xref: /titanic_51/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSessionUtil.c (revision 499fd60129a966ad9d9e752e65f591c3a6a1c697)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <md5.h>
29 #include <pthread.h>
30 #include <syslog.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <strings.h>
34 #include <sys/sha1.h>
35 #include <security/cryptoki.h>
36 #include "softGlobal.h"
37 #include "softSession.h"
38 #include "softObject.h"
39 #include "softOps.h"
40 #include "softKeystore.h"
41 #include "softKeystoreUtil.h"
42 
43 
44 CK_ULONG soft_session_cnt = 0;		/* the number of opened sessions */
45 CK_ULONG soft_session_rw_cnt = 0;	/* the number of opened R/W sessions */
46 
47 /*
48  * Delete all the sessions. First, obtain the global session
49  * list lock. Then start to delete one session at a time.
50  * Release the global session list lock before returning to
51  * caller.
52  */
53 CK_RV
54 soft_delete_all_sessions(boolean_t force)
55 {
56 
57 	CK_RV rv = CKR_OK;
58 	CK_RV rv1;
59 	soft_session_t *session_p;
60 	soft_session_t *session_p1;
61 
62 	/* Acquire the global session list lock */
63 	(void) pthread_mutex_lock(&soft_sessionlist_mutex);
64 
65 	session_p = soft_session_list;
66 
67 	/* Delete all the sessions in the session list */
68 	while (session_p) {
69 		session_p1 = session_p->next;
70 
71 		/*
72 		 * Delete a session by calling soft_delete_session()
73 		 * with a session pointer and a boolean arguments.
74 		 * Boolean value TRUE is used to indicate that the
75 		 * caller holds the lock on the global session list.
76 		 *
77 		 */
78 		rv1 = soft_delete_session(session_p, force, B_TRUE);
79 
80 		/* Record the very first error code */
81 		if (rv == CKR_OK) {
82 			rv = rv1;
83 		}
84 
85 		session_p = session_p1;
86 	}
87 
88 	/* No session left */
89 	soft_session_list = NULL;
90 
91 	/* Release the global session list lock */
92 	(void) pthread_mutex_unlock(&soft_sessionlist_mutex);
93 
94 	return (rv);
95 
96 }
97 
98 
99 /*
100  * Create a new session struct, and add it to the session linked list.
101  *
102  * This function will acquire the global session list lock, and release
103  * it after adding the session to the session linked list.
104  */
105 CK_RV
106 soft_add_session(CK_FLAGS flags, CK_VOID_PTR pApplication,
107 	CK_NOTIFY notify, CK_ULONG *sessionhandle_p)
108 {
109 
110 	soft_session_t *new_sp = NULL;
111 
112 	/* Allocate a new session struct */
113 	new_sp = calloc(1, sizeof (soft_session_t));
114 	if (new_sp == NULL) {
115 		return (CKR_HOST_MEMORY);
116 	}
117 
118 	new_sp->magic_marker = SOFTTOKEN_SESSION_MAGIC;
119 	new_sp->pApplication = pApplication;
120 	new_sp->Notify = notify;
121 	new_sp->flags = flags;
122 	new_sp->state = CKS_RO_PUBLIC_SESSION;
123 	new_sp->object_list = NULL;
124 	new_sp->ses_refcnt = 0;
125 	new_sp->ses_close_sync = 0;
126 
127 	(void) pthread_mutex_lock(&soft_giant_mutex);
128 	if (soft_slot.authenticated) {
129 		(void) pthread_mutex_unlock(&soft_giant_mutex);
130 		if (flags & CKF_RW_SESSION) {
131 			new_sp->state = CKS_RW_USER_FUNCTIONS;
132 		} else {
133 			new_sp->state = CKS_RO_USER_FUNCTIONS;
134 		}
135 	} else {
136 		(void) pthread_mutex_unlock(&soft_giant_mutex);
137 		if (flags & CKF_RW_SESSION) {
138 			new_sp->state = CKS_RW_PUBLIC_SESSION;
139 		} else {
140 			new_sp->state = CKS_RO_PUBLIC_SESSION;
141 		}
142 	}
143 
144 	/* Initialize the lock for the newly created session */
145 	if (pthread_mutex_init(&new_sp->session_mutex, NULL) != 0) {
146 		free(new_sp);
147 		return (CKR_CANT_LOCK);
148 	}
149 
150 	(void) pthread_cond_init(&new_sp->ses_free_cond, NULL);
151 
152 	/* Acquire the global session list lock */
153 	(void) pthread_mutex_lock(&soft_sessionlist_mutex);
154 
155 	/* Insert the new session in front of session list */
156 	if (soft_session_list == NULL) {
157 		soft_session_list = new_sp;
158 		new_sp->next = NULL;
159 		new_sp->prev = NULL;
160 	} else {
161 		soft_session_list->prev = new_sp;
162 		new_sp->next = soft_session_list;
163 		new_sp->prev = NULL;
164 		soft_session_list = new_sp;
165 	}
166 
167 	/* Type casting the address of a session struct to a session handle */
168 	*sessionhandle_p =  (CK_ULONG)new_sp;
169 	++soft_session_cnt;
170 	if (flags & CKF_RW_SESSION)
171 		++soft_session_rw_cnt;
172 
173 	if (soft_session_cnt == 1)
174 		/*
175 		 * This is the first session to be opened, so we can set
176 		 * validate the public token objects in token list now.
177 		 */
178 		soft_validate_token_objects(B_TRUE);
179 
180 	/* Release the global session list lock */
181 	(void) pthread_mutex_unlock(&soft_sessionlist_mutex);
182 
183 	return (CKR_OK);
184 
185 }
186 
187 /*
188  * This function adds the to-be-freed session to a linked list.
189  * When the number of sessions queued in the linked list reaches the
190  * maximum threshold MAX_SES_TO_BE_FREED, it will free the first
191  * session (FIFO) in the list.
192  */
193 void
194 session_delay_free(soft_session_t *sp)
195 {
196 	soft_session_t *tmp;
197 
198 	(void) pthread_mutex_lock(&ses_delay_freed.ses_to_be_free_mutex);
199 
200 	/* Add the newly deleted session at the end of the list */
201 	sp->next = NULL;
202 	if (ses_delay_freed.first == NULL) {
203 		ses_delay_freed.last = sp;
204 		ses_delay_freed.first = sp;
205 	} else {
206 		ses_delay_freed.last->next = sp;
207 		ses_delay_freed.last = sp;
208 	}
209 
210 	if (++ses_delay_freed.count >= MAX_SES_TO_BE_FREED) {
211 		/*
212 		 * Free the first session in the list only if
213 		 * the total count reaches maximum threshold.
214 		 */
215 		ses_delay_freed.count--;
216 		tmp = ses_delay_freed.first->next;
217 		free(ses_delay_freed.first);
218 		ses_delay_freed.first = tmp;
219 	}
220 	(void) pthread_mutex_unlock(&ses_delay_freed.ses_to_be_free_mutex);
221 }
222 
223 /*
224  * Delete a session:
225  * - Remove the session from the session linked list.
226  *   Holding the lock on the global session list is needed to do this.
227  * - Release all the objects created by the session.
228  *
229  * The boolean argument lock_held is used to indicate that whether
230  * the caller of this function holds the lock on the global session
231  * list or not.
232  * - When called by soft_delete_all_sessions(), which is called by
233  *   C_Finalize() or C_CloseAllSessions() -- the lock_held = TRUE.
234  * - When called by C_CloseSession() -- the lock_held = FALSE.
235  *
236  * When the caller does not hold the lock on the global session
237  * list, this function will acquire that lock in order to proceed,
238  * and also release that lock before returning to caller.
239  */
240 CK_RV
241 soft_delete_session(soft_session_t *session_p,
242     boolean_t force, boolean_t lock_held)
243 {
244 
245 	/*
246 	 * Check to see if the caller holds the lock on the global
247 	 * session list. If not, we need to acquire that lock in
248 	 * order to proceed.
249 	 */
250 	if (!lock_held) {
251 		/* Acquire the global session list lock */
252 		(void) pthread_mutex_lock(&soft_sessionlist_mutex);
253 	}
254 
255 	/*
256 	 * Remove the session from the session linked list first.
257 	 */
258 	if (soft_session_list == session_p) {
259 		/* Session is the first one in the list */
260 		if (session_p->next) {
261 			soft_session_list = session_p->next;
262 			session_p->next->prev = NULL;
263 		} else {
264 			/* Session is the only one in the list */
265 			soft_session_list = NULL;
266 		}
267 	} else {
268 		/* Session is not the first one in the list */
269 		if (session_p->next) {
270 			/* Session is in the middle of the list */
271 			session_p->prev->next = session_p->next;
272 			session_p->next->prev = session_p->prev;
273 		} else {
274 			/* Session is the last one in the list */
275 			session_p->prev->next = NULL;
276 		}
277 	}
278 
279 	--soft_session_cnt;
280 	if (session_p->flags & CKF_RW_SESSION)
281 		--soft_session_rw_cnt;
282 
283 	if (!lock_held) {
284 		/*
285 		 * If the global session list lock is obtained by
286 		 * this function, then release that lock after
287 		 * removing the session from session linked list.
288 		 * We want the releasing of the objects of the
289 		 * session, and freeing of the session itself to
290 		 * be done without holding the global session list
291 		 * lock.
292 		 */
293 		(void) pthread_mutex_unlock(&soft_sessionlist_mutex);
294 	}
295 
296 
297 	/* Acquire the individual session lock */
298 	(void) pthread_mutex_lock(&session_p->session_mutex);
299 	/*
300 	 * Make sure another thread hasn't freed the session.
301 	 */
302 	if (session_p->magic_marker != SOFTTOKEN_SESSION_MAGIC) {
303 		(void) pthread_mutex_unlock(&session_p->session_mutex);
304 		return (CKR_OK);
305 	}
306 
307 	/*
308 	 * The deletion of a session must be blocked when the session
309 	 * reference count is not zero. This means if any session related
310 	 * operation starts prior to the session close operation gets in,
311 	 * the session closing thread must wait for the non-closing
312 	 * operation to be completed before it can proceed the close
313 	 * operation.
314 	 *
315 	 * Unless we are being forced to shut everything down, this only
316 	 * happens if the libraries _fini() is running not of someone
317 	 * explicitly called C_Finalize().
318 	 */
319 	if (force)
320 		session_p->ses_refcnt = 0;
321 
322 	while (session_p->ses_refcnt != 0) {
323 		/*
324 		 * We set the SESSION_REFCNT_WAITING flag before we put
325 		 * this closing thread in a wait state, so other non-closing
326 		 * operation thread will signal to wake it up only when
327 		 * the session reference count becomes zero and this flag
328 		 * is set.
329 		 */
330 		session_p->ses_close_sync |= SESSION_REFCNT_WAITING;
331 		(void) pthread_cond_wait(&session_p->ses_free_cond,
332 		    &session_p->session_mutex);
333 	}
334 
335 	session_p->ses_close_sync &= ~SESSION_REFCNT_WAITING;
336 
337 	/* Mark session as no longer valid. */
338 	session_p->magic_marker = 0;
339 
340 	(void) pthread_cond_destroy(&session_p->ses_free_cond);
341 
342 	/*
343 	 * Remove all the objects created in this session.
344 	 */
345 	soft_delete_all_objects_in_session(session_p);
346 
347 	/* In case application did not call Final */
348 	if (session_p->digest.context != NULL)
349 		free(session_p->digest.context);
350 
351 	if (session_p->encrypt.context != NULL)
352 		/*
353 		 * 1st B_TRUE: encrypt
354 		 * 2nd B_TRUE: caller is holding session_mutex.
355 		 */
356 		soft_crypt_cleanup(session_p, B_TRUE, B_TRUE);
357 
358 	if (session_p->decrypt.context != NULL)
359 		/*
360 		 * 1st B_FALSE: decrypt
361 		 * 2nd B_TRUE: caller is holding session_mutex.
362 		 */
363 		soft_crypt_cleanup(session_p, B_FALSE, B_TRUE);
364 
365 	if (session_p->sign.context != NULL)
366 		free(session_p->sign.context);
367 
368 	if (session_p->verify.context != NULL)
369 		free(session_p->verify.context);
370 
371 	if (session_p->find_objects.context != NULL) {
372 		find_context_t *fcontext;
373 		fcontext = (find_context_t *)session_p->find_objects.context;
374 		free(fcontext->objs_found);
375 		free(fcontext);
376 	}
377 
378 	/* Reset SESSION_IS_CLOSIN flag. */
379 	session_p->ses_close_sync &= ~SESSION_IS_CLOSING;
380 
381 	(void) pthread_mutex_unlock(&session_p->session_mutex);
382 	/* Destroy the individual session lock */
383 	(void) pthread_mutex_destroy(&session_p->session_mutex);
384 
385 	/* Delay freeing the session */
386 	session_delay_free(session_p);
387 
388 	return (CKR_OK);
389 }
390 
391 
392 /*
393  * This function is used to type cast a session handle to a pointer to
394  * the session struct. Also, it does the following things:
395  * 1) Check to see if the session struct is tagged with a session
396  *    magic number. This is to detect when an application passes
397  *    a bogus session pointer.
398  * 2) Acquire the lock on the designated session.
399  * 3) Check to see if the session is in the closing state that another
400  *    thread is performing.
401  * 4) Increment the session reference count by one. This is to prevent
402  *    this session from being closed by other thread.
403  * 5) Release the lock held on the designated session.
404  */
405 CK_RV
406 handle2session(CK_SESSION_HANDLE hSession, soft_session_t **session_p)
407 {
408 
409 	soft_session_t *sp = (soft_session_t *)(hSession);
410 
411 	/*
412 	 * No need to hold soft_sessionlist_mutex as we are
413 	 * just reading the value and 32-bit reads are atomic.
414 	 */
415 	if (all_sessions_closing) {
416 		return (CKR_SESSION_CLOSED);
417 	}
418 
419 	if ((sp == NULL) ||
420 	    (sp->magic_marker != SOFTTOKEN_SESSION_MAGIC)) {
421 		return (CKR_SESSION_HANDLE_INVALID);
422 	}
423 	(void) pthread_mutex_lock(&sp->session_mutex);
424 
425 	if (sp->ses_close_sync & SESSION_IS_CLOSING) {
426 		(void) pthread_mutex_unlock(&sp->session_mutex);
427 		return (CKR_SESSION_CLOSED);
428 	}
429 
430 	/* Increment session ref count. */
431 	sp->ses_refcnt++;
432 
433 	(void) pthread_mutex_unlock(&sp->session_mutex);
434 
435 	*session_p = sp;
436 
437 	return (CKR_OK);
438 }
439 
440 /*
441  * The format to be saved in the pOperationState will be:
442  * 1. internal_op_state_t
443  * 2. crypto_active_op_t
444  * 3. actual context of the active operation
445  */
446 CK_RV
447 soft_get_operationstate(soft_session_t *session_p, CK_BYTE_PTR pOperationState,
448     CK_ULONG_PTR pulOperationStateLen)
449 {
450 
451 	internal_op_state_t op_state;
452 	CK_ULONG op_data_len = 0;
453 
454 	/* Check to see if encrypt operation is active. */
455 	if (session_p->encrypt.flags & CRYPTO_OPERATION_ACTIVE) {
456 		return (CKR_STATE_UNSAVEABLE);
457 	}
458 
459 	/* Check to see if decrypt operation is active. */
460 	if (session_p->decrypt.flags & CRYPTO_OPERATION_ACTIVE) {
461 		return (CKR_STATE_UNSAVEABLE);
462 	}
463 
464 	/* Check to see if sign operation is active. */
465 	if (session_p->sign.flags & CRYPTO_OPERATION_ACTIVE) {
466 		return (CKR_STATE_UNSAVEABLE);
467 	}
468 
469 	/* Check to see if verify operation is active. */
470 	if (session_p->verify.flags & CRYPTO_OPERATION_ACTIVE) {
471 		return (CKR_STATE_UNSAVEABLE);
472 	}
473 
474 	/* Check to see if digest operation is active. */
475 	if (session_p->digest.flags & CRYPTO_OPERATION_ACTIVE) {
476 		op_data_len = sizeof (internal_op_state_t) +
477 		    sizeof (crypto_active_op_t);
478 
479 		switch (session_p->digest.mech.mechanism) {
480 		case CKM_MD5:
481 			op_data_len += sizeof (MD5_CTX);
482 			break;
483 		case CKM_SHA_1:
484 			op_data_len += sizeof (SHA1_CTX);
485 			break;
486 		default:
487 			return (CKR_STATE_UNSAVEABLE);
488 		}
489 
490 		if (pOperationState == NULL_PTR) {
491 			*pulOperationStateLen = op_data_len;
492 			return (CKR_OK);
493 		} else {
494 			if (*pulOperationStateLen < op_data_len) {
495 				*pulOperationStateLen = op_data_len;
496 				return (CKR_BUFFER_TOO_SMALL);
497 			}
498 		}
499 
500 		op_state.op_len = op_data_len;
501 		op_state.op_active = DIGEST_OP;
502 		op_state.op_session_state = session_p->state;
503 
504 		/* Save internal_op_state_t */
505 		(void) memcpy(pOperationState, (CK_BYTE_PTR)&op_state,
506 		    sizeof (internal_op_state_t));
507 
508 		/* Save crypto_active_op_t */
509 		(void) memcpy((CK_BYTE *)pOperationState +
510 		    sizeof (internal_op_state_t),
511 		    &session_p->digest,
512 		    sizeof (crypto_active_op_t));
513 
514 		switch (session_p->digest.mech.mechanism) {
515 		case CKM_MD5:
516 			/* Save MD5_CTX for the active digest operation */
517 			(void) memcpy((CK_BYTE *)pOperationState +
518 			    sizeof (internal_op_state_t) +
519 			    sizeof (crypto_active_op_t),
520 			    session_p->digest.context,
521 			    sizeof (MD5_CTX));
522 			break;
523 
524 		case CKM_SHA_1:
525 			/* Save SHA1_CTX for the active digest operation */
526 			(void) memcpy((CK_BYTE *)pOperationState +
527 			    sizeof (internal_op_state_t) +
528 			    sizeof (crypto_active_op_t),
529 			    session_p->digest.context,
530 			    sizeof (SHA1_CTX));
531 			break;
532 
533 		default:
534 			return (CKR_STATE_UNSAVEABLE);
535 		}
536 	}
537 
538 	*pulOperationStateLen = op_data_len;
539 	return (CKR_OK);
540 
541 }
542 
543 /*
544  * The format to be restored from the pOperationState will be:
545  * 1. internal_op_state_t
546  * 2. crypto_active_op_t
547  * 3. actual context of the saved operation
548  */
549 CK_RV
550 soft_set_operationstate(soft_session_t *session_p, CK_BYTE_PTR pOperationState,
551     CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey,
552     CK_OBJECT_HANDLE hAuthenticationKey)
553 {
554 
555 	CK_RV		rv;
556 	internal_op_state_t op_state;
557 	crypto_active_op_t crypto_tmp;
558 	CK_ULONG offset = 0;
559 
560 	/* Restore internal_op_state_t */
561 	(void) memcpy((CK_BYTE_PTR)&op_state, pOperationState,
562 	    sizeof (internal_op_state_t));
563 
564 	if (session_p->state != op_state.op_session_state) {
565 		/*
566 		 * The supplied session state does not match with
567 		 * the saved session state.
568 		 */
569 		return (CKR_SAVED_STATE_INVALID);
570 	}
571 
572 	if (op_state.op_len != ulOperationStateLen) {
573 		/*
574 		 * The supplied data length does not match with
575 		 * the saved data length.
576 		 */
577 		return (CKR_SAVED_STATE_INVALID);
578 	}
579 
580 	offset = sizeof (internal_op_state_t);
581 
582 	(void) memcpy((CK_BYTE *)&crypto_tmp,
583 	    (CK_BYTE *)pOperationState + offset,
584 	    sizeof (crypto_active_op_t));
585 
586 	switch (op_state.op_active) {
587 	case DIGEST_OP:
588 		if ((hAuthenticationKey != 0) || (hEncryptionKey != 0)) {
589 			return (CKR_KEY_NOT_NEEDED);
590 		}
591 
592 		/*
593 		 * If the destination session has the same mechanism
594 		 * as the source, we can reuse the memory allocated for
595 		 * the crypto context. Otherwise, we free the crypto
596 		 * context of the destination session now.
597 		 */
598 		if (session_p->digest.context) {
599 			if (session_p->digest.mech.mechanism !=
600 			    crypto_tmp.mech.mechanism) {
601 				(void) pthread_mutex_lock(&session_p->
602 				    session_mutex);
603 				free(session_p->digest.context);
604 				session_p->digest.context = NULL;
605 				(void) pthread_mutex_unlock(&session_p->
606 				    session_mutex);
607 			}
608 		}
609 		break;
610 
611 	default:
612 		return (CKR_SAVED_STATE_INVALID);
613 	}
614 
615 	/* Restore crypto_active_op_t */
616 	(void) pthread_mutex_lock(&session_p->session_mutex);
617 	session_p->digest.mech.mechanism = crypto_tmp.mech.mechanism;
618 	session_p->digest.flags = crypto_tmp.flags;
619 	(void) pthread_mutex_unlock(&session_p->session_mutex);
620 
621 	offset += sizeof (crypto_active_op_t);
622 
623 	/*
624 	 * Make sure the supplied crypto operation state is valid
625 	 */
626 	switch (op_state.op_active) {
627 	case DIGEST_OP:
628 
629 		switch (session_p->digest.mech.mechanism) {
630 		case CKM_MD5:
631 			(void) pthread_mutex_lock(&session_p->session_mutex);
632 			if (session_p->digest.context == NULL) {
633 				session_p->digest.context =
634 				    malloc(sizeof (MD5_CTX));
635 
636 				if (session_p->digest.context == NULL) {
637 					(void) pthread_mutex_unlock(
638 					    &session_p->session_mutex);
639 					return (CKR_HOST_MEMORY);
640 				}
641 			}
642 
643 			/* Restore MD5_CTX from the saved digest operation */
644 			(void) memcpy((CK_BYTE *)session_p->digest.context,
645 			    (CK_BYTE *)pOperationState + offset,
646 			    sizeof (MD5_CTX));
647 
648 			(void) pthread_mutex_unlock(&session_p->session_mutex);
649 
650 			rv = CKR_OK;
651 			break;
652 
653 		case CKM_SHA_1:
654 			(void) pthread_mutex_lock(&session_p->session_mutex);
655 			if (session_p->digest.context == NULL) {
656 				session_p->digest.context =
657 				    malloc(sizeof (SHA1_CTX));
658 
659 				if (session_p->digest.context == NULL) {
660 					(void) pthread_mutex_unlock(
661 					    &session_p->session_mutex);
662 					return (CKR_HOST_MEMORY);
663 				}
664 			}
665 
666 			/* Restore SHA1_CTX from the saved digest operation */
667 			(void) memcpy((CK_BYTE *)session_p->digest.context,
668 			    (CK_BYTE *)pOperationState + offset,
669 			    sizeof (SHA1_CTX));
670 
671 			(void) pthread_mutex_unlock(&session_p->session_mutex);
672 
673 			rv = CKR_OK;
674 			break;
675 
676 		default:
677 			rv = CKR_SAVED_STATE_INVALID;
678 			break;
679 		}
680 		break;
681 
682 	default:
683 		rv = CKR_SAVED_STATE_INVALID;
684 		break;
685 	}
686 
687 	return (rv);
688 
689 }
690 
691 
692 CK_RV
693 soft_login(CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
694 {
695 
696 	/*
697 	 * Authenticate the input PIN.
698 	 */
699 	return (soft_verify_pin(pPin, ulPinLen));
700 
701 }
702 
703 void
704 soft_logout(void)
705 {
706 
707 	/*
708 	 * Delete all the private token objects from the "token_object_list".
709 	 */
710 	soft_delete_all_in_core_token_objects(PRIVATE_TOKEN);
711 	return;
712 
713 }
714