1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
|
.. _mozilla_projects_nss_ssl_functions_ssltyp:
ssltyp
======
.. container::
.. note::
- This page is part of the :ref:`mozilla_projects_nss_ssl_functions_old_ssl_reference` that
we are migrating into the format described in the `MDN Style
Guide <https://developer.mozilla.org/en-US/docs/Project:MDC_style_guide>`__. If you are
inclined to help with this migration, your help would be very much appreciated.
- Upgraded documentation may be found in the :ref:`mozilla_projects_nss_reference`
.. rubric:: Selected SSL Types and Structures
:name: Selected_SSL_Types_and_Structures
--------------
.. _chapter_3_selected_ssl_types_and_structures:
`Chapter 3
<#chapter_3_selected_ssl_types_and_structures>`__ Selected SSL Types and Structures
------------------------------------------------------------------------------------
.. container::
This chapter describes some of the most important types and structures used with the functions
described in the rest of this document, and how to manage the memory used for them. Additional
types are described with the functions that use them or in the header files.
| `Types and Structures <#1030559>`__
| `Managing SECItem Memory <#1029645>`__
.. _types_and_structures:
`Types and Structures <#types_and_structures>`__
------------------------------------------------
.. container::
These types and structures are described here:
| ```CERTCertDBHandle`` <#1028465>`__
| ```CERTCertificate`` <#1027387>`__
| ```PK11SlotInfo`` <#1028593>`__
| ```SECItem`` <#1026076>`__
| ```SECKEYPrivateKey`` <#1026727>`__
| ```SECStatus`` <#1026722>`__
Additional types used by a single function only are described with the function's entry in each
chapter. Some of these functions also use types defined by NSPR and described in the `NSPR
Reference <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference>`__.
<a id="> Many of the structures presented here (```CERTCertDBHandle`` <#1028465>`__,
```CERTCertificate`` <#1027387>`__, ```PK11SlotInfo`` <#1028593>`__, and
```SECKEYPrivateKey`` <#1026727>`__) are opaque--that is, they are types defined as structures
(for example, ``CERTCertDBHandleStr``) that may change in future releases of Network Security
Services. As long as you use the form shown here, your code will not need revision.
.. rubric:: CERTCertDBHandle
:name: certcertdbhandle
An opaque handle structure for open certificate databases.
.. rubric:: Syntax
:name: syntax
.. code::
#include <certt.h>
.. code::
typedef struct CERTCertDBHandleStr CERTCertDBHandle;
.. rubric:: CERTCertificate
:name: certcertificate
An opaque X.509 certificate object.
.. rubric:: Syntax
:name: syntax_2
.. code::
#include <certt.h>
.. code::
typedef struct CERTCertificateStr CERTCertificate;
.. rubric:: Description
:name: description
Certificate structures are shared objects. When an application makes a copy of a particular
certificate structure that already exists in memory, SSL makes a *shallow* copy--that is, it
increments the reference count for that object rather than making a whole new copy. When you call
```CERT_DestroyCertificate`` <sslcrt.html#1050532>`__, the function decrements the reference
count and, if the reference count reaches zero as a result, frees the memory. The use of the word
"destroy" in function names or in the description of a function often implies reference counting.
Never alter the contents of a certificate structure. If you attempt to do so, the change affects
all the shallow copies of that structure and can cause severe problems.
.. rubric:: PK11SlotInfo
:name: pk11slotinfo
An opaque structure representing a physical or logical PKCS #11 slot.
.. rubric:: Syntax
:name: syntax_3
.. code::
#include <pk11expt.h>
``typedef struct PK11SlotInfo``\ Str ``PK11SlotInfo``;
.. rubric:: SECItem
:name: secitem
A structure that points to other structures.
.. rubric:: Syntax
:name: syntax_4
.. code::
#include <seccomon.h>
#include <prtypes.h>
#include <secport.h>
.. code::
typedef enum {
siBuffer,
siClearDataBuffer,
siCipherDataBuffer,
siDERCertBuffer,
siEncodedCertBuffer,
siDERNameBuffer,
siEncodedNameBuffer,
siAsciiNameString,
siAsciiString,
siDEROID
} SECItemType;
.. code::
typedef struct SECItemStr SECItem;
.. code::
struct SECItemStr {
SECItemType type;
unsigned char *data;
unsigned int len;
};
.. rubric:: Description
:name: description_2
A ``SECItem`` structure can be used to associate your own data with an SSL socket.
To free a structure pointed to by a ``SECItem``, and, if desired, the ``SECItem`` structure
itself, use one the functions ```SECItem_FreeItem`` <#1030620>`__ or
```SECItem_ZfreeItem`` <#1030773>`__.
.. rubric:: SECKEYPrivateKey
:name: seckeyprivatekey
An opaque, generic key structure.
.. rubric:: Syntax
:name: syntax_5
.. code::
#include <keyt.h>
.. code::
typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
.. rubric:: Description
:name: description_3
Key structures are not shared objects. When an application makes a copy of a particular key
structure that already exists in memory, SSL makes a *deep* copy--that is, it makes a whole new
copy of that object. When you call ```SECKEY_DestroyPrivateKey`` <sslkey.html#1051017>`__, the
function both frees the memory and sets all the bits to zero.
Never alter the contents of a key structure. Treat the structure as read only.
.. rubric:: SECStatus
:name: secstatus
The return value for many SSL functions.
.. rubric:: Syntax
:name: syntax_6
.. code::
#include <seccomon.h>
.. code::
typedef enum {
SECWouldBlock = -2,
SECFailure = -1,
SECSuccess = 0
} SECStatus;
.. rubric:: Enumerators
:name: enumerators
The enum includes the following enumerators:
+-------------------------------------------------+-------------------------------------------------+
| .. code:: | Reserved for internal use. |
| | |
| SECWouldBlock | |
+-------------------------------------------------+-------------------------------------------------+
| .. code:: | The operation failed. To find out why, call |
| | ``PR_GetError``. |
| SECFailure | |
+-------------------------------------------------+-------------------------------------------------+
| .. code:: | The operation succeeded. In this case the value |
| | returned by ``PR_GetError`` is meaningless. |
| SECSuccess | |
+-------------------------------------------------+-------------------------------------------------+
.. _managing_secitem_memory:
`Managing SECItem Memory <#managing_secitem_memory>`__
------------------------------------------------------
.. container::
These functions are available for managing the memory associated with ``SECItem`` structures and
the structures to which they point.
| ```SECItem_FreeItem`` <#1030620>`__
| ```SECItem_ZfreeItem`` <#1030773>`__
.. rubric:: SECItem_FreeItem
:name: secitem_freeitem
Frees the memory associated with a ``SECItem`` structure.
.. rubric:: Syntax
:name: syntax_7
.. code::
#include <prtypes.h>
.. code::
SECStatus SECItem_FreeItem (
SECItem *item,
PRBool freeItem)
.. rubric:: Parameter
:name: parameter
This function has the following parameter:
+----------+--------------------------------------------------------------------------------------+
| ``item`` | A pointer to a ``SECItem`` structure. |
+----------+--------------------------------------------------------------------------------------+
| freeItem | When ``PR_FALSE``, free only the structure pointed to. Otherwise, free both the |
| | structure pointed to and the ``SECItem`` structure itself. |
+----------+--------------------------------------------------------------------------------------+
.. rubric:: Returns
:name: returns
The function returns one of these value\ ``s``:
- If successful, ``SECSuccess``.
- If unsuccessful, ``SECFailure``. Use
`PR_GetError <../../../../../nspr/reference/html/prerr.html#26127>`__ to retrieve the error
code.
.. rubric:: Description
:name: description_4
This function frees the memory associated with the structure to which the specified item points,
when that structure is no longer used. When ``freeItem`` is not ``PR_FALSE``, also frees the item
structure itself.
.. rubric:: SECItem_ZfreeItem
:name: secitem_zfreeitem
Zeroes and frees the memory associated with a ``SECItem`` structure.
.. rubric:: Syntax
:name: syntax_8
.. code::
#include <prtypes.h>
.. code::
SECStatus SECItem_ZfreeItem (
SECItem *item,
PRBool freeItem)
.. rubric:: Parameter
:name: parameter_2
This function has the following parameter:
+----------+--------------------------------------------------------------------------------------+
| ``item`` | A pointer to a ``SECItem`` structure. |
+----------+--------------------------------------------------------------------------------------+
| freeItem | When ``PR_FALSE``, free only the structure pointed to. Otherwise, free both the |
| | structure pointed to and the ``SECItem`` structure itself. |
+----------+--------------------------------------------------------------------------------------+
.. rubric:: Returns
:name: returns_2
The function returns one of these value\ ``s``:
- If successful, ``SECSuccess``.
- If unsuccessful, ``SECFailure``. Use
`PR_GetError <../../../../../nspr/reference/html/prerr.html#26127>`__ to retrieve the error
code.
.. rubric:: Description
:name: description_5
This function is similar to ```SECItem_FreeItem`` <#1030620>`__, except that it overwrites the
structures to be freed with zeroes before it frees them. Zeros and frees the memory associated
with the structure to which the specified item points, when that structure is no longer used.
When ``freeItem`` is not ``PR_FALSE``, also zeroes and frees the item structure itself.
|
