Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: openCryptoki | Distribution: openSUSE Tumbleweed |
Version: 3.24.0 | Vendor: openSUSE |
Release: 6.2 | Build date: Wed Dec 11 08:25:11 2024 |
Group: Productivity/Security | Build host: reproducible |
Size: 935047 | Source RPM: openCryptoki-3.24.0-6.2.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://github.com/opencryptoki/opencryptoki | |
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware |
Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package contains the Slot Daemon (pkcsslotd) and general utilities.
CPL-1.0
* Wed Dec 11 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Moved pkcshsm_mk_change from openCryptoki-devel to openCryptoki (jsc#PED-10291, jsc#PED-10290) * Tue Dec 10 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Amended the .spec file (jsc#PED-10291, jsc#PED-10290) * Changed attributes - %attr(0640,root,%{pkcs_group}) - of files below: - %{_sysconfdir}/opencryptoki/strength.conf - %{_sysconfdir}/opencryptoki/p11sak_defined_attrs.conf * Thu Nov 21 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Amended the .spec file (jsc#PED-10291, jsc#PED-10290) - Improved handling of user/group. use existing user/group if they exist. create user/group if not (bsc#1225876) - Applied additional patch * ocki-3.24-remove-group-from-tests.patch * Fri Oct 04 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Amended the .spec file (jsc#PED-10241) - Updated the %configure flags for i586 - Implemented a logic to exclude i586 arch * Fri Sep 20 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Upgrade openCryptoki to version 3.24 (jsc#PED-10291, jsc#PED-10290, jsc#PED-10241) * Add support for building Opencryptoki on the IBM AIX platform * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) * Add support for protecting tokens with a token specific user group * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). - On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. - On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. - Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. - Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms * ICA/Soft: Add support for SHA based key derivation mechanisms * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE * EP11/CCA: Support live guest relocation for protected key (PKEY) operations * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider * ICSF: Add support for SHA-2 mechanisms * ICSF: Performance improvements for attribute retrieval * p11sak: Add support for exporting a key or certificate as URI-PEM file * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files * p11sak: Add option to show the master key verification patterns of secure keys * Bug fixes - Amended the .spec file - Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi - Added a new patch ocki-3.24-remove-make-install-chgrp.patch * Thu Jul 18 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Amended the .spec file accorinding to the recommendation in (bsc#1225876) * Thu Jul 11 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) * Wed Feb 07 2024 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch * Mon Feb 05 2024 Marcus Meissner <meissner@suse.com> - provide user(pkcs11) and group(pkcs11) * Mon Dec 04 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch * Thu Sep 21 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes * Fri May 26 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch * Thu Feb 16 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch. * Tue Feb 07 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Added patch for compile errors * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch -- Changed spec file to use %autosetup instead of %setup. * Mon Feb 06 2023 Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> - Updated the package openCryptoki 3.19.0 (jsc#PED-616, bsc#1207760), added the following patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * Mon Nov 28 2022 Mark Post <mpost@suse.com> - Updated spec file to set permissions on /etc/opencryptoki/strength.conf to be owned by root:pkcs11 with permissions of 640. (bsc#1205566) * Fri Sep 30 2022 Mark Post <mpost@suse.com> - Upgrade to version 3.19.0 (jsc#PED-616) + openCryptoki 3.19 - CCA: check for expected master key verification patterns at token init - CCA: check master key verification pattern of created keys to be as expected - EP11: check for expected wrapping key verification pattern at token init - EP11: check wrapping key verification pattern of created keys to be as expected - p11sak/pkcsconf: display PKCS#11 URIs - p11sak: add support for IBM specific Dilithium keys - p11sak: allow to list keys filtered by label - common: add support for dual-function cryptographic functions - Add support for C_SessionCancel function (PKCS#11 v3.0) - EP11: add support for schnorr signatures (mechanism CKM_IBM_ECDSA_OTHER) - EP11: add support for Bitcoin key derivation (mechanism CKM_IBM_BTC_DERIVE) - Bug fixes + openCryptoki 3.18 - Default to FIPS compliant token data format (tokversion = 3.12) - Add support for restricting usage of mechanisms and keys via a global policy - Add support for statistics counting of mechanism usage - ICA/EP11: Support libica version 4 - p11sak tool: Allow to set different attributes for public and private keys - Replaced ocki-3.17-remove-make-install-chgrp.patch with an updated version named ocki-3.19-remove-make-install-chgrp.patch to fit the current state of the source. - Removed the following obsolete patches: openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch * Wed Aug 10 2022 Mark Post <mpost@suse.com> - Added ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch for bsc#1202106. One test of the gen_purpose test cases fails with C_GetMechanismList #2 rc=CKR_BUFFER_TOO_SMALL" error on the EP11 Token. * Thu Jun 02 2022 Mark Post <mpost@suse.com> - Made the following changes for bsc#1199862 "Please install p11sak_defined_attrs.conf." * Replaced ocki-3.11-remove-make-install-chgrp.patch with ocki-3.17-remove-make-install-chgrp.patch to remove the "-g pkcs11" parameter from the install command in the Makefile * Updated the spec file to include /etc/opencryptoki/p11sak_defined_attrs.conf as a %config file with the necessary permissions and group ownership. * Wed Mar 23 2022 Mark Post <mpost@suse.com> - Added the following two patches for bac#1197395. The CKM_IBM_DILITHIUM mechanism does not show up as supported by the EP11 token when an upgraded EP11 host library is used. * openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch * openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch
/etc/opencryptoki /etc/opencryptoki/ccatok.conf /etc/opencryptoki/opencryptoki.conf /etc/opencryptoki/p11sak_defined_attrs.conf /etc/opencryptoki/strength.conf /usr/lib/systemd/system/pkcsslotd.service /usr/lib/tmpfiles.d/opencryptoki.conf /usr/lib64/opencryptoki /usr/lib64/opencryptoki/stdll /usr/sbin/p11sak /usr/sbin/pkcscca /usr/sbin/pkcsconf /usr/sbin/pkcshsm_mk_change /usr/sbin/pkcsicsf /usr/sbin/pkcsslotd /usr/sbin/pkcsstats /usr/sbin/pkcstok_admin /usr/sbin/pkcstok_migrate /usr/sbin/rcpkcsslotd /usr/share/doc/opencryptoki /usr/share/doc/opencryptoki/policy-example.conf /usr/share/doc/opencryptoki/strength-example.conf /usr/share/doc/packages/openCryptoki /usr/share/doc/packages/openCryptoki/FAQ /usr/share/doc/packages/openCryptoki/README.cca_stdll /usr/share/doc/packages/openCryptoki/README.devel /usr/share/doc/packages/openCryptoki/README.ep11_stdll /usr/share/doc/packages/openCryptoki/README.icsf_stdll /usr/share/doc/packages/openCryptoki/README.token_data /usr/share/doc/packages/openCryptoki/README.tpm_stdll /usr/share/doc/packages/openCryptoki/coding_style.md /usr/share/doc/packages/openCryptoki/doc.mk /usr/share/doc/packages/openCryptoki/openCryptoki-TFAQ.html /usr/share/doc/packages/openCryptoki/opencryptoki-howto.md /usr/share/doc/packages/openCryptoki/policy-example.conf /usr/share/doc/packages/openCryptoki/strength-example.conf /usr/share/doc/packages/openCryptoki/system_resources /usr/share/man/man1/p11sak.1.gz /usr/share/man/man1/pkcscca.1.gz /usr/share/man/man1/pkcsconf.1.gz /usr/share/man/man1/pkcshsm_mk_change.1.gz /usr/share/man/man1/pkcsicsf.1.gz /usr/share/man/man1/pkcsstats.1.gz /usr/share/man/man1/pkcstok_admin.1.gz /usr/share/man/man1/pkcstok_migrate.1.gz /usr/share/man/man5/opencryptoki.conf.5.gz /usr/share/man/man5/p11sak_defined_attrs.conf.5.gz /usr/share/man/man5/policy.conf.5.gz /usr/share/man/man5/strength.conf.5.gz /usr/share/man/man7/opencryptoki.7.gz /usr/share/man/man8/pkcsslotd.8.gz /usr/share/opencryptoki /usr/share/opencryptoki/policy-example.conf /usr/share/opencryptoki/strength-example.conf /var/lib/opencryptoki /var/lib/opencryptoki/ccatok /var/lib/opencryptoki/ccatok/TOK_OBJ /var/lib/opencryptoki/icsf /var/lib/opencryptoki/swtok /var/lib/opencryptoki/swtok/TOK_OBJ /var/lib/opencryptoki/tpm /var/log/opencryptoki
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jan 12 01:37:12 2025