openCryptoki

pool/openCryptoki

SHA256

Fork 1

4270ffd8d7 Accepting request 1325952 from security factory Ana Guerrero 2026-01-08 14:28:56 +00:00
82bb75df6a - Modified the .spec file for Immutable Mode (jsc#PED-14798) Nikolay Gueorguiev 2026-01-08 11:55:20 +00:00
385978d731 Upgrade openCryptoki to 3.26 (jsc#PED-14609) slfo-main Nikolay Gueorguiev 2025-12-12 09:22:59 +01:00
c68ee35ef8 Accepting request 1317282 from security Ana Guerrero 2025-11-12 20:15:03 +00:00
c44bad3aba - Upgrade openCryptoki to 3.26 * Soft: Add support for RSA keys up to 16K bits. * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later). * p11sak: Add support for generating RSA keys up to 16K bits. * Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION). * Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN. * p11sak: Add support for SHA-HMAC key types and key generation. * p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping with various key wrapping mechanism. * p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider. * p11sak: Add support for exporting non-sensitive private keys to password protected PEM files. * Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0). * EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE. * p11sak: Add support for generating BLS12-381 EC keys. * EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16). * CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later). * Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured). * p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types. * Bug fixes. - Removed obsolete patches * ocki-3.25-remove-make-install-chgrp.patch * ocki-3.25-PKCSSLOTD-Remove-the-use-of-MD5.patch - Applied a new patch for version 3.26 * ocki-3.26-remove-make-install-chgrp.patch Nikolay Gueorguiev 2025-11-12 09:51:57 +00:00
a4136eb6b0 Applied a patch (bsc#1248002) Nikolay Gueorguiev 2025-10-20 14:39:49 +02:00
c3bf64bbeb Sync changes to SLFO-1.2 branch slfo-1.2 Adrian Schröter 2025-08-20 09:58:19 +02:00
09debdf754 Accepting request 1300040 from security Ana Guerrero 2025-08-18 14:07:55 +00:00
d1ed782ea5 Corrected a 'typo'. Nikolay Gueorguiev 2025-08-18 10:13:37 +00:00
2adac5327d Accepting request 1299327 from security Dominique Leuenberger 2025-08-14 11:15:26 +00:00
5109b8e9c7 - Applied a patch (bsc#1248002) * ocki-3.25-PKCSSLOTD-Remove-the-use-of-MD5.patch Nikolay Gueorguiev 2025-08-14 06:54:39 +00:00
c1572a29e7 Accepting request 1296266 from security Dominique Leuenberger 2025-07-30 09:44:47 +00:00
148c16ad39 - Add riscv54 to openCryptoki_64bit_arch Nikolay Gueorguiev 2025-07-29 08:03:12 +00:00
a8fc1c77d5 Accepting request 1291212 from security Ana Guerrero 2025-07-09 15:27:02 +00:00
fb5379acfa Accepting request 1291211 from home:ngueorguiev:branches:security Nikolay Gueorguiev 2025-07-08 09:55:02 +00:00
06c7a2b6cb Accepting request 1286095 from security Ana Guerrero 2025-06-17 16:21:17 +00:00
c0c363b296 - Upgrade openCryptoki to version 3.25 * Updates/add supports - ICA/Soft: Add support for PKCS#11 v3.0 SHAKE key derivation - EP11: Add support for PKCS#11 v3.0 SHA3 and SHA3-HMAC mechanisms - EP11: Add support for PKCS#11 v3.0 SHA3 mechanisms and MGFs for RSA-OAEP - EP11: Add support for PKCS#11 v3.0 SHA3 variants of RSA-PKCS and ECDSA mechanisms - CCA: Add support for CCA AES CIPHER secure key types - CCA: Add support for the CKM_ECDH1_DERIVE mechanism - Soft/ICA: Add support for the CKM_AES_KEY_WRAP[_*] mechanisms - CCA/Soft/ICA: Add support for the CKM_RSA_AES_KEY_WRAP mechanism - Soft/ICA: Add support for the CKM_ECDH_AES_KEY_WRAP mechanism - ICA: Report mechanisms dependent on if libica is in FIPS mode - P11KMIP: Add a tool for import and exporting PKCS#11 keys to a KMIP server - EP11: Add support for opaque secure key blob import via C_CreateObject - Soft/ICA: Add support for key wrapping with AES-GCM - CCA: Add support for newer CCA versions on s390x and non-s390x platforms - CCA: Add support for CKM_AES_GCM (single-part operations only) * Amended the .spec file * Removed obsolete patches: - ocki-3.24-remove-group-from-tests.patch - ocki-3.24-remove-make-install-chgrp.patch * Applied a new patch for version 3.25 - ocki-3.25-remove-make-install-chgrp.patch * Bug fixes Nikolay Gueorguiev 2025-06-16 12:15:23 +00:00
f63b6c5588 - Upgrade openCryptoki to version 3.25 * Updates/add supports - ICA/Soft: Add support for PKCS#11 v3.0 SHAKE key derivation - EP11: Add support for PKCS#11 v3.0 SHA3 and SHA3-HMAC mechanisms - EP11: Add support for PKCS#11 v3.0 SHA3 mechanisms and MGFs for RSA-OAEP - EP11: Add support for PKCS#11 v3.0 SHA3 variants of RSA-PKCS and ECDSA mechanisms - CCA: Add support for CCA AES CIPHER secure key types - CCA: Add support for the CKM_ECDH1_DERIVE mechanism - Soft/ICA: Add support for the CKM_AES_KEY_WRAP[_*] mechanisms - CCA/Soft/ICA: Add support for the CKM_RSA_AES_KEY_WRAP mechanism - Soft/ICA: Add support for the CKM_ECDH_AES_KEY_WRAP mechanism - ICA: Report mechanisms dependent on if libica is in FIPS mode - P11KMIP: Add a tool for import and exporting PKCS#11 keys to a KMIP server - EP11: Add support for opaque secure key blob import via C_CreateObject - Soft/ICA: Add support for key wrapping with AES-GCM - CCA: Add support for newer CCA versions on s390x and non-s390x platforms - CCA: Add support for CKM_AES_GCM (single-part operations only) * Amended the .spec file * Removed obsolete patches: - ocki-3.24-remove-group-from-tests.patch - ocki-3.24-remove-make-install-chgrp.patch * Applied a new patch for version 3.25 - ocki-3.25-remove-make-install-chgrp.patch * Bug fixes Nikolay Gueorguiev 2025-06-16 11:51:21 +00:00
1b384ad0c5 Accepting request 1230009 from security Ana Guerrero 2024-12-11 20:04:19 +00:00
5ef07f9781 - Moved pkcshsm_mk_change from openCryptoki-devel to openCryptoki (jsc#PED-10291, jsc#PED-10290) Nikolay Gueorguiev 2024-12-11 07:33:45 +00:00
e2c621380b Accepting request 1229705 from security Ana Guerrero 2024-12-10 22:43:57 +00:00
dd70f3c654 - Amended the .spec file (jsc#PED-10291, jsc#PED-10290) * Changed attributes - %attr(0640,root,%{pkcs_group}) - of files below: - %{_sysconfdir}/opencryptoki/strength.conf - %{_sysconfdir}/opencryptoki/p11sak_defined_attrs.conf Nikolay Gueorguiev 2024-12-10 08:19:18 +00:00
a8259b2ab7 Accepting request 1225574 from security Ana Guerrero 2024-11-21 14:19:32 +00:00
331c79661a - Amended the .spec file (jsc#PED-10291, jsc#PED-10290) - Improved handling of user/group. use existing user/group if they exist. create user/group if not (bsc#1225876) - Applied additional patch * ocki-3.24-remove-group-from-tests.patch Nikolay Gueorguiev 2024-11-21 11:04:41 +00:00
734886bc1f Accepting request 1208277 from security Ana Guerrero 2024-10-16 21:48:21 +00:00
be36dcd909 - Amended the .spec file (jsc#PED-10241) - Updated the %configure flags for i586 - Implemented a logic to exclude i586 arch - Upgrade openCryptoki to version 3.24 (jsc#PED-10291, jsc#PED-10290, jsc#PED-10241) * Add support for building Opencryptoki on the IBM AIX platform * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) * Add support for protecting tokens with a token specific user group * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). - On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. - On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. - Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. - Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms * ICA/Soft: Add support for SHA based key derivation mechanisms * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE * EP11/CCA: Support live guest relocation for protected key (PKEY) operations * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider * ICSF: Add support for SHA-2 mechanisms * ICSF: Performance improvements for attribute retrieval * p11sak: Add support for exporting a key or certificate as URI-PEM file * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files * p11sak: Add option to show the master key verification patterns of secure keys * Bug fixes - Amended the .spec file - Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi - Added a new patch ocki-3.24-remove-make-install-chgrp.patch - Amended the .spec file accorinding to the recommendation in (bsc#1225876) - Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch - provide user(pkcs11) and group(pkcs11) - Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch - Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch. Nikolay Gueorguiev 2024-10-16 06:53:40 +00:00
e29b370f5e Accepting request 1205659 from security Ana Guerrero 2024-10-07 19:49:12 +00:00
bf201b0bdc - Amended the .spec file (jsc#PED-10241) - Updated the %configure flags - Upgrade openCryptoki to version 3.24 (jsc#PED-10291, jsc#PED-10290, jsc#PED-10241) * Add support for building Opencryptoki on the IBM AIX platform * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) * Add support for protecting tokens with a token specific user group * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). - On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. - On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. - Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. - Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms * ICA/Soft: Add support for SHA based key derivation mechanisms * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE * EP11/CCA: Support live guest relocation for protected key (PKEY) operations * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider * ICSF: Add support for SHA-2 mechanisms * ICSF: Performance improvements for attribute retrieval * p11sak: Add support for exporting a key or certificate as URI-PEM file * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files * p11sak: Add option to show the master key verification patterns of secure keys * Bug fixes - Amended the .spec file - Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi - Added a new patch ocki-3.24-remove-make-install-chgrp.patch - Amended the .spec file accorinding to the recommendation in (bsc#1225876) - Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch - provide user(pkcs11) and group(pkcs11) - Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch - Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch. Nikolay Gueorguiev 2024-10-04 08:28:42 +00:00
9fe6016626 Accepting request 1202163 from security Ana Guerrero 2024-09-20 15:12:26 +00:00
1cfa0e9e91 - Upgrade openCrytoki to version 3.24 (jsc#PED-10291, jsc#PED-10290, jsc#PED-10241) * Add support for building Opencryptoki on the IBM AIX platform * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) * Add support for protecting tokens with a token specific user group * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). - On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. - On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. - Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. - Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms * ICA/Soft: Add support for SHA based key derivation mechanisms * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE * EP11/CCA: Support live guest relocation for protected key (PKEY) operations * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider * ICSF: Add support for SHA-2 mechanisms * ICSF: Performance improvements for attribute retrieval * p11sak: Add support for exporting a key or certificate as URI-PEM file * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files * p11sak: Add option to show the master key verification patterns of secure keys * Bug fixes - Amended the .spec file - Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi - Added a new patch ocki-3.24-remove-make-install-chgrp.patch Nikolay Gueorguiev 2024-09-20 10:45:31 +00:00
979c716e03 Accepting request 1188413 from security Ana Guerrero 2024-07-19 13:28:08 +00:00
26cdc6eb56 Removed "Requires" for getent command. Nikolay Gueorguiev 2024-07-18 13:34:26 +00:00
18d764e160 - Amended the .spec file accorinding to the recommendation in (bsc#1225876) Nikolay Gueorguiev 2024-07-18 06:18:42 +00:00
9a9c04005d Accepting request 1187558 from security Ana Guerrero 2024-07-15 17:46:41 +00:00
ca14227cab - Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch - provide user(pkcs11) and group(pkcs11) - Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch - Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch. Nikolay Gueorguiev 2024-07-15 13:15:34 +00:00
dfcb5e44da Accepting request 1187028 from security Ana Guerrero 2024-07-12 15:04:51 +00:00
6adf9fe8e7 - Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch - provide user(pkcs11) and group(pkcs11) - Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch - Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch. Nikolay Gueorguiev 2024-07-12 08:23:44 +00:00
c45457d1b7 Accepting request 1186784 from security Ana Guerrero 2024-07-11 18:33:09 +00:00
5a473c2505 - Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) Nikolay Gueorguiev 2024-07-11 08:09:59 +00:00
b58c7a82ee Accepting request 1144813 from security Ana Guerrero 2024-02-07 17:49:51 +00:00
2724046aa7 Accepting request 1144812 from home:ngueorguiev:branches:security Nikolay Gueorguiev 2024-02-07 07:52:33 +00:00
e643acdba0 Accepting request 1144144 from security Ana Guerrero 2024-02-05 21:01:37 +00:00
dc5f0e29cf Accepting request 1144142 from home:msmeissn:branches:security Nikolay Gueorguiev 2024-02-05 09:04:37 +00:00
6e0c8bdcc5 Accepting request 1130787 from security Ana Guerrero 2023-12-04 22:02:10 +00:00
1ec37d5138 Accepting request 1130784 from home:ngueorguiev:branches:security Nikolay Gueorguiev 2023-12-04 13:55:51 +00:00
8547c44c9d Accepting request 1130765 from home:ngueorguiev:branches:security Nikolay Gueorguiev 2023-12-04 13:12:20 +00:00
d8a4f57221 Accepting request 1112796 from security Ana Guerrero 2023-09-21 20:23:34 +00:00
a44a3cdeeb Accepting request 1112795 from home:ngueorguiev:branches:security Nikolay Gueorguiev 2023-09-21 11:13:54 +00:00
36a196394b Accepting request 1089152 from security Dominique Leuenberger 2023-05-26 18:15:43 +00:00
7aa2bb9da2 Accepting request 1089151 from home:ngueorguiev:branches:security Nikolay Gueorguiev 2023-05-26 07:50:50 +00:00
788aa4046a Accepting request 1089144 from home:ngueorguiev:branches:security Nikolay Gueorguiev 2023-05-26 06:46:11 +00:00
1c939703a3 Accepting request 1066182 from security Dominique Leuenberger 2023-02-16 15:57:19 +00:00
8c6d50ec24 Accepting request 1066181 from home:ngueorguiev:branches:security Nikolay Gueorguiev 2023-02-16 13:33:42 +00:00
d227b6f7d5 Accepting request 1063654 from security Dominique Leuenberger 2023-02-07 17:50:57 +00:00
b617a4aaa3 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=129 Mark Post 2023-02-07 15:46:35 +00:00
f41ca9bf97 Accepting request 1063652 from home:ngueorguiev:branches:security Mark Post 2023-02-07 15:45:43 +00:00
9f24a418bb Accepting request 1038744 from security Dominique Leuenberger 2022-11-29 09:53:57 +00:00
2048190bdd Accepting request 1038743 from home:markkp:branches:security Mark Post 2022-11-28 16:48:10 +00:00
b0fff8ca7a Accepting request 1008259 from security Richard Brown 2022-10-06 05:42:40 +00:00
4ab3207014 Accepting request 1008258 from home:markkp:branches:security Mark Post 2022-10-05 16:08:30 +00:00
364ea8530c Accepting request 964349 from security Dominique Leuenberger 2022-03-23 19:19:26 +00:00
30e85a8c82 Accepting request 964348 from home:markkp:branches:security Mark Post 2022-03-23 17:53:12 +00:00
66e9144b70 Accepting request 926995 from security Dominique Leuenberger 2021-10-22 22:51:05 +00:00
0fae8d9d81 Accepting request 926994 from home:markkp:branches:security Mark Post 2021-10-22 14:14:12 +00:00
437f73eba9 Accepting request 926834 from home:markkp:branches:security Mark Post 2021-10-21 20:48:47 +00:00
a86d9d3f8e Accepting request 919254 from security Dominique Leuenberger 2021-09-15 20:51:36 +00:00
a778db96d8 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=119 Mark Post 2021-09-15 14:40:49 +00:00
407ecfdaa4 - Added the following patches for bsc#1182726 " p11sak list-key segfault" * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch Added NULL pointer to avoid double free() for the list-key and remove-key commands. * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch Note that two hunks that were unrelated to fixing the running code were removed from this patch. * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch Mark Post 2021-09-15 14:29:40 +00:00
45d43aadc0 Accepting request 872977 from security Dominique Leuenberger 2021-02-17 17:12:21 +00:00
6e14030074 Accepting request 872976 from home:markkp:branches:security Mark Post 2021-02-16 21:24:55 +00:00
aa124905ea Accepting request 866674 from security Dominique Leuenberger 2021-01-26 13:46:44 +00:00
a15ba93dba Accepting request 866673 from home:markkp:branches:security Mark Post 2021-01-25 20:49:50 +00:00
c901ea9431 Accepting request 865508 from security Dominique Leuenberger 2021-01-22 20:52:07 +00:00
247e91e02d OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=112 Mark Post 2021-01-21 21:07:16 +00:00
b05ff947e8 Accepting request 865419 from home:kukuk:branches:security Mark Post 2021-01-21 21:06:37 +00:00
939afd4257 Accepting request 844928 from security Dominique Leuenberger 2020-10-30 10:49:31 +00:00
5d9c7f380f Accepting request 844927 from home:markkp:branches:security Mark Post 2020-10-29 21:42:20 +00:00
726ec042cb Accepting request 843292 from security Dominique Leuenberger 2020-10-27 17:58:57 +00:00
18f1af0cf7 Accepting request 843291 from home:markkp:branches:security Mark Post 2020-10-21 23:18:53 +00:00
dbe3a3a7ff Accepting request 843288 from home:markkp:branches:security Mark Post 2020-10-21 23:12:00 +00:00
3535ace4c8 Accepting request 761262 from security Dominique Leuenberger 2020-01-07 22:52:36 +00:00
22f37498e5 Accepting request 761261 from home:markkp:branches:security Mark Post 2020-01-06 19:39:12 +00:00
5a672f85f2 Accepting request 753057 from security Dominique Leuenberger 2019-12-03 11:42:46 +00:00
1470911ed6 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=102 Mark Post 2019-12-02 21:42:49 +00:00
c0154ab939 - Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch Mark Post 2019-12-02 21:40:41 +00:00
cbd45d26e5 Accepting request 747496 from security Dominique Leuenberger 2019-11-12 10:56:28 +00:00
e32a01b2c9 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=99 Mark Post 2019-11-12 06:10:24 +00:00
c1dc5b2de9 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=98 Mark Post 2019-11-12 06:09:22 +00:00
013583e4c0 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=97 Mark Post 2019-11-12 06:08:06 +00:00
b8166a529f OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=96 Mark Post 2019-11-12 06:02:35 +00:00
fa64604504 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=95 Mark Post 2019-11-12 06:02:02 +00:00
be04f8e20e - Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch Mark Post 2019-11-12 06:00:01 +00:00
f819296223 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=93 Mark Post 2019-11-12 05:57:00 +00:00
125bf08e32 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=92 Mark Post 2019-11-12 05:40:48 +00:00
d6fbf12ace Accepting request 747465 from home:markkp:branches:security Mark Post 2019-11-12 05:07:33 +00:00
9a0779e2dd Accepting request 728363 from security Dominique Leuenberger 2019-09-05 10:46:48 +00:00
b9b0c3bdde Accepting request 728362 from home:markkp:branches:security Mark Post 2019-09-04 22:38:50 +00:00
83aa39444a Accepting request 676277 from security Dominique Leuenberger 2019-02-15 09:04:16 +00:00
61fa2dac51 Accepting request 676276 from home:markkp:branches:security Mark Post 2019-02-15 05:33:31 +00:00
273033a82d Accepting request 655691 from security Dominique Leuenberger 2018-12-07 13:35:57 +00:00

1 2

Commit Graph Select branches Hide Pull Requests factory slfo-1.2 slfo-main Mono Color

Commit Graph

Select branches

Hide Pull Requests

factory

slfo-1.2

slfo-main