Types and Structures
Managing SECItem Memory
These types and structures are described here:
CERTCertDBHandle
CERTCertificate
PK11SlotInfo
SECItem
SECKEYPrivateKey
SECStatus
Additional types used by a single function only are described with the function's entry in each chapter. Some of these functions also use types defined by NSPR and described in the NSPR Reference.
<a id="> Many of the structures presented here (CERTCertDBHandle
, CERTCertificate
, PK11SlotInfo
, and SECKEYPrivateKey
) are opaque--that is, they are types defined as structures (for example, CERTCertDBHandleStr
) that may change in future releases of Network Security Services. As long as you use the form shown here, your code will not need revision.
An opaque handle structure for open certificate databases.
#include <certt.h>
typedef struct CERTCertDBHandleStr CERTCertDBHandle;
An opaque X.509 certificate object.
#include <certt.h>
typedef struct CERTCertificateStr CERTCertificate;
Certificate structures are shared objects. When an application makes a copy of a particular certificate structure that already exists in memory, SSL makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy. When you call CERT_DestroyCertificate
, the function decrements the reference count and, if the reference count reaches zero as a result, frees the memory. The use of the word "destroy" in function names or in the description of a function often implies reference counting.
An opaque structure representing a physical or logical PKCS #11 slot.
#include <pk11expt.h>
typedef struct PK11SlotInfo
Str PK11SlotInfo
;
A structure that points to other structures.
#include <seccomon.h> #include <prtypes.h> #include <secport.h>
typedef enum { siBuffer, siClearDataBuffer, siCipherDataBuffer, siDERCertBuffer, siEncodedCertBuffer, siDERNameBuffer, siEncodedNameBuffer, siAsciiNameString, siAsciiString, siDEROID } SECItemType;
typedef struct SECItemStr SECItem;
struct SECItemStr { SECItemType type; unsigned char *data; unsigned int len; };
A SECItem
structure can be used to associate your own data with an SSL socket.
To free a structure pointed to by a SECItem
, and, if desired, the SECItem
structure itself, use one the functions SECItem_FreeItem
or SECItem_ZfreeItem
.
An opaque, generic key structure.
#include <keyt.h>
typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
Key structures are not shared objects. When an application makes a copy of a particular key structure that already exists in memory, SSL makes a deep copy--that is, it makes a whole new copy of that object. When you call SECKEY_DestroyPrivateKey
, the function both frees the memory and sets all the bits to zero.
Never alter the contents of a key structure. Treat the structure as read only.
The return value for many SSL functions.
#include <seccomon.h>
typedef enum { SECWouldBlock = -2, SECFailure = -1, SECSuccess = 0 } SECStatus;
The enum includes the following enumerators:
SECWouldBlock |
|
SECFailure |
|
SECSuccess |
The operation succeeded. In this case the value returned by |
SECItem_FreeItem
SECItem_ZfreeItem
Frees the memory associated with a SECItem
structure.
#include <prtypes.h>
SECStatus SECItem_FreeItem ( SECItem *item, PRBool freeItem)
This function has the following parameter:
The function returns one of these values:
SECSuccess
.SECFailure
. Use PR_GetError to retrieve the error code. Zeroes and frees the memory associated with a SECItem
structure.
#include <prtypes.h>
SECStatus SECItem_ZfreeItem ( SECItem *item, PRBool freeItem)
This function has the following parameter:
The function returns one of these values:
SECSuccess
.SECFailure
. Use PR_GetError to retrieve the error code. This function is similar to SECItem_FreeItem
, except that it overwrites the structures to be freed with zeroes before it frees them. Zeros and frees the memory associated with the structure to which the specified item points, when that structure is no longer used. When freeItem
is not PR_FALSE
, also zeroes and frees the item structure itself.