Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openCryptoki-32bit-3.23.0-5.1 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: openCryptoki-32bit Distribution: openSUSE Tumbleweed
Version: 3.23.0 Vendor: openSUSE
Release: 5.1 Build date: Thu Jul 18 08:07:40 2024
Group: Productivity/Security Build host: reproducible
Size: 1867859 Source RPM: openCryptoki-3.23.0-5.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://github.com/opencryptoki/opencryptoki
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
This is a re-packaged binary rpm. For the package source, please look
for the source of the package without the "32bit" ending

The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).

Provides

Requires

License

CPL-1.0

Changelog

* Thu Jul 18 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Amended the .spec file accorinding to the recommendation in (bsc#1225876)
* Thu Jul 11 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Updated the .spec file (bsc#1225876, bsc#1227280)
    * Amended for group %{pkcs_group} and user pkcsslotd
    * Copying example script files from /usr/share/doc/opencryptoki to
      /usr/share/opencryptoki (policy-example.conf and strength-example.conf)
      in case that there is 'rpm.install.excludedocs=yes' set in the
      zypper.conf(zypp.conf)
* Wed Feb 07 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)
    * EP11: Add support for FIPS-session mode
    * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914)
    * Bug fixes
  - Renamed ocki-3.22-remove-make-install-chgrp.patch to
      ocki-3.23-remove-make-install-chgrp.patch
* Mon Feb 05 2024 Marcus Meissner <meissner@suse.com>
  - provide user(pkcs11) and group(pkcs11)
* Mon Dec 04 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Amended the .spec file  for pkcsslotd (jsc#1217703)
    * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to
      ocki-3.22-remove-make-install-chgrp.patch
* Thu Sep 21 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Upgrade to version 3.22 (jsc#PED-3361)
    * openCryptoki 3.22
    - CCA: Add support for the AES-XTS key type using CPACF protected keys
    - p11sak: Add support for managing certificate objects
    - p11sak: Add support for public sessions (no-login option)
    - p11sak: Add support for logging in as SO (security Officer)
    - p11sak: Add support for importing/exporting Edwards and Montgomery keys
    - p11sak: Add support for importing of RSA-PSS keys and certificates
    - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different
    * Bug fixes
* Fri May 26 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361)
    * openCryptoki 3.21
    - EP11 and CCA: Support concurrent HSM master key changes
    - CCA: protected-key option
    - pkcsslotd: no longer run as root user and further hardening
    - p11sak: Add support for additional key types (DH, DSA, generic secret)
    - p11sak: Allow wildcards in label filter
    - p11sak: Allow to specify hex value for CKA_ID attribute
    - p11sak: Support sorting when listing keys
    - p11sak: New commands: set-key-attr, copy-key to modify and copy keys
    - p11sak: New commands: import-key, export-key to import and export keys
    - Remove support for --disable-locks (transactional memory)
    - Updates to harden against RSA timing attacks
    - Bug fixes
  - Amended a new patch to fit the version 3.21
    * ocki-3.21-remove-make-install-chgrp.patch
  - Removed the old patch for the version 3.20
    * ocki-3.20-remove-make-install-chgrp.patch
* Thu Feb 16 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Updated package to openCryptoki 3.20 (bsc#1207760,
      jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 )
  - Removed the following obsolite patches:
    * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch
    * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch
    * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch
    * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch
    * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch
    * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch
    * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch
    * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch
    * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch
    * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch
    * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch
    * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch
    * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch
    * ocki-3.19.0-0014-EP11-Add-new-control-points.patch
    * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch
    * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch
    * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch
    * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch
    * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch
    * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch
    * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch
    * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch
    * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch
    * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch
    * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch
    * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch
    * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch
    * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch
    * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch
    * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch
    * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch
    * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch
    * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch
    * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch
    * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch
  - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of
    the package and renamed it to  ocki-3.20-remove-make-install-chgrp.patch.
* Tue Feb 07 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Added patch for compile errors
    * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch
  -- Changed spec file to use %autosetup instead of %setup.
* Mon Feb 06 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
  - Updated the package openCryptoki 3.19.0 (jsc#PED-616, bsc#1207760), added the
    following patches:
    * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch
    * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch
    * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch
    * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch
    * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch
    * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch
    * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch
    * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch
    * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch
    * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch
    * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch
    * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch
    * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch
    * ocki-3.19.0-0014-EP11-Add-new-control-points.patch
    * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch
    * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch
    * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch
    * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch
    * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch
    * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch
    * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch
    * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch
    * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch
    * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch
    * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch
    * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch
    * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch
    * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch
    * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch
    * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch
    * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch
    * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch
    * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch
    * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch
* Mon Nov 28 2022 Mark Post <mpost@suse.com>
  - Updated spec file to set permissions on /etc/opencryptoki/strength.conf
    to be owned by root:pkcs11 with permissions of 640. (bsc#1205566)
* Fri Sep 30 2022 Mark Post <mpost@suse.com>
  - Upgrade to version 3.19.0 (jsc#PED-616)
    + openCryptoki 3.19
    - CCA: check for expected master key verification patterns at token init
    - CCA: check master key verification pattern of created keys to be as expected
    - EP11: check for expected wrapping key verification pattern at token init
    - EP11: check wrapping key verification pattern of created keys to be as expected
    - p11sak/pkcsconf: display PKCS#11 URIs
    - p11sak: add support for IBM specific Dilithium keys
    - p11sak: allow to list keys filtered by label
    - common: add support for dual-function cryptographic functions
    - Add support for C_SessionCancel function (PKCS#11 v3.0)
    - EP11: add support for schnorr signatures (mechanism CKM_IBM_ECDSA_OTHER)
    - EP11: add support for Bitcoin key derivation (mechanism CKM_IBM_BTC_DERIVE)
    - Bug fixes
    + openCryptoki 3.18
    - Default to FIPS compliant token data format (tokversion = 3.12)
    - Add support for restricting usage of mechanisms and keys via a global policy
    - Add support for statistics counting of mechanism usage
    - ICA/EP11: Support libica version 4
    - p11sak tool: Allow to set different attributes for public and private keys
  - Replaced ocki-3.17-remove-make-install-chgrp.patch with an updated
    version named ocki-3.19-remove-make-install-chgrp.patch to fit
    the current state of the source.
  - Removed the following obsolete patches:
    openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch
    openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch
    ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch
* Wed Aug 10 2022 Mark Post <mpost@suse.com>
  - Added ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch
    for bsc#1202106. One test of the gen_purpose test cases fails with
    C_GetMechanismList #2 rc=CKR_BUFFER_TOO_SMALL" error on the EP11 Token.
* Thu Jun 02 2022 Mark Post <mpost@suse.com>
  - Made the following changes for bsc#1199862 "Please install
    p11sak_defined_attrs.conf."
    * Replaced ocki-3.11-remove-make-install-chgrp.patch with
      ocki-3.17-remove-make-install-chgrp.patch to remove the
      "-g pkcs11" parameter from the install command in the Makefile
    * Updated the spec file to include
      /etc/opencryptoki/p11sak_defined_attrs.conf as a %config file
      with the necessary permissions and group ownership.
* Wed Mar 23 2022 Mark Post <mpost@suse.com>
  - Added the following two patches for bac#1197395. The CKM_IBM_DILITHIUM
    mechanism does not show up as supported by the EP11 token when an
    upgraded EP11 host library is used.
    * openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch
    * openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch
* Thu Oct 21 2021 Mark Post <mpost@suse.com>
  - Upgraded to version 3.17.0 (jsc#SLE-18326)
    + openCryptoki 3.17
    - tools: added function to list keys to p11sak
    - common: added support for OpenSSL 3.0
    - common: added support for event notifications
    - ICA: added SW fallbacks
    * openCryptoki 3.16
    - EP11: protected-key option
    - EP11: support attribute-bound keys
    - CCA: import and export of secure key objects
    - Bug fixes
  - Removed the following obsolete patches:
    ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
    ocki-3.15.1-Fix-compiling-with-c.patch
    ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch
    ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch
    ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch
    ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch
    ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch
    ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch
    ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch
    ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch
    ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch
    ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch
* Thu Aug 05 2021 Mark Post <mpost@suse.com>
  - Added the following patches for bsc#1188879:
    * ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch
      When modifying opencryptoki.conf during token migration, put quotes
      around strings that contain spaces, e.g. for the slot description and
      manufacturer.
    * ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch
      When migrating a slot the opencryptoki.conf file is modified. If it
      contains slots that already contain the 'tokversion = x.y' keyword,
      this is accidentally removed when migrating another slot.
    * ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch
      Change the code to use the pid file that pkcsslotd creates, and check
      if the process with the pid contained in the pid file still exists and
      runs pkcsslotd.
    * ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch
      Always quote the value of 'description' and 'manufacturer'. Quote the
      value of 'stdll', 'confname', and 'tokname' if it contains spaces, and
      never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'.
* Tue Jun 22 2021 Mark Post <mpost@suse.com>
  - Added the following patches for bsc#1182726 " p11sak list-key segfault"
    * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch
      Added NULL pointer to avoid double free() for the list-key and
      remove-key commands.
    * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch
      Note that two hunks that were unrelated to fixing the running
      code were removed from this patch.
    * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch
* Tue Jun 15 2021 Mark Post <mpost@suse.com>
  - Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch
    When constructing an OpenSSL EC public or private key from PKCS#11
    attributes or ECDH public data, check that the key is valid, i.e. that
    the point is on the curve.
    (bsc#1185976)
* Tue Feb 16 2021 Mark Post <mpost@suse.com>
  - Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch
    (bsc#1182120)
    Fix pkcscca migration fails with usr/sb2 is not a valid slot ID
  - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch
    (bsc#1182190)
    Fix a segmentation fault of the sess_opstate test on the Soft Token
* Mon Jan 25 2021 Mark Post <mpost@suse.com>
  - Added the following patches for bsc#1179319
    * Fix compiling with C++:
      ocki-3.15.1-Fix-compiling-with-c.patch
    * Added error message handling for p11sak remove-key command.
      ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
* Thu Jan 21 2021 Thorsten Kukuk <kukuk@suse.com>
  - Don't require pwdutils for build, dropped long ago and not needed

Files

/etc/ld.so.conf.d/opencryptoki-i586.conf
/usr/lib/opencryptoki/PKCS11_API.so
/usr/lib/opencryptoki/libopencryptoki.so
/usr/lib/opencryptoki/libopencryptoki.so.0
/usr/lib/opencryptoki/libopencryptoki.so.0.0.0
/usr/lib/opencryptoki/stdll/PKCS11_ICSF.so
/usr/lib/opencryptoki/stdll/PKCS11_SW.so
/usr/lib/opencryptoki/stdll/PKCS11_TPM.so
/usr/lib/opencryptoki/stdll/libpkcs11_icsf.so
/usr/lib/opencryptoki/stdll/libpkcs11_icsf.so.0
/usr/lib/opencryptoki/stdll/libpkcs11_icsf.so.0.0.0
/usr/lib/opencryptoki/stdll/libpkcs11_sw.so
/usr/lib/opencryptoki/stdll/libpkcs11_sw.so.0
/usr/lib/opencryptoki/stdll/libpkcs11_sw.so.0.0.0
/usr/lib/opencryptoki/stdll/libpkcs11_tpm.so
/usr/lib/opencryptoki/stdll/libpkcs11_tpm.so.0
/usr/lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0
/usr/lib/pkcs11
/usr/lib/pkcs11/PKCS11_API.so
/usr/lib/pkcs11/libopencryptoki.so
/usr/lib/pkcs11/methods
/usr/lib/pkcs11/stdll


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jan 12 02:11:34 2025