--- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c Mon Jun 11 13:32:59 2012 -0700
+++ b/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c Mon Jun 11 22:35:26 2012 -0700
@@ -818,6 +818,7 @@
static CK_BBOOL pk11_library_initialized = CK_FALSE;
static CK_BBOOL pk11_atfork_initialized = CK_FALSE;
static int pk11_pid = 0;
+static ENGINE* pk11_engine = NULL;
static DSO *pk11_dso = NULL;
@@ -1032,12 +1033,33 @@
return (ret);
}
+int
+pk11_engine_loaded()
+ {
+ ENGINE *e;
+ int rtrn = 0;
+
+ if ((e = ENGINE_by_id(engine_pk11_id)) != NULL)
+ {
+ rtrn = 1;
+ ENGINE_free(e);
+ }
+ return (rtrn);
+ }
+
void
ENGINE_load_pk11(void)
{
ENGINE *e_pk11 = NULL;
/*
+ * Do not attempt to load the engine twice!
+ * Multiple instances would share static variables from this file.
+ */
+ if (pk11_engine_loaded())
+ return;
+
+ /*
* Do not use dynamic PKCS#11 library on Solaris due to
* security reasons. We will link it in statically.
*/
@@ -1189,6 +1211,14 @@
int any_slot_found;
int i;
+ if (e != pk11_engine)
+ {
+ if (pk11_engine)
+ ENGINE_free(pk11_engine);
+ pk11_engine = e;
+ ENGINE_up_ref(e);
+ }
+
/*
* pk11_library_initialized is set to 0 in pk11_finish() which is called
* from ENGINE_finish(). However, if there is still at least one
@@ -1371,6 +1401,15 @@
{
int i;
+ /*
+ * Make sure, right engine instance is being destroyed.
+ * Engine e may be the wrong instance if
+ * 1) either someone calls ENGINE_load_pk11 twice
+ * 2) or last ref. to an already finished engine is being destroyed
+ */
+ if (e != pk11_engine)
+ goto err;
+
if (pk11_dso == NULL)
{
PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
@@ -1426,6 +1465,8 @@
pFuncList = NULL;
pk11_library_initialized = CK_FALSE;
pk11_pid = 0;
+ ENGINE_free(pk11_engine);
+ pk11_engine = NULL;
/*
* There is no way how to unregister atfork handlers (other than
* unloading the library) so we just free the locks. For this reason