Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openCryptoki-3.17.0-2.5 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

Name: openCryptoki Distribution: openSUSE Tumbleweed
Version: 3.17.0 Vendor: openSUSE
Release: 2.5 Build date: Wed Jun 15 11:16:37 2022
Group: Productivity/Security Build host: obs-arm-7
Size: 573574 Source RPM: openCryptoki-3.17.0-2.5.src.rpm
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).






* Wed Mar 23 2022 Mark Post <>
  - Added the following two patches for bac#1197395. The CKM_IBM_DILITHIUM
    mechanism does not show up as supported by the EP11 token when an
    upgraded EP11 host library is used.
    * openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch
    * openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch
* Thu Oct 21 2021 Mark Post <>
  - Upgraded to version 3.17.0 (jsc#SLE-18326)
    + openCryptoki 3.17
    - tools: added function to list keys to p11sak
    - common: added support for OpenSSL 3.0
    - common: added support for event notifications
    - ICA: added SW fallbacks
    * openCryptoki 3.16
    - EP11: protected-key option
    - EP11: support attribute-bound keys
    - CCA: import and export of secure key objects
    - Bug fixes
  - Removed the following obsolete patches:
* Thu Aug 05 2021 Mark Post <>
  - Added the following patches for bsc#1188879:
    * ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch
      When modifying opencryptoki.conf during token migration, put quotes
      around strings that contain spaces, e.g. for the slot description and
    * ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch
      When migrating a slot the opencryptoki.conf file is modified. If it
      contains slots that already contain the 'tokversion = x.y' keyword,
      this is accidentally removed when migrating another slot.
    * ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch
      Change the code to use the pid file that pkcsslotd creates, and check
      if the process with the pid contained in the pid file still exists and
      runs pkcsslotd.
    * ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch
      Always quote the value of 'description' and 'manufacturer'. Quote the
      value of 'stdll', 'confname', and 'tokname' if it contains spaces, and
      never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'.
* Tue Jun 22 2021 Mark Post <>
  - Added the following patches for bsc#1182726 " p11sak list-key segfault"
    * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch
      Added NULL pointer to avoid double free() for the list-key and
      remove-key commands.
    * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch
      Note that two hunks that were unrelated to fixing the running
      code were removed from this patch.
    * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch
* Tue Jun 15 2021 Mark Post <>
  - Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch
    When constructing an OpenSSL EC public or private key from PKCS#11
    attributes or ECDH public data, check that the key is valid, i.e. that
    the point is on the curve.
* Tue Feb 16 2021 Mark Post <>
  - Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch
    Fix pkcscca migration fails with usr/sb2 is not a valid slot ID
  - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch
    Fix a segmentation fault of the sess_opstate test on the Soft Token
* Mon Jan 25 2021 Mark Post <>
  - Added the following patches for bsc#1179319
    * Fix compiling with C++:
    * Added error message handling for p11sak remove-key command.
* Thu Jan 21 2021 Thorsten Kukuk <>
  - Don't require pwdutils for build, dropped long ago and not needed
* Wed Oct 21 2020 Mark Post <>
  - Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666,
    jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714,
    jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
    * openCryptoki 3.15.1
    - Bug fixes
    * openCryptoki 3.15.0
    - common: conform to PKCS 11 3.0 Baseline Provider profile
    - Introduce new vendor defined interface named "Vendor IBM"
    - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
    - CCA: support key wrapping
    - SOFT: support ECC
    - p11sak tool: add remove-key command
    - Bug fixes
    * openCryptoki 3.14.0
    - EP11: Dilitium support stage 2
    - Common: Rework on process and thread locking
    - Common: Rework on btree and object locking
    - ICSF: minor fixes
    - TPM, ICA, ICSF: support multiple token instances
    - new tool p11sak
    * openCryptoki 3.13.0
    - EP11: Dilithium support
    - EP11: EdDSA support
    - EP11: support RSA-OAEP with non-SHA1 hash and MGF
  - Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
* Mon Jan 06 2020 Mark Post <>
  - Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114)
    The EP11 token may fail to import an ECC public key. Function
    C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.
* Mon Dec 02 2019 Mark Post <>
  - Upgraded to version 3.12.1 (bsc#1157863)
    * Fix pkcsep11_migrate tool
* Tue Nov 12 2019 Mark Post <>
  - Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
    * Update token pin and data store encryption for soft,ica,cca and ep11
    * EP11: Allow importing of compressed EC public keys
    * EP11: Add support for the CMAC mechanisms
    * EP11: Add support for the IBM-SHA3 mechanisms
    * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
    * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
    * EP11: Add config option USE_PRANDOM
    * CCA: Use Random Number Generate Long for token_specific_rng()
    * Common rng function: Prefer /dev/prandom over /dev/urandom
    * ICA: add SHA*_RSA_PKCS_PSS mechanisms
    * Bug fixes
  - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
* Thu Oct 10 2019 Mark Post <>
  - Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
    Add support for new IBM crypto card.
* Tue Sep 03 2019 Mark Post <>
  - Upgraded to version 3.11.1 (Fate#327837)
    Bug fixes.
  - Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
* Fri Feb 15 2019
  - Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Aug 9 11:06:05 2022