Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: openCryptoki-devel | Distribution: openSUSE:Factory:zSystems |
Version: 3.24.0 | Vendor: openSUSE |
Release: 4.1 | Build date: Thu Nov 21 11:42:00 2024 |
Group: Development/Languages/C and C++ | Build host: reproducible |
Size: 171152 | Source RPM: openCryptoki-3.24.0-4.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://github.com/opencryptoki/opencryptoki | |
Summary: Development files for openCryptoki, a PKCS#11 implementation for IBM hardware |
The PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). This package contains the development header files for building opencryptoki and PKCS#11 based applications
CPL-1.0
* Thu Nov 21 2024 Nikolay Gueorguiev <[email protected]> - Amended the .spec file (jsc#PED-10291, jsc#PED-10290) - Improved handling of user/group. use existing user/group if they exist. create user/group if not (bsc#1225876) - Applied additional patch * ocki-3.24-remove-group-from-tests.patch * Fri Oct 04 2024 Nikolay Gueorguiev <[email protected]> - Amended the .spec file (jsc#PED-10241) - Updated the %configure flags for i586 - Implemented a logic to exclude i586 arch * Fri Sep 20 2024 Nikolay Gueorguiev <[email protected]> - Upgrade openCryptoki to version 3.24 (jsc#PED-10291, jsc#PED-10290, jsc#PED-10241) * Add support for building Opencryptoki on the IBM AIX platform * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) * Add support for protecting tokens with a token specific user group * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). - On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. - On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. - Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. - Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms * ICA/Soft: Add support for SHA based key derivation mechanisms * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE * EP11/CCA: Support live guest relocation for protected key (PKEY) operations * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider * ICSF: Add support for SHA-2 mechanisms * ICSF: Performance improvements for attribute retrieval * p11sak: Add support for exporting a key or certificate as URI-PEM file * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files * p11sak: Add option to show the master key verification patterns of secure keys * Bug fixes - Amended the .spec file - Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi - Added a new patch ocki-3.24-remove-make-install-chgrp.patch * Thu Jul 18 2024 Nikolay Gueorguiev <[email protected]> - Amended the .spec file accorinding to the recommendation in (bsc#1225876) * Thu Jul 11 2024 Nikolay Gueorguiev <[email protected]> - Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) * Wed Feb 07 2024 Nikolay Gueorguiev <[email protected]> - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch * Mon Feb 05 2024 Marcus Meissner <[email protected]> - provide user(pkcs11) and group(pkcs11) * Mon Dec 04 2023 Nikolay Gueorguiev <[email protected]> - Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch * Thu Sep 21 2023 Nikolay Gueorguiev <[email protected]> - Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes * Fri May 26 2023 Nikolay Gueorguiev <[email protected]> - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch * Thu Feb 16 2023 Nikolay Gueorguiev <[email protected]> - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch. * Tue Feb 07 2023 Nikolay Gueorguiev <[email protected]> - Added patch for compile errors * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch -- Changed spec file to use %autosetup instead of %setup. * Mon Feb 06 2023 Nikolay Gueorguiev <[email protected]> - Updated the package openCryptoki 3.19.0 (jsc#PED-616, bsc#1207760), added the following patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * Mon Nov 28 2022 Mark Post <[email protected]> - Updated spec file to set permissions on /etc/opencryptoki/strength.conf to be owned by root:pkcs11 with permissions of 640. (bsc#1205566) * Fri Sep 30 2022 Mark Post <[email protected]> - Upgrade to version 3.19.0 (jsc#PED-616) + openCryptoki 3.19 - CCA: check for expected master key verification patterns at token init - CCA: check master key verification pattern of created keys to be as expected - EP11: check for expected wrapping key verification pattern at token init - EP11: check wrapping key verification pattern of created keys to be as expected - p11sak/pkcsconf: display PKCS#11 URIs - p11sak: add support for IBM specific Dilithium keys - p11sak: allow to list keys filtered by label - common: add support for dual-function cryptographic functions - Add support for C_SessionCancel function (PKCS#11 v3.0) - EP11: add support for schnorr signatures (mechanism CKM_IBM_ECDSA_OTHER) - EP11: add support for Bitcoin key derivation (mechanism CKM_IBM_BTC_DERIVE) - Bug fixes + openCryptoki 3.18 - Default to FIPS compliant token data format (tokversion = 3.12) - Add support for restricting usage of mechanisms and keys via a global policy - Add support for statistics counting of mechanism usage - ICA/EP11: Support libica version 4 - p11sak tool: Allow to set different attributes for public and private keys - Replaced ocki-3.17-remove-make-install-chgrp.patch with an updated version named ocki-3.19-remove-make-install-chgrp.patch to fit the current state of the source. - Removed the following obsolete patches: openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch * Wed Aug 10 2022 Mark Post <[email protected]> - Added ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch for bsc#1202106. One test of the gen_purpose test cases fails with C_GetMechanismList #2 rc=CKR_BUFFER_TOO_SMALL" error on the EP11 Token. * Thu Jun 02 2022 Mark Post <[email protected]> - Made the following changes for bsc#1199862 "Please install p11sak_defined_attrs.conf." * Replaced ocki-3.11-remove-make-install-chgrp.patch with ocki-3.17-remove-make-install-chgrp.patch to remove the "-g pkcs11" parameter from the install command in the Makefile * Updated the spec file to include /etc/opencryptoki/p11sak_defined_attrs.conf as a %config file with the necessary permissions and group ownership. * Wed Mar 23 2022 Mark Post <[email protected]> - Added the following two patches for bac#1197395. The CKM_IBM_DILITHIUM mechanism does not show up as supported by the EP11 token when an upgraded EP11 host library is used. * openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch * openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch * Thu Oct 21 2021 Mark Post <[email protected]> - Upgraded to version 3.17.0 (jsc#SLE-18326) + openCryptoki 3.17 - tools: added function to list keys to p11sak - common: added support for OpenSSL 3.0 - common: added support for event notifications - ICA: added SW fallbacks * openCryptoki 3.16 - EP11: protected-key option - EP11: support attribute-bound keys - CCA: import and export of secure key objects - Bug fixes - Removed the following obsolete patches: ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch ocki-3.15.1-Fix-compiling-with-c.patch ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch * Thu Aug 05 2021 Mark Post <[email protected]> - Added the following patches for bsc#1188879: * ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch When modifying opencryptoki.conf during token migration, put quotes around strings that contain spaces, e.g. for the slot description and manufacturer. * ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch When migrating a slot the opencryptoki.conf file is modified. If it contains slots that already contain the 'tokversion = x.y' keyword, this is accidentally removed when migrating another slot. * ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch Change the code to use the pid file that pkcsslotd creates, and check if the process with the pid contained in the pid file still exists and runs pkcsslotd. * ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch Always quote the value of 'description' and 'manufacturer'. Quote the value of 'stdll', 'confname', and 'tokname' if it contains spaces, and never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'. * Tue Jun 22 2021 Mark Post <[email protected]> - Added the following patches for bsc#1182726 " p11sak list-key segfault" * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch Added NULL pointer to avoid double free() for the list-key and remove-key commands. * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch Note that two hunks that were unrelated to fixing the running code were removed from this patch. * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch * Tue Jun 15 2021 Mark Post <[email protected]> - Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. (bsc#1185976) * Tue Feb 16 2021 Mark Post <[email protected]> - Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch (bsc#1182120) Fix pkcscca migration fails with usr/sb2 is not a valid slot ID - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch (bsc#1182190) Fix a segmentation fault of the sess_opstate test on the Soft Token * Mon Jan 25 2021 Mark Post <[email protected]> - Added the following patches for bsc#1179319 * Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch * Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch * Thu Jan 21 2021 Thorsten Kukuk <[email protected]> - Don't require pwdutils for build, dropped long ago and not needed
/usr/include/opencryptoki /usr/include/opencryptoki/apiclient.h /usr/include/opencryptoki/ec_curves.h /usr/include/opencryptoki/pkcs11.h /usr/include/opencryptoki/pkcs11types.h /usr/include/opencryptoki/pqc_oids.h /usr/lib64/opencryptoki /usr/lib64/opencryptoki/stdll /usr/lib64/pkgconfig/opencryptoki.pc /usr/sbin/pkcshsm_mk_change
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Dec 4 00:10:59 2024