10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
52940Sizick * Common Development and Distribution License (the "License").
62940Sizick * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate /*
22*9341SAnthony.Scarpino@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
230Sstevel@tonic-gate * Use is subject to license terms.
240Sstevel@tonic-gate */
250Sstevel@tonic-gate
260Sstevel@tonic-gate #include <pthread.h>
270Sstevel@tonic-gate #include <security/cryptoki.h>
280Sstevel@tonic-gate #include "softGlobal.h"
290Sstevel@tonic-gate #include "softObject.h"
300Sstevel@tonic-gate #include "softOps.h"
310Sstevel@tonic-gate #include "softSession.h"
320Sstevel@tonic-gate
330Sstevel@tonic-gate
340Sstevel@tonic-gate CK_RV
C_VerifyInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)350Sstevel@tonic-gate C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
360Sstevel@tonic-gate CK_OBJECT_HANDLE hKey)
370Sstevel@tonic-gate {
380Sstevel@tonic-gate
390Sstevel@tonic-gate CK_RV rv;
400Sstevel@tonic-gate soft_session_t *session_p;
410Sstevel@tonic-gate soft_object_t *key_p;
420Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
430Sstevel@tonic-gate
440Sstevel@tonic-gate if (!softtoken_initialized)
450Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
460Sstevel@tonic-gate
470Sstevel@tonic-gate /* Obtain the session pointer. */
480Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
490Sstevel@tonic-gate if (rv != CKR_OK)
500Sstevel@tonic-gate return (rv);
510Sstevel@tonic-gate
520Sstevel@tonic-gate if (pMechanism == NULL) {
530Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
540Sstevel@tonic-gate goto clean_exit;
550Sstevel@tonic-gate }
560Sstevel@tonic-gate
570Sstevel@tonic-gate /* Obtain the object pointer. */
580Sstevel@tonic-gate HANDLE2OBJECT(hKey, key_p, rv);
590Sstevel@tonic-gate if (rv != CKR_OK) {
600Sstevel@tonic-gate goto clean_exit;
610Sstevel@tonic-gate }
620Sstevel@tonic-gate
630Sstevel@tonic-gate /* Check to see if key object supports verification. */
640Sstevel@tonic-gate if (!(key_p->bool_attr_mask & VERIFY_BOOL_ON)) {
65*9341SAnthony.Scarpino@Sun.COM rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
660Sstevel@tonic-gate goto clean_exit1;
670Sstevel@tonic-gate }
680Sstevel@tonic-gate
690Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
700Sstevel@tonic-gate lock_held = B_TRUE;
710Sstevel@tonic-gate
720Sstevel@tonic-gate /* Check to see if verify operation is already active. */
730Sstevel@tonic-gate if (session_p->verify.flags & CRYPTO_OPERATION_ACTIVE) {
740Sstevel@tonic-gate /* free the memory to avoid memory leak */
750Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_FALSE, B_TRUE);
760Sstevel@tonic-gate }
770Sstevel@tonic-gate
780Sstevel@tonic-gate /*
790Sstevel@tonic-gate * This active flag will remain ON until application calls either
800Sstevel@tonic-gate * C_Verify or C_VerifyFinal to verify a signature on data.
810Sstevel@tonic-gate */
820Sstevel@tonic-gate session_p->verify.flags = CRYPTO_OPERATION_ACTIVE;
830Sstevel@tonic-gate
840Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
850Sstevel@tonic-gate lock_held = B_FALSE;
860Sstevel@tonic-gate
870Sstevel@tonic-gate rv = soft_verify_init(session_p, pMechanism, key_p);
880Sstevel@tonic-gate
890Sstevel@tonic-gate if (rv != CKR_OK) {
900Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
910Sstevel@tonic-gate session_p->verify.flags &= ~CRYPTO_OPERATION_ACTIVE;
920Sstevel@tonic-gate lock_held = B_TRUE;
930Sstevel@tonic-gate }
940Sstevel@tonic-gate
950Sstevel@tonic-gate clean_exit1:
960Sstevel@tonic-gate OBJ_REFRELE(key_p);
970Sstevel@tonic-gate clean_exit:
980Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
990Sstevel@tonic-gate return (rv);
1000Sstevel@tonic-gate }
1010Sstevel@tonic-gate
1020Sstevel@tonic-gate
1030Sstevel@tonic-gate CK_RV
C_Verify(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)1040Sstevel@tonic-gate C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
1050Sstevel@tonic-gate CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
1060Sstevel@tonic-gate {
1070Sstevel@tonic-gate
1080Sstevel@tonic-gate CK_RV rv;
1090Sstevel@tonic-gate soft_session_t *session_p;
1100Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
1110Sstevel@tonic-gate
1120Sstevel@tonic-gate if (!softtoken_initialized)
1130Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
1140Sstevel@tonic-gate
1150Sstevel@tonic-gate /* Obatin the session pointer */
1160Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
1170Sstevel@tonic-gate if (rv != CKR_OK)
1180Sstevel@tonic-gate return (rv);
1190Sstevel@tonic-gate
1200Sstevel@tonic-gate if (pData == NULL) {
1210Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
1220Sstevel@tonic-gate goto clean_exit;
1230Sstevel@tonic-gate }
1240Sstevel@tonic-gate
1250Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
1260Sstevel@tonic-gate lock_held = B_TRUE;
1270Sstevel@tonic-gate
1280Sstevel@tonic-gate /* Application must call C_VerifyInit before calling C_Verify. */
1290Sstevel@tonic-gate if (!(session_p->verify.flags & CRYPTO_OPERATION_ACTIVE)) {
1300Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1310Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
1320Sstevel@tonic-gate }
1330Sstevel@tonic-gate
1340Sstevel@tonic-gate /*
1350Sstevel@tonic-gate * C_Verify must be called without intervening C_VerifyUpdate
1360Sstevel@tonic-gate * calls.
1370Sstevel@tonic-gate */
1380Sstevel@tonic-gate if (session_p->verify.flags & CRYPTO_OPERATION_UPDATE) {
1390Sstevel@tonic-gate /*
1400Sstevel@tonic-gate * C_Verify can not be used to terminate a multi-part
1410Sstevel@tonic-gate * operation, so we'll leave the active verify operation
1420Sstevel@tonic-gate * flag on and let the application continue with the
1430Sstevel@tonic-gate * verify update operation.
1440Sstevel@tonic-gate */
1450Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1460Sstevel@tonic-gate return (CKR_FUNCTION_FAILED);
1470Sstevel@tonic-gate }
1480Sstevel@tonic-gate
1490Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
1500Sstevel@tonic-gate lock_held = B_FALSE;
1510Sstevel@tonic-gate
1520Sstevel@tonic-gate rv = soft_verify(session_p, pData, ulDataLen, pSignature,
1530Sstevel@tonic-gate ulSignatureLen);
1540Sstevel@tonic-gate
1550Sstevel@tonic-gate clean_exit:
1562940Sizick /* Clear context, free key, and release session counter */
1570Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE);
1580Sstevel@tonic-gate return (rv);
1590Sstevel@tonic-gate }
1600Sstevel@tonic-gate
1610Sstevel@tonic-gate
1620Sstevel@tonic-gate CK_RV
C_VerifyUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)1630Sstevel@tonic-gate C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
1640Sstevel@tonic-gate CK_ULONG ulPartLen)
1650Sstevel@tonic-gate {
1660Sstevel@tonic-gate
1670Sstevel@tonic-gate CK_RV rv;
1680Sstevel@tonic-gate soft_session_t *session_p;
1690Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
1700Sstevel@tonic-gate
1710Sstevel@tonic-gate if (!softtoken_initialized)
1720Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
1730Sstevel@tonic-gate
1740Sstevel@tonic-gate /* Obtain the session pointer */
1750Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
1760Sstevel@tonic-gate if (rv != CKR_OK)
1770Sstevel@tonic-gate return (rv);
1780Sstevel@tonic-gate
1790Sstevel@tonic-gate if (ulPartLen == 0) {
1800Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1810Sstevel@tonic-gate return (CKR_OK);
1820Sstevel@tonic-gate }
1830Sstevel@tonic-gate
1840Sstevel@tonic-gate if (pPart == NULL) {
1850Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
1860Sstevel@tonic-gate goto clean_exit;
1870Sstevel@tonic-gate }
1880Sstevel@tonic-gate
1890Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
1900Sstevel@tonic-gate lock_held = B_TRUE;
1910Sstevel@tonic-gate
1920Sstevel@tonic-gate /*
1930Sstevel@tonic-gate * Application must call C_VerifyInit before calling
1940Sstevel@tonic-gate * C_VerifyUpdate.
1950Sstevel@tonic-gate */
1960Sstevel@tonic-gate if (!(session_p->verify.flags & CRYPTO_OPERATION_ACTIVE)) {
1970Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1980Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
1990Sstevel@tonic-gate }
2000Sstevel@tonic-gate
2010Sstevel@tonic-gate session_p->verify.flags |= CRYPTO_OPERATION_UPDATE;
2020Sstevel@tonic-gate
2030Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
2040Sstevel@tonic-gate lock_held = B_FALSE;
2050Sstevel@tonic-gate
2060Sstevel@tonic-gate rv = soft_verify_update(session_p, pPart, ulPartLen);
2070Sstevel@tonic-gate
2080Sstevel@tonic-gate if (rv == CKR_OK) {
2090Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2100Sstevel@tonic-gate return (rv);
2110Sstevel@tonic-gate }
2120Sstevel@tonic-gate
2130Sstevel@tonic-gate clean_exit:
2142940Sizick /* After error, clear context, free key, & release session counter */
2150Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE);
2160Sstevel@tonic-gate
2170Sstevel@tonic-gate return (rv);
2180Sstevel@tonic-gate }
2190Sstevel@tonic-gate
2200Sstevel@tonic-gate
2210Sstevel@tonic-gate CK_RV
C_VerifyFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)2220Sstevel@tonic-gate C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
2230Sstevel@tonic-gate CK_ULONG ulSignatureLen)
2240Sstevel@tonic-gate {
2250Sstevel@tonic-gate
2260Sstevel@tonic-gate CK_RV rv;
2270Sstevel@tonic-gate soft_session_t *session_p;
2280Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
2290Sstevel@tonic-gate
2300Sstevel@tonic-gate if (!softtoken_initialized)
2310Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2320Sstevel@tonic-gate
2330Sstevel@tonic-gate /* Obtain the session pointer */
2340Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
2350Sstevel@tonic-gate if (rv != CKR_OK)
2360Sstevel@tonic-gate return (rv);
2370Sstevel@tonic-gate
2380Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
2390Sstevel@tonic-gate lock_held = B_TRUE;
2400Sstevel@tonic-gate
2410Sstevel@tonic-gate /*
2420Sstevel@tonic-gate * Application must call C_VerifyInit before calling
2430Sstevel@tonic-gate * C_VerifyFinal.
2440Sstevel@tonic-gate */
2450Sstevel@tonic-gate if (!(session_p->verify.flags & CRYPTO_OPERATION_ACTIVE)) {
2460Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2470Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
2480Sstevel@tonic-gate }
2490Sstevel@tonic-gate
2500Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
2510Sstevel@tonic-gate lock_held = B_FALSE;
2520Sstevel@tonic-gate
2530Sstevel@tonic-gate rv = soft_verify_final(session_p, pSignature, ulSignatureLen);
2540Sstevel@tonic-gate
2550Sstevel@tonic-gate clean_exit:
2562940Sizick /* Clear contexts, free key, and release session counter */
2572940Sizick soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE);
2580Sstevel@tonic-gate return (rv);
2590Sstevel@tonic-gate }
2600Sstevel@tonic-gate
2610Sstevel@tonic-gate
2620Sstevel@tonic-gate CK_RV
C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)2630Sstevel@tonic-gate C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
2640Sstevel@tonic-gate CK_OBJECT_HANDLE hKey)
2650Sstevel@tonic-gate {
2660Sstevel@tonic-gate
2670Sstevel@tonic-gate CK_RV rv;
2680Sstevel@tonic-gate soft_session_t *session_p;
2690Sstevel@tonic-gate soft_object_t *key_p;
2700Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
2710Sstevel@tonic-gate
2720Sstevel@tonic-gate if (!softtoken_initialized)
2730Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2740Sstevel@tonic-gate
2750Sstevel@tonic-gate /* Obtain the session pointer. */
2760Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
2770Sstevel@tonic-gate if (rv != CKR_OK)
2780Sstevel@tonic-gate return (rv);
2790Sstevel@tonic-gate
2800Sstevel@tonic-gate if (pMechanism == NULL) {
2810Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
2820Sstevel@tonic-gate goto clean_exit;
2830Sstevel@tonic-gate }
2840Sstevel@tonic-gate
2850Sstevel@tonic-gate /* Obtain the object pointer. */
2860Sstevel@tonic-gate HANDLE2OBJECT(hKey, key_p, rv);
2870Sstevel@tonic-gate if (rv != CKR_OK) {
2880Sstevel@tonic-gate goto clean_exit;
2890Sstevel@tonic-gate }
2900Sstevel@tonic-gate
2910Sstevel@tonic-gate /* Check to see if key object supports verify_recover. */
2920Sstevel@tonic-gate if (!(key_p->bool_attr_mask & VERIFY_RECOVER_BOOL_ON)) {
293*9341SAnthony.Scarpino@Sun.COM rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
2940Sstevel@tonic-gate goto clean_exit1;
2950Sstevel@tonic-gate }
2960Sstevel@tonic-gate
2970Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
2980Sstevel@tonic-gate lock_held = B_TRUE;
2990Sstevel@tonic-gate
3000Sstevel@tonic-gate /* Check to see if verify operation is already active. */
3010Sstevel@tonic-gate if (session_p->verify.flags & CRYPTO_OPERATION_ACTIVE) {
3020Sstevel@tonic-gate /* free the memory to avoid memory leak */
3030Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_FALSE, B_TRUE);
3040Sstevel@tonic-gate }
3050Sstevel@tonic-gate
3060Sstevel@tonic-gate /*
3070Sstevel@tonic-gate * This active flag will remain ON until application calls either
3080Sstevel@tonic-gate * C_VerifyRecover to actually obtain the recovered message.
3090Sstevel@tonic-gate */
3100Sstevel@tonic-gate session_p->verify.flags = CRYPTO_OPERATION_ACTIVE;
3110Sstevel@tonic-gate
3120Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
3130Sstevel@tonic-gate lock_held = B_FALSE;
3140Sstevel@tonic-gate
3150Sstevel@tonic-gate rv = soft_verify_recover_init(session_p, pMechanism, key_p);
3160Sstevel@tonic-gate
3170Sstevel@tonic-gate if (rv != CKR_OK) {
3180Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
3190Sstevel@tonic-gate session_p->verify.flags &= ~CRYPTO_OPERATION_ACTIVE;
3200Sstevel@tonic-gate lock_held = B_TRUE;
3210Sstevel@tonic-gate }
3220Sstevel@tonic-gate
3230Sstevel@tonic-gate clean_exit1:
3240Sstevel@tonic-gate OBJ_REFRELE(key_p);
3250Sstevel@tonic-gate clean_exit:
3260Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3270Sstevel@tonic-gate return (rv);
3280Sstevel@tonic-gate }
3290Sstevel@tonic-gate
3300Sstevel@tonic-gate
3310Sstevel@tonic-gate CK_RV
C_VerifyRecover(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)3320Sstevel@tonic-gate C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
3330Sstevel@tonic-gate CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
3340Sstevel@tonic-gate {
3350Sstevel@tonic-gate
3360Sstevel@tonic-gate CK_RV rv;
3370Sstevel@tonic-gate soft_session_t *session_p;
3380Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
3390Sstevel@tonic-gate
3400Sstevel@tonic-gate if (!softtoken_initialized)
3410Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
3420Sstevel@tonic-gate
3430Sstevel@tonic-gate /* Obatin the session pointer */
3440Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
3450Sstevel@tonic-gate if (rv != CKR_OK)
3460Sstevel@tonic-gate return (rv);
3470Sstevel@tonic-gate
3480Sstevel@tonic-gate if ((pSignature == NULL) || (pulDataLen == NULL)) {
3490Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
3500Sstevel@tonic-gate goto clean_exit;
3510Sstevel@tonic-gate }
3520Sstevel@tonic-gate
3530Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
3540Sstevel@tonic-gate lock_held = B_TRUE;
3550Sstevel@tonic-gate
3560Sstevel@tonic-gate if (!(session_p->verify.flags & CRYPTO_OPERATION_ACTIVE)) {
3570Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3580Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
3590Sstevel@tonic-gate }
3600Sstevel@tonic-gate
3610Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
3620Sstevel@tonic-gate lock_held = B_FALSE;
3630Sstevel@tonic-gate
3640Sstevel@tonic-gate rv = soft_verify_recover(session_p, pSignature,
3650Sstevel@tonic-gate ulSignatureLen, pData, pulDataLen);
3660Sstevel@tonic-gate
3670Sstevel@tonic-gate if ((rv == CKR_BUFFER_TOO_SMALL) ||
3680Sstevel@tonic-gate (pData == NULL && rv == CKR_OK)) {
3690Sstevel@tonic-gate /*
3700Sstevel@tonic-gate * We will not terminate the active verify operation flag,
3710Sstevel@tonic-gate * when the application-supplied buffer is too small, or
3720Sstevel@tonic-gate * the application asks for the length of buffer to hold
3730Sstevel@tonic-gate * the signature.
3740Sstevel@tonic-gate */
3750Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3760Sstevel@tonic-gate return (rv);
3770Sstevel@tonic-gate }
3780Sstevel@tonic-gate
3790Sstevel@tonic-gate clean_exit:
3802940Sizick /* Clear context, free key, and release session counter */
3812940Sizick soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE);
3820Sstevel@tonic-gate return (rv);
3830Sstevel@tonic-gate }
384