Durga Prasad wrote: > Hi All, > > I am seeing openssl PKCS#11 engine code. I have some doubts regarding this. > > 1) Why are we passing NULL argument to C_Initialize. If the NULL argument is > passed, we are not supposed to access to use PKCS11 library from multiple > threads simultaneously.
While that is strictly correct the OpenSolaris libpkcs11 is always MT-Safe and always uses OS locking. See: http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/pkcs11/libpkcs11/common/pkcs11General.c#157 We don't do anything different for: C_Initialize(NULL) versus CK_C_INITIALIZE_ARGS pInitArgs; pInitArgs.CreateMutex = NULL; pInitArgs.DestroyMutex = NULL; pInitArgs.LockMutex = NULL; pInitArgs.UnlockMutext = NULL; pInitArgs.flags = CKF_OS_LOCKING_OK; pInitArgs.pReserved = NULL; C_Initialize(&pInitArgs); It is a bug in the engine but when run on Solaris using /usr/lib/libpkcs11.so it doesn't actually make any difference anyway. > 2) How is opensc PKCS#11 engine different from openssl PKCS#11 engine? I don't believe the opensc PKCS#11 engine existed at the time we wrote the one that is in OpenSolaris (it was written during Solaris 10 development). I've never looked at the opensc engine so I don't know. -- Darren J Moffat
