Open SantiagoAndresHurtado opened 3 years ago
It sounds like there's some mismatch in the type of something. What compiler toolchain are you using on what architecture? What pkcs#11 library?
Hi!
I am not really sure what a toolchain is, but i give you some information that can be useful.
Command executed: yum list installed | grep gcc
gcc.x86_64 8.3.1-5.el8.0.2 @AppStream gcc-c++.x86_64 8.3.1-5.el8.0.2 @AppStream libgcc.x86_64 8.3.1-5.el8.0.2 @anaconda
SO: Centos 8.2.2004 Architecture: x86_64 Kernel: 4.18.0-193.19.1.el8_2.x86_64 Processor: Intel(R) Xeon(R) Bronze 3106 CPU @ 1.70GHz Library version: python-pkcs11(0.7.0) Python version: python3.8 gcc version: 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)
.so library: librarylibcastle.zip
Thanks for your help!
Do you have the complete build log?
¿How can i get it?
I downloaded the repo and installed it with: python3 setup.py build > output.txt In console appears:
warning: pkcs11/_pkcs11.pyx:237:70: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:608:63: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:634:51: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:674:64: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:921:56: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:965:74: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:975:67: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:1012:55: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:1056:74: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:1066:67: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:1102:52: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:1143:65: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:1235:59: Use boundscheck(False) for faster access warning: pkcs11/_pkcs11.pyx:1496:64: Use boundscheck(False) for faster access
And in the log file (output.txt):
running build running build_py creating build creating build/lib.linux-x86_64-3.6 creating build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/init.py -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/constants.py -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/defaults.py -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/exceptions.py -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/mechanisms.py -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/types.py -> build/lib.linux-x86_64-3.6/pkcs11 creating build/lib.linux-x86_64-3.6/pkcs11/util copying pkcs11/util/init.py -> build/lib.linux-x86_64-3.6/pkcs11/util copying pkcs11/util/dh.py -> build/lib.linux-x86_64-3.6/pkcs11/util copying pkcs11/util/dsa.py -> build/lib.linux-x86_64-3.6/pkcs11/util copying pkcs11/util/ec.py -> build/lib.linux-x86_64-3.6/pkcs11/util copying pkcs11/util/rsa.py -> build/lib.linux-x86_64-3.6/pkcs11/util copying pkcs11/util/x509.py -> build/lib.linux-x86_64-3.6/pkcs11/util running egg_info creating python_pkcs11.egg-info writing python_pkcs11.egg-info/PKG-INFO writing dependency_links to python_pkcs11.egg-info/dependency_links.txt writing requirements to python_pkcs11.egg-info/requires.txt writing top-level names to python_pkcs11.egg-info/top_level.txt writing manifest file 'python_pkcs11.egg-info/SOURCES.txt' cythoning pkcs11/_pkcs11.pyx to pkcs11/_pkcs11.c writing manifest file 'python_pkcs11.egg-info/SOURCES.txt' copying pkcs11/_errors.pyx -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/_mswin.pxd -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/_pkcs11.c -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/_pkcs11.pyx -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/_pkcs11_defn.pxd -> build/lib.linux-x86_64-3.6/pkcs11 copying pkcs11/_utils.pyx -> build/lib.linux-x86_64-3.6/pkcs11 running build_ext building 'pkcs11._pkcs11' extension creating build/temp.linux-x86_64-3.6 creating build/temp.linux-x86_64-3.6/pkcs11 gcc -pthread -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python3.6m -c pkcs11/_pkcs11.c -o build/temp.linux-x86_64-3.6/pkcs11/_pkcs11.o gcc -pthread -shared -Wl,-z,relro -Wl,-z,now -g build/temp.linux-x86_64-3.6/pkcs11/_pkcs11.o -L/usr/lib64 -lpython3.6m -o build/lib.linux-x86_64-3.6/pkcs11/_pkcs11.cpython-36m-x86_64-linux-gnu.so
thanks!
Okay, I think this is the same bug as https://github.com/danni/python-pkcs11/issues/70 but maybe in a different place. The epass lib doesn't set the higher bytes of the value, just the lower bytes, and so we're relying on what's in the stack.
Add some debugging around line 744 of _pkcs11.pyx
and see what value is before we send it to the HSM. I'm guessing it hasn't been zeroed correctly.
Hi!
I made some debug:
Object_class does not appear in console
key is equal to 0
key and value do not appear in console
If I execute the same code in Ubuntu Server 20.04 instead of Centos 8.2.2004 it works well. ¿Could the error be something else instead of the Library?
Hi!
SO: Centos 8.2.2004 library version: python-pkcs11(0.7.0) python version: python3.8
I'm trying to read a certificate from my token (epass2003) but i get this error:
Traceback (most recent call last):
File "test.py", line 131, in <module>
signer('aGFzaCBzaGEyNTY=', 'qwerty123456', 1)
File "test.py", line 109, in signer
for obj in session.get_objects(attrs=None):
File "pkcs11/_pkcs11.pyx", line 322, in pkcs11._pkcs11.SearchIter.__next__
File "pkcs11/_pkcs11.pyx", line 678, in pkcs11._pkcs11.Object._make
File "pkcs11/_pkcs11.pyx", line 733, in pkcs11._pkcs11.Object.__getitem__
File "pkcs11/_utils.pyx", line 35, in pkcs11._pkcs11._unpack_attributes
File "/usr/local/lib64/python3.6/site-packages/pkcs11/defaults.py", line 132, in <lambda>
lambda v: type_(unpack(v)))
File "/usr/lib64/python3.6/enum.py", line 293, in __call__
return cls.__new__(cls, value)
File "/usr/lib64/python3.6/enum.py", line 535, in __new__
return cls._missing_(value)
File "/usr/lib64/python3.6/enum.py", line 548, in _missing_
raise ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 94390496264193 is not a valid ObjectClass
If i execute the same code in Ubuntu flavour it works fine!
librarylibcastle.zip