- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7894, jsc#SLE-7915, jsc#SLE-7918)
* Update token pin and data store encryption for soft,ica,cca and ep11
* EP11: Allow importing of compressed EC public keys
* EP11: Add support for the CMAC mechanisms
* EP11: Add support for the IBM-SHA3 mechanisms
* SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
* ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
* EP11: Add config option USE_PRANDOM
* CCA: Use Random Number Generate Long for token_specific_rng()
* Common rng function: Prefer /dev/prandom over /dev/urandom
* ICA: add SHA*_RSA_PKCS_PSS mechanisms
* Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
(bsc#1152015)
Add support for new IBM crypto card.
OBS-URL: https://build.opensuse.org/request/show/747465
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=91
a potentially common one, check to see if the pkcs11 group is
already defined before trying to add it.
- Update the summary for the -devel package.
- Changed several PreReq entries to Requires(pre) as a result of
the output from spec-cleaner. Removed a couple of obsolete lines.
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=80
- Upgraded to version 3.11.0 (Fate#325685)
* opencryptoki 3.11.0
EP11 enhancements
A lot of bug fixes
- Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply
properly to 3.11, and renamed it to
ocki-3.11-remove-make-install-chgrp.patch
- Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch
- Upgraded to version 3.10.0 (Fate#325685)
* opencryptoki 3.10.0
Add support to ECC on ICA token and to common code.
Add SHA224 support to SOFT token.
Improve pkcsslotd logging.
Fix sha512_hmac_sign and rsa_x509_verify for ICA token.
Fix tracing of session id.
Fix and improve testcases.
Fix spec file permission for log directory.
Fix build warnings.
* opencryptoki 3.9.0
Fix token reinitialization
Fix conditional man pages
EP11 enhancements
EP11 EC Key import
Increase RSA max key length
Fix broken links on documentation
Define CK_FALSE and CK_TRUE macros
Improve build flags
- Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
- Made multiple changes to the spec file based on spec-cleaner output.
- Added an rpmlintrc file to squelch warnings about adding ghost
entries for files under /var/log/opencryptoki/
OBS-URL: https://build.opensuse.org/request/show/649626
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=78
- Update example spec file
- Performance improvement. Moving from mutexes to transactional memory.
- Add ECDSA SHA2 support for EP11 and CCA.
- Fix declaration of inline functions.
- Fix wrong testcase and ber en/decoding for integers.
- Check for 'flex' and 'YACC' on configure.
- EP11 config file rework.
- Add enable-debug on travis build.
- Add testcase for C_GetOperationState/C_SetOperationState.
- Upgrade License to CPL-1.0
- Ica token: fix openssh/ibmpkcs11 engine/libica crash.
- Fix segfault and logic in hardware feature test.
- Fix spelling of documentation and manuals.
- Fix the retrieval of p from a generated rsa key.
- Coverity scan fixes - incompatible pointer type and unused variables.
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=67
- opencryptoki 3.6.1
- Fix SOFT token implementation of digest functions.
- Replace deprecated OpenSSL interfaces.
- opencryptoki 3.6
- Replace deprecated libica interfaces.
- Performance improvement for ICA.
- Improvement in documentation on system resources.
- Improvement in testcases.
- Added support for rc=8, reasoncode=2028 in icsf token.
- Fix for session handle not set in session issue.
- Multiple fixes for lock and log directories.
- Downgraded a syslog error to warning.
- Multiple fixes based on coverity scan results.
- Added pkcs11 mapping for icsf reason code 72 for return code 8.
- opencryptoki 3.5.1
- Fix Illegal Intruction on pkcscca tool.21451
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=44
- Also create parent directory /run/lock/opencryptoki in
tmpfiles snippet if it does not exists.
- spec: do not use -D__USE_BSD, a glibc-internal macro
which no longer has any meaning.
- spec: use %{_unitdir} %{_tmpfilesdir)
- spec: call tmpfiles_create macro, if defined in %post
- opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use
/run/lock instead of /var/lock.
OBS-URL: https://build.opensuse.org/request/show/294859
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=27
