15821251 SUNBT7203499 openssl pkcs11 decrypt shows annoying messages
15809484 SUNBT7190828 Apache webserver crashes in 'ENGINE_load_pk11' when pkcs11 not conf
--- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c Wed Jan 16 08:45:29 2013 -0800
+++ b/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c Thu Jan 17 09:07:33 2013 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
*/
/* crypto/engine/hw_pk11.c */
@@ -1205,6 +1205,23 @@
}
/*
+ * Helper function that unsets reference to current engine (pk11_engine = NULL).
+ *
+ * Use of local variable only seems clumsy, it needs to be this way!
+ * This is to prevent double free in the unlucky scenario:
+ * ENGINE_free calls pk11_destroy calls pk11_finish calls ENGINE_free
+ * Setting pk11_engine to NULL prior to ENGINE_free() avoids this.
+ */
+static void pk11_engine_free()
+ {
+ ENGINE* old_engine = pk11_engine;
+
+ if (old_engine) {
+ pk11_engine = NULL;
+ }
+ }
+
+/*
* Initialization function. Sets up various PKCS#11 library components.
* It selects a slot based on predefined critiera. In the process, it also
* count how many ciphers and digests to support. Since the cipher and
@@ -1223,10 +1240,8 @@
if (e != pk11_engine)
{
- if (pk11_engine)
- ENGINE_free(pk11_engine);
+ pk11_engine_free();
pk11_engine = e;
- ENGINE_up_ref(e);
}
/*
@@ -1473,8 +1488,7 @@
pFuncList = NULL;
pk11_library_initialized = CK_FALSE;
pk11_pid = 0;
- ENGINE_free(pk11_engine);
- pk11_engine = NULL;
+ pk11_engine_free();
/*
* There is no way how to unregister atfork handlers (other than
* unloading the library) so we just free the locks. For this reason