On 07/24/2010 11:39 PM, Konstantin Andreev wrote: > Hello. > > It looks like the BLAPI implementation (freebl) is an internal > component of NSS. In this case there is no need in backward API > compatibility, neither binary nor source-level. > > But freebl is provided as distinct shared library > (libfreebl3.so/freebl3.dll). This gives me an idea that other clients > except NSS could use freebl. In this case backward compatibility is a > must. Short answer:
1. It has been our policy to maintain backward compatibility in blapi libraries. This allows new functions to be added, but only limited changes to the the semantics of existing functions. 2. We have not, however, advertised the interfaces to blapi for applications in general. > > Could you, please, advice, either is true ? Is BLAPI/freebl assumed to > be used outside of NSS ? Long answer: Blapi is used in the following instances: On linux, through a very specific and limited api for hashing functions only. This is use is not highly encouraged, but allowed for certain system functions (like glibc). In softoken through the blapi api (a static library the dlopens blapi itself and calls functions through a function pointer. This static library deals with version differences). In libssl if bypass is turned on. In other pkcs11 modules, particularly ones built with the ck library in the NSS tree. (libpem is an example). Currently softoken and blapi are tightly coupled. I know of no system that does not package these two together. I believe libssl is as well if bypass is turned on (linux will use an older blapi than libssl at times). bob > > -- > Konstantin Andreev.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
