# HG changeset patch # User Ron Jordan # Date 1358894757 28800 # Node ID a1822222111d9179744844e768787238ae5856e6 # Parent b1f0e4a84df6cb05624e55bafd01576478cae2cd 15821251 SUNBT7203499 openssl pkcs11 decrypt shows annoying messages 15809484 SUNBT7190828 Apache webserver crashes in 'ENGINE_load_pk11' when pkcs11 not conf diff -r b1f0e4a84df6 -r a1822222111d components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c --- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c Mon Jan 21 03:30:38 2013 -0800 +++ b/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c Tue Jan 22 14:45:57 2013 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. */ /* crypto/engine/hw_pk11.c */ @@ -1205,6 +1205,23 @@ } /* + * Helper function that unsets reference to current engine (pk11_engine = NULL). + * + * Use of local variable only seems clumsy, it needs to be this way! + * This is to prevent double free in the unlucky scenario: + * ENGINE_free calls pk11_destroy calls pk11_finish calls ENGINE_free + * Setting pk11_engine to NULL prior to ENGINE_free() avoids this. + */ +static void pk11_engine_free() + { + ENGINE* old_engine = pk11_engine; + + if (old_engine) { + pk11_engine = NULL; + } + } + +/* * Initialization function. Sets up various PKCS#11 library components. * It selects a slot based on predefined critiera. In the process, it also * count how many ciphers and digests to support. Since the cipher and @@ -1223,10 +1240,8 @@ if (e != pk11_engine) { - if (pk11_engine) - ENGINE_free(pk11_engine); + pk11_engine_free(); pk11_engine = e; - ENGINE_up_ref(e); } /* @@ -1473,8 +1488,7 @@ pFuncList = NULL; pk11_library_initialized = CK_FALSE; pk11_pid = 0; - ENGINE_free(pk11_engine); - pk11_engine = NULL; + pk11_engine_free(); /* * There is no way how to unregister atfork handlers (other than * unloading the library) so we just free the locks. For this reason