pyauth · MatthiasValvekens · Jun 28, 2025 · Jun 21, 2025 · Jun 23, 2025 · MatthiasValvekens
diff --git a/extern/pkcs11t.h b/extern/pkcs11t.h
@@ -270,6 +270,8 @@ typedef CK_ULONG          CK_USER_TYPE;
 #define CKU_USER                1UL
 /* Context specific */
 #define CKU_CONTEXT_SPECIFIC    2UL
+/* Value used in python-pkcs11 as a sentinel value for non-logged in sessions */
+#define CKU_USER_NOBODY         999UL
 
 /* CK_STATE enumerates the session states */
 typedef CK_ULONG          CK_STATE;

diff --git a/pkcs11/__init__.py b/pkcs11/__init__.py
@@ -8,29 +8,27 @@
 from .types import *  # noqa: F403
 from .util import dh, dsa, ec, rsa, x509  # noqa: F401
 
-_so = None
-_lib = None
+_loaded = {}
 
 
 def lib(so):
     """
     Wrap the main library call coming from Cython with a preemptive
     dynamic loading.
     """
-    global _lib
-    global _so
+    global _loaded
 
-    if _lib:
-        if _so != so:
-            raise AlreadyInitialized(  # noqa: F405
-                "Already initialized with %s" % _so
-            )
-        else:
-            return _lib
+    try:
+        _lib = _loaded[so]
+        if not _lib.initialized:
+            _lib.initialize()
+        return _lib
+    except KeyError:
+        pass
 
     from . import _pkcs11
 
     _lib = _pkcs11.lib(so)
-    _so = so
+    _loaded[so] = _lib
 
     return _lib
diff --git a/pkcs11/_pkcs11.pxd b/pkcs11/_pkcs11.pxd
@@ -139,13 +139,16 @@ cdef extern from '../extern/cryptoki.h':
 
         CKR_FUNCTION_REJECTED,
 
+        CKR_OPERATION_CANCEL_FAILED,
+
         CKR_VENDOR_DEFINED,
 
 
     ctypedef enum CK_USER_TYPE:
         CKU_SO,
         CKU_USER,
         CKU_CONTEXT_SPECIFIC,
+        CKU_USER_NOBODY,
 
     cdef enum:
         CK_TRUE,
@@ -589,6 +592,28 @@ cdef extern from '../extern/cryptoki.h':
 # All other APIs are taken from the CK_FUNCTION_LIST table
 ctypedef CK_RV (*C_GetFunctionList_ptr) (CK_FUNCTION_LIST **) nogil
 
+ctypedef CK_RV (*KeyOperationInit) (
+        CK_SESSION_HANDLE session,
+        CK_MECHANISM *mechanism,
+        CK_OBJECT_HANDLE key
+) nogil
+ctypedef CK_RV (*OperationUpdateWithResult) (
+        CK_SESSION_HANDLE session,
+        CK_BYTE *part_in,
+        CK_ULONG part_in_len,
+        CK_BYTE *part_out,
+        CK_ULONG *part_out_len
+) nogil
+ctypedef CK_RV (*OperationUpdate) (
+        CK_SESSION_HANDLE session,
+        CK_BYTE *part_in,
+        CK_ULONG part_in_len
+) nogil
+ctypedef CK_RV (*OperationWithResult) (
+        CK_SESSION_HANDLE session,
+        CK_BYTE *part_out,
+        CK_ULONG *part_out_len
+) nogil
 
 cdef inline CK_BYTE_buffer(length):
     """Make a buffer for `length` CK_BYTEs."""