17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*1f49a79aSZdenek Kotala * Common Development and Distribution License (the "License"). 6*1f49a79aSZdenek Kotala * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*1f49a79aSZdenek Kotala * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #include <pthread.h> 277c478bd9Sstevel@tonic-gate #include <stdlib.h> 287c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 297c478bd9Sstevel@tonic-gate #include "softGlobal.h" 307c478bd9Sstevel@tonic-gate #include "softObject.h" 317c478bd9Sstevel@tonic-gate #include "softSession.h" 327c478bd9Sstevel@tonic-gate #include "softKeystore.h" 337c478bd9Sstevel@tonic-gate #include "softKeystoreUtil.h" 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gate 367c478bd9Sstevel@tonic-gate CK_RV 377c478bd9Sstevel@tonic-gate C_CreateObject(CK_SESSION_HANDLE hSession, 387c478bd9Sstevel@tonic-gate CK_ATTRIBUTE_PTR pTemplate, 397c478bd9Sstevel@tonic-gate CK_ULONG ulCount, 407c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE_PTR phObject) 417c478bd9Sstevel@tonic-gate { 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate CK_RV rv; 447c478bd9Sstevel@tonic-gate soft_session_t *session_p; 457c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 487c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 497c478bd9Sstevel@tonic-gate 507c478bd9Sstevel@tonic-gate /* 517c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 527c478bd9Sstevel@tonic-gate * reference count. 537c478bd9Sstevel@tonic-gate */ 547c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 557c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 567c478bd9Sstevel@tonic-gate return (rv); 577c478bd9Sstevel@tonic-gate 587c478bd9Sstevel@tonic-gate if ((pTemplate == NULL) || (ulCount == 0) || 597c478bd9Sstevel@tonic-gate (phObject == NULL)) { 607c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 617c478bd9Sstevel@tonic-gate goto clean_exit; 627c478bd9Sstevel@tonic-gate } 637c478bd9Sstevel@tonic-gate 647c478bd9Sstevel@tonic-gate /* Create a new object. */ 657c478bd9Sstevel@tonic-gate rv = soft_add_object(pTemplate, ulCount, phObject, session_p); 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate clean_exit: 687c478bd9Sstevel@tonic-gate /* 697c478bd9Sstevel@tonic-gate * Decrement the session reference count. 707c478bd9Sstevel@tonic-gate * We do not hold the session lock. 717c478bd9Sstevel@tonic-gate */ 727c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 737c478bd9Sstevel@tonic-gate return (rv); 747c478bd9Sstevel@tonic-gate } 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate CK_RV 777c478bd9Sstevel@tonic-gate C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 787c478bd9Sstevel@tonic-gate CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 797c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE_PTR phNewObject) 807c478bd9Sstevel@tonic-gate { 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate CK_RV rv; 837c478bd9Sstevel@tonic-gate soft_session_t *session_p; 847c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 857c478bd9Sstevel@tonic-gate soft_object_t *old_object, *new_object = NULL; 867c478bd9Sstevel@tonic-gate ulong_t i; 877c478bd9Sstevel@tonic-gate 887c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 897c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate /* 927c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 937c478bd9Sstevel@tonic-gate * reference count. 947c478bd9Sstevel@tonic-gate */ 957c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 967c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 977c478bd9Sstevel@tonic-gate return (rv); 987c478bd9Sstevel@tonic-gate 997c478bd9Sstevel@tonic-gate /* Check arguments */ 1007c478bd9Sstevel@tonic-gate if (((ulCount > 0) && (pTemplate == NULL)) || 1017c478bd9Sstevel@tonic-gate (phNewObject == NULL)) { 1027c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 1037c478bd9Sstevel@tonic-gate goto clean_exit; 1047c478bd9Sstevel@tonic-gate } 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */ 1077c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hObject, old_object, rv); 1087c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 1097c478bd9Sstevel@tonic-gate goto clean_exit; 1107c478bd9Sstevel@tonic-gate } 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate /* 1137c478bd9Sstevel@tonic-gate * Copy the old object to a new object. 1147c478bd9Sstevel@tonic-gate * The 3rd argument with SOFT_COPY_OBJ value indicates that 1157c478bd9Sstevel@tonic-gate * everything in the object will be duplicated for C_CopyObject. 1167c478bd9Sstevel@tonic-gate * The 4th argument has the session pointer that will be 1177c478bd9Sstevel@tonic-gate * saved in the new copy of the session object. 1187c478bd9Sstevel@tonic-gate */ 1197c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&old_object->object_mutex); 1207c478bd9Sstevel@tonic-gate rv = soft_copy_object(old_object, &new_object, SOFT_COPY_OBJECT, 1217c478bd9Sstevel@tonic-gate session_p); 1227c478bd9Sstevel@tonic-gate 1237c478bd9Sstevel@tonic-gate if ((rv != CKR_OK) || (new_object == NULL)) { 1247c478bd9Sstevel@tonic-gate /* Most likely we ran out of space. */ 1257c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&old_object->object_mutex); 1267c478bd9Sstevel@tonic-gate goto clean_exit1; 1277c478bd9Sstevel@tonic-gate } 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate /* No need to hold the lock on the old object. */ 1307c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&old_object->object_mutex); 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate /* Modifiy the objects if requested */ 1337c478bd9Sstevel@tonic-gate for (i = 0; i < ulCount; i++) { 1347c478bd9Sstevel@tonic-gate /* Set the requested attribute into the new object. */ 1357c478bd9Sstevel@tonic-gate rv = soft_set_attribute(new_object, &pTemplate[i], B_TRUE); 1367c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 1377c478bd9Sstevel@tonic-gate goto fail; 1387c478bd9Sstevel@tonic-gate } 1397c478bd9Sstevel@tonic-gate } 1407c478bd9Sstevel@tonic-gate 1417c478bd9Sstevel@tonic-gate rv = soft_pin_expired_check(new_object); 1427c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 1437c478bd9Sstevel@tonic-gate goto fail; 1447c478bd9Sstevel@tonic-gate } 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate /* 1477c478bd9Sstevel@tonic-gate * Does the new object violate the creation rule or access rule? 1487c478bd9Sstevel@tonic-gate */ 1497c478bd9Sstevel@tonic-gate rv = soft_object_write_access_check(session_p, new_object); 1507c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 1517c478bd9Sstevel@tonic-gate goto fail; 1527c478bd9Sstevel@tonic-gate } 1537c478bd9Sstevel@tonic-gate 1547c478bd9Sstevel@tonic-gate /* 1557c478bd9Sstevel@tonic-gate * If the new object is a token object, it will be added 1567c478bd9Sstevel@tonic-gate * to token object list and write to disk. 1577c478bd9Sstevel@tonic-gate */ 1587c478bd9Sstevel@tonic-gate if (IS_TOKEN_OBJECT(new_object)) { 1597c478bd9Sstevel@tonic-gate new_object->version = 1; 1607c478bd9Sstevel@tonic-gate /* 1617c478bd9Sstevel@tonic-gate * Write to the keystore file. 1627c478bd9Sstevel@tonic-gate */ 1637c478bd9Sstevel@tonic-gate rv = soft_put_object_to_keystore(new_object); 1647c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 1657c478bd9Sstevel@tonic-gate goto fail; 1667c478bd9Sstevel@tonic-gate } 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate new_object->session_handle = (CK_SESSION_HANDLE)NULL; 1697c478bd9Sstevel@tonic-gate /* 1707c478bd9Sstevel@tonic-gate * Add the newly created token object to the global 1717c478bd9Sstevel@tonic-gate * token object list in the slot struct. 1727c478bd9Sstevel@tonic-gate */ 1737c478bd9Sstevel@tonic-gate soft_add_token_object_to_slot(new_object); 1747c478bd9Sstevel@tonic-gate OBJ_REFRELE(old_object); 1757c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 1767c478bd9Sstevel@tonic-gate *phNewObject = (CK_ULONG)new_object; 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate return (CKR_OK); 1797c478bd9Sstevel@tonic-gate } 1807c478bd9Sstevel@tonic-gate 1817c478bd9Sstevel@tonic-gate /* Insert new object into this session's object list */ 1827c478bd9Sstevel@tonic-gate soft_add_object_to_session(new_object, session_p); 1837c478bd9Sstevel@tonic-gate 1847c478bd9Sstevel@tonic-gate /* 1857c478bd9Sstevel@tonic-gate * Decrement the session reference count. 1867c478bd9Sstevel@tonic-gate * We do not hold the session lock. 1877c478bd9Sstevel@tonic-gate */ 1887c478bd9Sstevel@tonic-gate OBJ_REFRELE(old_object); 1897c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 1907c478bd9Sstevel@tonic-gate 1917c478bd9Sstevel@tonic-gate /* set handle of the new object */ 1927c478bd9Sstevel@tonic-gate *phNewObject = (CK_ULONG)new_object; 1937c478bd9Sstevel@tonic-gate 1947c478bd9Sstevel@tonic-gate return (rv); 1957c478bd9Sstevel@tonic-gate 1967c478bd9Sstevel@tonic-gate fail: 1977c478bd9Sstevel@tonic-gate soft_cleanup_object(new_object); 1987c478bd9Sstevel@tonic-gate free(new_object); 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate clean_exit1: 2017c478bd9Sstevel@tonic-gate OBJ_REFRELE(old_object); 2027c478bd9Sstevel@tonic-gate clean_exit: 2037c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2047c478bd9Sstevel@tonic-gate return (rv); 2057c478bd9Sstevel@tonic-gate } 2067c478bd9Sstevel@tonic-gate 2077c478bd9Sstevel@tonic-gate CK_RV 2087c478bd9Sstevel@tonic-gate C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) 2097c478bd9Sstevel@tonic-gate { 2107c478bd9Sstevel@tonic-gate 2117c478bd9Sstevel@tonic-gate CK_RV rv; 2127c478bd9Sstevel@tonic-gate soft_object_t *object_p; 2137c478bd9Sstevel@tonic-gate soft_session_t *session_p = (soft_session_t *)(hSession); 2147c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 2157c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE creating_session; 2167c478bd9Sstevel@tonic-gate 2177c478bd9Sstevel@tonic-gate 2187c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 2197c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 2207c478bd9Sstevel@tonic-gate 2217c478bd9Sstevel@tonic-gate /* 2227c478bd9Sstevel@tonic-gate * The reason that we don't call handle2session is because 2237c478bd9Sstevel@tonic-gate * the argument hSession may not be the creating_session of 2247c478bd9Sstevel@tonic-gate * the object to be destroyed, and we want to avoid the lock 2257c478bd9Sstevel@tonic-gate * contention. The handle2session will be called later for 2267c478bd9Sstevel@tonic-gate * the creating_session. 2277c478bd9Sstevel@tonic-gate */ 2287c478bd9Sstevel@tonic-gate if ((session_p == NULL) || 2297c478bd9Sstevel@tonic-gate (session_p->magic_marker != SOFTTOKEN_SESSION_MAGIC)) { 2307c478bd9Sstevel@tonic-gate return (CKR_SESSION_HANDLE_INVALID); 2317c478bd9Sstevel@tonic-gate } 2327c478bd9Sstevel@tonic-gate 2337c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */ 2347c478bd9Sstevel@tonic-gate HANDLE2OBJECT_DESTROY(hObject, object_p, rv); 2357c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 2367c478bd9Sstevel@tonic-gate return (rv); 2377c478bd9Sstevel@tonic-gate } 2387c478bd9Sstevel@tonic-gate 2397c478bd9Sstevel@tonic-gate /* Obtain the session handle which object belongs to. */ 2407c478bd9Sstevel@tonic-gate creating_session = object_p->session_handle; 2417c478bd9Sstevel@tonic-gate 2427c478bd9Sstevel@tonic-gate if (creating_session == NULL) { 2437c478bd9Sstevel@tonic-gate /* 2447c478bd9Sstevel@tonic-gate * This is a token object to be deleted. 2457c478bd9Sstevel@tonic-gate * For token object, there is no creating session concept, 2467c478bd9Sstevel@tonic-gate * therefore, creating_session is always NULL. 2477c478bd9Sstevel@tonic-gate */ 2487c478bd9Sstevel@tonic-gate rv = soft_pin_expired_check(object_p); 2497c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 2507c478bd9Sstevel@tonic-gate return (rv); 2517c478bd9Sstevel@tonic-gate } 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate /* Obtain the session pointer just for validity check. */ 2547c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 2557c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 2567c478bd9Sstevel@tonic-gate return (rv); 2577c478bd9Sstevel@tonic-gate } 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate rv = soft_object_write_access_check(session_p, object_p); 2607c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 2617c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2627c478bd9Sstevel@tonic-gate return (rv); 2637c478bd9Sstevel@tonic-gate } 2647c478bd9Sstevel@tonic-gate 2657c478bd9Sstevel@tonic-gate /* 2667c478bd9Sstevel@tonic-gate * Set OBJECT_IS_DELETING flag so any access to this 2677c478bd9Sstevel@tonic-gate * object will be rejected. 2687c478bd9Sstevel@tonic-gate */ 2697c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex); 2700106fafcShaimay if (object_p->obj_delete_sync & OBJECT_IS_DELETING) { 2710106fafcShaimay (void) pthread_mutex_unlock(&object_p->object_mutex); 2720106fafcShaimay SES_REFRELE(session_p, lock_held); 2730106fafcShaimay return (CKR_OBJECT_HANDLE_INVALID); 2740106fafcShaimay } 2757c478bd9Sstevel@tonic-gate object_p->obj_delete_sync |= OBJECT_IS_DELETING; 2767c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex); 2777c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2787c478bd9Sstevel@tonic-gate 2797c478bd9Sstevel@tonic-gate /* 2807c478bd9Sstevel@tonic-gate * Delete a token object by calling soft_delete_token_object() 2817c478bd9Sstevel@tonic-gate * with the second argument B_TRUE indicating to delete the 2827c478bd9Sstevel@tonic-gate * object from keystore and the third argument B_FALSE 2837c478bd9Sstevel@tonic-gate * indicating that the caller does not hold the slot mutex. 2847c478bd9Sstevel@tonic-gate */ 2857c478bd9Sstevel@tonic-gate soft_delete_token_object(object_p, B_TRUE, B_FALSE); 2867c478bd9Sstevel@tonic-gate return (CKR_OK); 2877c478bd9Sstevel@tonic-gate } 2887c478bd9Sstevel@tonic-gate 2897c478bd9Sstevel@tonic-gate /* 2907c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 2917c478bd9Sstevel@tonic-gate * reference count. 2927c478bd9Sstevel@tonic-gate */ 2937c478bd9Sstevel@tonic-gate rv = handle2session(creating_session, &session_p); 2947c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 2957c478bd9Sstevel@tonic-gate return (rv); 2967c478bd9Sstevel@tonic-gate } 2977c478bd9Sstevel@tonic-gate 2987c478bd9Sstevel@tonic-gate /* 2997c478bd9Sstevel@tonic-gate * Set OBJECT_IS_DELETING flag so any access to this 3007c478bd9Sstevel@tonic-gate * object will be rejected. 3017c478bd9Sstevel@tonic-gate */ 3027c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex); 3030106fafcShaimay if (object_p->obj_delete_sync & OBJECT_IS_DELETING) { 3040106fafcShaimay (void) pthread_mutex_unlock(&object_p->object_mutex); 3050106fafcShaimay SES_REFRELE(session_p, lock_held); 3060106fafcShaimay return (CKR_OBJECT_HANDLE_INVALID); 3070106fafcShaimay } 3087c478bd9Sstevel@tonic-gate object_p->obj_delete_sync |= OBJECT_IS_DELETING; 3097c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex); 3107c478bd9Sstevel@tonic-gate 3117c478bd9Sstevel@tonic-gate /* 3127c478bd9Sstevel@tonic-gate * Delete an object by calling soft_delete_object() 3137c478bd9Sstevel@tonic-gate * with a FALSE boolean argument indicating that 3147c478bd9Sstevel@tonic-gate * the caller does not hold the session lock. 3157c478bd9Sstevel@tonic-gate */ 316*1f49a79aSZdenek Kotala soft_delete_object(session_p, object_p, B_FALSE, B_FALSE); 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate /* 3197c478bd9Sstevel@tonic-gate * Decrement the session reference count. 3207c478bd9Sstevel@tonic-gate * We do not hold the session lock. 3217c478bd9Sstevel@tonic-gate */ 3227c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3237c478bd9Sstevel@tonic-gate 3247c478bd9Sstevel@tonic-gate return (rv); 3257c478bd9Sstevel@tonic-gate } 3267c478bd9Sstevel@tonic-gate 3277c478bd9Sstevel@tonic-gate 3287c478bd9Sstevel@tonic-gate CK_RV 3297c478bd9Sstevel@tonic-gate C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 3307c478bd9Sstevel@tonic-gate CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) 3317c478bd9Sstevel@tonic-gate { 3327c478bd9Sstevel@tonic-gate 3337c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK, rv1 = CKR_OK; 3347c478bd9Sstevel@tonic-gate soft_object_t *object_p; 3357c478bd9Sstevel@tonic-gate soft_session_t *session_p; 3367c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 3377c478bd9Sstevel@tonic-gate ulong_t i; 3387c478bd9Sstevel@tonic-gate 3397c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 3407c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 3417c478bd9Sstevel@tonic-gate 3427c478bd9Sstevel@tonic-gate /* 3437c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 3447c478bd9Sstevel@tonic-gate * reference count. 3457c478bd9Sstevel@tonic-gate */ 3467c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 3477c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 3487c478bd9Sstevel@tonic-gate return (rv); 3497c478bd9Sstevel@tonic-gate 3507c478bd9Sstevel@tonic-gate if ((pTemplate == NULL) || (ulCount == 0)) { 3517c478bd9Sstevel@tonic-gate /* 3527c478bd9Sstevel@tonic-gate * Decrement the session reference count. 3537c478bd9Sstevel@tonic-gate * We do not hold the session lock. 3547c478bd9Sstevel@tonic-gate */ 3557c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3567c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD); 3577c478bd9Sstevel@tonic-gate } 3587c478bd9Sstevel@tonic-gate 3597c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */ 3607c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hObject, object_p, rv); 3617c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 3627c478bd9Sstevel@tonic-gate /* 3637c478bd9Sstevel@tonic-gate * Decrement the session reference count. 3647c478bd9Sstevel@tonic-gate * We do not hold the session lock. 3657c478bd9Sstevel@tonic-gate */ 3667c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3677c478bd9Sstevel@tonic-gate return (rv); 3687c478bd9Sstevel@tonic-gate } 3697c478bd9Sstevel@tonic-gate 3707c478bd9Sstevel@tonic-gate if (IS_TOKEN_OBJECT(object_p)) { 3717c478bd9Sstevel@tonic-gate 3727c478bd9Sstevel@tonic-gate rv = soft_keystore_load_latest_object(object_p); 3737c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 3747c478bd9Sstevel@tonic-gate OBJ_REFRELE(object_p); 3757c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3767c478bd9Sstevel@tonic-gate return (rv); 3777c478bd9Sstevel@tonic-gate } 3787c478bd9Sstevel@tonic-gate } 3797c478bd9Sstevel@tonic-gate 3807c478bd9Sstevel@tonic-gate /* Acquire the lock on the object. */ 3817c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex); 3827c478bd9Sstevel@tonic-gate 3837c478bd9Sstevel@tonic-gate for (i = 0; i < ulCount; i++) { 3847c478bd9Sstevel@tonic-gate /* 3857c478bd9Sstevel@tonic-gate * Get the value of each attribute in the template. 3867c478bd9Sstevel@tonic-gate * (We must process EVERY attribute in the template.) 3877c478bd9Sstevel@tonic-gate */ 3887c478bd9Sstevel@tonic-gate rv = soft_get_attribute(object_p, &pTemplate[i]); 3897c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 3907c478bd9Sstevel@tonic-gate /* At least we catch some type of error. */ 3917c478bd9Sstevel@tonic-gate rv1 = rv; 3927c478bd9Sstevel@tonic-gate } 3937c478bd9Sstevel@tonic-gate 3947c478bd9Sstevel@tonic-gate /* Release the object lock */ 3957c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex); 3967c478bd9Sstevel@tonic-gate 3977c478bd9Sstevel@tonic-gate /* 3987c478bd9Sstevel@tonic-gate * Decrement the session reference count. 3997c478bd9Sstevel@tonic-gate * We do not hold the session lock. 4007c478bd9Sstevel@tonic-gate */ 4017c478bd9Sstevel@tonic-gate OBJ_REFRELE(object_p); 4027c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 4037c478bd9Sstevel@tonic-gate 4047c478bd9Sstevel@tonic-gate rv = rv1; 4057c478bd9Sstevel@tonic-gate return (rv); 4067c478bd9Sstevel@tonic-gate } 4077c478bd9Sstevel@tonic-gate 4087c478bd9Sstevel@tonic-gate 4097c478bd9Sstevel@tonic-gate CK_RV 4107c478bd9Sstevel@tonic-gate C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 4117c478bd9Sstevel@tonic-gate CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) 4127c478bd9Sstevel@tonic-gate { 4137c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 4147c478bd9Sstevel@tonic-gate soft_object_t *object_p; 4157c478bd9Sstevel@tonic-gate soft_object_t *new_object = NULL; 4167c478bd9Sstevel@tonic-gate soft_session_t *session_p; 4177c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 4187c478bd9Sstevel@tonic-gate ulong_t i; 4197c478bd9Sstevel@tonic-gate 4207c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 4217c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 4227c478bd9Sstevel@tonic-gate 4237c478bd9Sstevel@tonic-gate /* 4247c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 4257c478bd9Sstevel@tonic-gate * reference count. 4267c478bd9Sstevel@tonic-gate */ 4277c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 4287c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 4297c478bd9Sstevel@tonic-gate return (rv); 4307c478bd9Sstevel@tonic-gate 4317c478bd9Sstevel@tonic-gate if ((pTemplate == NULL) || (ulCount == 0)) { 4327c478bd9Sstevel@tonic-gate /* 4337c478bd9Sstevel@tonic-gate * Decrement the session reference count. 4347c478bd9Sstevel@tonic-gate * We do not hold the session lock. 4357c478bd9Sstevel@tonic-gate */ 4367c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 4377c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD); 4387c478bd9Sstevel@tonic-gate } 4397c478bd9Sstevel@tonic-gate 4407c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */ 4417c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hObject, object_p, rv); 4427c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 4437c478bd9Sstevel@tonic-gate /* 4447c478bd9Sstevel@tonic-gate * Decrement the session reference count. 4457c478bd9Sstevel@tonic-gate * We do not hold the session lock. 4467c478bd9Sstevel@tonic-gate */ 4477c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 4487c478bd9Sstevel@tonic-gate return (rv); 4497c478bd9Sstevel@tonic-gate } 4507c478bd9Sstevel@tonic-gate 4517c478bd9Sstevel@tonic-gate if (object_p->bool_attr_mask & NOT_MODIFIABLE_BOOL_ON) { 4527c478bd9Sstevel@tonic-gate rv = CKR_ATTRIBUTE_READ_ONLY; 4537c478bd9Sstevel@tonic-gate goto fail_1; 4547c478bd9Sstevel@tonic-gate } 4557c478bd9Sstevel@tonic-gate 4567c478bd9Sstevel@tonic-gate /* 4577c478bd9Sstevel@tonic-gate * Start working on the object, so we need to set the write lock so that 4587c478bd9Sstevel@tonic-gate * no one can write to it but still can read it. 4597c478bd9Sstevel@tonic-gate */ 4607c478bd9Sstevel@tonic-gate if (IS_TOKEN_OBJECT(object_p)) { 4617c478bd9Sstevel@tonic-gate rv = soft_keystore_load_latest_object(object_p); 4627c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 4637c478bd9Sstevel@tonic-gate goto fail_1; 4647c478bd9Sstevel@tonic-gate } 4657c478bd9Sstevel@tonic-gate } 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gate /* 4687c478bd9Sstevel@tonic-gate * Copy the old object to a new object. We work on the copied 4697c478bd9Sstevel@tonic-gate * version because in case of error we still keep the old one 4707c478bd9Sstevel@tonic-gate * intact. 4717c478bd9Sstevel@tonic-gate * The 3rd argument with SOFT_SET_ATTR_VALUE value indicates that 4727c478bd9Sstevel@tonic-gate * not everything will be duplicated for C_SetAttributeValue. 4737c478bd9Sstevel@tonic-gate * Information not duplicated are those attributes that are not 4747c478bd9Sstevel@tonic-gate * modifiable. 4757c478bd9Sstevel@tonic-gate */ 4767c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex); 4777c478bd9Sstevel@tonic-gate rv = soft_copy_object(object_p, &new_object, SOFT_SET_ATTR_VALUE, NULL); 4787c478bd9Sstevel@tonic-gate 4797c478bd9Sstevel@tonic-gate if ((rv != CKR_OK) || (new_object == NULL)) { 4807c478bd9Sstevel@tonic-gate /* Most likely we ran out of space. */ 4817c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex); 4827c478bd9Sstevel@tonic-gate /* 4837c478bd9Sstevel@tonic-gate * Decrement the session reference count. 4847c478bd9Sstevel@tonic-gate * We do not hold the session lock. 4857c478bd9Sstevel@tonic-gate */ 4867c478bd9Sstevel@tonic-gate goto fail_1; 4877c478bd9Sstevel@tonic-gate } 4887c478bd9Sstevel@tonic-gate 4897c478bd9Sstevel@tonic-gate /* 4907c478bd9Sstevel@tonic-gate * No need to hold the lock on the old object, because we 4917c478bd9Sstevel@tonic-gate * will be working on the new scratch object. 4927c478bd9Sstevel@tonic-gate */ 4937c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex); 4947c478bd9Sstevel@tonic-gate 4957c478bd9Sstevel@tonic-gate rv = soft_object_write_access_check(session_p, new_object); 4967c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 4977c478bd9Sstevel@tonic-gate goto fail; 4987c478bd9Sstevel@tonic-gate } 4997c478bd9Sstevel@tonic-gate 5007c478bd9Sstevel@tonic-gate for (i = 0; i < ulCount; i++) { 5017c478bd9Sstevel@tonic-gate /* Set the requested attribute into the new object. */ 5027c478bd9Sstevel@tonic-gate rv = soft_set_attribute(new_object, &pTemplate[i], B_FALSE); 5037c478bd9Sstevel@tonic-gate 5047c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 5057c478bd9Sstevel@tonic-gate goto fail; 5067c478bd9Sstevel@tonic-gate } 5077c478bd9Sstevel@tonic-gate } 5087c478bd9Sstevel@tonic-gate 5097c478bd9Sstevel@tonic-gate /* 5107c478bd9Sstevel@tonic-gate * We've successfully set all the requested attributes. 5117c478bd9Sstevel@tonic-gate * Merge the new object with the old object, then destory 5127c478bd9Sstevel@tonic-gate * the new one. The reason to do the merging is because we 5137c478bd9Sstevel@tonic-gate * have to keep the original object handle (address of object). 5147c478bd9Sstevel@tonic-gate */ 5157c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex); 5167c478bd9Sstevel@tonic-gate 5177c478bd9Sstevel@tonic-gate soft_merge_object(object_p, new_object); 5187c478bd9Sstevel@tonic-gate 5197c478bd9Sstevel@tonic-gate /* 5207c478bd9Sstevel@tonic-gate * The object has been modified, so we write it back to keystore. 5217c478bd9Sstevel@tonic-gate */ 5227c478bd9Sstevel@tonic-gate if (IS_TOKEN_OBJECT(object_p)) { 5237c478bd9Sstevel@tonic-gate object_p->version++; 5247c478bd9Sstevel@tonic-gate rv = soft_modify_object_to_keystore(object_p); 5257c478bd9Sstevel@tonic-gate } 5267c478bd9Sstevel@tonic-gate 5277c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex); 5287c478bd9Sstevel@tonic-gate free(new_object); 5297c478bd9Sstevel@tonic-gate 5307c478bd9Sstevel@tonic-gate /* 5317c478bd9Sstevel@tonic-gate * Decrement the session reference count. 5327c478bd9Sstevel@tonic-gate * We do not hold the session lock. 5337c478bd9Sstevel@tonic-gate */ 5347c478bd9Sstevel@tonic-gate OBJ_REFRELE(object_p); 5357c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 5367c478bd9Sstevel@tonic-gate return (rv); 5377c478bd9Sstevel@tonic-gate 5387c478bd9Sstevel@tonic-gate fail: 5397c478bd9Sstevel@tonic-gate soft_cleanup_object(new_object); 5407c478bd9Sstevel@tonic-gate free(new_object); 5417c478bd9Sstevel@tonic-gate 5427c478bd9Sstevel@tonic-gate fail_1: 5437c478bd9Sstevel@tonic-gate OBJ_REFRELE(object_p); 5447c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 5457c478bd9Sstevel@tonic-gate 5467c478bd9Sstevel@tonic-gate return (rv); 5477c478bd9Sstevel@tonic-gate } 5487c478bd9Sstevel@tonic-gate 5497c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 5507c478bd9Sstevel@tonic-gate CK_RV 5517c478bd9Sstevel@tonic-gate C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 5527c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSize) 5537c478bd9Sstevel@tonic-gate { 5547c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 5557c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 5567c478bd9Sstevel@tonic-gate 5577c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_NOT_SUPPORTED); 5587c478bd9Sstevel@tonic-gate } 5597c478bd9Sstevel@tonic-gate 5607c478bd9Sstevel@tonic-gate CK_RV 5617c478bd9Sstevel@tonic-gate C_FindObjectsInit(CK_SESSION_HANDLE sh, CK_ATTRIBUTE_PTR pTemplate, 5627c478bd9Sstevel@tonic-gate CK_ULONG ulCount) 5637c478bd9Sstevel@tonic-gate { 5647c478bd9Sstevel@tonic-gate 5657c478bd9Sstevel@tonic-gate CK_RV rv; 5667c478bd9Sstevel@tonic-gate soft_session_t *session_p; 5677c478bd9Sstevel@tonic-gate boolean_t lock_held = B_TRUE; 5687c478bd9Sstevel@tonic-gate 5697c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 5707c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 5717c478bd9Sstevel@tonic-gate 5727c478bd9Sstevel@tonic-gate /* 5737c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 5747c478bd9Sstevel@tonic-gate * reference count. 5757c478bd9Sstevel@tonic-gate */ 5767c478bd9Sstevel@tonic-gate rv = handle2session(sh, &session_p); 5777c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 5787c478bd9Sstevel@tonic-gate return (rv); 5797c478bd9Sstevel@tonic-gate 5807c478bd9Sstevel@tonic-gate /* Check the arguments */ 5817c478bd9Sstevel@tonic-gate if ((ulCount > 0) && (pTemplate == NULL)) { 5827c478bd9Sstevel@tonic-gate /* decrement the session count, we do not hold the lock */ 5837c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 5847c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 5857c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD); 5867c478bd9Sstevel@tonic-gate } 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate /* Acquire the session lock */ 5897c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 5907c478bd9Sstevel@tonic-gate 5917c478bd9Sstevel@tonic-gate /* Check to see if find operation is already active */ 5927c478bd9Sstevel@tonic-gate if (session_p->find_objects.flags & CRYPTO_OPERATION_ACTIVE) { 5937c478bd9Sstevel@tonic-gate /* decrement the session count, and unlock the mutex */ 5947c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 5957c478bd9Sstevel@tonic-gate return (CKR_OPERATION_ACTIVE); 5967c478bd9Sstevel@tonic-gate } else { 5977c478bd9Sstevel@tonic-gate /* 5987c478bd9Sstevel@tonic-gate * This active flag will remain ON until application calls 5997c478bd9Sstevel@tonic-gate * C_FindObjectsFinal. 6007c478bd9Sstevel@tonic-gate */ 6017c478bd9Sstevel@tonic-gate session_p->find_objects.flags = CRYPTO_OPERATION_ACTIVE; 6027c478bd9Sstevel@tonic-gate } 6037c478bd9Sstevel@tonic-gate 6047c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex); 6057c478bd9Sstevel@tonic-gate 6067c478bd9Sstevel@tonic-gate rv = soft_find_objects_init(session_p, pTemplate, ulCount); 6077c478bd9Sstevel@tonic-gate 6087c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 6097c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 6107c478bd9Sstevel@tonic-gate session_p->find_objects.flags = 0; 6117c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex); 6127c478bd9Sstevel@tonic-gate } 6137c478bd9Sstevel@tonic-gate 6147c478bd9Sstevel@tonic-gate /* decrement the session count, and unlock the mutex */ 6157c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 6167c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 6177c478bd9Sstevel@tonic-gate return (rv); 6187c478bd9Sstevel@tonic-gate } 6197c478bd9Sstevel@tonic-gate 6207c478bd9Sstevel@tonic-gate CK_RV 6217c478bd9Sstevel@tonic-gate C_FindObjects(CK_SESSION_HANDLE sh, 6227c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE_PTR phObject, 6237c478bd9Sstevel@tonic-gate CK_ULONG ulMaxObjectCount, 6247c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulObjectCount) 6257c478bd9Sstevel@tonic-gate { 6267c478bd9Sstevel@tonic-gate soft_session_t *session_p; 6277c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 6287c478bd9Sstevel@tonic-gate boolean_t lock_held = B_TRUE; 6297c478bd9Sstevel@tonic-gate 6307c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 6317c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 6327c478bd9Sstevel@tonic-gate 6337c478bd9Sstevel@tonic-gate /* 6347c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 6357c478bd9Sstevel@tonic-gate * reference count. 6367c478bd9Sstevel@tonic-gate */ 6377c478bd9Sstevel@tonic-gate rv = handle2session(sh, &session_p); 6387c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 6397c478bd9Sstevel@tonic-gate return (rv); 6407c478bd9Sstevel@tonic-gate 6417c478bd9Sstevel@tonic-gate /* check for invalid arguments */ 6427c478bd9Sstevel@tonic-gate if (((phObject == NULL) && (ulMaxObjectCount != 0)) || 6437c478bd9Sstevel@tonic-gate (pulObjectCount == NULL)) { 6447c478bd9Sstevel@tonic-gate /* decrement the session count, we do not hold the lock */ 6457c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 6467c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 6477c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD); 6487c478bd9Sstevel@tonic-gate } 6497c478bd9Sstevel@tonic-gate 6507c478bd9Sstevel@tonic-gate if (ulMaxObjectCount == 0) { 6517c478bd9Sstevel@tonic-gate /* don't need to do anything, just return */ 6527c478bd9Sstevel@tonic-gate *pulObjectCount = 0; 6537c478bd9Sstevel@tonic-gate /* decrement the session count, we do not hold the lock */ 6547c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 6557c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 6567c478bd9Sstevel@tonic-gate return (CKR_OK); 6577c478bd9Sstevel@tonic-gate } 6587c478bd9Sstevel@tonic-gate 6597c478bd9Sstevel@tonic-gate /* Acquire the session lock */ 6607c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 6617c478bd9Sstevel@tonic-gate 6627c478bd9Sstevel@tonic-gate /* Check to see if find operation is active */ 6637c478bd9Sstevel@tonic-gate if (!(session_p->find_objects.flags & CRYPTO_OPERATION_ACTIVE)) { 6647c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 6657c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED); 6667c478bd9Sstevel@tonic-gate } 6677c478bd9Sstevel@tonic-gate 6687c478bd9Sstevel@tonic-gate soft_find_objects(session_p, phObject, ulMaxObjectCount, 6697c478bd9Sstevel@tonic-gate pulObjectCount); 6707c478bd9Sstevel@tonic-gate 6717c478bd9Sstevel@tonic-gate /* decrement the session count, and release the lock */ 6727c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 6737c478bd9Sstevel@tonic-gate return (rv); 6747c478bd9Sstevel@tonic-gate } 6757c478bd9Sstevel@tonic-gate 6767c478bd9Sstevel@tonic-gate CK_RV 6777c478bd9Sstevel@tonic-gate C_FindObjectsFinal(CK_SESSION_HANDLE sh) 6787c478bd9Sstevel@tonic-gate { 6797c478bd9Sstevel@tonic-gate soft_session_t *session_p; 6807c478bd9Sstevel@tonic-gate CK_RV rv; 6817c478bd9Sstevel@tonic-gate boolean_t lock_held = B_TRUE; 6827c478bd9Sstevel@tonic-gate 6837c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 6847c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 6857c478bd9Sstevel@tonic-gate 6867c478bd9Sstevel@tonic-gate /* 6877c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session 6887c478bd9Sstevel@tonic-gate * reference count. 6897c478bd9Sstevel@tonic-gate */ 6907c478bd9Sstevel@tonic-gate rv = handle2session(sh, &session_p); 6917c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 6927c478bd9Sstevel@tonic-gate return (rv); 6937c478bd9Sstevel@tonic-gate 6947c478bd9Sstevel@tonic-gate /* Acquire the session lock */ 6957c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 6967c478bd9Sstevel@tonic-gate 6977c478bd9Sstevel@tonic-gate /* Check to see if find operation is active */ 6987c478bd9Sstevel@tonic-gate if (!(session_p->find_objects.flags & CRYPTO_OPERATION_ACTIVE)) { 6997c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 7007c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED); 7017c478bd9Sstevel@tonic-gate } 7027c478bd9Sstevel@tonic-gate 7037c478bd9Sstevel@tonic-gate soft_find_objects_final(session_p); 7047c478bd9Sstevel@tonic-gate 7057c478bd9Sstevel@tonic-gate /* decrement the session count, and release the lock */ 7067c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 7077c478bd9Sstevel@tonic-gate return (rv); 7087c478bd9Sstevel@tonic-gate } 709