Status access violation

[leonardodepaula]

When I updated from version 0.7.0 to 0.8.0 I ran into this error: (exit code: 0xc0000005, STATUS_ACCESS_VIOLATION)

fn main() {
    let pkcs11client = Pkcs11::new("C:/Windows/System32/eTPKCS11.dll").unwrap();
    pkcs11client.initialize(CInitializeArgs::OsThreads).unwrap();

    let slot = pkcs11client.get_slots_with_token().unwrap().remove(0);

    let session = pkcs11client.open_ro_session(slot).unwrap();
    session.login(UserType::User, None).unwrap();

    println!("{:?}", session);
}

Platform: Windows 11

The code above runs perfectly on version 0.7.0, but it doesn't on version 0.8.0.

[hug-dev]

Hey!

I tried your example but it fails with SoftHSM on both versions :( Couldn't find a commit which changed parts that would cause this to fail between 0.7.0 and 0.8.0. If you have time, you could git bisect to check...

Which line is failing in your code?
Have you also checked that giving None for pin would require CKF_PROTECTED_AUTHENTICATION_PATH (as shown here)?

[leonardodepaula]

Hello, @hug-dev!

First of all, thanks for the reply and the amazing work on the crate.

I'm prototyping here, so git bisect won't help.

This is the line failing:

let pkcs11client = Pkcs11::new("C:/Windows/System32/eTPKCS11.dll").unwrap();

I also tried setting the pin and the error persisted.

I made some tests and this is the last commit fully working:

cryptoki = { git = "https://github.com/parallaxsecond/rust-cryptoki.git", rev="024976fc892b96ad72fbc4af38cf9449c42034c4" }

So, the probable bug was introduced here: 3ec788c

[hug-dev]

ah nice find! Interesting, I did not spot anything in the commit that could have caused this isse 🤔
Maybe not the issue but #230 also changed those parts recently

[hug-dev]

Do you also know if your PKCS11 implementation (eTPKCS11.dll) implements the PKCS11 3.0 headers? That could be the issue with the commit you linked (although it was supposed to be retrocompatible)

[leonardodepaula]

Do you also know if your PKCS11 implementation (eTPKCS11.dll) implements the PKCS11 3.0 headers? That could be the issue with the commit you linked (although it was supposed to be retrocompatible)

I don't know. It is provided by Gemalto's Safenet Authentication Client. How can I check that?

I forked this repository and made two tests. Upgraded the pkcs11-headers to the version 3.1 and downgraded the headers to the version 2.40. On both scenarios the error persisted. I don't know the ins and outs of the cryptoki or the concrete implementation of this crate, but I think it indicates that the incompatibility doesn't come from the "cryptoki-sys/vendor/pkcs11.h" file.

[hug-dev]

How can I check that?

At least here in Supported APIs they say PKCS11 v2.20 😢

But I don't see how you would get an error from it..

[leonardodepaula]

I tried your example but it fails with SoftHSM on both versions :( Couldn't find a commit which changed parts that would cause this to fail between 0.7.0 and 0.8.0. If you have time, you could git bisect to check...

Are you getting an error with SoftHSM as well? What is the error?

[hug-dev]

I get:

thread 'main' panicked at cryptoki/examples/generate_key_pair.rs:27:41:
called `Result::unwrap()` on an `Err` value: Pkcs11(ArgumentsBad, Login)

on line

    session.login(UserType::User, None).unwrap();