Christoph Brueckner wrote:
softoken was developed for NSS, and NSS needs to be able to handle multiple PKCS#11 devices simultaneously. As such, NSS uses the C_GetFunctionList interface and the corresponding table of function pointers to access a given module. NSS cannot simply call C_XXX functions directly, or there would be symbol conflict between modules.Ok. But why does softoken and builtin module only export the C_GetFunctionList function? I thought softoken and builtin are "real" PKCS#11 Modules. Why don't they export functions like C_Initialize, and all the other PKCS#11 functions directly? Instead softoken exports C_GetFunctionList, NSC_GetFunctionList, FC_GetFunctionList. What is the difference between these 3 functions?
I imagine C_GetFunctionList is exported because that is the symbol other applications would look for when loading the softoken. NSC_GetFunctionList is the softoken's particular implementation of that function (you should find symbols for all the C_XXX functions prepended by 'NS'). FC_GetFunctionList is there because the softoken can be used in two modes, normal and FIPS-compliant. The FC_XXX functions are the FIPS version of the usual C_XXX stuff.
-Ian
