Make Session take a reference to Pkcs11 and remove inner Arc

wiktor-k · wiktor-k · commit 596a2e31c95f · 2025-10-23T11:29:32.000+02:00
Signed-off-by: Wiktor Kwapisiewicz &lt;wiktor@metacode.biz&gt;
diff --git a/cryptoki/src/context/mod.rs b/cryptoki/src/context/mod.rs
@@ -34,7 +34,6 @@ use log::error;
 use std::fmt;
 use std::path::Path;
 use std::ptr;
-use std::sync::Arc;
 use std::sync::RwLock;
 
 /// Enum for various function lists
@@ -100,10 +99,10 @@ impl Drop for Pkcs11Impl {
 }
 
 /// Main PKCS11 context. Should usually be unique per application.
-#[derive(Clone, Debug)]
+#[derive(Debug)]
 pub struct Pkcs11 {
-    pub(crate) impl_: Arc<Pkcs11Impl>,
-    initialized: Arc<RwLock<bool>>,
+    pub(crate) impl_: Pkcs11Impl,
+    initialized: RwLock<bool>,
 }
 
 impl Pkcs11 {
@@ -154,21 +153,21 @@ impl Pkcs11 {
                         let list32_ptr: *mut cryptoki_sys::CK_FUNCTION_LIST_3_2 =
                             ifce.pFunctionList as *mut cryptoki_sys::CK_FUNCTION_LIST_3_2;
                         return Ok(Pkcs11 {
-                            impl_: Arc::new(Pkcs11Impl {
+                            impl_: Pkcs11Impl {
                                 _pkcs11_lib: pkcs11_lib,
                                 function_list: FunctionList::V3_2(*list32_ptr),
-                            }),
-                            initialized: Arc::new(RwLock::new(false)),
+                            },
+                            initialized: RwLock::new(false),
                         });
                     }
                     let list30_ptr: *mut cryptoki_sys::CK_FUNCTION_LIST_3_0 =
                         ifce.pFunctionList as *mut cryptoki_sys::CK_FUNCTION_LIST_3_0;
                     return Ok(Pkcs11 {
-                        impl_: Arc::new(Pkcs11Impl {
+                        impl_: Pkcs11Impl {
                             _pkcs11_lib: pkcs11_lib,
                             function_list: FunctionList::V3_0(v30tov32(*list30_ptr)),
-                        }),
-                        initialized: Arc::new(RwLock::new(false)),
+                        },
+                        initialized: RwLock::new(false),
                     });
                 }
                 /* fall back to the 2.* API */
@@ -180,21 +179,17 @@ impl Pkcs11 {
             .into_result(Function::GetFunctionList)?;
 
         Ok(Pkcs11 {
-            impl_: Arc::new(Pkcs11Impl {
+            impl_: Pkcs11Impl {
                 _pkcs11_lib: pkcs11_lib,
                 function_list: FunctionList::V2(v2tov3(*list_ptr)),
-            }),
-            initialized: Arc::new(RwLock::new(false)),
+            },
+            initialized: RwLock::new(false),
         })
     }
 
     /// Initialize the PKCS11 library
     pub fn initialize(&self, init_args: CInitializeArgs) -> Result<()> {
-        let mut init_lock = self
-            .initialized
-            .as_ref()
-            .write()
-            .expect("lock not to be poisoned");
+        let mut init_lock = self.initialized.write().expect("lock not to be poisoned");
         if *init_lock {
             Err(Error::AlreadyInitialized)?
         }
@@ -203,11 +198,7 @@ impl Pkcs11 {
 
     /// Check whether the PKCS11 library has been initialized
     pub fn is_initialized(&self) -> bool {
-        *self
-            .initialized
-            .as_ref()
-            .read()
-            .expect("lock not to be poisoned")
+        *self.initialized.read().expect("lock not to be poisoned")
     }
 
     /// Finalize the PKCS11 library. Indicates that the application no longer needs to use PKCS11.
diff --git a/cryptoki/src/context/session_management.rs b/cryptoki/src/context/session_management.rs
@@ -13,7 +13,7 @@ use super::Function;
 
 impl Pkcs11 {
     #[inline(always)]
-    fn open_session(&self, slot_id: Slot, read_write: bool) -> Result<Session> {
+    fn open_session(&self, slot_id: Slot, read_write: bool) -> Result<Session<'_>> {
         let mut session_handle = 0;
 
         let flags = if read_write {
@@ -33,7 +33,7 @@ impl Pkcs11 {
             .into_result(Function::OpenSession)?;
         }
 
-        Ok(Session::new(session_handle, self.clone()))
+        Ok(Session::new(session_handle, self))
     }
 
     /// Open a new Read-Only session
@@ -60,14 +60,14 @@ impl Pkcs11 {
     /// let session = client.open_ro_session(slot)?;
     /// # let _ = session; Ok(()) }
     /// ```
-    pub fn open_ro_session(&self, slot_id: Slot) -> Result<Session> {
+    pub fn open_ro_session(&self, slot_id: Slot) -> Result<Session<'_>> {
         self.open_session(slot_id, false)
     }
 
     /// Open a new Read/Write session
     ///
     /// Note: No callback is set when opening the session.
-    pub fn open_rw_session(&self, slot_id: Slot) -> Result<Session> {
+    pub fn open_rw_session(&self, slot_id: Slot) -> Result<Session<'_>> {
         self.open_session(slot_id, true)
     }
 }
diff --git a/cryptoki/src/session/decryption.rs b/cryptoki/src/session/decryption.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Single-part decryption operation
     pub fn decrypt(
         &self,
diff --git a/cryptoki/src/session/digesting.rs b/cryptoki/src/session/digesting.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Single-part digesting operation
     pub fn digest(&self, m: &Mechanism, data: &[u8]) -> Result<Vec<u8>> {
         let mut mechanism: CK_MECHANISM = m.into();
diff --git a/cryptoki/src/session/encapsulation.rs b/cryptoki/src/session/encapsulation.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Encapsulate key
     pub fn encapsulate_key(
         &self,
diff --git a/cryptoki/src/session/encryption.rs b/cryptoki/src/session/encryption.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Single-part encryption operation
     pub fn encrypt(
         &self,
diff --git a/cryptoki/src/session/key_management.rs b/cryptoki/src/session/key_management.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::{CK_ATTRIBUTE, CK_MECHANISM, CK_MECHANISM_PTR};
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Generate a secret key
     pub fn generate_key(
         &self,
diff --git a/cryptoki/src/session/message_decryption.rs b/cryptoki/src/session/message_decryption.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Prepare a session for one or more Message-based decryption using the same mechanism and key
     pub fn message_decrypt_init(&self, mechanism: &Mechanism, key: ObjectHandle) -> Result<()> {
         let mut mechanism: CK_MECHANISM = mechanism.into();
diff --git a/cryptoki/src/session/message_encryption.rs b/cryptoki/src/session/message_encryption.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Prepare a session for one or more Message-based encryption using the same mechanism and key
     pub fn message_encrypt_init(&self, mechanism: &Mechanism, key: ObjectHandle) -> Result<()> {
         let mut mechanism: CK_MECHANISM = mechanism.into();
diff --git a/cryptoki/src/session/mod.rs b/cryptoki/src/session/mod.rs
@@ -34,37 +34,33 @@ pub use validation::ValidationFlagsType;
 /// threads. A Session needs to be created in its own thread or to be passed by ownership to
 /// another thread.
 #[derive(Debug)]
-pub struct Session {
+pub struct Session<'a> {
     handle: CK_SESSION_HANDLE,
-    client: Pkcs11,
+    client: &'a Pkcs11,
     // This is not used but to prevent Session to automatically implement Send and Sync
     _guard: PhantomData<*mut u32>,
 }
 
-impl std::fmt::Display for Session {
+impl<'a> std::fmt::Display for Session<'a> {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{}", self.handle)
     }
 }
 
-impl std::fmt::LowerHex for Session {
+impl<'a> std::fmt::LowerHex for Session<'a> {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{:08x}", self.handle)
     }
 }
 
-impl std::fmt::UpperHex for Session {
+impl<'a> std::fmt::UpperHex for Session<'a> {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{:08X}", self.handle)
     }
 }
 
-// Session does not implement Sync to prevent the same Session instance to be used from multiple
-// threads.
-unsafe impl Send for Session {}
-
-impl Session {
-    pub(crate) fn new(handle: CK_SESSION_HANDLE, client: Pkcs11) -> Self {
+impl<'a> Session<'a> {
+    pub(crate) fn new(handle: CK_SESSION_HANDLE, client: &'a Pkcs11) -> Self {
         Session {
             handle,
             client,
@@ -73,7 +69,7 @@ impl Session {
     }
 }
 
-impl Session {
+impl<'a> Session<'a> {
     /// Close a session
     /// This will be called on drop as well.
     pub fn close(self) {}
diff --git a/cryptoki/src/session/object_management.rs b/cryptoki/src/session/object_management.rs
@@ -78,7 +78,7 @@ const MAX_OBJECT_COUNT: NonZeroUsize = unsafe { NonZeroUsize::new_unchecked(10)
 /// ```
 #[derive(Debug)]
 pub struct ObjectHandleIterator<'a> {
-    session: &'a Session,
+    session: &'a Session<'a>,
     object_count: usize,
     index: usize,
     cache: Vec<CK_OBJECT_HANDLE>,
@@ -207,7 +207,7 @@ impl Drop for ObjectHandleIterator<'_> {
     }
 }
 
-impl Session {
+impl Session<'_> {
     /// Iterate over session objects matching a template.
     ///
     /// # Arguments
diff --git a/cryptoki/src/session/random.rs b/cryptoki/src/session/random.rs
@@ -7,7 +7,7 @@ use crate::error::{Result, Rv};
 use crate::session::Session;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Generates a random number and sticks it in a slice
     ///
     /// # Arguments
diff --git a/cryptoki/src/session/session_management.rs b/cryptoki/src/session/session_management.rs
@@ -14,7 +14,7 @@ use log::error;
 use secrecy::ExposeSecret;
 use std::convert::{TryFrom, TryInto};
 
-impl Drop for Session {
+impl Drop for Session<'_> {
     fn drop(&mut self) {
         #[inline(always)]
         fn close(session: &Session) -> Result<()> {
@@ -32,7 +32,7 @@ impl Drop for Session {
     }
 }
 
-impl Session {
+impl Session<'_> {
     /// Log a session in.
     ///
     /// # Arguments
diff --git a/cryptoki/src/session/signing_macing.rs b/cryptoki/src/session/signing_macing.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Sign data in single-part
     pub fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result<Vec<u8>> {
         let mut mechanism: CK_MECHANISM = mechanism.into();
diff --git a/cryptoki/src/session/slot_token_management.rs b/cryptoki/src/session/slot_token_management.rs
@@ -9,7 +9,7 @@ use crate::types::AuthPin;
 use secrecy::ExposeSecret;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Initialize the normal user's pin for a token
     pub fn init_pin(&self, pin: &AuthPin) -> Result<()> {
         unsafe {
diff --git a/cryptoki/src/session/validation.rs b/cryptoki/src/session/validation.rs
@@ -46,7 +46,7 @@ impl From<ValidationFlagsType> for CK_SESSION_VALIDATION_FLAGS_TYPE {
     }
 }
 
-impl Session {
+impl Session<'_> {
     /// Get requested validation flags from the session
     ///
     /// The only supported flag as for PKCS#11 3.2 is `ValidationFlagsType::VALIDATION_OK`
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -25,6 +25,7 @@ use cryptoki::types::{AuthPin, Ulong};
 use serial_test::serial;
 use std::collections::HashMap;
 use std::num::NonZeroUsize;
+use std::sync::Arc;
 use std::thread;
 
 use cryptoki::mechanism::ekdf::AesCbcDeriveParams;
@@ -1466,6 +1467,7 @@ fn login_feast() {
     const SESSIONS: usize = 100;
 
     let (pkcs11, slot) = init_pins();
+    let pkcs11 = Arc::new(pkcs11);
     let mut threads = Vec::new();
 
     for _ in 0..SESSIONS {
@@ -1802,7 +1804,7 @@ fn is_initialized_test() {
 fn test_clone_initialize() {
     use cryptoki::context::CInitializeArgs;
 
-    let pkcs11 = get_pkcs11();
+    let pkcs11 = Arc::new(get_pkcs11());
 
     let clone = pkcs11.clone();
     assert!(

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ use super::Function;`
`13`	`13`
`14`	`14`	`impl Pkcs11 {`
`15`	`15`	`#[inline(always)]`
`16`		`- fn open_session(&self, slot_id: Slot, read_write: bool) -> Result<Session> {`
	`16`	`+ fn open_session(&self, slot_id: Slot, read_write: bool) -> Result<Session<'_>> {`
`17`	`17`	`let mut session_handle = 0;`
`18`	`18`
`19`	`19`	`let flags = if read_write {`
`@@ -33,7 +33,7 @@ impl Pkcs11 {`
`33`	`33`	`.into_result(Function::OpenSession)?;`
`34`	`34`	`}`
`35`	`35`
`36`		`- Ok(Session::new(session_handle, self.clone()))`
	`36`	`+ Ok(Session::new(session_handle, self))`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`/// Open a new Read-Only session`
`@@ -60,14 +60,14 @@ impl Pkcs11 {`
`60`	`60`	`/// let session = client.open_ro_session(slot)?;`
`61`	`61`	`/// # let _ = session; Ok(()) }`
`62`	`62`	/// ```
`63`		`- pub fn open_ro_session(&self, slot_id: Slot) -> Result<Session> {`
	`63`	`+ pub fn open_ro_session(&self, slot_id: Slot) -> Result<Session<'_>> {`
`64`	`64`	`self.open_session(slot_id, false)`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`/// Open a new Read/Write session`
`68`	`68`	`///`
`69`	`69`	`/// Note: No callback is set when opening the session.`
`70`		`- pub fn open_rw_session(&self, slot_id: Slot) -> Result<Session> {`
	`70`	`+ pub fn open_rw_session(&self, slot_id: Slot) -> Result<Session<'_>> {`
`71`	`71`	`self.open_session(slot_id, true)`
`72`	`72`	`}`
`73`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,37 +34,33 @@ pub use validation::ValidationFlagsType;`
`34`	`34`	`/// threads. A Session needs to be created in its own thread or to be passed by ownership to`
`35`	`35`	`/// another thread.`
`36`	`36`	`#[derive(Debug)]`
`37`		`-pub struct Session {`
	`37`	`+pub struct Session<'a> {`
`38`	`38`	`handle: CK_SESSION_HANDLE,`
`39`		`- client: Pkcs11,`
	`39`	`+ client: &'a Pkcs11,`
`40`	`40`	`// This is not used but to prevent Session to automatically implement Send and Sync`
`41`	`41`	`_guard: PhantomData<*mut u32>,`
`42`	`42`	`}`
`43`	`43`
`44`		`-impl std::fmt::Display for Session {`
	`44`	`+impl<'a> std::fmt::Display for Session<'a> {`
`45`	`45`	`fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {`
`46`	`46`	`write!(f, "{}", self.handle)`
`47`	`47`	`}`
`48`	`48`	`}`
`49`	`49`
`50`		`-impl std::fmt::LowerHex for Session {`
	`50`	`+impl<'a> std::fmt::LowerHex for Session<'a> {`
`51`	`51`	`fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {`
`52`	`52`	`write!(f, "{:08x}", self.handle)`
`53`	`53`	`}`
`54`	`54`	`}`
`55`	`55`
`56`		`-impl std::fmt::UpperHex for Session {`
	`56`	`+impl<'a> std::fmt::UpperHex for Session<'a> {`
`57`	`57`	`fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {`
`58`	`58`	`write!(f, "{:08X}", self.handle)`
`59`	`59`	`}`
`60`	`60`	`}`
`61`	`61`
`62`		`-// Session does not implement Sync to prevent the same Session instance to be used from multiple`
`63`		`-// threads.`
`64`		`-unsafe impl Send for Session {}`
`65`		`-`
`66`		`-impl Session {`
`67`		`- pub(crate) fn new(handle: CK_SESSION_HANDLE, client: Pkcs11) -> Self {`
	`62`	`+impl<'a> Session<'a> {`
	`63`	`+ pub(crate) fn new(handle: CK_SESSION_HANDLE, client: &'a Pkcs11) -> Self {`
`68`	`64`	`Session {`
`69`	`65`	`handle,`
`70`	`66`	`client,`
`@@ -73,7 +69,7 @@ impl Session {`
`73`	`69`	`}`
`74`	`70`	`}`
`75`	`71`
`76`		`-impl Session {`
	`72`	`+impl<'a> Session<'a> {`
`77`	`73`	`/// Close a session`
`78`	`74`	`/// This will be called on drop as well.`
`79`	`75`	`pub fn close(self) {}`