17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
547c883c7Sdinak * Common Development and Distribution License (the "License").
647c883c7Sdinak * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*d288ba74SAnthony Scarpino * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate #include <pthread.h>
277c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
287c478bd9Sstevel@tonic-gate #include "softGlobal.h"
297c478bd9Sstevel@tonic-gate #include "softSession.h"
307c478bd9Sstevel@tonic-gate #include "softObject.h"
317c478bd9Sstevel@tonic-gate #include "softOps.h"
327c478bd9Sstevel@tonic-gate
337c478bd9Sstevel@tonic-gate
347c478bd9Sstevel@tonic-gate CK_RV
C_DecryptInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)357c478bd9Sstevel@tonic-gate C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
367c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE hKey)
377c478bd9Sstevel@tonic-gate {
387c478bd9Sstevel@tonic-gate
397c478bd9Sstevel@tonic-gate CK_RV rv;
407c478bd9Sstevel@tonic-gate soft_session_t *session_p;
417c478bd9Sstevel@tonic-gate soft_object_t *key_p;
427c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
437c478bd9Sstevel@tonic-gate
447c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
457c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
467c478bd9Sstevel@tonic-gate
477c478bd9Sstevel@tonic-gate /* Obtain the session pointer. */
487c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
497c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
507c478bd9Sstevel@tonic-gate return (rv);
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate if (pMechanism == NULL) {
537c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
547c478bd9Sstevel@tonic-gate goto clean_exit;
557c478bd9Sstevel@tonic-gate }
567c478bd9Sstevel@tonic-gate
577c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */
587c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hKey, key_p, rv);
597c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
607c478bd9Sstevel@tonic-gate goto clean_exit;
617c478bd9Sstevel@tonic-gate
627c478bd9Sstevel@tonic-gate /* Check to see if key object allows for decryption. */
637c478bd9Sstevel@tonic-gate if (!(key_p->bool_attr_mask & DECRYPT_BOOL_ON)) {
64*d288ba74SAnthony Scarpino rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
657c478bd9Sstevel@tonic-gate goto clean_exit1;
667c478bd9Sstevel@tonic-gate }
677c478bd9Sstevel@tonic-gate
687c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
697c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
707c478bd9Sstevel@tonic-gate
717c478bd9Sstevel@tonic-gate /* Check to see if decrypt operation is already active. */
727c478bd9Sstevel@tonic-gate if (session_p->decrypt.flags & CRYPTO_OPERATION_ACTIVE) {
737c478bd9Sstevel@tonic-gate /* free the memory to avoid memory leak */
747c478bd9Sstevel@tonic-gate soft_crypt_cleanup(session_p, B_FALSE, lock_held);
757c478bd9Sstevel@tonic-gate }
767c478bd9Sstevel@tonic-gate
777c478bd9Sstevel@tonic-gate /*
787c478bd9Sstevel@tonic-gate * This active flag will remain ON until application calls either
797c478bd9Sstevel@tonic-gate * C_Decrypt or C_DecryptFinal to actually obtain the final piece
807c478bd9Sstevel@tonic-gate * of plaintext.
817c478bd9Sstevel@tonic-gate */
827c478bd9Sstevel@tonic-gate session_p->decrypt.flags = CRYPTO_OPERATION_ACTIVE;
837c478bd9Sstevel@tonic-gate
847c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
857c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
867c478bd9Sstevel@tonic-gate
877c478bd9Sstevel@tonic-gate rv = soft_decrypt_init(session_p, pMechanism, key_p);
887c478bd9Sstevel@tonic-gate
897c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
907c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
917c478bd9Sstevel@tonic-gate session_p->decrypt.flags &= ~CRYPTO_OPERATION_ACTIVE;
927c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
937c478bd9Sstevel@tonic-gate }
947c478bd9Sstevel@tonic-gate
957c478bd9Sstevel@tonic-gate clean_exit1:
967c478bd9Sstevel@tonic-gate OBJ_REFRELE(key_p);
977c478bd9Sstevel@tonic-gate clean_exit:
987c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
997c478bd9Sstevel@tonic-gate return (rv);
1007c478bd9Sstevel@tonic-gate }
1017c478bd9Sstevel@tonic-gate
1027c478bd9Sstevel@tonic-gate
1037c478bd9Sstevel@tonic-gate CK_RV
C_Decrypt(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)1047c478bd9Sstevel@tonic-gate C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
10547c883c7Sdinak CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
1067c478bd9Sstevel@tonic-gate {
1077c478bd9Sstevel@tonic-gate
1087c478bd9Sstevel@tonic-gate CK_RV rv;
1097c478bd9Sstevel@tonic-gate soft_session_t *session_p;
1107c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
1117c478bd9Sstevel@tonic-gate
1127c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
1137c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
1147c478bd9Sstevel@tonic-gate
1157c478bd9Sstevel@tonic-gate /* Obatin the session pointer. */
1167c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
1177c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
1187c478bd9Sstevel@tonic-gate return (rv);
1197c478bd9Sstevel@tonic-gate
1207c478bd9Sstevel@tonic-gate /*
12147c883c7Sdinak * Only check if input buffer is null. How to handle zero input
12247c883c7Sdinak * length depents on the mechanism in use. For secret key mechanisms,
12347c883c7Sdinak * unpadded ones yield zero length output, but padded ones always
12447c883c7Sdinak * result in smaller than original, possibly zero, length output.
12547c883c7Sdinak */
12647c883c7Sdinak if (pEncryptedData == NULL) {
12747c883c7Sdinak rv = CKR_ARGUMENTS_BAD;
12847c883c7Sdinak goto clean_exit;
12947c883c7Sdinak }
13047c883c7Sdinak
13147c883c7Sdinak /*
1327c478bd9Sstevel@tonic-gate * No need to check pData because application might
1337c478bd9Sstevel@tonic-gate * just want to know the length of decrypted data.
1347c478bd9Sstevel@tonic-gate */
1357c478bd9Sstevel@tonic-gate if (pulDataLen == NULL) {
1367c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
1377c478bd9Sstevel@tonic-gate goto clean_exit;
1387c478bd9Sstevel@tonic-gate }
1397c478bd9Sstevel@tonic-gate
1407c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
1417c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
1427c478bd9Sstevel@tonic-gate
1437c478bd9Sstevel@tonic-gate /* Application must call C_DecryptInit before calling C_Decrypt. */
1447c478bd9Sstevel@tonic-gate if (!(session_p->decrypt.flags & CRYPTO_OPERATION_ACTIVE)) {
1457c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1467c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
1477c478bd9Sstevel@tonic-gate }
1487c478bd9Sstevel@tonic-gate
1497c478bd9Sstevel@tonic-gate /*
1507c478bd9Sstevel@tonic-gate * C_Decrypt must be called without intervening C_DecryptUpdate
1517c478bd9Sstevel@tonic-gate * calls.
1527c478bd9Sstevel@tonic-gate */
1537c478bd9Sstevel@tonic-gate if (session_p->decrypt.flags & CRYPTO_OPERATION_UPDATE) {
1547c478bd9Sstevel@tonic-gate /*
1557c478bd9Sstevel@tonic-gate * C_Decrypt can not be used to terminate a multi-part
1567c478bd9Sstevel@tonic-gate * operation, so we'll leave the active decrypt operation
1577c478bd9Sstevel@tonic-gate * flag on and let the application continue with the
1587c478bd9Sstevel@tonic-gate * decrypt update operation.
1597c478bd9Sstevel@tonic-gate */
1607c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1617c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED);
1627c478bd9Sstevel@tonic-gate }
1637c478bd9Sstevel@tonic-gate
1647c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
1657c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
1667c478bd9Sstevel@tonic-gate
16747c883c7Sdinak rv = soft_decrypt(session_p, pEncryptedData, ulEncryptedDataLen,
1687c478bd9Sstevel@tonic-gate pData, pulDataLen);
1697c478bd9Sstevel@tonic-gate
1707c478bd9Sstevel@tonic-gate if ((rv == CKR_BUFFER_TOO_SMALL) ||
1717c478bd9Sstevel@tonic-gate (pData == NULL && rv == CKR_OK)) {
1727c478bd9Sstevel@tonic-gate /*
1737c478bd9Sstevel@tonic-gate * We will not terminate the active decrypt operation flag,
1747c478bd9Sstevel@tonic-gate * when the application-supplied buffer is too small, or
1757c478bd9Sstevel@tonic-gate * the application asks for the length of buffer to hold
1767c478bd9Sstevel@tonic-gate * the plaintext.
1777c478bd9Sstevel@tonic-gate */
1787c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1797c478bd9Sstevel@tonic-gate return (rv);
1807c478bd9Sstevel@tonic-gate }
1817c478bd9Sstevel@tonic-gate
1827c478bd9Sstevel@tonic-gate clean_exit:
1834c21f043Sizick /* Clear context, free key, and release session counter */
1844c21f043Sizick soft_crypt_cleanup(session_p, B_FALSE, B_FALSE);
1857c478bd9Sstevel@tonic-gate
1867c478bd9Sstevel@tonic-gate return (rv);
1877c478bd9Sstevel@tonic-gate }
1887c478bd9Sstevel@tonic-gate
1897c478bd9Sstevel@tonic-gate
1907c478bd9Sstevel@tonic-gate CK_RV
C_DecryptUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pEncryptedPart,CK_ULONG ulEncryptedPartLen,CK_BYTE_PTR pPart,CK_ULONG_PTR pulPartLen)1917c478bd9Sstevel@tonic-gate C_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart,
1927c478bd9Sstevel@tonic-gate CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
1937c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulPartLen)
1947c478bd9Sstevel@tonic-gate {
1957c478bd9Sstevel@tonic-gate
1967c478bd9Sstevel@tonic-gate CK_RV rv;
1977c478bd9Sstevel@tonic-gate soft_session_t *session_p;
1987c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
1997c478bd9Sstevel@tonic-gate
2007c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
2017c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2027c478bd9Sstevel@tonic-gate
2037c478bd9Sstevel@tonic-gate /* Obtain the session pointer. */
2047c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
2057c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
2067c478bd9Sstevel@tonic-gate return (rv);
2077c478bd9Sstevel@tonic-gate
20847c883c7Sdinak /*
20947c883c7Sdinak * Only check if input buffer is null. How to handle zero input
21047c883c7Sdinak * length depents on the mechanism in use. For secret key mechanisms,
21147c883c7Sdinak * unpadded ones yeild zero length output, but padded ones always
21247c883c7Sdinak * result in smaller than original, possibly zero, length output.
21347c883c7Sdinak */
2147c478bd9Sstevel@tonic-gate if (pEncryptedPart == NULL) {
2157c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
2167c478bd9Sstevel@tonic-gate goto clean_exit;
2177c478bd9Sstevel@tonic-gate }
2187c478bd9Sstevel@tonic-gate
2197c478bd9Sstevel@tonic-gate /*
2207c478bd9Sstevel@tonic-gate * Only check if pulPartLen is NULL.
2217c478bd9Sstevel@tonic-gate * No need to check if pPart is NULL because application
2227c478bd9Sstevel@tonic-gate * might just ask for the length of buffer to hold the
2237c478bd9Sstevel@tonic-gate * recovered data.
2247c478bd9Sstevel@tonic-gate */
2257c478bd9Sstevel@tonic-gate if (pulPartLen == NULL) {
2267c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
2277c478bd9Sstevel@tonic-gate goto clean_exit;
2287c478bd9Sstevel@tonic-gate }
2297c478bd9Sstevel@tonic-gate
2307c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
2317c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate /*
2347c478bd9Sstevel@tonic-gate * Application must call C_DecryptInit before calling
2357c478bd9Sstevel@tonic-gate * C_DecryptUpdate.
2367c478bd9Sstevel@tonic-gate */
2377c478bd9Sstevel@tonic-gate if (!(session_p->decrypt.flags & CRYPTO_OPERATION_ACTIVE)) {
2387c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2397c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
2407c478bd9Sstevel@tonic-gate }
2417c478bd9Sstevel@tonic-gate
2427c478bd9Sstevel@tonic-gate session_p->decrypt.flags |= CRYPTO_OPERATION_UPDATE;
2437c478bd9Sstevel@tonic-gate
2447c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
2457c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
2467c478bd9Sstevel@tonic-gate
2477c478bd9Sstevel@tonic-gate rv = soft_decrypt_update(session_p, pEncryptedPart,
2487c478bd9Sstevel@tonic-gate ulEncryptedPartLen, pPart, pulPartLen);
2497c478bd9Sstevel@tonic-gate
2507c478bd9Sstevel@tonic-gate /*
2517c478bd9Sstevel@tonic-gate * If CKR_OK or CKR_BUFFER_TOO_SMALL, don't terminate the
2527c478bd9Sstevel@tonic-gate * current decryption operation.
2537c478bd9Sstevel@tonic-gate */
2547c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) || (rv == CKR_BUFFER_TOO_SMALL)) {
2557c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2567c478bd9Sstevel@tonic-gate return (rv);
2577c478bd9Sstevel@tonic-gate }
2587c478bd9Sstevel@tonic-gate
2597c478bd9Sstevel@tonic-gate clean_exit:
2607c478bd9Sstevel@tonic-gate /*
2617c478bd9Sstevel@tonic-gate * After an error occurred, terminate the current decrypt
2627c478bd9Sstevel@tonic-gate * operation by resetting the active and update flags.
2637c478bd9Sstevel@tonic-gate */
2647c478bd9Sstevel@tonic-gate soft_crypt_cleanup(session_p, B_FALSE, lock_held);
2657c478bd9Sstevel@tonic-gate
2667c478bd9Sstevel@tonic-gate return (rv);
2677c478bd9Sstevel@tonic-gate }
2687c478bd9Sstevel@tonic-gate
2697c478bd9Sstevel@tonic-gate CK_RV
C_DecryptFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pLastPart,CK_ULONG_PTR pulLastPartLen)2707c478bd9Sstevel@tonic-gate C_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
2717c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulLastPartLen)
2727c478bd9Sstevel@tonic-gate {
2737c478bd9Sstevel@tonic-gate
2747c478bd9Sstevel@tonic-gate CK_RV rv;
2757c478bd9Sstevel@tonic-gate soft_session_t *session_p;
2767c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
2777c478bd9Sstevel@tonic-gate
2787c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
2797c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2807c478bd9Sstevel@tonic-gate
2817c478bd9Sstevel@tonic-gate /* Obtain the session pointer. */
2827c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
2837c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
2847c478bd9Sstevel@tonic-gate return (rv);
2857c478bd9Sstevel@tonic-gate
2867c478bd9Sstevel@tonic-gate if (pulLastPartLen == NULL) {
2877c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
2887c478bd9Sstevel@tonic-gate goto clean_exit;
2897c478bd9Sstevel@tonic-gate }
2907c478bd9Sstevel@tonic-gate
2917c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
2927c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
2937c478bd9Sstevel@tonic-gate
2947c478bd9Sstevel@tonic-gate /*
2957c478bd9Sstevel@tonic-gate * Application must call C_DecryptInit before calling
2967c478bd9Sstevel@tonic-gate * C_DecryptFinal.
2977c478bd9Sstevel@tonic-gate */
2987c478bd9Sstevel@tonic-gate if (!(session_p->decrypt.flags & CRYPTO_OPERATION_ACTIVE)) {
2997c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3007c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
3017c478bd9Sstevel@tonic-gate }
3027c478bd9Sstevel@tonic-gate
3037c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
3047c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
3057c478bd9Sstevel@tonic-gate
3067c478bd9Sstevel@tonic-gate rv = soft_decrypt_final(session_p, pLastPart, pulLastPartLen);
3077c478bd9Sstevel@tonic-gate
3087c478bd9Sstevel@tonic-gate if ((rv == CKR_BUFFER_TOO_SMALL) ||
3097c478bd9Sstevel@tonic-gate (pLastPart == NULL && rv == CKR_OK)) {
3107c478bd9Sstevel@tonic-gate /*
3117c478bd9Sstevel@tonic-gate * We will not terminate the active decrypt operation flag,
3127c478bd9Sstevel@tonic-gate * when the application-supplied buffer is too small, or
3137c478bd9Sstevel@tonic-gate * the application asks for the length of buffer to hold
3147c478bd9Sstevel@tonic-gate * the plaintext.
3157c478bd9Sstevel@tonic-gate */
3167c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3177c478bd9Sstevel@tonic-gate return (rv);
3187c478bd9Sstevel@tonic-gate }
3197c478bd9Sstevel@tonic-gate
3207c478bd9Sstevel@tonic-gate /* Terminates the active encrypt operation. */
3217c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
3227c478bd9Sstevel@tonic-gate session_p->decrypt.flags = 0;
3237c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
3247c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3257c478bd9Sstevel@tonic-gate return (rv);
3267c478bd9Sstevel@tonic-gate
3277c478bd9Sstevel@tonic-gate clean_exit:
3287c478bd9Sstevel@tonic-gate /* Terminates the active decrypt operation */
3297c478bd9Sstevel@tonic-gate soft_crypt_cleanup(session_p, B_FALSE, lock_held);
3307c478bd9Sstevel@tonic-gate
3317c478bd9Sstevel@tonic-gate return (rv);
3327c478bd9Sstevel@tonic-gate }
333