SUSE-SU-2024:2298-1

Описание

This update for openCryptoki fixes the following issues:

openCryptoki was updated to version to 3.17.0 (bsc#1220266, bsc#1219217)

• openCryptoki 3.17

• tools: added function to list keys to p11sak
• common: added support for OpenSSL 3.0
• common: added support for event notifications
• ICA: added SW fallbacks

• openCryptoki 3.16

• EP11: protected-key option
• EP11: support attribute-bound keys
• CCA: import and export of secure key objects
• Bug fixes

• openCryptoki 3.15.1

• Bug fixes

• openCryptoki 3.15

• common: conform to PKCS 11 3.0 Baseline Provider profile
• Introduce new vendor defined interface named 'Vendor IBM'
• Support C_IBM_ReencryptSingle via 'Vendor IBM' interface
• CCA: support key wrapping
• SOFT: support ECC
• p11sak tool: add remove-key command
• Bug fixes

• openCryptoki 3.14

• EP11: Dilitium support stage 2
• Common: Rework on process and thread locking
• Common: Rework on btree and object locking
• ICSF: minor fixes
• TPM, ICA, ICSF: support multiple token instances
• new tool p11sak

• openCryptoki 3.13.0

• EP11: Dilithium support
• EP11: EdDSA support
• EP11: support RSA-OAEP with non-SHA1 hash and MGF

• openCryptoki 3.12.1

• Fix pkcsep11_migrate tool

• openCryptoki 3.12.0

• Update token pin and data store encryption for soft,ica,cca and ep11
• EP11: Allow importing of compressed EC public keys
• EP11: Add support for the CMAC mechanisms
• EP11: Add support for the IBM-SHA3 mechanisms
• SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
• ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
• EP11: Add config option USE_PRANDOM
• CCA: Use Random Number Generate Long for token_specific_rng()
• Common rng function: Prefer /dev/prandom over /dev/urandom
• ICA: add SHA*_RSA_PKCS_PSS mechanisms
• Bug fixes