JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Security for Developers Guide
search filter icon
search icon

Document Information

Preface

1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

Oracle Solaris Cryptography Terminology

Overview of the Cryptographic Framework

Components of the Cryptographic Framework

What Cryptography Developers Need to Know

Requirements for Developers of User-Level Consumers

Requirements for Developers of User-Level Providers

Requirements for Developers of Kernel-Level Consumers

Requirements for Developers of Kernel-Level Providers

Avoiding Data Cleanup Collisions in User-Level Providers

9.  Writing User-Level Cryptographic Applications and Providers

10.  Using the Smart Card Framework

A.  Sample C-Based GSS-API Programs

B.  GSS-API Reference

C.  Specifying an OID

D.  Source Code for SASL Example

E.  SASL Reference Tables

F.  Packaging and Signing Cryptographic Providers

Glossary

Index

Avoiding Data Cleanup Collisions in User-Level Providers

User-level libraries that plug into the cryptographic framework should supply a _fini() function. The _fini() function is called by the loader when the library is unloaded. The _fini() function is required to ensure that all cleanup is done correctly at the right time. Libraries that use libpkcs11 are not supposed to call C_Finalize(), because libpkcs11 is a shared library that could potentially be in use by the application.

To supply a _fini() function, you need to create a .fini section in the program data section of a relocatable object. The .fini section provides a runtime termination code block. See Linker and Libraries Guide. The following code sample demonstrates how to design a .fini section.

Example 8-1 Supplying _fini() to PKCS #11 Libraries

#pragma fini(pkcs11_fini)
static void pkcs11_fini();

/* [... (other library code omitted)] */

static void
pkcs11_fini()
{
        (void) pthread_mutex_lock(&pkcs11mutex);
        
        /* If CRYPTOKI is not initialized, do not clean up */
        if (!initialized) {
                (void) pthread_mutex_unlock(&pkcs11mutex);
                return;
        }
        
        (void) finalize_routine(NULL_PTR);
        
        (void) pthread_mutex_unlock(&pkcs11mutex);
}