- 1 |

FC_DestroyObject

Name

FC_DestroyObject - destroy an object. 2 |

Syntax 

CK_RV FC_DestroyObject(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_OBJECT_HANDLE hObject
 5 | );
 6 |

Parameters

hSession
[in] session handle. 7 |
hObject
[in] object handle. 8 |

Description

FC_DestroyObject destroys an object. 9 |

A user must log into the token (to assume the NSS User role) before destroying a secret or private key object. 10 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/nss_tools__colon__vfyserv/index.html: -------------------------------------------------------------------------------- 1 |

NSS tools : vfyserv

Name

2 |

vfyserv — TBD

3 |

Synopsis

4 |

vfyserv

5 |

Description

6 |

The vfyserv tool verifies a certificate chain

7 |

Options

8 |

Additional Resources

9 |

For information about NSS and other tools related to NSS (like JSS), check
10 | out the NSS project wiki at
11 | [1]http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
12 | directly to NSS code changes and releases.

13 |

Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

14 |

IRC: Freenode at #dogtag-pki

15 |

Authors

16 |

The NSS tools were written and maintained by developers with Netscape, Red
17 | Hat, and Sun.

18 |

Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey
19 | <dlackey@redhat.com>.

20 |

Copyright

21 |

(c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2.

22 |

References

23 |

Visible links
24 | 1. http://www.mozilla.org/projects/security/pki/nss/
25 |

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_digestinit/index.html: -------------------------------------------------------------------------------- 1 |

FC_DigestInit

Name

FC_DigestInit - initialize a message-digest operation. 2 |

Syntax 

CK_RV FC_DigestInit(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism
 5 | );
 6 |

Parameters

hSession
[in] session handle. 7 |
pMechanism
[in] mechanism to be used for the subsequent digest operation. 8 |

Description

FC_DigestInit initializes a message-digest operation. 9 |

A user may call FC_DigestInit without logging into the token (to assume the NSS User role). 10 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/tools/nss_tools_certutil-tasks/index.html: -------------------------------------------------------------------------------- 1 |

NSS Tools certutil-tasks

NSS Security Tools: certutil Tasks

2 | 3 |

Newsgroup: mozilla.dev.tech.crypto
4 | 5 | 6 |

Task List

7 | 8 |
    9 |
  1. Better error reporting. Most certutil errors provide no detail. 10 | Mistakes with command-line options just print a usage message.
    2. 11 | 12 |
  2. Improve certificate listings. Allow for sorting by name and trust. 13 | Sorting by trust will return CA certs first.
    3. 14 | 15 |
  3. Allow listing and lookup of keys by index and nickname.
    4. 16 | 17 |
  4. Improve coherence of key and certificate nicknames.
    5. 18 | 19 |
  5. Remove keys "stranded" without a certificate (except for the imminent 20 | (????) encryption key for password files).
    6. 21 | 22 |
  6. Support importing keys from a file.
    7. 23 | 24 |
  7. Improve hardware token support.
    8. 25 | 26 |
  8. (bugfix) Some certificate extensions cause certutil to crash.
    9. 27 | 28 |
  9. (bugfix) Certificate entries require a serial number; one should be 29 | generated automatically if not provided.
    10. 30 | 31 |
  10. (bugfix) Null password is given to new key3.db; should prompt user for an initial password.
    11. 32 | 33 |
  11. (bugfix) Listing provate keys does not work: requires password 34 | authentication.
    12. 35 | 36 |
  12. (bugfix) Listing certificate extensions has typos and does not provide 37 | much information.
    13. 38 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_sample_code/index.html: -------------------------------------------------------------------------------- 1 |

NSS Sample Code

The collection of sample code here demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc. It also demonstrates some best practices in the application of cryptography.

2 | 3 |

Old samples in the process of being replaced.

4 | 5 |
    6 |
  1. Sample Code 1: Key Generation and Transport Between Servers
    2. 7 |
  2. Sample Code 2: Symmetric Encryption
    3. 8 |
  3. Sample Code 3: Hashing, MAC
    4. 9 |
  4. Sample Code 4: PKI Encryption
    5. 10 |
  5. Sample Code 5: PKI Encryption with a raw public & private key in DER format
    6. 11 |
  6. Sample Code 6: Persistent Symmetric Keys in NSS database
    7. 12 |
13 | 14 |


15 | These are very old examples in need of replacement. See https://bugzilla.mozilla.org/show_bug.cgi?id=490238

16 | 17 |

You are welcome to download the new samples via:

18 | 19 | 
hg clone https://hg.mozilla.org/projects/nss; cd nss; hg update SAMPLES_BRANCH
20 |
21 | 22 |

The new samples: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/New_NSS_Samples

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getobjectsize/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetObjectSize

Name

FC_GetObjectSize - create a copy of an object. 2 |

Syntax 

CK_RV FC_GetObjectSize(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_OBJECT_HANDLE hObject,
 5 |   CK_ULONG_PTR pusSize
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
hObject
[in] object handle. 9 |
pusSize
[out] pointer to location to receive the object's size. 10 |

Description

FC_GetObjectSize gets the size of an object in bytes. 11 |

A user must log into the token (to assume the NSS User role) before getting the size of a secret or private key object. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_decryptinit/index.html: -------------------------------------------------------------------------------- 1 |

FC_DecryptInit

Name

FC_DecryptInit - initialize a decryption operation. 2 |

Syntax 

CK_RV FC_DecryptInit(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hKey
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pMechanism
[in] mechanism to be used for the subsequent decryption operation. 9 |
hKey
[in] handle of the key to be used. 10 |

Description

FC_DecryptInit initializes a decryption operation. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_DecryptInit. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_closeallsessions/index.html: -------------------------------------------------------------------------------- 1 |

FC_CloseAllSessions

Name

FC_CloseAllSessions - close all sessions between an application and a token. 2 |

Syntax 

CK_RV FC_CloseAllSessions(
 3 |   CK_SLOT_ID slotID
 4 |  );
 5 |

Parameters

slotID
[in] the ID of the token's slot. 6 |

Description

FC_CloseAllSessions closes all sessions between an application and the token in the slot with the ID slotID. 7 |

The NSS cryptographic module currently doesn't call the surrender callback function Notify. (See PKCS #11 v2.20 section 11.17.1.) 8 |

A user may call FC_CloseAllSessions without logging into the token (to assume the NSS User role). 9 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_waitforslotevent/index.html: -------------------------------------------------------------------------------- 1 |

FC_WaitForSlotEvent

Name

FC_WaitForSlotEvent - waits for a slot event, such as token insertion or token removal, to occur. 2 |

Syntax 

CK_RV FC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot CK_VOID_PTR pReserved);
 3 |

Parameters

FC_WaitForSlotEvent takes three parameters: 4 |

5 |
6 |
flags 7 |
8 |
pSlot. 9 |
10 |
pReserved. 11 |
12 |
13 |

Description

This function is not supported by the NSS cryptographic module. 14 |

Return value

FC_WaitForSlotEvent always returns CKR_FUNCTION_NOT_SUPPORTED. 15 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_generaterandom/index.html: -------------------------------------------------------------------------------- 1 |

FC_GenerateRandom

Name

FC_GenerateRandom - generate a random number. 2 |

Syntax 

CK_RV FC_GenerateRandom(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pRandomData,
 5 |   CK_ULONG ulRandomLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pRandomData
[out] pointer to the location to receive the random data. 9 |
ulRandomLen
[in] length of the buffer in bytes. 10 |

Description

FC_GenerateRandom generates random data of the specified length. 11 |

A user may call FC_GenerateRandom without logging into the token (to assume the NSS User role). 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_verifyinit/index.html: -------------------------------------------------------------------------------- 1 |

FC_VerifyInit

Name

FC_VerifyInit - initialize a verification operation. 2 |

Syntax 

CK_RV FC_VerifyInit(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hKey
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pMechanism
[in] mechanism to be used for the verification operation. 9 |
hKey
[in] handle of the key to be used. 10 |

Description

FC_VerifyInit initializes a verification operation where the signature is an appendix to the data. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_VerifyInit. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_signrecoverinit/index.html: -------------------------------------------------------------------------------- 1 |

FC_SignRecoverInit

Name

FC_SignRecoverInit - initialize a sign recover operation. 2 |

Syntax 

CK_RV FC_SignRecoverInit(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hKey
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pMechanism
[in] mechanism to be used for the signing operation. 9 |
hKey
[in] handle of the key to be used. 10 |

Description

FC_SignRecoverInit initializes a initializes a signature operation where the (digest) data can be recovered from the signature. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_SignRecoverInit. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getmechanisminfo/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetMechanismInfo

Name

FC_GetMechanismInfo - get information on a particular mechanism. 2 |

Syntax 

CK_RV FC_GetMechanismInfo(
 3 |   CK_SLOT_ID slotID,
 4 |   CK_MECHANISM_TYPE type,
 5 |   CK_MECHANISM_INFO_PTR pInfo
 6 | );
 7 |

Parameters

FC_GetMechanismInfo takes three parameters: 8 |

9 |
slotID 10 |
[Input]
type 11 |
[Input] . 12 |
pInfo 13 |
[Output] . 14 |

Description

FC_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token. 15 |

A user may call FC_GetMechanismInfo without logging into the token (to assume the NSS User role). 16 |

Return value

CKR_OK 17 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_verifyfinal/index.html: -------------------------------------------------------------------------------- 1 |

FC_VerifyFinal

Name

FC_VerifyFinal - finish a multi-part verify operation. 2 |

Syntax 

CK_RV FC_VerifyFinal(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pSignature,
 5 |   CK_ULONG usSignatureLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pSignature
[in] pointer to the buffer which will receive the digest or NULL. 9 |
usSignatureLen
[in] length of the signature in bytes. 10 |

Description

FC_VerifyFinal finishes a multi-part signature verification operation. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_VerifyFinal. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getmechanismlist/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetMechanismList

Name

FC_GetMechanismList - get a list of mechanism types supported by a token. 2 |

Syntax 

CK_RV FC_GetMechanismList(
 3 |   CK_SLOT_ID slotID,
 4 |   CK_MECHANISM_TYPE_PTR pMechanismList,
 5 |   CK_ULONG_PTR pusCount
 6 | );
 7 |

Parameters

FC_GetMechanismList takes three parameters: 8 |

9 |
slotID 10 |
[Input]
pInfo 11 |
[Output] The address of a variable that will receive a pointer to the list of function pointers. 12 |

Description

FC_GetMechanismList obtains a list of mechanism types supported by a token. 13 |

A user may call FC_GetMechanismList without logging into the token (to assume the NSS User role). 14 |

Return value

CKR_OK 15 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_verifyrecoverinit/index.html: -------------------------------------------------------------------------------- 1 |

FC_VerifyRecoverInit

Name

FC_VerifyRecoverInit - initialize a verification operation where data is recoverable. 2 |

Syntax 

CK_RV FC_VerifyRecoverInit(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hKey
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pMechanism
[in] mechanism to be used for verification. 9 |
hKey
[in] handle of the key to be used. 10 |

Description

FC_VerifyRecoverInit initializes a signature verification operation where the (digest) data can be recovered from the signature. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_VerifyRecoverInit. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/certverify_log/index.html: -------------------------------------------------------------------------------- 1 |

NSS CERTVerify Log

CERTVerifyLog

All the NSS verify functions except, the *VerifyNow() functions, take a parameter called 'CERTVerifyLog'. If you supply the log parameter, NSS will continue chain validation after each error . The log tells you what the problem was with the chain and what certificate in the chain failed.

2 |

To create a log:

3 | 
#include "secport.h"
 4 | #include "certt.h"
 5 | 
 6 | CERTVerifyLog *log;
 7 | 
 8 | arena = PORT_NewArena(512);
 9 | log =  PORT_ArenaZNew(arena,log);
10 | log->arena = arena;
11 |
12 |

You can then pass this log into your favorite cert verify function. On return:

13 | 15 |

Each entry is a CERTVerifyLogNode. Defined in certt.h:

16 | 
/*
17 |  * This structure is used to keep a log of errors when verifying
18 |  * a cert chain.  This allows multiple errors to be reported all at
19 |  * once.
20 |  */
21 | struct CERTVerifyLogNodeStr {
22 |   CERTCertificate *cert;      /* what cert had the error */
23 |   long error;                 /* what error was it? */
24 |   unsigned int depth;         /* how far up the chain are we */
25 |   void *arg;                  /* error specific argument */
26 |   struct CERTVerifyLogNodeStr *next; /* next in the list */
27 |   struct CERTVerifyLogNodeStr *prev; /* next in the list */
28 | };
29 |
30 |

The list is a doubly linked NULL terminated list sorted from low to high based on depth into the cert chain. When you are through, you will need to walk the list and free all the cert entries, then free the arena.

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_digestkey/index.html: -------------------------------------------------------------------------------- 1 |

FC_DigestKey

Name

FC_DigestKey - add the digest of a key to a multi-part digest operation. 2 |

Syntax 

CK_RV FC_DigestKey(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_OBJECT_HANDLE hKey
 5 | );
 6 |

Parameters

hSession
[in] session handle. 7 |
hKey
[in] handle of the key to be digested. 8 |

Description

FC_DigestKey continues a multi-part digest operation by digesting the value of a secret key. The digest for the entire message is returned by a call to FC_DigestFinal. 9 |

A user must log into the token (to assume the NSS User role) before calling FC_DigestKey. 10 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_setattributevalue/index.html: -------------------------------------------------------------------------------- 1 |

FC_SetAttributeValue

Name

FC_SetAttributeValue - set the values of attributes of an object. 2 |

Syntax 

CK_RV FC_SetAttributeValue(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_OBJECT_HANDLE hObject,
 5 |   CK_ATTRIBUTE_PTR pTemplate,
 6 |   CK_ULONG usCount
 7 | );
 8 |

Parameters

hSession
[in] session handle. 9 |
hObject
[in] object handle. 10 |
pTemplate
[in, out] pointer to template. 11 |
usCount
[in] number of attributes in the template. 12 |

Description

FC_SetAttributeValue sets the value of one or more attributes of an object. 13 |

A user must log into the token before setting the attribute values of a secret or private key object. 14 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getslotlist/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetSlotList

Name

FC_GetSlotList - Obtain a list of slots in the system. 2 |

Syntax 

CK_RV FC_GetSlotList(
 3 |   CK_BBOOL tokenPresent,
 4 |   CK_SLOT_ID_PTR pSlotList,
 5 |   CK_ULONG_PTR pulCount
 6 | );
 7 |

Parameters

tokenPresent 8 |
[in] If true only slots with a token present are included in the list, otherwise all slots are included. 9 |
pSlotList 10 |
[out] Either null or a pointer to an existing array of CK_SLOT_ID objects. 11 |
pulCount 12 |
[out] Pointer to a CK_ULONG variable which receives the slot count.; 13 |

Description

FC_GetSlotList obtains a list of slots in the system.

A user may call FC_GetSlotList without logging into the token (to assume the NSS User role). 14 |

Return value

CKR_OK 15 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/nss_cryptographic_module/index.html: -------------------------------------------------------------------------------- 1 |

NSS cryptographic module

This chapter describes the data types and functions that one can use to perform cryptographic operations with the NSS cryptographic module. The NSS cryptographic module uses the industry standard PKCS #11 v2.20 as its API with some extensions. Therefore, an application that supports PKCS #11 cryptographic tokens can be easily modified to use the NSS cryptographic module.

2 | 3 |

The NSS cryptographic module has two modes of operation: the non-FIPS (default) mode and FIPS mode. The FIPS mode is an Approved mode of operation compliant to FIPS 140-2. Both modes of operation use the same data types but are implemented by different functions.

4 | 5 | 9 | 10 |

The NSS cryptographic module also exports the function NSC_ModuleDBFunc for managing the NSS module database secmod.db. The following sections document the data types and functions.

11 | 12 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getattributevalue/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetAttributeValue

Name

FC_GetAttributeValue - get the value of attributes of an object. 2 |

Syntax 

CK_RV FC_GetAttributeValue(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_OBJECT_HANDLE hObject,
 5 |   CK_ATTRIBUTE_PTR pTemplate,
 6 |   CK_ULONG usCount
 7 | );
 8 |

Parameters

hSession
[in] session handle. 9 |
hObject
[in] object handle. 10 |
pTemplate
[in, out] pointer to template. 11 |
usCount
[in] number of attributes in the template. 12 |

Description

FC_GetAttributeValue gets the value of one or more attributes of an object. 13 |

A user must log into the token (to assume the NSS User role) before getting the attribute values of a secret or private key object. 14 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_signinit/index.html: -------------------------------------------------------------------------------- 1 |

FC_SignInit

Name

FC_SignInit - initialize a signing operation. 2 |

Syntax 

CK_RV FC_SignInit(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hKey
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pMechanism
[in] mechanism to be used for the subsequent signing operation. 9 |
hKey
[in] handle of the key to be used . 10 |

Description

FC_SignInit initializes a signature operation. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_SignInit. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_decryptfinal/index.html: -------------------------------------------------------------------------------- 1 |

FC_DecryptFinal

Name

FC_DecryptFinal - finish a multi-part decryption operation. 2 |

Syntax 

CK_RV FC_DecryptFinal(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pLastPart,
 5 |   CK_ULONG_PTR pusLastPartLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pLastPart
[out] pointer to the location where the last block of recovered data, if any, is to be stored. 9 |
pusLastPartLen
[in,out] pointer to location where the number of bytes of recovered data is to be stored. 10 |

Description

FC_DecryptFinal returns the last block of data of a multi-part decryption operation. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_DecryptFinal. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_seedrandom/index.html: -------------------------------------------------------------------------------- 1 |

FC_SeedRandom

Name

FC_SeedRandom() - mix additional seed material into the random number generator. 2 |

Syntax 

CK_RV FC_SeedRandom(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pSeed,
 5 |   CK_ULONG usSeedLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pSeed
[in] pointer to the seed material 9 |
usSeedLen
[in] length of the seed material in bytes. 10 |

Description

FC_SeedRandom() mixes additional seed material into the token's random number generator. Note that FC_SeedRandom() doesn't provide the initial seed material for the random number generator. The initial seed material is provided by the NSS cryptographic module itself. 11 |


12 | A user may call FC_SeedRandom() without logging into the token (to assume the NSS User role). 13 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_encryptfinal/index.html: -------------------------------------------------------------------------------- 1 |

FC_EncryptFinal

Name

FC_EncryptFinal - finish a multi-part encryption operation. 2 |

Syntax 

CK_RV FC_EncryptFinal(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pLastEncryptedPart,
 5 |   CK_ULONG_PTR pusLastEncryptedPartLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pLastEncryptedPart
[out] pointer to the location that receives the last encrypted data part, if any 9 |
pusLastEncryptedPartLen
[in,out] pointer to location where the number of bytes of the last encrypted data part is to be stored. 10 |

Description

FC_EncryptFinal returns the last block of data of a multi-part encryption operation. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_EncryptFinal. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_findobjectsinit/index.html: -------------------------------------------------------------------------------- 1 |

FC_FindObjectsInit

Name

FC_FindObjectsInit - initialize the parameters for an object search. 2 |

Syntax 

CK_RV FC_FindObjectsInit(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_ATTRIBUTE_PTR pTemplate,
 5 |   CK_ULONG usCount
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pTemplate
[in] pointer to template. 9 |
usCount
[in] number of attributes in the template. 10 |

Description

FC_FindObjectsInit sets the attribute list for an object search. If FC_FindObjectsInit is successful FC_FindObjects may be called one or more times to retrieve handles of matching objects. 11 |

A user must log into the token (to assume the NSS User role) before searching for secret or private key objects. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_createobject/index.html: -------------------------------------------------------------------------------- 1 |

FC_CreateObject

Name

FC_CreateObject - create a new object. 2 |

Syntax 

CK_RV FC_CreateObject(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_ATTRIBUTE_PTR pTemplate,
 5 |   CK_ULONG ulCount,
 6 |   CK_OBJECT_HANDLE_PTR phObject
 7 | );
 8 |

Parameters

hSession
[in] session handle. 9 |
pTemplate
[in] object template. 10 |
ulCount
[in] number of attributes in the template. 11 |
phObject
[out] pointer to location to receive the new objects handle. 12 |

Description

FC_CreateObject creates an object using the attributes specified in the template. 13 |

A user must log into the token (to assume the NSS User role) before calling FC_CreateObject. 14 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getslotinfo/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetSlotInfo

Name

FC_GetSlotInfo - get information about a particular slot in the system. 2 |

Syntax 

CK_RV FC_GetSlotInfo(
 3 |   CK_SLOT_ID slotID,
 4 |   CK_SLOT_INFO_PTR pInfo
 5 | );
 6 |

Parameters

FC_GetSlotInfo takes two parameters: 7 |

8 |
9 |
slotID 10 |
11 |
[in]
12 |
pInfo 13 |
14 |
[out] The address of a CK_SLOT_INFO structure. 15 |
16 |

Description

FC_GetSlotInfo stores the information about the slot in the CK_SLOT_INFO structure that 17 | pInfo points to.

18 |

A user may call FC_GetSlotInfo without logging into the token (to assume the NSS User role). 19 |

Return value

20 |
CKR_OK
21 |
Slot information was successfully copied. 22 |
23 |
CKR_SLOT_ID_INVALID
24 |
The specified slot number is out of the defined range of values. 25 |
26 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_setpin/index.html: -------------------------------------------------------------------------------- 1 |

FC_SetPIN

Name

FC_SetPIN - Modify the user's PIN. 2 |

Syntax 

CK_RV FC_SetPIN(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_CHAR_PTR pOldPin,
 5 |   CK_ULONG ulOldLen,
 6 |   CK_CHAR_PTR pNewPin,
 7 |   CK_ULONG ulNewLen
 8 | );
 9 |

Parameters

FC_SetPIN takes five parameters: 10 |

11 |
hSession 12 |
[Input] the session's handle 13 |
pOldPin 14 |
[Input] points to the old PIN. 15 |
ulOldLen 16 |
[Input] the length in bytes of the old PIN. 17 |
pNewPin 18 |
[Input] points to the new PIN. 19 |
ulNewLen 20 |
[Input] the length in bytes of the new PIN. 21 |

Description

FC_SetPIN modifies the PIN of the user. The user must log into the token (to assume the NSS User role) before calling FC_SetPIN. 22 |

Return value

CKR_OK 23 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_digestfinal/index.html: -------------------------------------------------------------------------------- 1 |

FC_DigestFinal

Name

FC_DigestFinal - finish a multi-part digest operation. 2 |

Syntax 

CK_RV FC_DigestFinal(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pDigest,
 5 |   CK_ULONG_PTR pulDigestLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pDigest
[out] pointer to the buffer which will receive the digest or NULL. 9 |
pulDigestLen
[in, out] pointer to location containing the maximum buffer size. 10 |

Description

FC_DigestFinal finishes a multi-part digest operation by returning the complete digest and clearing the operation context. If pDigest is NULL the length of the digest is returned and FC_DigestFinal may be called again with pDigest set to retrieve the digest. 11 |

A user may call FC_DigestFinal without logging into the token (to assume the NSS User role). 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_findobjects/index.html: -------------------------------------------------------------------------------- 1 |

FC_FindObjects

Name

FC_FindObjects - Search for one or more objects 2 |

Syntax 

CK_RV FC_FindObjects(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_OBJECT_HANDLE_PTR phObject,
 5 |   CK_ULONG usMaxObjectCount,
 6 |   CK_ULONG_PTR pusObjectCount
 7 | );
 8 |

Parameters

hSession
[in] session handle. 9 |
pTemplate
[out] pointer to location to receive the object handles. 10 |
usMaxObjectCount
[in] maximum number of handles to retrieve. 11 |
pusObjectCount
[out] pointer to location to receive the number of returned handles. 12 |

Description

FC_FindObjects returns the next set of object handles matching the criteria set up by the previous call to FC_FindObjectsInit and sets the object count variable to their number or to zero if there are none. 13 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_signupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_SignUpdate

Name

FC_SignUpdate - process the next block of a multi-part signing operation. 2 |

Syntax 

CK_RV FC_SignUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pPart,
 5 |   CK_ULONG usPartLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pPart
[in] pointer to the next block of the data to be signed. 9 |
usPartLen
[in] length of data block in bytes. 10 |

Description

FC_SignUpdate starts or continues a multi-part signature operation. One or more blocks may be part of the signature. The signature for the entire message is returned by a call to FC_SignFinal. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_SignUpdate. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_verifyupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_VerifyUpdate

Name

FC_VerifyUpdate - process the next block of a multi-part verify operation. 2 |

Syntax 

CK_RV FC_VerifyUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pPart,
 5 |   CK_ULONG usPartLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pPart
[in] pointer to the next block of the data to be verified. 9 |
usPartLen
[in] length of data block in bytes. 10 |

Description

FC_VerifyUpdate starts or continues a multi-part signature verification operation where the signature is an appendix to the data. One or more blocks may be part of the signature. The result for the entire message is returned by a call to FC_VerifyFinal. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_VerifyUpdate. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_signfinal/index.html: -------------------------------------------------------------------------------- 1 |

FC_SignFinal

Name

FC_SignFinal - finish a multi-part signing operation. 2 |

Syntax 

CK_RV FC_SignFinal(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pSignature,
 5 |   CK_ULONG_PTR pusSignatureLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pSignature
[out] pointer to the buffer which will receive the digest or NULL. 9 |
pusSignatureLen
[in, out] pointer to location containing the maximum buffer size. 10 |

Description

FC_SignFinal finishes a multi-part signing operation by returning the complete signature and clearing the operation context. If pSignature is NULL the length of the signature is returned and FC_SignFinal may be called again with pSignature set to retrieve the signature. 11 |

A user must log into the token (to assume the NSS User role) before calling FC_SignFinal. 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/building_and_installing_nss/installation_guide/index.html: -------------------------------------------------------------------------------- 1 |

Installation guide

The build system of NSS originated from Netscape's build system, 2 | which predated the "configure; make; make test; make install" 3 | sequence that we're familiar with now. Our makefiles also have 4 | an "install" target, but it has a different meaning: our "install" 5 | means installing the headers, libraries, and programs in the 6 | appropriate directories under mozilla/dist. 7 |

So right now you need to manually install the headers, libraries, 8 | and programs in the directories you want. If you install the 9 | libraries in a directory other than /usr/lib, you usually need 10 | to set the LD_LIBRARY_PATH environment variable. You can avoid 11 | that by installing the libraries in a directory that is 12 | $ORIGIN/../lib, where $ORIGIN is the directory where the programs 13 | are installed. This is done here: 14 | http://lxr.mozilla.org/security/sour...platlibs.mk#53 15 |

16 | 
53 ifeq ($(OS_ARCH), Linux)
17 | 54 ifeq ($(USE_64), 1)
18 | 55 EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
19 | 56 else
20 | 57 EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
21 | 58 endif
22 | 59 endif
23 |
24 |

For example, if you install certutil in /foo/bar/nss/bin and the 25 | .so's in /foo/bar/nss/lib, then you only need to add /foo/bar/nss/bin 26 | to your PATH; you don't need to set LD_LIBRARY_PATH. 27 |

The libraries you need to install are listed below. 28 |

NSPR: 29 |

30 | 34 |

NSS: (Note the use of * for libfreebl -- some platforms have multiple 35 | ones) 36 |

37 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_encryptinit/index.html: -------------------------------------------------------------------------------- 1 |

FC_EncryptInit

Name

FC_EncryptInit - initialize an encryption operation. 2 |

Syntax 

CK_RV FC_EncryptInit(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hKey
 6 | );
 7 |

Parameters

8 |
hSession
9 |
[in] handle to the session. 10 |
11 |
pMechanism
12 |
[in] pointer to the mechanism to be used for subsequent encryption. 13 |
14 |
hKey
15 |
[in] handle of the encryption key. 16 |
17 |

Description

FC_EncryptInit initializes an encryption operation with the mechanism and key to be used. 18 |

19 |

A user must log into the token (to assume the NSS User role) before calling FC_EncryptInit. 20 |

Return value

21 |
CKR_OK
22 |
Slot information was successfully copied. 23 |
24 |
CKR_SLOT_ID_INVALID
25 |
The specified slot number is out of the defined range of values. 26 |
27 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_generatekey/index.html: -------------------------------------------------------------------------------- 1 |

FC_GenerateKey

Name

FC_GenerateKey - generate a new key 2 |

Syntax 

CK_RV FC_GenerateKey(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_ATTRIBUTE_PTR pTemplate,
 6 |   CK_ULONG ulCount,
 7 |   CK_OBJECT_HANDLE_PTR phKey
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pMechanism
[in] pointer to the mechanism to use. 11 |
pTemplate
[in] pointer to the template for the new key. 12 |
ulCount
[in] number of attributes in the template. 13 |
phKey
[out] pointer to the location to receive the handle of the new key. 14 |

Description

FC_GenerateKey generates a secret key, creating a new key object. The handle of new key is returned. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_GenerateKey. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_digestupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_DigestUpdate

Name

FC_DigestUpdate - process the next block of a multi-part digest operation. 2 |

Syntax 

CK_RV FC_DigestUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pPart,
 5 |   CK_ULONG usPartLen
 6 | );
 7 |

Parameters

hSession
[in] session handle. 8 |
pPart
[in] pointer to the next block of data to be digested. 9 |
usPartLen
[in] length of data block in bytes. 10 |

Description

FC_DigestUpdate starts or continues a multi-part digest operation. One or more blocks may be part of the message digest operation. The digest for the entire message is returned by a call to FC_DigestFinal. 11 |

A user may call FC_DigestUpdate without logging into the token (to assume the NSS User role). 12 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/new_nss_samples/index.html: -------------------------------------------------------------------------------- 1 |

New NSS Samples

New NSS Sample Code

This collection of sample code demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc. It also demonstrates some best practices in the application of cryptography.

2 | 3 |


4 | These new examples are a work in progress. See https://bugzilla.mozilla.org/show_bug.cgi?id=490238

5 | 6 |

How to download the samples:

7 | 8 | 
hg clone https://hg.mozilla.org/projects/nss; cd nss; hg update SAMPLES_BRANCH
 9 |
10 | 11 |

Samples list:

12 | 13 |
    14 |
  1. Sample Code 1: Hashing
    2. 15 |
  2. Sample Code 2: Init NSS database
    3. 16 |
  3. Sample Code 3: Encrypt/Decrypt and Mac Using Token
    4. 17 |
  4. Sample Code 4: Encrypt/Decrypt and Mac Using Session Objects
    5. 18 |
  5. Sample Code 5: Encrypt/Decrypt/MAC Output Public Key as a CSR
    6. 19 |
  6. Sample Code 6: Encrypt/Decrypt/MAC Generating a PKCS#11 CSR
    7. 20 |
21 | 22 |

Common code used by these samples:

23 | 24 |
    25 |
  1. Sample Code 0: Utilities
    2. 26 |
27 | 28 |

Thanks are due to Shailendra Jain, Mozilla Community member, who is the principal author of these samples.

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getoperationstate/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetOperationState

Name

FC_GetOperationState - get the cryptographic operation state of a session. 2 |

Syntax 

CK_RV FC_GetOperationState(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR  pOperationState,
 5 |   CK_ULONG_PTR pulOperationStateLen
 6 | );
 7 |

Parameters

hSession
[in] handle of the open session. 8 |
pOperationState
[out] pointer to a byte array of a length sufficient for containing the operation state or NULL. 9 |
pulOperationStateLen
[out] pointer to CK_ULONG which receives the total length (in bytes) of the operation state. 10 |

Description

FC_GetOperationState saves the state of the cryptographic operation in a session. This function only works for digest operations for now. Therefore, a user may call FC_GetOperationState without logging into the token (to assume the NSS User role). 11 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_copyobject/index.html: -------------------------------------------------------------------------------- 1 |

FC_CopyObject

Name

FC_CopyObject - create a copy of an object. 2 |

Syntax 

CK_RV FC_CopyObject(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_OBJECT_HANDLE hObject,
 5 |   CK_ATTRIBUTE_PTR pTemplate,
 6 |   CK_ULONG usCount,
 7 |   CK_OBJECT_HANDLE_PTR phNewObject
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
hObject
[in] object handle. 11 |
pTemplate
[in] object template. 12 |
usCount
[in] number of attributes in the template. 13 |
phnewObject
[out] pointer to location to receive the new object's handle. 14 |

Description

FC_CopyObject creates a copy of an object using the attributes specified in the template. 15 |

A user must log into the token (to assume the NSS User role) before copying a secret or private key object. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_encrypt/index.html: -------------------------------------------------------------------------------- 1 |

FC_Encrypt

Name

FC_Encrypt - Encrypt a block of data. 2 |

Syntax 

CK_RV FC_Encrypt(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pData,
 5 |   CK_ULONG usDataLen,
 6 |   CK_BYTE_PTR pEncryptedData,
 7 |   CK_ULONG_PTR pusEncryptedDataLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pData
[in] pointer to the data buffer 11 |
usDataLen
[in] length of the data buffer in bytes. 12 |
pEncryptedData
[out] pointer to location where encrypted data is to be stored. 13 |
pusEncryptedDataLen
[in/out] number of bytes. 14 |

Description

FC_Encrypt encrypts a block of data according to the attributes of the previous call to FC_EncryptInit. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_Encrypt. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_verify/index.html: -------------------------------------------------------------------------------- 1 |

FC_Verify

Name

FC_Verify - sign a block of data. 2 |

Syntax 

CK_RV FC_Verify(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pData,
 5 |   CK_ULONG usDataLen,
 6 |   CK_BYTE_PTR pSignature,
 7 |   CK_ULONG usSignatureLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pData
[in] pointer to data block. 11 |
usDataLen
[in] length of the data in bytes. 12 |
pSignature
[in] pointer to the signature. 13 |
usSignatureLen
[in] length of the signature in bytes. 14 |

Description

FC_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_Verify. 16 |

Return value

CKR_OK is returned on success. CKR_SIGNATURE_INVALID is returned for signature mismatch. 17 |

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_decrypt/index.html: -------------------------------------------------------------------------------- 1 |

FC_Decrypt

Name

FC_Decrypt - Decrypt a block of data. 2 |

Syntax 

CK_RV FC_Decrypt(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pEncryptedData,
 5 |   CK_ULONG usEncryptedDataLen,
 6 |   CK_BYTE_PTR pData,
 7 |   CK_ULONG_PTR pusDataLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pEncryptedData
[in] pointer to encrypted data block. 11 |
usEncryptedDataLen
[in] length of the data in bytes. 12 |
pData
[out] pointer to location where recovered data is to be stored. 13 |
pusDataLen
[in,out] pointer to location where the length of recovered data is to be stored. 14 |

Description

FC_Decrypt decrypts a block of data according to the attributes of the previous call to FC_DecryptInit. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_Decrypt. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_sign/index.html: -------------------------------------------------------------------------------- 1 |

FC_Sign

Name

FC_Sign - sign a block of data. 2 |

Syntax 

CK_RV FC_Sign(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pData,
 5 |   CK_ULONG usDataLen,
 6 |   CK_BYTE_PTR pSignature,
 7 |   CK_ULONG_PTR pusSignatureLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pData
[in] pointer to data block. 11 |
usDataLen
[in] length of the data in bytes. 12 |
pSignature
[out] pointer to location where recovered data is to be stored. 13 |
pusSignatureLen
[in, out] pointer to the maximum size of the output buffer, replaced by the length of the signature if the operation is successful. 14 |

Description

FC_Sign signs a message in a single operation according to the attributes of the previous call to FC_SignInit. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_Sign. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_digest/index.html: -------------------------------------------------------------------------------- 1 |

FC_Digest

Name

FC_Digest - digest a block of data. 2 |

Syntax 

CK_RV FC_Digest(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pData,
 5 |   CK_ULONG usDataLen,
 6 |   CK_BYTE_PTR pDigest,
 7 |   CK_ULONG_PTR pusDigestLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pData
[in] pointer to data block. 11 |
usDataLen
[in] length of the data in bytes. 12 |
pDigest
[out] pointer to location where recovered data is to be stored. 13 |
pusDigestLen
[in, out] pointer to the maximum size of the output buffer, replaced by the length of the message digest if the operation is successful. 14 |

Description

FC_Digest digests a message in a single operation according to the attributes of the previous call to FC_DigestInit. 15 |

A user may call FC_Digest without logging into the token (to assume the NSS User role). 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.59.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.59.1 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.59.1 on 18 December 2020, which is a patch release for NSS 3.59.

Distribution Information

The HG tag is NSS_3_59_1_RTM. NSS 3.59.1 requires NSPR 4.29 or newer.

2 | 3 |

NSS 3.59.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 | 9 | 10 |

Other releases are available in NSS Releases.

Bugs fixed in NSS 3.59.1

Compatibility

NSS 3.59.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.59.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getfunctionlist/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetFunctionList

Name

FC_GetFunctionList - get a pointer to the list of function pointers in the FIPS mode of operation. 2 |

Syntax 

CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *ppFunctionList);
 3 |

Parameters

FC_GetFunctionList has one parameter: 4 |

5 |
ppFunctionList 6 |
[Output] The address of a variable that will receive a pointer to the list of function pointers. 7 |

Description

FC_GetFunctionList stores in *ppFunctionList a pointer to the NSS cryptographic module's list of function pointers in the FIPS mode of operation. 8 |

A user may call FC_GetFunctionList without logging into the token (to assume the NSS User role). 9 |

Return value

FC_GetFunctionList always returns CKR_OK. 10 |

Examples 

#include <assert.h>
11 | 
12 | CK_FUNCTION_LIST_PTR pFunctionList;
13 | CK_RV crv;
14 | 
15 | crv = FC_GetFunctionList(&pFunctionList);
16 | assert(crv == CKR_OK);
17 | 
18 | /* invoke the FC_XXX function as pFunctionList->C_XXX */
19 |

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.60.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.60.1 release notes

Introduction

The NSS team released Network Security Services (NSS) 3.60.1 on 4 January 2021, which is a patch release for NSS 3.60.

Distribution information

The HG tag is NSS_3_60_1_RTM. NSS 3.60.1 requires NSPR 4.29 or newer.

2 | 3 |

NSS 3.60.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 | 9 | 10 |

Other releases are available at NSS past releases.

Bugs fixed in NSS 3.60.1

Compatibility

NSS 3.60.1 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.60.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report at bugzilla.mozilla.org under the NSS product.

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_signrecover/index.html: -------------------------------------------------------------------------------- 1 |

FC_SignRecover

Name

FC_SignRecover - Sign data in a single recoverable operation. 2 |

Syntax 

CK_RV FC_SignRecover(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pData,
 5 |   CK_ULONG usDataLen,
 6 |   CK_BYTE_PTR pSignature,
 7 |   CK_ULONG_PTR pusSignatureLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pData
[in] mechanism to be used for the signing operation. 11 |
usDataLen
[in] handle of the key to be usedn. 12 |
pSignature
[out] pointer to the buffer or NULL. 13 |
pusSignatureLen
[in, out] pointer to the size of the output buffer, replaced by the length of the signature if the operation is successful. 14 |

Description

FC_SignRecover signs data in a single operation where the (digest) data can be recovered from the signature. If pSignature is NULL only the length of the signature is returned in *pusSignatureLen. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_SignRecover. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/nss_functions/index.html: -------------------------------------------------------------------------------- 1 |

NSS functions

This page lists all exported functions in NSS 3.11.7 It was ported from here.

2 |

This is a composite page. Section headings are links to the individual pages where you can edit them.

3 |

Keywords:

4 |

SSL functions

8 | {{page("/en-US/docs/NSS/SSL_functions")}}

Deprecated SSL functions

9 | {{page("/en-US/docs/NSS/Deprecated_SSL_functions")}}

Certificate functions

10 | {{page("/en-US/docs/NSS/Certificate_functions")}}

Cryptography functions

11 | {{page("/en-US/docs/NSS/Cryptography_functions")}}

Utility functions

12 | {{page("/en-US/docs/NSS/Utility_functions")}}

S/MIME functions

13 | {{page("/en-US/docs/NSS/S//MIME_functions")}}

PKCS #7 functions

14 | {{page("/en-US/docs/NSS/PKCS_7_functions")}}

PKCS #12 functions

15 | {{page("/en-US/docs/NSS/PKCS_12_functions")}}
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_verifyrecover/index.html: -------------------------------------------------------------------------------- 1 |

FC_VerifyRecover

Name

FC_VerifyRecover - Verify data in a single recoverable operation. 2 |

Syntax 

CK_RV FC_VerifyRecover(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pSignature,
 5 |   CK_ULONG usSignatureLen,
 6 |   CK_BYTE_PTR pData,
 7 |   CK_ULONG_PTR pusDataLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pSignature
[in] mechanism to be used for the signing operation. 11 |
usSignatureLen
[in] handle of the key to be usedn. 12 |
pData
[out] pointer to the buffer or NULL. 13 |
pusDataLen
[in, out] pointer to the size of the output buffer, replaced by the length of the signature if the operation is successful. 14 |

Description

FC_VerifyRecover verifies data in a single operation where the (digest) data can be recovered from the signature. If pSignature is NULL only the length of the signature is returned in *pusSignatureLen. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_VerifyRecover. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.36.4_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.36.4 release notes

Introduction

Network Security Services (NSS) 3.36.4 is a patch release for NSS 3.36.

Distribution Information

The HG tag is NSS_3_36_4_RTM. NSS 3.36.4 requires NSPR 4.19 or newer.

2 | 3 |

NSS 3.36.4 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.36.4

New Functionality

No new functionality is introduced in this release. This is a patch release to fix regression bugs.

Bugs fixed in NSS 3.36.4

Compatibility

NSS 3.36.4 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.36.4 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_derivekey/index.html: -------------------------------------------------------------------------------- 1 |

FC_DeriveKey

Name

FC_DeriveKey - derive a key from a base key 2 |

Syntax 

CK_RV FC_DeriveKey(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hBaseKey,
 6 |   CK_ATTRIBUTE_PTR pTemplate,
 7 |   CK_ULONG usAttributeCount,
 8 |   CK_OBJECT_HANDLE_PTR phKey
 9 | );
10 |

Parameters

hSession
[in] session handle. 11 |
pMechanism
[in] pointer to the mechanism to use. 12 |
hBaseKey
[in] handle of the base key. 13 |
pWrappedKey
[in] pointer to the wrapped key. 14 |
pTemplate
[in] pointer to the list of attributes for the new key. 15 |
usAttributeCount
[in] number of attributes in the template. 16 |
phKey
[out] pointer to the location to receive the handle of the new key. 17 |

Description

FC_DeriveKey derives (decrypts) a key and creates a new key object. 18 |

A user must log into the token (to assume the NSS User role) before calling FC_DeriveKey. 19 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/cert_findcertbydercert/index.html: -------------------------------------------------------------------------------- 1 |

CERT_FindCertByDERCert

2 | Find a certificate in the database that matches a DER-encoded certificate. 3 |

Syntax 

#include <cert.h>
 4 | CERTCertificate *CERT_FindCertByDERCert(
 5 | 
 6 |     CERTCertDBHandle *handle,
 7 |     SECItem          *derCert          );
 8 |

Parameters

9 | 10 |
handle in pointer to a CERTCertDBHandle representing the certificate database to look in
derCert in pointer to an SECItem whose type must be siDERCertBuffer and whose data contains a DER-encoded certificate

Description

This function looks in the ?NSSCryptoContext? and the ?NSSTrustDomain? to find 11 | the certificate that matches the DER-encoded certificate. A match is found 12 | when the issuer and serial number of the DER-encoded certificate are found on 13 | a certificate in the certificate database. 14 |

Returns

A pointer to a CERTCertificate representing the certificate in the database that matched the derCert, or NULL if none was found. The certificate is a shallow copy, use CERT_DestroyCertificate to decrement the reference count on the certificate instance. 15 |

See Also

Occurrences of CERT_FindCertByDERCert in the current NSS source code (generated by LXR). 16 |

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_opensession/index.html: -------------------------------------------------------------------------------- 1 |

FC_OpenSession

Name

FC_OpenSession - open a session between an application and a token. 2 |

Syntax 

CK_RV FC_OpenSession(
 3 |   CK_SLOT_ID slotID,
 4 |   CK_FLAGS flags,
 5 |   CK_VOID_PTR pApplication,
 6 |   CK_NOTIFY Notify,
 7 |   CK_SESSION_HANDLE_PTR phSession
 8 | );
 9 |

Parameters

FC_OpenSession has the following parameters: 10 |

11 |
slotID
[in] the ID of the token's slot. 12 |
flags
[in]
pApplication 13 |
Notify
[in] pointer to a notification callback function. Not currently supported. 14 |
phSession
[out] pointer to a session handle. 15 |

Description

FC_OpenSession opens a session between an application and the token in the slot with the ID slotID. 16 |

The NSS cryptographic module currently doesn't call the surrender callback function Notify. (See PKCS #11 v2.20 section 11.17.1.) 17 |

A user may call FC_OpenSession without logging into the token (to assume the NSS User role). 18 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_decryptupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_DecryptUpdate

Name

FC_DecryptUpdate - decrypt a block of a multi-part encryption operation. 2 |

Syntax 

CK_RV FC_DecryptUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pEncryptedPart,
 5 |   CK_ULONG usEncryptedPartLen,
 6 |   CK_BYTE_PTR pPart,
 7 |   CK_ULONG_PTR pusPartLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pEncryptedPart
[in] pointer to the next block of data to be decrypted. 11 |
usEncryptedPartLen
[in] length of data block in bytes. 12 |
pPart
[out] pointer to location where recovered block is to be stored. 13 |
pusPartLen
[in,out] pointer the location where the number of bytes of recovered data is to be stored. 14 |

Description

FC_DecryptUpdate decrypts a block of data according to the attributes of the previous call to FC_DecryptInit. The block may be part of a multi-part decryption operation. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_DecryptUpdate. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_encryptupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_EncryptUpdate

Name

FC_EncryptUpdate - encrypt a block of a multi-part encryption operation. 2 |

Syntax 

CK_RV FC_EncryptUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pPart,
 5 |   CK_ULONG usPartLen,
 6 |   CK_BYTE_PTR pEncryptedPart,
 7 |   CK_ULONG_PTR pusEncryptedPartLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pPart
[in] pointer to the next block of data to be encrypted. 11 |
usPartLen
[in] length of data block in bytes. 12 |
pEncryptedPart
[out] pointer to location where encrypted block is to be stored. 13 |
pusEncryptedPartaLen
[out] pointer the location where the number of bytes of encrypted data is to be stored. 14 |

Description

FC_EncryptUpdate encrypts a block of data according to the attributes of the previous call to FC_EncryptInit. The block may be part of a multi-part encryption operation. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_EncryptUpdate. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.37.3release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.37.3 release notes

Introduction

Network Security Services (NSS) 3.37.3 is a patch release for NSS 3.37.

Distribution Information

The HG tag is NSS_3_37_3_RTM. NSS 3.37.3 requires NSPR 4.19 or newer.

2 | 3 |

NSS 3.37.3 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.37.3

New Functionality

No new functionality is introduced in this release. This is a patch release to fix regression bugs.

Bugs fixed in NSS 3.37.3

Compatibility

NSS 3.37.3 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.37.3 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_signencryptupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_SignEncryptUpdate

Name

FC_SignEncryptUpdate - continue a multi-part signing and encryption operation 2 |

Syntax 

CK_RV FC_SignEncryptUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pPart,
 5 |   CK_ULONG ulPartLen,
 6 |   CK_BYTE_PTR pEncryptedPart,
 7 |   CK_ULONG_PTR pulEncryptedPartLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pPart
[in] pointer to the data part. 11 |
ulPartLen
[in] length of data in bytes. 12 |
pEncryptedPart
[in] pointer to the location which receives the signed and encrypted data part or NULL. 13 |
pulEncryptedPartLen
[in] pointer to the length of the encrypted part buffer. 14 |

Description

FC_SignEncryptUpdate continues a multi-part signature and encryption operation. After calling both FC_SignInit and FC_EncryptInit to set up the operations this function may be called multiple times. The operation is finished by calls to FC_SignFinal and FC_EncryptFinal. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_SignEncryptUpdate. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_wrapkey/index.html: -------------------------------------------------------------------------------- 1 |

FC_WrapKey

Name

FC_WrapKey - wrap a key 2 |

Syntax 

CK_RV FC_WrapKey(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hWrappingKey,
 6 |   CK_OBJECT_HANDLE hKey,
 7 |   CK_BYTE_PTR pWrappedKey,
 8 |   CK_ULONG_PTR pusWrappedKeyLen
 9 | );
10 |

Parameters

hSession
[in] session handle. 11 |
pMechanism
[in] pointer to the mechanism to use. 12 |
hWrappingKey
[in] pointer to the public key template. 13 |
hKey
[in] number of attributes in the public key template. 14 |
pWrappedKey
[out] pointer to the location to receive the wrapped key or NULL. 15 |
pusWrappedKeyLen
[in, out] pointer to length of wrapped key buffer. 16 |

Description

FC_WrapKey wraps (encrypts) a key. If pWrappedKey is NULL the length of the wrapped key is returned in pusWrappedKeyLen and FC_WrapKey may be called again with pWrappedKey set to retrieve the wrapped key. 17 |

A user must log into the token (to assume the NSS User role) before calling FC_WrapKey. 18 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_decryptdigestupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_DecryptDigestUpdate

Name

FC_DecryptDigestUpdate - continue a multi-part decrypt and digest operation 2 |

Syntax 

CK_RV FC_DecryptDigestUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pEncryptedPart,
 5 |   CK_ULONG ulEncryptedPartLen,
 6 |   CK_BYTE_PTR pPart,
 7 |   CK_ULONG_PTR pulPartLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pEncryptedPart
[in] pointer to the encrypted data part. 11 |
ulEncryptedPartLen
[in] length of encrypted data in bytes. 12 |
pPart
[in] pointer to the location which receives the recovered data part or NULL. 13 |
pulPartLen
[in] pointer to the length of the recovered part buffer. 14 |

Description

FC_DecryptDigestUpdate continues a multi-part decrypt and digest operation. After calling both FC_DecryptInit and FC_DigestInit to set up the operations this function may be called multiple times. The operation is finished by calls to FC_DigestFinal and FC_DecryptFinal. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_DecryptDigestUpdate. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_digestencryptupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_DigestEncryptUpdate

Name

FC_DigestEncryptUpdate - continue a multi-part digest and encryption operation 2 |

Syntax 

CK_RV FC_DigestEncryptUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pPart,
 5 |   CK_ULONG ulPartLen,
 6 |   CK_BYTE_PTR pEncryptedPart,
 7 |   CK_ULONG_PTR pulEncryptedPartLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pPart
[in] pointer to the data part. 11 |
ulPartLen
[in] length of data in bytes. 12 |
pEncryptedPart
[in] pointer to the location which receives the digested and encrypted part or NULL. 13 |
pulEncryptedPartLen
[in] pointer to the length of the encrypted part buffer. 14 |

Description

FC_DigestEncryptUpdate continues a multi-part digest and encryption operation. After calling both FC_DigestInit and FC_EncryptInit to set up the operations this function may be called multiple times. The operation is finished by calls to FC_DigestFinal and FC_EncryptFinal in that order. 15 |

A user must log into the token (to assume the NSS User role) before calling FC_DigestEncryptUpdate. 16 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/blank_function/index.html: -------------------------------------------------------------------------------- 1 |

Function_Name

2 | One-line description of what the function does (more than just what it returns). 3 |

Syntax 

#include <headers.h>
 4 | ReturnType Function_Name(
 5 | 
 6 |     ParamType        ParamName,
 7 |     ParamType        ParamName,          );
 8 |

Parameters

9 | 10 |
ParamName Sample: in pointer to a CERTCertDBHandle representing the certificate database to look in
ParamName Sample: in pointer to an SECItem whose type must be siDERCertBuffer and whose data contains a DER-encoded certificate

Description

Long description of this function, what it does, and why you would use it. Describe all side-effects on "out" parameters. Avoid describing the return until the next section, for example: 11 |

This function looks in the NSSCryptoContext and the NSSTrustDomain to find 12 | the certificate that matches the DER-encoded certificate. A match is found 13 | when the issuer and serial number of the DER-encoded certificate are found on 14 | a certificate in the certificate database. 15 |

Returns

Full description of the return value, for example: 16 |

A pointer to a CERTCertificate representing the certificate in the database that matched the derCert, or NULL if none was found. The certificate is a shallow copy, use CERT_DestroyCertificate to decrement the reference count on the certificate instance. 17 |

See Also

Copy of the MXR link, with the following text 18 |

Occurrences of Function_Name in the current NSS source code (generated by MXR). 19 |

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.63.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.63.1 release notes

Introduction

Network Security Services (NSS) 3.63.1 was released on 6 April 2021.

Distribution Information

The HG tag is NSS_3_63_1_RTM. NSS 3.63.1 requires NSPR 4.30 or newer.

2 | 3 |

NSS 3.63.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 | 9 | 10 |

Other releases are available in NSS Releases.

Bugs fixed in NSS 3.63.1

Compatibility

NSS 3.63.1 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.63.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).

Notes

This version of NSS contains a minor update to the root CAs due to a delay in deprecation.

13 | 14 |

This revert is temporary in order to prevent breaking websites with Firefox 88 and the change has been reinstated in NSS 3.64 for Firefox 89.

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_decryptverifyupdate/index.html: -------------------------------------------------------------------------------- 1 |

FC_DecryptVerifyUpdate

Name

FC_DecryptVerifyUpdate - continue a multi-part decrypt and verify operation 2 |

Syntax 

CK_RV FC_DecryptVerifyUpdate(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pEncryptedData,
 5 |   CK_ULONG ulEncryptedDataLen,
 6 |   CK_BYTE_PTR pData,
 7 |   CK_ULONG_PTR pulDataLen
 8 | );
 9 |

Parameters

hSession
[in] session handle. 10 |
pEncryptedData
[in] pointer to the encrypted data part. 11 |
ulEncryptedDataLen
[in] length of encrypted data in bytes. 12 |
pData
[in] pointer to the location which receives the recovered data part or NULL. 13 |
pulDataLen
[in] pointer to the length of the recovered part buffer. 14 |

Description

FC_DecryptVerifyUpdate continues a multi-part decryption and signature verification operation. After calling both FC_DecryptInit and FC_VerifyInit to set up the operations this function may be called multiple times. The operation is finished by calls to FC_DecryptFinal and FC_VerifyFinal. 15 | 16 |

A user must log into the token (to assume the NSS User role) before calling FC_DecryptVerifyUpdate. 17 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/nss_key_functions/index.html: -------------------------------------------------------------------------------- 1 |

NSS Key Functions

This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with NSS. This was converted from "Chapter 6: Key Functions".

2 | 7 |
SECKEY_GetDefaultKeyDB
8 |

Returns a handle to the default key database opened by NSS_Init.

9 |

Syntax

10 |
    11 |
  1. include <key.h>
    2. 12 |
  2. include <keyt.h>
    3. 13 |
14 |

SECKEYKeyDBHandle *SECKEY_GetDefaultKeyDB(void);

15 |

Returns The function returns a handle of type SECKEYKeyDBHandle.

16 |

Description NSS_Init opens the certificate, key, and security module databases that you specify for use with NSS. SECKEYKeyDBHandle returns a handle to the key database opened by NSS_Init.

17 |
SECKEY_DestroyPrivateKey
18 |

Destroys a private key structure.

19 |

Syntax

20 |
    21 |
  1. include <key.h>
    2. 22 |
  2. include <keyt.h>
    3. 23 |
24 |

void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);

25 |

Parameter This function has the following parameter:

26 |

key

27 |

A pointer to the private key structure to destroy.

28 |

Description Certificate and key structures are shared objects. When an application makes a copy of a particular certificate or key structure that already exists in memory, SSL makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy. When you call CERT_DestroyCertificate or SECKEY_DestroyPrivateKey, the function decrements the reference count and, if the reference count reaches zero as a result, both frees the memory and sets all the bits to zero. The use of the word "destroy" in function names or in the description of a function implies reference counting.

29 |

Never alter the contents of a certificate or key structure. If you attempt to do so, the change affects all the shallow copies of that structure and can cause severe problems.

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_getsessioninfo/index.html: -------------------------------------------------------------------------------- 1 |

FC_GetSessionInfo

Name

FC_GetSessionInfo - obtain information about a session. 2 |

Syntax 

CK_RV FC_GetSessionInfo(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_SESSION_INFO_PTR pInfo
 5 | );
 6 |

Parameters

hSession
[in] the open session handle. 7 |
pInfo
[out] pointer to the CK_SESSION_INFO structure to be returned. 8 |

Description

FC_GetSessionInfo obtains information about a session. A user may call FC_GetSessionInfo without logging into the token (to assume the NSS User role). 9 |

If the NSS cryptographic module is in the error state, FC_GetSessionInfo returns CKR_DEVICE_ERROR. Otherwise, it fills in the CK_SESSION_INFO structure with the following information: 10 |

11 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.22.3_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.22.3 release notes

Introduction

Network Security Services (NSS) 3.22.3 is a patch release for NSS 3.22. The bug fixes in NSS 3.22.3 are described in the "Bugs fixed" section below.

Distribution Information

The HG tag is NSS_3_22_3_RTM. NSS 3.22.3 requires NSPR 4.12 or newer.

2 | 3 |

NSS 3.22.3 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.22.3

New Functionality

No new functionality is introduced in this release.

Bugs fixed in NSS 3.22.3

Compatibility

NSS 3.22.3 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.22.3 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.22.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.22.1 release notes

Introduction

Network Security Services (NSS) 3.22.1 is a patch release for NSS 3.22. The bug fixes in NSS 3.22.1 are described in the "Notable Changes" section below.

Distribution Information

The HG tag is NSS_3_22_1_RTM. NSS 3.22.1 requires NSPR 4.12 or newer.

2 | 3 |

NSS 3.22.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.22.1

New Functionality

No new functionality is introduced in this release.

Notable Changes in NSS 3.22.1

Compatibility

NSS 3.22.1 shared libraries are backward compatible with all older NSS 3.22 shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.22.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.31.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.31.1 release notes

2 |

This is a DRAFT document. This notice will be removed when completed.

3 |

Introduction

The Network Security Services (NSS) team has released NSS 3.31.1, which is a patch release for NSS 3.31.

Distribution information

The hg tag is NSS_3_31_1_RTM. NSS 3.31.1 requires Netscape Portable Runtime (NSPR) 4.15, or newer.

4 | 5 |

NSS 3.31.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

6 | 7 |

New in NSS 3.31.1

No new functionality is introduced in this release.

Bugs fixed in NSS 3.31.1

Compatibility

NSS 3.31.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.31.1 shared libraries, without recompiling, or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.36.5_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.36.5 release notes

Introduction

Network Security Services (NSS) 3.36.5 is a patch release for NSS 3.36. The bug fixes in NSS 3.36.5 are described in the "Bugs Fixed" section below.

Distribution Information

The HG tag is NSS_3_36_5_RTM. NSS 3.36.5 requires NSPR 4.19 or newer.

2 | 3 |

NSS 3.36.5 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.36.5

New Functionality

No new functionality is introduced in this release. This is a patch release to fix CVE-2018-12384

Bugs fixed in NSS 3.36.5

Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (CVE-2018-12384)

Compatibility

NSS 3.36.5 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.36.5 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.29.3_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.29.3 release notes

Introduction

Network Security Services (NSS) 3.29.3 is a patch release for NSS 3.29. The bug fixes in NSS 3.29.3 are described in the "Bugs Fixed" section below.

Distribution Information

The HG tag is NSS_3_29_3_RTM. NSS 3.29.3 requires NSPR 4.13.1 or newer.

2 | 3 |

NSS 3.29.3 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.29.3

No new functionality is introduced in this release.

Notable Changes in NSS 3.29.3

Bugs fixed in NSS 3.29.3

Bug 1342358 - Crash in tls13_DestroyKeyShares

Compatibility

NSS 3.29.3 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.29.3 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/code_coverage/index.html: -------------------------------------------------------------------------------- 1 |

NSS Code Coverage

NSS - Code Coverage

Results explanation

Files

3 | 6 |

Colors

7 | 11 |

Numbers in tested files

12 | 19 |

Numbers in not tested files

20 | 26 |

Numbers in total count

27 | 33 |
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_finalize/index.html: -------------------------------------------------------------------------------- 1 |

FC_Finalize

Name

FC_Finalize - indicate that an application is done with the PKCS #11 library. 2 |

Syntax 

CK_RV FC_Finalize (CK_VOID_PTR pReserved);
 3 |

Parameters

FC_Finalize has one parameter: 4 |

5 |
pReserved
must be NULL 6 |

Description

FC_Finalize shuts down the NSS cryptographic module in the FIPS mode of operation. If the library is not initialized, it does nothing. 7 |

The pReserved argument is not used and must be NULL. 8 |

Return value

FC_Finalize always returns CKR_OK. 9 |

10 |
11 |

FC_Finalize should check the pReserved argument and return CKR_ARGUMENTS_BAD if pReserved is not NULL. 12 |

FC_Finalize should return CKR_CRYPTOKI_NOT_INITIALIZED if the library is not initialized. 13 |

14 |

Examples 

#include <assert.h>
15 | 
16 | CK_FUNCTION_LIST_PTR pFunctionList;
17 | CK_RV crv;
18 | 
19 | crv = FC_GetFunctionList(&pFunctionList);
20 | assert(crv == CKR_OK);
21 | 
22 | ...
23 | 
24 | /* invoke FC_Finalize as pFunctionList->C_Finalize */
25 | crv = pFunctionList->C_Finalize(NULL);
26 |

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.52.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.52.1 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.52.1 on 19 May 2020. This is  a security patch release.

2 | 3 |

Thank you to Cesar Pereida Garcia and the Network and Information Security Group (NISEC) at Tampere University for reporting this issue.

Distribution Information

The HG tag is NSS_3_52_1_RTM. NSS 3.52.1 requires NSPR 4.25 or newer.

4 | 5 |

NSS 3.52.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

6 | 7 | 11 | 12 |

Other releases are available in NSS Releases.

New in NSS 3.52.1

No new functionality is introduced in this release.

Bugs fixed in NSS 3.52.1

Compatibility

NSS 3.52.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.52.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_setoperationstate/index.html: -------------------------------------------------------------------------------- 1 |

FC_SetOperationState

Name

FC_SetOperationState - restore the cryptographic operation state of a session. 2 |

Syntax 

CK_RV FC_SetOperationState(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_BYTE_PTR pOperationState,
 5 |   CK_ULONG ulOperationStateLen,
 6 |   CK_OBJECT_HANDLE hEncryptionKey,
 7 |   CK_OBJECT_HANDLE hAuthenticationKey
 8 | );
 9 |

Parameters

hSession
[in] handle of the open session. 10 |
pOperationState
[in] pointer to a byte array containing the operation state. 11 |
ulOperationStateLen
[in] contains the total length (in bytes) of the operation state. 12 |
hEncryptionKey
[in] handle of the encryption or decryption key to be used in a stored session or zero if no key is needed. 13 |
hAuthenticationKey
[in] handle of the authentication key to be used in the stored session or zero if none is needed. 14 |

Description

FC_SetOperationState restores the cryptographic operations state of a session from an array of bytes obtained with FC_GetOperationState. This function only works for digest operations for now. Therefore, a user may call FC_SetOperationState without logging into the token (to assume the NSS User role). 15 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.21.2_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.21.2 release notes

Introduction

Network Security Services (NSS) 3.21.2 is a security patch release for NSS 3.21.1. The bug fixes in NSS 3.21.2 are described in the "Security Fixes" section below.

Distribution Information

The HG tag is NSS_3_21_2_RTM. NSS 3.21.2 requires NSPR 4.10.10 or newer.

2 | 3 |

NSS 3.21.2 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.21.2

New Functionality

No new functionality is introduced in this release.

Security Fixes in NSS 3.21.2

Compatibility

NSS 3.21.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.21.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/deprecated_ssl_functions/index.html: -------------------------------------------------------------------------------- 1 |

Deprecated SSL functions

The following SSL functions have been replaced with newer versions. The deprecated functions are not supported by the new SSL shared libraries. Applications that want to use the SSL shared libraries must convert to calling the new replacement functions listed below.

2 |

Each function name is linked to its entry in the old SSL Reference. The Mozilla Cross Reference (MXR) link for each function provides access to the function definition, prototype definition, and source code references.

3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 |
Function name/documentationSource codeReplacement in NSS 3.2
SSL_EnableMXRSSL_OptionSet
SSL_EnableCipherMXRSSL_CipherPrefSetDefault
SSL_EnableDefaultMXRSSL_OptionSetDefault
SSL_RedoHandshakeMXRSSL_ReHandshake
SSL_SetPolicyMXRSSL_CipherPolicySet
-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.53.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.53.1 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.53.1 on 16 June 2020. This is a security patch release.

2 | 3 |

Thank you to Sohaib ul Hassan, Billy Bob Brumley, and the Network and Information Security Group (NISEC) at Tampere University for reporting this issue and providing a patch.

Distribution Information

The HG tag is NSS_3_53_1_RTM. NSS 3.53.1 requires NSPR 4.25 or newer.

4 | 5 |

NSS 3.53.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

6 | 7 | 11 | 12 |

Other releases are available in NSS Releases.

New in NSS 3.53.1

No new functionality is introduced in this release.

Bugs fixed in NSS 3.53.1

Compatibility

NSS 3.53.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.53.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.44.4_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.44.4 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.44.4 on 19 May 2020. This is  a security patch release.

2 | 3 |

Thank you to Cesar Pereida Garcia and the Network and Information Security Group (NISEC) at Tampere University for reporting this issue.

Distribution Information

The HG tag is NSS_3_44_4_RTM. NSS 3.44.4 requires NSPR 4.21 or newer.

4 | 5 |

NSS 3.44.4 source distributions are available on ftp.mozilla.org for secure HTTPS download:

6 | 7 | 10 | 11 |

Other releases are available in NSS Releases.

New in NSS 3.44.4

No new functionality is introduced in this release.

Bugs fixed in NSS 3.44.4

Compatibility

NSS 3.44.4 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.44.4 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.64_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.64 release notes

Introduction

Network Security Services (NSS) 3.64 was released on 15 April 2021.

Distribution Information

The HG tag is NSS_3_64_RTM. NSS 3.64 requires NSPR 4.30 or newer.

2 | 3 |

NSS 3.64 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 | 9 | 10 |

Other releases are available in NSS Releases.

Bugs fixed in NSS 3.64

Compatibility

NSS 3.64 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.64 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).

Notes

This version of NSS contains a number of contributions for "unsupported platforms". We would like to thank the authors and the reviewers for their contributions to NSS.

16 | 17 |

Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release notes.)

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.30.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.30.1 release notes

Introduction

Network Security Services (NSS) 3.30.1 is a security patch release for NSS 3.30. The bug fixes in NSS 3.30.1 are described in the "Bugs Fixed" section below.

Distribution Information

The HG tag is NSS_3_30_1_RTM. NSS 3.30.1 requires NSPR 4.14 or newer.

2 | 3 |

NSS 3.30.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.30.1

No new functionality is introduced in this release.

Bugs fixed in NSS 3.30.1

Acknowledgements

The NSS development team would like to thank Ronald Crane for responsibly disclosing the issue by providing advance copies of their research.

Compatibility

NSS 3.30.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.30.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.40.1_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.40.1 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.40.1, which is a patch release for NSS 3.40

Distribution Information

The HG tag is NSS_3_40_1_RTM. NSS 3.40.1 requires NSPR 4.20 or newer.

2 | 3 |

NSS 3.40 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.40.1

New Functionality

13 | 14 |

New Functions

15 | 16 |

Bugs fixed in NSS 3.40.1

Compatibility

NSS 3.40.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.40.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.36.6_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.36.6 release notes

Introduction

Network Security Services (NSS) 3.36.6 is a patch release for NSS 3.36. The bug fixes in NSS 3.36.6 are described in the "Bugs Fixed" section below.

Distribution Information

The HG tag is NSS_3_36_6_RTM. NSS 3.36.6 requires NSPR 4.19 or newer.

2 | 3 |

NSS 3.36.6 source distributions are available on ftp.mozilla.org for secure HTTPS download:

4 | 5 |

New in NSS 3.36.6

New Functionality

No new functionality is introduced in this release. This is a patch release to fix CVE-2018-12404

Bugs fixed in NSS 3.36.6

Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404)

9 | 10 |

Bug 1389967 and Bug 1448748 - Fixes for MinGW on x64 platforms.

Compatibility

NSS 3.36.6 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.36.6 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/pkcs11/module_installation/index.html: -------------------------------------------------------------------------------- 1 |

PKCS11 module installation

PKCS #11 modules are external modules which add to Firefox support for smartcard readers, biometric security devices, and external certificate stores. This article covers the two methods for installing PKCS #11 modules into Firefox. Users can use the preferences dialog to install or remove PKCS #11 module. Extensions can programmatically manage PKCS #11 modules using the nsIPKCS11 programming interface.

2 | 3 |
Note: The information in this article is specific to Firefox 3.5 and newer. Older versions of Firefox may support the window.pkcs11 property for installing PKCS #11 modules.

Using the Firefox preferences to install PKCS #11 modules

    4 |
  1. Save the PKCS #11 module to a permanent location on your local computer
    2. 5 |
  2. Open the Firefox preferences dialog. Choose "Advanced" > "Encryption" > "Security Devices"
    3. 6 |
  3. Choose "Load"
    4. 7 |
  4. Enter a name for the security module, such as "My Client Database". NOTE: there is currently a bug in Firefox where international characters may cause problems.
    5. 8 |
  5. Choose "Browse..." to find the location of the PKCS #11 module on your local computer, and choose "OK" when done.
    6. 9 |

Provisioning PKCS #11 modules using the pkcs11 API

Starting with Firefox 58, extensions can use the pkcs11 browser extension API to enumerate PKCS #11 modules and make them accessible to the browser as sources of keys and certificates.

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_initpin/index.html: -------------------------------------------------------------------------------- 1 |

FC_InitPIN

Name

FC_InitPIN() - Initialize the user's PIN. 2 |

Syntax 

CK_RV FC_InitPIN(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_CHAR_PTR pPin,
 5 |   CK_ULONG ulPinLen
 6 | );
 7 |

Parameters

FC_InitPIN() takes three parameters: 8 |

9 |
hSession
[Input] Session handle. 10 |
pPin
[Input] Pointer to the PIN being set. 11 |
ulPinLen 12 |
[Input] Length of the PIN. 13 |

Description

FC_InitPIN() initializes the normal user's PIN. 14 |

FC_InitPIN() must be called when the PKCS #11 Security Officer (SO) is logged into the token and the session is read/write, that is, the session must be in the "R/W SO Functions" state (CKS_RW_SO_FUNCTIONS). The role of the PKCS #11 SO is to initialize a token and to initialize the normal user's PIN. In the NSS cryptographic module, one uses the empty string password ("") to log in as the PKCS #11 SO. The module only allows the PKCS #11 SO to log in if the normal user's PIN has not yet been set or has been reset. 15 |

Return value

FC_InitPIN() returns the following return codes. 16 |

17 |

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/cert_findcertbyissuerandsn/index.html: -------------------------------------------------------------------------------- 1 |

CERT_FindCertByIssuerAndSN

2 | Find a certificate in the database with the given issuer and serial number. 3 |

Syntax 

#include <cert.h>
 4 | CERTCertificate *CERT_FindCertByIssuerAndSN (
 5 | 
 6 |     CERTCertDBHandle *handle,
 7 |     CERTIssuerAndSN *issuerAndSN            );
 8 |

Parameters

9 | 10 |
handle in pointer to a CERTCertDBHandle representing the certificate database to look in
issuerAndSN in pointer to a CERTIssuerAndSN that must be properly formed to contain the issuer name and the serial number (see [Example])

Description

This function creates a certificate key using the issuerAndSN and it then 11 | uses the key to find the matching certificate in the database. 12 |

Returns

A pointer to a CERTCertificate representing the certificate in the database that matched the issuer and serial number, or NULL if none was found. The certificate is a shallow copy, use CERT_DestroyCertificate to decrement the reference count on the certificate instance. 13 |

Example 

CERTIssuerAndSN issuerSN;
14 | issuerSN.derIssuer.data = caName->data;
15 | issuerSN.derIssuer.len = caName->len;
16 | issuerSN.serialNumber.data = authorityKeyID->authCertSerialNumber.data;
17 | issuerSN.serialNumber.len = authorityKeyID->authCertSerialNumber.len;
18 | issuerCert = CERT_FindCertByIssuerAndSN(cert->dbhandle, &issuerSN);
19 | if ( issuerCert == NULL ) {
20 |     PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
21 | }
22 |

See Also

Occurrences of CERT_FindCertByIssuerAndSN in the current NSS source code (generated by LXR). 23 |

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/reference/fc_unwrapkey/index.html: -------------------------------------------------------------------------------- 1 |

FC_UnwrapKey

Name

FC_UnwrapKey - unwrap a key 2 |

Syntax 

CK_RV FC_UnwrapKey(
 3 |   CK_SESSION_HANDLE hSession,
 4 |   CK_MECHANISM_PTR pMechanism,
 5 |   CK_OBJECT_HANDLE hUnwrappingKey,
 6 |   CK_BYTE_PTR pWrappedKey,
 7 |   CK_ULONG usWrappedKeyLen,
 8 |   CK_ATTRIBUTE_PTR pTemplate,
 9 |   CK_ULONG usAttributeCount,
10 |   CK_OBJECT_HANDLE_PTR phKey
11 | );
12 |

Parameters

hSession
[in] session handle. 13 |
pMechanism
[in] pointer to the mechanism to use. 14 |
hUnwrappingKey
[in] handle of the ket to use for unwrapping. 15 |
pWrappedKey
[in] pointer to the wrapped key. 16 |
usWrappedKeyLen
[in] length of the wrapped key. 17 |
pTemplate
[in] pointer to the list of attributes for the unwrapped key. 18 |
usAttributeCount
[in] number of attributes in the template. 19 |
phKey
[out] pointer to the location to receive the handle of the unwrapped key. 20 |

Description

FC_UnwrapKey unwraps (decrypts) a key and creates a new key opbject. If pWrappedKey is NULL the length of the wrapped key is returned in pusWrappedKeyLen and FC_UnwrapKey may be called again with pWrappedKey set to retrieve the wrapped key. 21 |

A user must log into the token (to assume the NSS User role) before calling FC_UnwrapKey. 22 |

Return value

Examples

See also

-------------------------------------------------------------------------------- /en-us/docs/mozilla/projects/nss/nss_3.17_release_notes/index.html: -------------------------------------------------------------------------------- 1 |

NSS 3.17 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.17, which is a minor release.

Distribution Information

The HG tag is NSS_3_17_RTM. NSS 3.17 requires NSPR 4.10.7 or newer.

2 |

NSS 3.17 source distributions are available on ftp.mozilla.org for secure HTTPS download:

3 |

New in NSS 3.17

New Functionality

9 |

New Macros

10 |

Notable Changes in NSS 3.17

Bugs fixed in NSS 3.17

This Bugzilla query returns all the bugs fixed in NSS 3.17:

20 |

https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.17

--------------------------------------------------------------------------------