17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
51f49a79aSZdenek Kotala * Common Development and Distribution License (the "License").
61f49a79aSZdenek Kotala * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
221f49a79aSZdenek Kotala * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
24cfcec266SJason King *
25cfcec266SJason King * Copyright 2020 Joyent, Inc.
26*f974938fSMatt Barden * Copyright 2023 RackTop Systems, Inc.
277c478bd9Sstevel@tonic-gate */
287c478bd9Sstevel@tonic-gate #include <pthread.h>
297c478bd9Sstevel@tonic-gate #include <stdlib.h>
307c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
317c478bd9Sstevel@tonic-gate #include "softGlobal.h"
327c478bd9Sstevel@tonic-gate #include "softObject.h"
337c478bd9Sstevel@tonic-gate #include "softSession.h"
347c478bd9Sstevel@tonic-gate #include "softKeystore.h"
357c478bd9Sstevel@tonic-gate #include "softKeystoreUtil.h"
367c478bd9Sstevel@tonic-gate
377c478bd9Sstevel@tonic-gate
387c478bd9Sstevel@tonic-gate CK_RV
C_CreateObject(CK_SESSION_HANDLE hSession,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,CK_OBJECT_HANDLE_PTR phObject)397c478bd9Sstevel@tonic-gate C_CreateObject(CK_SESSION_HANDLE hSession,
407c478bd9Sstevel@tonic-gate CK_ATTRIBUTE_PTR pTemplate,
417c478bd9Sstevel@tonic-gate CK_ULONG ulCount,
427c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE_PTR phObject)
437c478bd9Sstevel@tonic-gate {
447c478bd9Sstevel@tonic-gate
457c478bd9Sstevel@tonic-gate CK_RV rv;
467c478bd9Sstevel@tonic-gate soft_session_t *session_p;
477c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
487c478bd9Sstevel@tonic-gate
497c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
507c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate /*
537c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
547c478bd9Sstevel@tonic-gate * reference count.
557c478bd9Sstevel@tonic-gate */
567c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
577c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
587c478bd9Sstevel@tonic-gate return (rv);
597c478bd9Sstevel@tonic-gate
607c478bd9Sstevel@tonic-gate if ((pTemplate == NULL) || (ulCount == 0) ||
617c478bd9Sstevel@tonic-gate (phObject == NULL)) {
627c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
637c478bd9Sstevel@tonic-gate goto clean_exit;
647c478bd9Sstevel@tonic-gate }
657c478bd9Sstevel@tonic-gate
667c478bd9Sstevel@tonic-gate /* Create a new object. */
677c478bd9Sstevel@tonic-gate rv = soft_add_object(pTemplate, ulCount, phObject, session_p);
687c478bd9Sstevel@tonic-gate
697c478bd9Sstevel@tonic-gate clean_exit:
707c478bd9Sstevel@tonic-gate /*
717c478bd9Sstevel@tonic-gate * Decrement the session reference count.
727c478bd9Sstevel@tonic-gate * We do not hold the session lock.
737c478bd9Sstevel@tonic-gate */
747c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
757c478bd9Sstevel@tonic-gate return (rv);
767c478bd9Sstevel@tonic-gate }
777c478bd9Sstevel@tonic-gate
787c478bd9Sstevel@tonic-gate CK_RV
C_CopyObject(CK_SESSION_HANDLE hSession,CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,CK_OBJECT_HANDLE_PTR phNewObject)797c478bd9Sstevel@tonic-gate C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
807c478bd9Sstevel@tonic-gate CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
817c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE_PTR phNewObject)
827c478bd9Sstevel@tonic-gate {
837c478bd9Sstevel@tonic-gate
847c478bd9Sstevel@tonic-gate CK_RV rv;
857c478bd9Sstevel@tonic-gate soft_session_t *session_p;
867c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
877c478bd9Sstevel@tonic-gate soft_object_t *old_object, *new_object = NULL;
887c478bd9Sstevel@tonic-gate ulong_t i;
897c478bd9Sstevel@tonic-gate
907c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
917c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
927c478bd9Sstevel@tonic-gate
937c478bd9Sstevel@tonic-gate /*
947c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
957c478bd9Sstevel@tonic-gate * reference count.
967c478bd9Sstevel@tonic-gate */
977c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
987c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
997c478bd9Sstevel@tonic-gate return (rv);
1007c478bd9Sstevel@tonic-gate
1017c478bd9Sstevel@tonic-gate /* Check arguments */
1027c478bd9Sstevel@tonic-gate if (((ulCount > 0) && (pTemplate == NULL)) ||
1037c478bd9Sstevel@tonic-gate (phNewObject == NULL)) {
1047c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
1057c478bd9Sstevel@tonic-gate goto clean_exit;
1067c478bd9Sstevel@tonic-gate }
1077c478bd9Sstevel@tonic-gate
1087c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */
1097c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hObject, old_object, rv);
1107c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
1117c478bd9Sstevel@tonic-gate goto clean_exit;
1127c478bd9Sstevel@tonic-gate }
1137c478bd9Sstevel@tonic-gate
1147c478bd9Sstevel@tonic-gate /*
1157c478bd9Sstevel@tonic-gate * Copy the old object to a new object.
1167c478bd9Sstevel@tonic-gate * The 3rd argument with SOFT_COPY_OBJ value indicates that
1177c478bd9Sstevel@tonic-gate * everything in the object will be duplicated for C_CopyObject.
1187c478bd9Sstevel@tonic-gate * The 4th argument has the session pointer that will be
1197c478bd9Sstevel@tonic-gate * saved in the new copy of the session object.
1207c478bd9Sstevel@tonic-gate */
1217c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&old_object->object_mutex);
1227c478bd9Sstevel@tonic-gate rv = soft_copy_object(old_object, &new_object, SOFT_COPY_OBJECT,
1237c478bd9Sstevel@tonic-gate session_p);
1247c478bd9Sstevel@tonic-gate
1257c478bd9Sstevel@tonic-gate if ((rv != CKR_OK) || (new_object == NULL)) {
1267c478bd9Sstevel@tonic-gate /* Most likely we ran out of space. */
1277c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&old_object->object_mutex);
1287c478bd9Sstevel@tonic-gate goto clean_exit1;
1297c478bd9Sstevel@tonic-gate }
1307c478bd9Sstevel@tonic-gate
1317c478bd9Sstevel@tonic-gate /* No need to hold the lock on the old object. */
1327c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&old_object->object_mutex);
1337c478bd9Sstevel@tonic-gate
1347c478bd9Sstevel@tonic-gate /* Modifiy the objects if requested */
1357c478bd9Sstevel@tonic-gate for (i = 0; i < ulCount; i++) {
1367c478bd9Sstevel@tonic-gate /* Set the requested attribute into the new object. */
1377c478bd9Sstevel@tonic-gate rv = soft_set_attribute(new_object, &pTemplate[i], B_TRUE);
1387c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
1397c478bd9Sstevel@tonic-gate goto fail;
1407c478bd9Sstevel@tonic-gate }
1417c478bd9Sstevel@tonic-gate }
1427c478bd9Sstevel@tonic-gate
1437c478bd9Sstevel@tonic-gate rv = soft_pin_expired_check(new_object);
1447c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
1457c478bd9Sstevel@tonic-gate goto fail;
1467c478bd9Sstevel@tonic-gate }
1477c478bd9Sstevel@tonic-gate
1487c478bd9Sstevel@tonic-gate /*
1497c478bd9Sstevel@tonic-gate * Does the new object violate the creation rule or access rule?
1507c478bd9Sstevel@tonic-gate */
1517c478bd9Sstevel@tonic-gate rv = soft_object_write_access_check(session_p, new_object);
1527c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
1537c478bd9Sstevel@tonic-gate goto fail;
1547c478bd9Sstevel@tonic-gate }
1557c478bd9Sstevel@tonic-gate
1567c478bd9Sstevel@tonic-gate /*
1577c478bd9Sstevel@tonic-gate * If the new object is a token object, it will be added
1587c478bd9Sstevel@tonic-gate * to token object list and write to disk.
1597c478bd9Sstevel@tonic-gate */
1607c478bd9Sstevel@tonic-gate if (IS_TOKEN_OBJECT(new_object)) {
1617c478bd9Sstevel@tonic-gate new_object->version = 1;
1627c478bd9Sstevel@tonic-gate /*
1637c478bd9Sstevel@tonic-gate * Write to the keystore file.
1647c478bd9Sstevel@tonic-gate */
1657c478bd9Sstevel@tonic-gate rv = soft_put_object_to_keystore(new_object);
1667c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
1677c478bd9Sstevel@tonic-gate goto fail;
1687c478bd9Sstevel@tonic-gate }
1697c478bd9Sstevel@tonic-gate
170cfcec266SJason King new_object->session_handle = CK_INVALID_HANDLE;
1717c478bd9Sstevel@tonic-gate /*
1727c478bd9Sstevel@tonic-gate * Add the newly created token object to the global
1737c478bd9Sstevel@tonic-gate * token object list in the slot struct.
1747c478bd9Sstevel@tonic-gate */
1757c478bd9Sstevel@tonic-gate soft_add_token_object_to_slot(new_object);
1767c478bd9Sstevel@tonic-gate OBJ_REFRELE(old_object);
1777c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
178cfcec266SJason King *phNewObject = set_objecthandle(new_object);
1797c478bd9Sstevel@tonic-gate
1807c478bd9Sstevel@tonic-gate return (CKR_OK);
1817c478bd9Sstevel@tonic-gate }
1827c478bd9Sstevel@tonic-gate
183cfcec266SJason King *phNewObject = set_objecthandle(new_object);
184cfcec266SJason King
1857c478bd9Sstevel@tonic-gate /* Insert new object into this session's object list */
1867c478bd9Sstevel@tonic-gate soft_add_object_to_session(new_object, session_p);
1877c478bd9Sstevel@tonic-gate
1887c478bd9Sstevel@tonic-gate /*
1897c478bd9Sstevel@tonic-gate * Decrement the session reference count.
1907c478bd9Sstevel@tonic-gate * We do not hold the session lock.
1917c478bd9Sstevel@tonic-gate */
1927c478bd9Sstevel@tonic-gate OBJ_REFRELE(old_object);
1937c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1947c478bd9Sstevel@tonic-gate
1957c478bd9Sstevel@tonic-gate return (rv);
1967c478bd9Sstevel@tonic-gate
1977c478bd9Sstevel@tonic-gate fail:
1987c478bd9Sstevel@tonic-gate soft_cleanup_object(new_object);
1997c478bd9Sstevel@tonic-gate free(new_object);
2007c478bd9Sstevel@tonic-gate
2017c478bd9Sstevel@tonic-gate clean_exit1:
2027c478bd9Sstevel@tonic-gate OBJ_REFRELE(old_object);
2037c478bd9Sstevel@tonic-gate clean_exit:
2047c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2057c478bd9Sstevel@tonic-gate return (rv);
2067c478bd9Sstevel@tonic-gate }
2077c478bd9Sstevel@tonic-gate
2087c478bd9Sstevel@tonic-gate CK_RV
C_DestroyObject(CK_SESSION_HANDLE hSession,CK_OBJECT_HANDLE hObject)2097c478bd9Sstevel@tonic-gate C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
2107c478bd9Sstevel@tonic-gate {
2117c478bd9Sstevel@tonic-gate
2127c478bd9Sstevel@tonic-gate CK_RV rv;
2137c478bd9Sstevel@tonic-gate soft_object_t *object_p;
214cfcec266SJason King soft_session_t *session_p;
2157c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
2167c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE creating_session;
2177c478bd9Sstevel@tonic-gate
2187c478bd9Sstevel@tonic-gate
2197c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
2207c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2217c478bd9Sstevel@tonic-gate
222cfcec266SJason King rv = handle2session(hSession, &session_p);
223cfcec266SJason King if (rv != CKR_OK)
224cfcec266SJason King return (rv);
2257c478bd9Sstevel@tonic-gate
2267c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */
2277c478bd9Sstevel@tonic-gate HANDLE2OBJECT_DESTROY(hObject, object_p, rv);
2287c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
229cfcec266SJason King SES_REFRELE(session_p, lock_held);
2307c478bd9Sstevel@tonic-gate return (rv);
2317c478bd9Sstevel@tonic-gate }
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate /* Obtain the session handle which object belongs to. */
2347c478bd9Sstevel@tonic-gate creating_session = object_p->session_handle;
2357c478bd9Sstevel@tonic-gate
2364b788a9fSToomas Soome if (creating_session == 0) {
2377c478bd9Sstevel@tonic-gate /*
2387c478bd9Sstevel@tonic-gate * This is a token object to be deleted.
2397c478bd9Sstevel@tonic-gate * For token object, there is no creating session concept,
2407c478bd9Sstevel@tonic-gate * therefore, creating_session is always NULL.
2417c478bd9Sstevel@tonic-gate */
2427c478bd9Sstevel@tonic-gate rv = soft_pin_expired_check(object_p);
2437c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
244cfcec266SJason King SES_REFRELE(session_p, lock_held);
2457c478bd9Sstevel@tonic-gate return (rv);
2467c478bd9Sstevel@tonic-gate }
2477c478bd9Sstevel@tonic-gate
2487c478bd9Sstevel@tonic-gate rv = soft_object_write_access_check(session_p, object_p);
2497c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
2507c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2517c478bd9Sstevel@tonic-gate return (rv);
2527c478bd9Sstevel@tonic-gate }
2537c478bd9Sstevel@tonic-gate
2547c478bd9Sstevel@tonic-gate /*
2557c478bd9Sstevel@tonic-gate * Set OBJECT_IS_DELETING flag so any access to this
2567c478bd9Sstevel@tonic-gate * object will be rejected.
2577c478bd9Sstevel@tonic-gate */
2587c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex);
2590106fafcShaimay if (object_p->obj_delete_sync & OBJECT_IS_DELETING) {
2600106fafcShaimay (void) pthread_mutex_unlock(&object_p->object_mutex);
2610106fafcShaimay SES_REFRELE(session_p, lock_held);
2620106fafcShaimay return (CKR_OBJECT_HANDLE_INVALID);
2630106fafcShaimay }
2647c478bd9Sstevel@tonic-gate object_p->obj_delete_sync |= OBJECT_IS_DELETING;
2657c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex);
2667c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2677c478bd9Sstevel@tonic-gate
2687c478bd9Sstevel@tonic-gate /*
2697c478bd9Sstevel@tonic-gate * Delete a token object by calling soft_delete_token_object()
2707c478bd9Sstevel@tonic-gate * with the second argument B_TRUE indicating to delete the
2717c478bd9Sstevel@tonic-gate * object from keystore and the third argument B_FALSE
2727c478bd9Sstevel@tonic-gate * indicating that the caller does not hold the slot mutex.
2737c478bd9Sstevel@tonic-gate */
2747c478bd9Sstevel@tonic-gate soft_delete_token_object(object_p, B_TRUE, B_FALSE);
2757c478bd9Sstevel@tonic-gate return (CKR_OK);
2767c478bd9Sstevel@tonic-gate }
2777c478bd9Sstevel@tonic-gate
278*f974938fSMatt Barden /*
279*f974938fSMatt Barden * Switch to the creating_session, which actually holds the object.
280*f974938fSMatt Barden * If we use the wrong session in the call to soft_delete_object(),
281*f974938fSMatt Barden * deletion will silently fail, and we'll leak memory until
282*f974938fSMatt Barden * C_CloseSession is called (which, if metaslot is active, may be
283*f974938fSMatt Barden * never).
284*f974938fSMatt Barden */
285*f974938fSMatt Barden if (hSession != creating_session) {
286*f974938fSMatt Barden SES_REFRELE(session_p, lock_held);
287*f974938fSMatt Barden rv = handle2session(creating_session, &session_p);
288*f974938fSMatt Barden if (rv != CKR_OK)
289*f974938fSMatt Barden return (rv);
290*f974938fSMatt Barden }
291*f974938fSMatt Barden
2927c478bd9Sstevel@tonic-gate /*
2937c478bd9Sstevel@tonic-gate * Set OBJECT_IS_DELETING flag so any access to this
2947c478bd9Sstevel@tonic-gate * object will be rejected.
2957c478bd9Sstevel@tonic-gate */
2967c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex);
2970106fafcShaimay if (object_p->obj_delete_sync & OBJECT_IS_DELETING) {
2980106fafcShaimay (void) pthread_mutex_unlock(&object_p->object_mutex);
2990106fafcShaimay SES_REFRELE(session_p, lock_held);
3000106fafcShaimay return (CKR_OBJECT_HANDLE_INVALID);
3010106fafcShaimay }
3027c478bd9Sstevel@tonic-gate object_p->obj_delete_sync |= OBJECT_IS_DELETING;
3037c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex);
3047c478bd9Sstevel@tonic-gate
3057c478bd9Sstevel@tonic-gate /*
3067c478bd9Sstevel@tonic-gate * Delete an object by calling soft_delete_object()
3077c478bd9Sstevel@tonic-gate * with a FALSE boolean argument indicating that
3087c478bd9Sstevel@tonic-gate * the caller does not hold the session lock.
3097c478bd9Sstevel@tonic-gate */
3101f49a79aSZdenek Kotala soft_delete_object(session_p, object_p, B_FALSE, B_FALSE);
3117c478bd9Sstevel@tonic-gate
3127c478bd9Sstevel@tonic-gate /*
3137c478bd9Sstevel@tonic-gate * Decrement the session reference count.
3147c478bd9Sstevel@tonic-gate * We do not hold the session lock.
3157c478bd9Sstevel@tonic-gate */
3167c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3177c478bd9Sstevel@tonic-gate
3187c478bd9Sstevel@tonic-gate return (rv);
3197c478bd9Sstevel@tonic-gate }
3207c478bd9Sstevel@tonic-gate
3217c478bd9Sstevel@tonic-gate
3227c478bd9Sstevel@tonic-gate CK_RV
C_GetAttributeValue(CK_SESSION_HANDLE hSession,CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount)3237c478bd9Sstevel@tonic-gate C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
3247c478bd9Sstevel@tonic-gate CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
3257c478bd9Sstevel@tonic-gate {
3267c478bd9Sstevel@tonic-gate
3277c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK, rv1 = CKR_OK;
3287c478bd9Sstevel@tonic-gate soft_object_t *object_p;
3297c478bd9Sstevel@tonic-gate soft_session_t *session_p;
3307c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
3317c478bd9Sstevel@tonic-gate ulong_t i;
3327c478bd9Sstevel@tonic-gate
3337c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
3347c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
3357c478bd9Sstevel@tonic-gate
3367c478bd9Sstevel@tonic-gate /*
3377c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
3387c478bd9Sstevel@tonic-gate * reference count.
3397c478bd9Sstevel@tonic-gate */
3407c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
3417c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
3427c478bd9Sstevel@tonic-gate return (rv);
3437c478bd9Sstevel@tonic-gate
3447c478bd9Sstevel@tonic-gate if ((pTemplate == NULL) || (ulCount == 0)) {
3457c478bd9Sstevel@tonic-gate /*
3467c478bd9Sstevel@tonic-gate * Decrement the session reference count.
3477c478bd9Sstevel@tonic-gate * We do not hold the session lock.
3487c478bd9Sstevel@tonic-gate */
3497c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3507c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
3517c478bd9Sstevel@tonic-gate }
3527c478bd9Sstevel@tonic-gate
3537c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */
3547c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hObject, object_p, rv);
3557c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
3567c478bd9Sstevel@tonic-gate /*
3577c478bd9Sstevel@tonic-gate * Decrement the session reference count.
3587c478bd9Sstevel@tonic-gate * We do not hold the session lock.
3597c478bd9Sstevel@tonic-gate */
3607c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3617c478bd9Sstevel@tonic-gate return (rv);
3627c478bd9Sstevel@tonic-gate }
3637c478bd9Sstevel@tonic-gate
3647c478bd9Sstevel@tonic-gate if (IS_TOKEN_OBJECT(object_p)) {
3657c478bd9Sstevel@tonic-gate
3667c478bd9Sstevel@tonic-gate rv = soft_keystore_load_latest_object(object_p);
3677c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
3687c478bd9Sstevel@tonic-gate OBJ_REFRELE(object_p);
3697c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3707c478bd9Sstevel@tonic-gate return (rv);
3717c478bd9Sstevel@tonic-gate }
3727c478bd9Sstevel@tonic-gate }
3737c478bd9Sstevel@tonic-gate
3747c478bd9Sstevel@tonic-gate /* Acquire the lock on the object. */
3757c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex);
3767c478bd9Sstevel@tonic-gate
3777c478bd9Sstevel@tonic-gate for (i = 0; i < ulCount; i++) {
3787c478bd9Sstevel@tonic-gate /*
3797c478bd9Sstevel@tonic-gate * Get the value of each attribute in the template.
3807c478bd9Sstevel@tonic-gate * (We must process EVERY attribute in the template.)
3817c478bd9Sstevel@tonic-gate */
3827c478bd9Sstevel@tonic-gate rv = soft_get_attribute(object_p, &pTemplate[i]);
3837c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
3847c478bd9Sstevel@tonic-gate /* At least we catch some type of error. */
3857c478bd9Sstevel@tonic-gate rv1 = rv;
3867c478bd9Sstevel@tonic-gate }
3877c478bd9Sstevel@tonic-gate
3887c478bd9Sstevel@tonic-gate /* Release the object lock */
3897c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex);
3907c478bd9Sstevel@tonic-gate
3917c478bd9Sstevel@tonic-gate /*
3927c478bd9Sstevel@tonic-gate * Decrement the session reference count.
3937c478bd9Sstevel@tonic-gate * We do not hold the session lock.
3947c478bd9Sstevel@tonic-gate */
3957c478bd9Sstevel@tonic-gate OBJ_REFRELE(object_p);
3967c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3977c478bd9Sstevel@tonic-gate
3987c478bd9Sstevel@tonic-gate rv = rv1;
3997c478bd9Sstevel@tonic-gate return (rv);
4007c478bd9Sstevel@tonic-gate }
4017c478bd9Sstevel@tonic-gate
4027c478bd9Sstevel@tonic-gate
4037c478bd9Sstevel@tonic-gate CK_RV
C_SetAttributeValue(CK_SESSION_HANDLE hSession,CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount)4047c478bd9Sstevel@tonic-gate C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
4057c478bd9Sstevel@tonic-gate CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
4067c478bd9Sstevel@tonic-gate {
4077c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK;
4087c478bd9Sstevel@tonic-gate soft_object_t *object_p;
4097c478bd9Sstevel@tonic-gate soft_object_t *new_object = NULL;
4107c478bd9Sstevel@tonic-gate soft_session_t *session_p;
4117c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
4127c478bd9Sstevel@tonic-gate ulong_t i;
4137c478bd9Sstevel@tonic-gate
4147c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
4157c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
4167c478bd9Sstevel@tonic-gate
4177c478bd9Sstevel@tonic-gate /*
4187c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
4197c478bd9Sstevel@tonic-gate * reference count.
4207c478bd9Sstevel@tonic-gate */
4217c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
4227c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
4237c478bd9Sstevel@tonic-gate return (rv);
4247c478bd9Sstevel@tonic-gate
4257c478bd9Sstevel@tonic-gate if ((pTemplate == NULL) || (ulCount == 0)) {
4267c478bd9Sstevel@tonic-gate /*
4277c478bd9Sstevel@tonic-gate * Decrement the session reference count.
4287c478bd9Sstevel@tonic-gate * We do not hold the session lock.
4297c478bd9Sstevel@tonic-gate */
4307c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
4317c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
4327c478bd9Sstevel@tonic-gate }
4337c478bd9Sstevel@tonic-gate
4347c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */
4357c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hObject, object_p, rv);
4367c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
4377c478bd9Sstevel@tonic-gate /*
4387c478bd9Sstevel@tonic-gate * Decrement the session reference count.
4397c478bd9Sstevel@tonic-gate * We do not hold the session lock.
4407c478bd9Sstevel@tonic-gate */
4417c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
4427c478bd9Sstevel@tonic-gate return (rv);
4437c478bd9Sstevel@tonic-gate }
4447c478bd9Sstevel@tonic-gate
4457c478bd9Sstevel@tonic-gate if (object_p->bool_attr_mask & NOT_MODIFIABLE_BOOL_ON) {
4467c478bd9Sstevel@tonic-gate rv = CKR_ATTRIBUTE_READ_ONLY;
4477c478bd9Sstevel@tonic-gate goto fail_1;
4487c478bd9Sstevel@tonic-gate }
4497c478bd9Sstevel@tonic-gate
4507c478bd9Sstevel@tonic-gate /*
4517c478bd9Sstevel@tonic-gate * Start working on the object, so we need to set the write lock so that
4527c478bd9Sstevel@tonic-gate * no one can write to it but still can read it.
4537c478bd9Sstevel@tonic-gate */
4547c478bd9Sstevel@tonic-gate if (IS_TOKEN_OBJECT(object_p)) {
4557c478bd9Sstevel@tonic-gate rv = soft_keystore_load_latest_object(object_p);
4567c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
4577c478bd9Sstevel@tonic-gate goto fail_1;
4587c478bd9Sstevel@tonic-gate }
4597c478bd9Sstevel@tonic-gate }
4607c478bd9Sstevel@tonic-gate
4617c478bd9Sstevel@tonic-gate /*
4627c478bd9Sstevel@tonic-gate * Copy the old object to a new object. We work on the copied
4637c478bd9Sstevel@tonic-gate * version because in case of error we still keep the old one
4647c478bd9Sstevel@tonic-gate * intact.
4657c478bd9Sstevel@tonic-gate * The 3rd argument with SOFT_SET_ATTR_VALUE value indicates that
4667c478bd9Sstevel@tonic-gate * not everything will be duplicated for C_SetAttributeValue.
4677c478bd9Sstevel@tonic-gate * Information not duplicated are those attributes that are not
4687c478bd9Sstevel@tonic-gate * modifiable.
4697c478bd9Sstevel@tonic-gate */
4707c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex);
4717c478bd9Sstevel@tonic-gate rv = soft_copy_object(object_p, &new_object, SOFT_SET_ATTR_VALUE, NULL);
4727c478bd9Sstevel@tonic-gate
4737c478bd9Sstevel@tonic-gate if ((rv != CKR_OK) || (new_object == NULL)) {
4747c478bd9Sstevel@tonic-gate /* Most likely we ran out of space. */
4757c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex);
4767c478bd9Sstevel@tonic-gate /*
4777c478bd9Sstevel@tonic-gate * Decrement the session reference count.
4787c478bd9Sstevel@tonic-gate * We do not hold the session lock.
4797c478bd9Sstevel@tonic-gate */
4807c478bd9Sstevel@tonic-gate goto fail_1;
4817c478bd9Sstevel@tonic-gate }
4827c478bd9Sstevel@tonic-gate
4837c478bd9Sstevel@tonic-gate /*
4847c478bd9Sstevel@tonic-gate * No need to hold the lock on the old object, because we
4857c478bd9Sstevel@tonic-gate * will be working on the new scratch object.
4867c478bd9Sstevel@tonic-gate */
4877c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex);
4887c478bd9Sstevel@tonic-gate
4897c478bd9Sstevel@tonic-gate rv = soft_object_write_access_check(session_p, new_object);
4907c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
4917c478bd9Sstevel@tonic-gate goto fail;
4927c478bd9Sstevel@tonic-gate }
4937c478bd9Sstevel@tonic-gate
4947c478bd9Sstevel@tonic-gate for (i = 0; i < ulCount; i++) {
4957c478bd9Sstevel@tonic-gate /* Set the requested attribute into the new object. */
4967c478bd9Sstevel@tonic-gate rv = soft_set_attribute(new_object, &pTemplate[i], B_FALSE);
4977c478bd9Sstevel@tonic-gate
4987c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
4997c478bd9Sstevel@tonic-gate goto fail;
5007c478bd9Sstevel@tonic-gate }
5017c478bd9Sstevel@tonic-gate }
5027c478bd9Sstevel@tonic-gate
5037c478bd9Sstevel@tonic-gate /*
5047c478bd9Sstevel@tonic-gate * We've successfully set all the requested attributes.
5057c478bd9Sstevel@tonic-gate * Merge the new object with the old object, then destory
5067c478bd9Sstevel@tonic-gate * the new one. The reason to do the merging is because we
5077c478bd9Sstevel@tonic-gate * have to keep the original object handle (address of object).
5087c478bd9Sstevel@tonic-gate */
5097c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&object_p->object_mutex);
5107c478bd9Sstevel@tonic-gate
5117c478bd9Sstevel@tonic-gate soft_merge_object(object_p, new_object);
5127c478bd9Sstevel@tonic-gate
5137c478bd9Sstevel@tonic-gate /*
5147c478bd9Sstevel@tonic-gate * The object has been modified, so we write it back to keystore.
5157c478bd9Sstevel@tonic-gate */
5167c478bd9Sstevel@tonic-gate if (IS_TOKEN_OBJECT(object_p)) {
5177c478bd9Sstevel@tonic-gate object_p->version++;
5187c478bd9Sstevel@tonic-gate rv = soft_modify_object_to_keystore(object_p);
5197c478bd9Sstevel@tonic-gate }
5207c478bd9Sstevel@tonic-gate
5217c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&object_p->object_mutex);
5227c478bd9Sstevel@tonic-gate free(new_object);
5237c478bd9Sstevel@tonic-gate
5247c478bd9Sstevel@tonic-gate /*
5257c478bd9Sstevel@tonic-gate * Decrement the session reference count.
5267c478bd9Sstevel@tonic-gate * We do not hold the session lock.
5277c478bd9Sstevel@tonic-gate */
5287c478bd9Sstevel@tonic-gate OBJ_REFRELE(object_p);
5297c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5307c478bd9Sstevel@tonic-gate return (rv);
5317c478bd9Sstevel@tonic-gate
5327c478bd9Sstevel@tonic-gate fail:
5337c478bd9Sstevel@tonic-gate soft_cleanup_object(new_object);
5347c478bd9Sstevel@tonic-gate free(new_object);
5357c478bd9Sstevel@tonic-gate
5367c478bd9Sstevel@tonic-gate fail_1:
5377c478bd9Sstevel@tonic-gate OBJ_REFRELE(object_p);
5387c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5397c478bd9Sstevel@tonic-gate
5407c478bd9Sstevel@tonic-gate return (rv);
5417c478bd9Sstevel@tonic-gate }
5427c478bd9Sstevel@tonic-gate
5437c478bd9Sstevel@tonic-gate /*ARGSUSED*/
5447c478bd9Sstevel@tonic-gate CK_RV
C_GetObjectSize(CK_SESSION_HANDLE hSession,CK_OBJECT_HANDLE hObject,CK_ULONG_PTR pulSize)5457c478bd9Sstevel@tonic-gate C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
5467c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSize)
5477c478bd9Sstevel@tonic-gate {
5487c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
5497c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
5507c478bd9Sstevel@tonic-gate
5517c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_NOT_SUPPORTED);
5527c478bd9Sstevel@tonic-gate }
5537c478bd9Sstevel@tonic-gate
5547c478bd9Sstevel@tonic-gate CK_RV
C_FindObjectsInit(CK_SESSION_HANDLE sh,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount)5557c478bd9Sstevel@tonic-gate C_FindObjectsInit(CK_SESSION_HANDLE sh, CK_ATTRIBUTE_PTR pTemplate,
5567c478bd9Sstevel@tonic-gate CK_ULONG ulCount)
5577c478bd9Sstevel@tonic-gate {
5587c478bd9Sstevel@tonic-gate
5597c478bd9Sstevel@tonic-gate CK_RV rv;
5607c478bd9Sstevel@tonic-gate soft_session_t *session_p;
5617c478bd9Sstevel@tonic-gate boolean_t lock_held = B_TRUE;
5627c478bd9Sstevel@tonic-gate
5637c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
5647c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
5657c478bd9Sstevel@tonic-gate
5667c478bd9Sstevel@tonic-gate /*
5677c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
5687c478bd9Sstevel@tonic-gate * reference count.
5697c478bd9Sstevel@tonic-gate */
5707c478bd9Sstevel@tonic-gate rv = handle2session(sh, &session_p);
5717c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
5727c478bd9Sstevel@tonic-gate return (rv);
5737c478bd9Sstevel@tonic-gate
5747c478bd9Sstevel@tonic-gate /* Check the arguments */
5757c478bd9Sstevel@tonic-gate if ((ulCount > 0) && (pTemplate == NULL)) {
5767c478bd9Sstevel@tonic-gate /* decrement the session count, we do not hold the lock */
5777c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
5787c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5797c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
5807c478bd9Sstevel@tonic-gate }
5817c478bd9Sstevel@tonic-gate
5827c478bd9Sstevel@tonic-gate /* Acquire the session lock */
5837c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
5847c478bd9Sstevel@tonic-gate
5857c478bd9Sstevel@tonic-gate /* Check to see if find operation is already active */
5867c478bd9Sstevel@tonic-gate if (session_p->find_objects.flags & CRYPTO_OPERATION_ACTIVE) {
5877c478bd9Sstevel@tonic-gate /* decrement the session count, and unlock the mutex */
5887c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5897c478bd9Sstevel@tonic-gate return (CKR_OPERATION_ACTIVE);
5907c478bd9Sstevel@tonic-gate } else {
5917c478bd9Sstevel@tonic-gate /*
5927c478bd9Sstevel@tonic-gate * This active flag will remain ON until application calls
5937c478bd9Sstevel@tonic-gate * C_FindObjectsFinal.
5947c478bd9Sstevel@tonic-gate */
5957c478bd9Sstevel@tonic-gate session_p->find_objects.flags = CRYPTO_OPERATION_ACTIVE;
5967c478bd9Sstevel@tonic-gate }
5977c478bd9Sstevel@tonic-gate
5987c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
5997c478bd9Sstevel@tonic-gate
6007c478bd9Sstevel@tonic-gate rv = soft_find_objects_init(session_p, pTemplate, ulCount);
6017c478bd9Sstevel@tonic-gate
6027c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
6037c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
6047c478bd9Sstevel@tonic-gate session_p->find_objects.flags = 0;
6057c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
6067c478bd9Sstevel@tonic-gate }
6077c478bd9Sstevel@tonic-gate
6087c478bd9Sstevel@tonic-gate /* decrement the session count, and unlock the mutex */
6097c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
6107c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
6117c478bd9Sstevel@tonic-gate return (rv);
6127c478bd9Sstevel@tonic-gate }
6137c478bd9Sstevel@tonic-gate
6147c478bd9Sstevel@tonic-gate CK_RV
C_FindObjects(CK_SESSION_HANDLE sh,CK_OBJECT_HANDLE_PTR phObject,CK_ULONG ulMaxObjectCount,CK_ULONG_PTR pulObjectCount)6157c478bd9Sstevel@tonic-gate C_FindObjects(CK_SESSION_HANDLE sh,
6167c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE_PTR phObject,
6177c478bd9Sstevel@tonic-gate CK_ULONG ulMaxObjectCount,
6187c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulObjectCount)
6197c478bd9Sstevel@tonic-gate {
6207c478bd9Sstevel@tonic-gate soft_session_t *session_p;
6217c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK;
6227c478bd9Sstevel@tonic-gate boolean_t lock_held = B_TRUE;
6237c478bd9Sstevel@tonic-gate
6247c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
6257c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
6267c478bd9Sstevel@tonic-gate
6277c478bd9Sstevel@tonic-gate /*
6287c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
6297c478bd9Sstevel@tonic-gate * reference count.
6307c478bd9Sstevel@tonic-gate */
6317c478bd9Sstevel@tonic-gate rv = handle2session(sh, &session_p);
6327c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
6337c478bd9Sstevel@tonic-gate return (rv);
6347c478bd9Sstevel@tonic-gate
6357c478bd9Sstevel@tonic-gate /* check for invalid arguments */
6367c478bd9Sstevel@tonic-gate if (((phObject == NULL) && (ulMaxObjectCount != 0)) ||
6377c478bd9Sstevel@tonic-gate (pulObjectCount == NULL)) {
6387c478bd9Sstevel@tonic-gate /* decrement the session count, we do not hold the lock */
6397c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
6407c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
6417c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
6427c478bd9Sstevel@tonic-gate }
6437c478bd9Sstevel@tonic-gate
6447c478bd9Sstevel@tonic-gate if (ulMaxObjectCount == 0) {
6457c478bd9Sstevel@tonic-gate /* don't need to do anything, just return */
6467c478bd9Sstevel@tonic-gate *pulObjectCount = 0;
6477c478bd9Sstevel@tonic-gate /* decrement the session count, we do not hold the lock */
6487c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
6497c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
6507c478bd9Sstevel@tonic-gate return (CKR_OK);
6517c478bd9Sstevel@tonic-gate }
6527c478bd9Sstevel@tonic-gate
6537c478bd9Sstevel@tonic-gate /* Acquire the session lock */
6547c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
6557c478bd9Sstevel@tonic-gate
6567c478bd9Sstevel@tonic-gate /* Check to see if find operation is active */
6577c478bd9Sstevel@tonic-gate if (!(session_p->find_objects.flags & CRYPTO_OPERATION_ACTIVE)) {
6587c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
6597c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
6607c478bd9Sstevel@tonic-gate }
6617c478bd9Sstevel@tonic-gate
6627c478bd9Sstevel@tonic-gate soft_find_objects(session_p, phObject, ulMaxObjectCount,
6637c478bd9Sstevel@tonic-gate pulObjectCount);
6647c478bd9Sstevel@tonic-gate
6657c478bd9Sstevel@tonic-gate /* decrement the session count, and release the lock */
6667c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
6677c478bd9Sstevel@tonic-gate return (rv);
6687c478bd9Sstevel@tonic-gate }
6697c478bd9Sstevel@tonic-gate
6707c478bd9Sstevel@tonic-gate CK_RV
C_FindObjectsFinal(CK_SESSION_HANDLE sh)6717c478bd9Sstevel@tonic-gate C_FindObjectsFinal(CK_SESSION_HANDLE sh)
6727c478bd9Sstevel@tonic-gate {
6737c478bd9Sstevel@tonic-gate soft_session_t *session_p;
6747c478bd9Sstevel@tonic-gate CK_RV rv;
6757c478bd9Sstevel@tonic-gate boolean_t lock_held = B_TRUE;
6767c478bd9Sstevel@tonic-gate
6777c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
6787c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
6797c478bd9Sstevel@tonic-gate
6807c478bd9Sstevel@tonic-gate /*
6817c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
6827c478bd9Sstevel@tonic-gate * reference count.
6837c478bd9Sstevel@tonic-gate */
6847c478bd9Sstevel@tonic-gate rv = handle2session(sh, &session_p);
6857c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
6867c478bd9Sstevel@tonic-gate return (rv);
6877c478bd9Sstevel@tonic-gate
6887c478bd9Sstevel@tonic-gate /* Acquire the session lock */
6897c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
6907c478bd9Sstevel@tonic-gate
6917c478bd9Sstevel@tonic-gate /* Check to see if find operation is active */
6927c478bd9Sstevel@tonic-gate if (!(session_p->find_objects.flags & CRYPTO_OPERATION_ACTIVE)) {
6937c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
6947c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
6957c478bd9Sstevel@tonic-gate }
6967c478bd9Sstevel@tonic-gate
6977c478bd9Sstevel@tonic-gate soft_find_objects_final(session_p);
6987c478bd9Sstevel@tonic-gate
6997c478bd9Sstevel@tonic-gate /* decrement the session count, and release the lock */
7007c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
7017c478bd9Sstevel@tonic-gate return (rv);
7027c478bd9Sstevel@tonic-gate }
703