Migrate away from / patch version of pkcs11

[5225225]

In https://github.com/rust-lang/rust/pull/98839 a check for transmute_copy's precondition that T is not smaller than U was added. A crater run was done, which did affect pkcs11, but I didn't think to check reverse dependencies. This seems to be the only major crate that uses it?

I made an issue (https://github.com/mheese/rust-pkcs11/issues/55) and later a PR (https://github.com/mheese/rust-pkcs11/pull/56) to fix it, but the project's not seen activity in 2 years, so odds of it getting fixed is slim. And judging from the issue list, the crate has a fair amount of other problems with it.

Not all APIs are affected, but some are.

I also made an issue for a rustsec advisory, but seeing as I don't know the crate too well, and there's more than a few issues, I didn't write it up.

[ionut-arm]

Hello!

We've been trying to create a replacement for pkcs11 in cryptoki because of the security issues we found while using it, and because the maintainer of that crate seems to have abandoned it. cryptoki is essentially a fork of pkcs11 in which we've tried to fix the problems related to memory handling. Unfortunately we don't have too much spare bandwidth to continue development in a sustained way, but we're happy to get contributions from the community. Hope this helps.

[sesi200]

Hi guys, thank you very much for notifying us! @krpeacock is looking into it together with our security team.

[ionut-arm]

If you do find any (security) issues with the crate please feed that back 🙏🏻 Thanks!