Re: [pkcs11] structure packing on Linux

[Tim Hudson <tjh@cryptsoft.com>]

There really never should have been structure packing in the header file even for Windows - but that is a separate topic.

It was common behaviourÂat the time the specification was produced to handle structure padding in this manner in Win32 environments - but not elsewhere.

There never should be packing of structures on platforms other than Win32 despite the outdated comment in the header file (which should be adjusted to make it clear we only pack structures on Win32).

Note that v2.11 and v2.20 included a cryptoki.h header file that actually had the defines in place - but was noted as:

This is a sample file containing the top level include directivesÂfor building Win32 Cryptoki libraries and applications.

The "right" solution in my view is to make it clear structure padding adjustment only applies for Win32 environments and native structure padding is what should be used in all other environments.

That is pretty much the defactoÂstandard approach.

Tim.

On Wed, Dec 15, 2021 at 8:36 AM Daniel Minder <Daniel.Minder@utimaco.com> wrote:

All,

Â

Iâm currently in discussion with a 3^rd party vendor about the correct packing of PKCS#11 structures.

Â

Both the Word files (even latest v3.1 WD09) and the pkcs11.h header contain the information that structures should (header) / shall (Word) be 1-byte aligned.

The header file suggest to use #pragma pack for Windows, but says otherwise: âIn a UNIX environment, you're on your own for this. You might not need to do (or be able to do!) anything.â

Â

And in fact it seems on Linux nobody uses packing. There is a lengthy discussion about it on SoftHSM GitHub (https://github.com/opendnssec/SoftHSMv2/issues/471). pkcs11-logger is not packing (https://github.com/Pkcs11Interop/pkcs11-logger/blob/master/src/pkcs11-logger.h) and pkcs11-tool is not doing it (https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/pkcs11.h).

Â

My assumption is this: the #pragma pack statement was introduced IMO in gcc 4.0 for MSVC compatibility reasons. This was in 2005. However, that time PKCS#11 was already at v2.20 and the same statement as above was included there. And IMO the only way to force packing in gcc was to add â__attribute__((packed))â to every declaration â which the TC did not want to do. And since it was not possible that time there was no packing. And for backwards compatibility reasons there is still none on Linux.

However, nowadays there is the #pragma pack and it would be easily possible. But this will affect compatibility vastly between providers and existing applications. But if application developers that are new to PKCS#11 take the standard seriously they will run into trouble. It depends on the function called. But C_GetInfo is certainly one of themâ

Â

So: Is there a need to reconsider these statements made in both the Word and header files?

Â

Whatâs your opinion on this?

Â

Regards,

Daniel

---

Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen â Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Martin Stamm CFO

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.