| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: opencryptoki-libs | Distribution: Fedora Project |
| Version: 3.27.0 | Vendor: Fedora Project |
| Release: 1.fc44 | Build date: Wed Jun 10 11:51:29 2026 |
| Group: Unspecified | Build host: buildhw-a64-05.rdu3.fedoraproject.org |
| Size: 282304 | Source RPM: opencryptoki-3.27.0-1.fc44.src.rpm |
| Packager: Fedora Project | |
| Url: https://github.com/opencryptoki/opencryptoki | |
| Summary: The run-time libraries for opencryptoki package | |
Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1, v3.2 for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package contains the PKCS#11 library implementation, and requires at least one token implementation (packaged separately) to be fully functional.
CPL-1.0
* Tue Jun 09 2026 Than Ngo <than@redhat.com> - 3.27.0-1
- Update to 3.27.0
* Add base support for PKCS#11 v3.2
* Add support for PKCS#11 v3.2 C_VerifySignature[Init|Update|Final]
* Add support for PKCS#11 v3.2 C_EncapsulateKey/C_DecapsulateKey
* Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with RSA-PKCS and RSA-OAEP mechanisms
* Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with the ECDH mechanism
* Soft/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with the DH-PKCS mechanism
* Soft: Add support for PKCS#11 v3.2 ML-DSA and ML-KEM key types
and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured)
* CCA: Add support for PKCS#11 v3.2 ML-DSA key type and mechanisms (requires CCA v8.4 or later)
* EP11: Add support for PKCS#11 v3.2 ML-DSA and ML-KEM key types and mechanisms
(requires an EP11 host library v4.2 or later, and a CEX8P crypto card with firmware v9.6 or
later on IBM z17, and v8.39 or later on IBM z16)
* p11sak: Add support for PKCS#11 v3.2 ML-DSA and ML-KEM key types
* Soft/ICA: Add support for PKCS#11 v3.2 mechanisms CKM_ECDH_X_AES_KEY_WRAP and CKM_ECDH_COF_AES_KEY_WRAP
* p11sak: Add support for key wrapping with PKCS#11 v3.2 mechanisms
CKM_ECDH_X_AES_KEY_WRAP and CKM_ECDH_COF_AES_KEY_WRAP
* Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.2 mechanism CKM_PUB_KEY_FROM_PRIV_KEY
* Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.0 Edwards and Montgomery key types and mechanisms
* Soft/ICA: Support CKM_ECDH_AES_KEY_WRAP also for Montgomery keys
* p11sak: Add support for PKCS#11 v3.0 Edwards and Montgomery key types
* Soft: Add support for CKM_ECDH1_COFACTOR_DERIVE
* CCA: Add support for additional RSA public exponent values 5, 17, or 257
* p11sak: Add option to list-key command to show EP11 session IDs
* Make the maximum number of token objects supported configurable
* Fixes for CVE-2026-40253, CVE-2026-23893, and CVE-2026-22791
* Bug fixes
- Drop %{ix86} build
* Tue May 05 2026 Than Ngo <than@redhat.com> - 3.26.0-3
- Fix rhbz#2432016: CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following
* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 3.26.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Nov 28 2025 Than Ngo <than@redhat.com> - 3.26.0-1
- Update to 3.26.0
* Tue Jul 29 2025 Than Ngo <than@redhat.com> - 3.25.0-4
- Require openssl >= 3.5.1
- Fix incorrect effective group id of pkcsslotd daemon
- Fix covscan findings
- Fix detection of EC curve not supported by OpenSSL-3.5.x
- Fix the image mode issue again as bootc expects to use /run/lock
* Thu Jul 24 2025 Fedora Release Engineering <releng@fedoraproject.org> - 3.25.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 10 2025 Than Ngo <than@redhat.com> - 3.25.0-2
- Enable testsuite
* Tue Jun 10 2025 Than Ngo <than@redhat.com> - 3.25.0-1
- Update to 3.25.0
- Drop patches which are included in upstream
- Adapt p11sak patch
- Fix RPM build warnings
- Add jq and openssl in Build Requirement, required for testcases
* Tue Apr 29 2025 Than Ngo <than@redhat.com> - 3.24.0-9
- Fix, opencryptoki doesn't work in image mode
* Wed Mar 12 2025 Than Ngo <than@redhat.com> - 3.24.0-8
- Fix rpminspect issue
* Thu Feb 27 2025 Than Ngo <than@redhat.com> - 3.24.0-7
- Fix, opencryptoki tokens are deleted on reboot
* Tue Feb 11 2025 Than Ngo <than@redhat.com> - 3.24.0-6
- Remove call to
* Tue Feb 04 2025 Than Ngo <than@redhat.com> - 3.24.0-5
- Use tmpfiles to change file ownership for image mode
* Tue Feb 04 2025 Than Ngo <than@redhat.com> - 3.24.0-4
- Fix opencryptoki for image mode
* Fri Jan 17 2025 Fedora Release Engineering <releng@fedoraproject.org> - 3.24.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Sep 13 2024 Than Ngo <than@redhat.com> - 3.24.0-2
- build with --enable-pkcscca_migrate
- fix build error due to incompatible pointer types
* Fri Sep 13 2024 Than Ngo <than@redhat.com> - 3.24.0-1
- Update to 3.24.0
* Add support for building Opencryptoki on the IBM AIX platform
* Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64)
* Add support for protecting tokens with a token specific user group
* EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE
* CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later
* CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM).
On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants.
On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported
* CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms
* CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms
* ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later
* ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms
* ICA/Soft: Add support for SHA based key derivation mechanisms
* ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH
* EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE
* EP11/CCA: Support live guest relocation for protected key (PKEY) operations
* Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider
* ICSF: Add support for SHA-2 mechanisms
* ICSF: Performance improvements for attribute retrieval
* p11sak: Add support for exporting a key or certificate as URI-PEM file
* p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files
* p11sak: Add option to show the master key verification patterns of secure keys
* Bug fixes
- Remove i686 support as upsrtream will get rid of 32-bit support, https://github.com/opencryptoki/opencryptoki/issues/174
- Remove lockdir.patch
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.23.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
/etc/ld.so.conf.d/opencryptoki-aarch64.conf /usr/lib/.build-id /usr/lib/.build-id/7e /usr/lib/.build-id/7e/a9ea98aa2de13fc075e16f75f3bf13dcff2548 /usr/lib/sysusers.d/opencryptoki.sysusers.conf /usr/lib64/opencryptoki /usr/lib64/opencryptoki/PKCS11_API.so /usr/lib64/opencryptoki/libopencryptoki.so /usr/lib64/opencryptoki/libopencryptoki.so.0 /usr/lib64/opencryptoki/libopencryptoki.so.0.0.0 /usr/lib64/opencryptoki/stdll /usr/lib64/pkcs11 /usr/lib64/pkcs11/PKCS11_API.so /usr/lib64/pkcs11/libopencryptoki.so /usr/lib64/pkcs11/stdll /usr/share/licenses/opencryptoki-libs /usr/share/licenses/opencryptoki-libs/LICENSE /var/log/opencryptoki
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Jun 11 23:43:44 2026