pool/openCryptoki
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:factory
Branches Tags
pool:slfo-main pool:factory pool:slfo-1.2

10 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
24583f1501 Accepting request 1328731 from security 
OBS-URL: https://build.opensuse.org/request/show/1328731
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=91
 2026-01-23 16:32:08 +00:00
Nikolay Gueorguiev
bbadd732ed - Applied a patch (bsc#1257116, CVE-2026-23893) 
* openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=183
 2026-01-22 17:15:53 +00:00
Ana Guerrero
ffb19a4177 Accepting request 1327236 from security 
OBS-URL: https://build.opensuse.org/request/show/1327236
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=90
 2026-01-14 15:24:57 +00:00
Nikolay Gueorguiev
c4c6aec322 - Applied a patch (bsc#1256673, CVE-2026-22791) 
* openCryptoki-CVE-2026-22791-commit-e37e912.patch

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=181
 2026-01-14 13:46:00 +00:00
Ana Guerrero
4270ffd8d7 Accepting request 1325952 from security 
OBS-URL: https://build.opensuse.org/request/show/1325952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=89
 2026-01-08 14:28:56 +00:00
Nikolay Gueorguiev
82bb75df6a - Modified the .spec file for Immutable Mode (jsc#PED-14798) 
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=179
 2026-01-08 11:55:20 +00:00
Ana Guerrero
c68ee35ef8 Accepting request 1317282 from security 
OBS-URL: https://build.opensuse.org/request/show/1317282
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=88
 2025-11-12 20:15:03 +00:00
Nikolay Gueorguiev
c44bad3aba - Upgrade openCryptoki to 3.26 
* Soft: Add support for RSA keys up to 16K bits.
  * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later).
  * p11sak: Add support for generating RSA keys up to 16K bits.
  * Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION).
  * Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN.
  * p11sak: Add support for SHA-HMAC key types and key generation.
  * p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping 
    with various key wrapping mechanism.
  * p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider.
  * p11sak: Add support for exporting non-sensitive private keys to password protected PEM files.
  * Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0).
  * EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE.
  * p11sak: Add support for generating BLS12-381 EC keys.
  * EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and 
    a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16).
  * CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later).
  * Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured).
  * p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types.
  * Bug fixes. 
- Removed obsolete patches
  * ocki-3.25-remove-make-install-chgrp.patch 
  * ocki-3.25-PKCSSLOTD-Remove-the-use-of-MD5.patch
- Applied a new patch for version 3.26
  * ocki-3.26-remove-make-install-chgrp.patch

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=177
 2025-11-12 09:51:57 +00:00
Ana Guerrero
09debdf754 Accepting request 1300040 from security 
OBS-URL: https://build.opensuse.org/request/show/1300040
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=87
 2025-08-18 14:07:55 +00:00
Nikolay Gueorguiev
d1ed782ea5 Corrected a 'typo'. 
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=175
 2025-08-18 10:13:37 +00:00
2 changed files with 20 additions and 14 deletions
Expand all files Collapse all files

10
openCryptoki.changes
View File

@@ -1,20 +1,24 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 26 11:23:44 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> Thu Jan 22 16:34:43 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Applied a patch (bsc#1257116, CVE-2026-23893) - Applied a patch (bsc#1257116, CVE-2026-23893)
* openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch * openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 16 08:33:23 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> Wed Jan 14 13:06:33 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Applied a patch (bsc#1256673, CVE-2026-22791) - Applied a patch (bsc#1256673, CVE-2026-22791)
* openCryptoki-CVE-2026-22791-commit-e37e912.patch * openCryptoki-CVE-2026-22791-commit-e37e912.patch
-------------------------------------------------------------------
Thu Jan 8 10:14:17 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Modified the .spec file for Immutable Mode (jsc#PED-14798) - Modified the .spec file for Immutable Mode (jsc#PED-14798)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 12 09:04:02 UTC 2025 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> Wed Nov 12 09:04:02 UTC 2025 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Upgrade openCryptoki to 3.26 (jsc#PED-14609) - Upgrade openCryptoki to 3.26
* Soft: Add support for RSA keys up to 16K bits. * Soft: Add support for RSA keys up to 16K bits.
* CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later). * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later).
* p11sak: Add support for generating RSA keys up to 16K bits. * p11sak: Add support for generating RSA keys up to 16K bits.

20
openCryptoki.spec
View File

@@ -26,6 +26,16 @@
%define pkcs_group pkcs11 %define pkcs_group pkcs11
%define oc_cvs_tag opencryptoki %define oc_cvs_tag opencryptoki
%ifarch s390 s390x
%define ocki_conf_flags --enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate
%else
%ifnarch i586
%define ocki_conf_flags --disable-icatok --enable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --enable-pkcscca_migrate
%else
%define ocki_conf_flags --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate
%endif
%endif
Name: openCryptoki Name: openCryptoki
Version: 3.26.0 Version: 3.26.0
Release: 0 Release: 0
@@ -156,15 +166,7 @@ cp %{SOURCE2} .
%ifarch aarch64 # Apparently, gcc for aarch64 doesn't support transactional memory %ifarch aarch64 # Apparently, gcc for aarch64 doesn't support transactional memory
--enable-locks \ --enable-locks \
%endif %endif
%ifarch s390 s390x %{ocki_conf_flags}
--enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate
%else
%ifnarch i586
--disable-icatok --enable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --enable-pkcscca_migrate
%else
--disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate
%endif
%endif
make %{?_smp_mflags} make %{?_smp_mflags}
dos2unix doc/README.ep11_stdll dos2unix doc/README.ep11_stdll