Wan-Teh Chang wrote:
SECMOD_DestroyModule destroys the reference to the Module. (Lots of functions return references to the module).The SECMOD_LoadUserModule and SECMOD_UnloadUserModule functions were added in https://bugzilla.mozilla.org/show_bug.cgi?id=132461, but no NSS utilities or test programs use these functions, so the only sample code for these functions that I can find is PSM.PSM uses these functions as follows: In nsNSSComponent::InstallLoadableRoots: 812 RootsModule = 813 SECMOD_LoadUserModule(const_cast<char*>(pkcs11moduleSpec.get()), 814 nsnull, // no parent 815 PR_FALSE); // do not recurse 816 817 if (RootsModule) { 818 PRBool found = (RootsModule->loaded); 819 820 SECMOD_DestroyModule(RootsModule); 821 RootsModule = nsnull; 822 823 if (found) { 824 break; 825 } 826 } In nsNSSComponent::UnloadLoadableRoots: 839 SECMODModule *RootsModule = SECMOD_FindModule(modNameUTF8.get()); 840 841 if (RootsModule) { 842 SECMOD_UnloadUserModule(RootsModule); 843 SECMOD_DestroyModule(RootsModule); 844 } SECMOD_DestroyModule is not documented in https://developer.mozilla.org/en/NSS_PKCS11_Functions, so it's not clear what the side effects of SECMOD_DestroyModule are and why PSM calls SECMOD_DestroyModule after both the SECMOD_LoadUserModule and SECMOD_UnloadUserModule calls.
The following functions return module reference that must be destroyed: SECMOD_FindModule SECMOD_FindModuleByID SECMOD_ReferenceModuleSECMOD_CreateModule (I don't know why this one was exported... It probably shouldn't have been).
SECMOD_LoadModule SECMOD_LoadUserModule The follow returns a module, but does not return a new reference: SECMOD_GetInternalModule The following functions also link a module into various internal lists:Default trust domain Module Lists Persistant database (secmod.db/pkcs11.txt) SECMOD_AddNewModule y y y SECMOD_AddNewModuleEx y y y SECMOD_LoadUserModule y y n SECMOD_LoadModule n y n
Module lists hold a reference to the module. The default trust domain holds a reference to each slot in the module (but not the module itself).
The following functions remove a module into various internal lists:Default trust domain Module Lists Persistant database (secmod.db/pkcs11.txt) SECMOD_DeleteModuleEx y (if there) y (if there) if (permdb == TRUE) SECMOD_UnloadUserModule y (if there) y (if there) n
Neither SECMOD_DeleteModuleEx nor SECOD_UnloadUserModule free's the caller's reference to the module.
(Looking at the code it looks like SECOD_UnloadUserModule is doing more work than it needs. It uses SECMOD_DeleteModuleEx, but also calls STAN_RemoveModuleFromDefaultTrustDomain(), which may be redundant).
bob
The comment should be updated. It removes the module structure from the system and deletes that reference. If the user is still holding a reference, the module will not be deleted until that reference is removed.Is it true that SECMOD_DestroyModule merely does reference counting, and won't cause the module to be unloaded? Does SECMOD_UnloadUserModule not destroy the module structure, contrary to what this source code comment says? http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/pk11wrap/pk11pars.c#406 406 /* 407 * remove the PKCS#11 module from the default NSS trust domain, call 408 * C_Finalize, and destroy the module structure 409 */ 410 SECStatus SECMOD_UnloadUserModule(SECMODModule *mod)
Thank you! Wan-Teh _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
