Index: cackey.c
==================================================================
--- cackey.c
+++ cackey.c
@@ -2460,36 +2460,53 @@
 	tokenPresent = tokenPresent; /* Supress unused variable warning */
 }
 
 CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	static CK_UTF8CHAR slotDescription[] = "CACKey Slot";
+	int mutex_retval;
 	int bytes_to_copy;
 
 	CACKEY_DEBUG_PRINTF("Called.");
 
 	if (pInfo == NULL) {
 		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");
 
 		return(CKR_ARGUMENTS_BAD);
 	}
+
+	if (!cackey_initialized) {
+		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
+
+		return(CKR_CRYPTOKI_NOT_INITIALIZED);
+	}
 
 	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
 		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
 
 		return(CKR_SLOT_ID_INVALID);
 	}
+
+	mutex_retval = cackey_mutex_lock(cackey_biglock);
+	if (mutex_retval != 0) {
+		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
+
+		return(CKR_GENERAL_ERROR);
+	}
 
 	if (cackey_slots[slotID].active == 0) {
 		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
 
+		cackey_mutex_unlock(cackey_biglock);
+
 		return(CKR_SLOT_ID_INVALID);
 	}
 
-	if (!cackey_initialized) {
-		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
+	mutex_retval = cackey_mutex_unlock(cackey_biglock);
+	if (mutex_retval != 0) {
+		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
 
-		return(CKR_CRYPTOKI_NOT_INITIALIZED);
+		return(CKR_GENERAL_ERROR);
 	}
 
 	memset(pInfo->slotDescription, ' ', sizeof(pInfo->slotDescription));
 	memcpy(pInfo->slotDescription, slotDescription, sizeof(slotDescription) - 1);
 
@@ -2520,42 +2537,61 @@
 
 CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) {
 	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
 	static CK_UTF8CHAR defaultLabel[] = "Unknown Token";
 	static CK_UTF8CHAR model[] = "CAC Token";
+	int mutex_retval;
 
 	CACKEY_DEBUG_PRINTF("Called.");
 
 	if (pInfo == NULL) {
 		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");
 
 		return(CKR_ARGUMENTS_BAD);
 	}
+
+	if (!cackey_initialized) {
+		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
+
+		return(CKR_CRYPTOKI_NOT_INITIALIZED);
+	}
 
 	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
 		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
 
 		return(CKR_SLOT_ID_INVALID);
 	}
+
+	mutex_retval = cackey_mutex_lock(cackey_biglock);
+	if (mutex_retval != 0) {
+		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
+
+		return(CKR_GENERAL_ERROR);
+	}
 
 	if (cackey_slots[slotID].active == 0) {
 		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
 
+		cackey_mutex_unlock(cackey_biglock);
+
 		return(CKR_SLOT_ID_INVALID);
 	}
 
-	if (!cackey_initialized) {
-		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
-
-		return(CKR_CRYPTOKI_NOT_INITIALIZED);
-	}
-
 	if (cackey_token_present(&cackey_slots[slotID]) != CACKEY_PCSC_S_TOKENPRESENT) {
 		CACKEY_DEBUG_PRINTF("No token is present in slotID = %lu", slotID);
 
+		cackey_mutex_unlock(cackey_biglock);
+
 		return(CKR_TOKEN_NOT_PRESENT);
 	}
+
+	mutex_retval = cackey_mutex_unlock(cackey_biglock);
+	if (mutex_retval != 0) {
+		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
+
+		return(CKR_GENERAL_ERROR);
+	}
 
 	memset(pInfo->label, ' ', sizeof(pInfo->label));
 	if (1) {
 		memcpy(pInfo->label, defaultLabel, sizeof(defaultLabel) - 1);
 	} else {
@@ -2652,24 +2688,14 @@
 
 	return(CKR_OK);
 }
 
 CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo) {
+	int mutex_retval;
+
 	CACKEY_DEBUG_PRINTF("Called.");
 
-	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
-		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
-
-		return(CKR_SLOT_ID_INVALID);
-	}
-
-	if (cackey_slots[slotID].active == 0) {
-		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
-
-		return(CKR_SLOT_ID_INVALID);
-	}
-
 	if (pInfo == NULL) {
 		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");
 
 		return(CKR_ARGUMENTS_BAD);
 	}
@@ -2677,10 +2703,38 @@
 	if (!cackey_initialized) {
 		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
 
 		return(CKR_CRYPTOKI_NOT_INITIALIZED);
 	}
+
+	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
+		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
+
+		return(CKR_SLOT_ID_INVALID);
+	}
+
+	mutex_retval = cackey_mutex_lock(cackey_biglock);
+	if (mutex_retval != 0) {
+		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
+
+		return(CKR_GENERAL_ERROR);
+	}
+
+	if (cackey_slots[slotID].active == 0) {
+		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
+
+		cackey_mutex_unlock(cackey_biglock);
+
+		return(CKR_SLOT_ID_INVALID);
+	}
+
+	mutex_retval = cackey_mutex_unlock(cackey_biglock);
+	if (mutex_retval != 0) {
+		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
+
+		return(CKR_GENERAL_ERROR);
+	}
 
 	/* XXX: This is untested, and further I'm not really sure if this is correct. */
 	switch (type) {
 		case CKM_RSA_PKCS:
 			pInfo->ulMinKeySize = 512;
@@ -2754,46 +2808,50 @@
 	int mutex_retval;
 	int found_session = 0;
 
 	CACKEY_DEBUG_PRINTF("Called.");
 
-	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
-		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
-
-		return(CKR_SLOT_ID_INVALID);
-	}
-
-	if (cackey_slots[slotID].active == 0) {
-		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
-
-		return(CKR_SLOT_ID_INVALID);
-	}
-
 	if ((flags & CKF_SERIAL_SESSION) != CKF_SERIAL_SESSION) {
 		return(CKR_SESSION_PARALLEL_NOT_SUPPORTED);
 	}
 
 	if (!cackey_initialized) {
 		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
 
 		return(CKR_CRYPTOKI_NOT_INITIALIZED);
 	}
+
+	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
+		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
+
+		return(CKR_SLOT_ID_INVALID);
+	}
+
+	mutex_retval = cackey_mutex_lock(cackey_biglock);
+	if (mutex_retval != 0) {
+		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
+
+		return(CKR_GENERAL_ERROR);
+	}
+
+	if (cackey_slots[slotID].active == 0) {
+		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
+
+		cackey_mutex_unlock(cackey_biglock);
+
+		return(CKR_SLOT_ID_INVALID);
+	}
 
 	/* Verify that the card is actually in the slot. */
 	if (cackey_token_present(&cackey_slots[slotID]) != CACKEY_PCSC_S_TOKENPRESENT) {
 		CACKEY_DEBUG_PRINTF("Error.  Card not present.  Returning CKR_DEVICE_REMOVED");
 
+		cackey_mutex_unlock(cackey_biglock);
+
 		return(CKR_DEVICE_REMOVED);
 	}
 
-	mutex_retval = cackey_mutex_lock(cackey_biglock);
-	if (mutex_retval != 0) {
-		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
-
-		return(CKR_GENERAL_ERROR);
-	}
-
 	for (idx = 1; idx < (sizeof(cackey_sessions) / sizeof(cackey_sessions[0])); idx++) {
 		if (!cackey_sessions[idx].active) {
 			found_session = 1;
 
 			*phSession = idx;
@@ -2905,36 +2963,38 @@
 CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(CK_SLOT_ID slotID) {
 	uint32_t idx;
 	int mutex_retval;
 
 	CACKEY_DEBUG_PRINTF("Called.");
+
+	if (!cackey_initialized) {
+		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
+
+		return(CKR_CRYPTOKI_NOT_INITIALIZED);
+	}
 
 	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
 		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
 
 		return(CKR_SLOT_ID_INVALID);
 	}
+
+	mutex_retval = cackey_mutex_lock(cackey_biglock);
+	if (mutex_retval != 0) {
+		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
+
+		return(CKR_GENERAL_ERROR);
+	}
 
 	if (cackey_slots[slotID].active == 0) {
 		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
 
+		cackey_mutex_unlock(cackey_biglock);
+
 		return(CKR_SLOT_ID_INVALID);
 	}
 
-	if (!cackey_initialized) {
-		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
-
-		return(CKR_CRYPTOKI_NOT_INITIALIZED);
-	}
-
-	mutex_retval = cackey_mutex_lock(cackey_biglock);
-	if (mutex_retval != 0) {
-		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
-
-		return(CKR_GENERAL_ERROR);
-	}
-
 	for (idx = 0; idx < (sizeof(cackey_sessions) / sizeof(cackey_sessions[0])); idx++) {
 		if (cackey_sessions[idx].active) {
 			if (cackey_sessions[idx].slotID != slotID) {
 				continue;
 			}