rpms/opencryptoki
7
0
Fork 0
Code Issues Pull Requests Releases Activity
58 Commits 13 Branches 80 Tags 1.1 MiB
c9s
Commit Graph

58 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Than Ngo
77ae2273bb Resolves: RHEL-144821, CVE-2026-23893 2026-02-13 17:07:39 +01:00
Than Ngo
f294768d63 - Resolves: RHEL-75139, ep11 token BLS support 
- Resolves: RHEL-85381, ep11 token: ML-KEM and ML-DSA support
- Resolves: RHEL-85384. cca token: ML-KEM and ML-DSA support
- Resolves: RHEL-100059, openCryptoki 3.26.0
 2025-12-17 14:23:12 +01:00
Than Ngo
39bbd43c16 - Fix pkcsslotd fails to start in FIPS 
- Drop tier1 test as it mostly provides duplicate results
- Enable ci test for FIPS mode
  Resolves: RHEL-109050
 2025-08-14 08:42:23 +02:00
Than Ngo
fac1099297 - Fix incorrect effective group id of pkcsslotd daemon 
- Fix covscan findings
  Resolves: RHEL-104602
 2025-07-21 18:40:08 +02:00
Than Ngo
32aa47f086 - Related: RHEL-73344, Fix detection of EC curve not supported by OpenSSL-3.5.x 
- Related: RHEL-77147, Fix the image mode issue again as bootc expects to use /run/lock
 2025-07-14 14:15:02 +02:00
Than Ngo
40e87ccf61 Resolves: RHEL-73344, upgrade openCryptoki 
Resolves: RHEL-90590, basic support of AES-GCM
Resolves: RHEL-72965, cca token support cipher keys
Resolves: RHEL-72969, support for CKM_RSA_AES_KEY_WRAP for cca, ica and soft tokens
Resolves: RHEL-75141, add a tool to import/export PKCS #11 keys from to a KMIP server
Resolves: RHEL-75762, ep11 token: import and export of secure key objects
Resolves: RHEL-85375, cca token: Support ECDH to derive AES keys
Resolves: RHEL-85377, ep11 token: PKCS #11 3.0 - support SHA3
 2025-07-04 15:22:24 +02:00
Than Ngo
50dff60271 Related: RHEL-77147, opencryptoki doesn't work in image mode 2025-04-11 14:42:50 +02:00
Karel Srot
6563f73fbf Update test repo location in CI plan 2025-04-09 11:52:13 +02:00
Than Ngo
7f7cd0d5cb Resolves: RHEL-77147, opencryptoki doesn't work in image mode 2025-03-19 17:02:54 +01:00
Than Ngo
fb51a2954d - Disable ccatok on aarch64 
Related: RHEL-50064
 2024-11-26 16:44:43 +01:00
Than Ngo
d7abf1aa7d - Fix resource leak 
Related: RHEL-50064
 2024-11-07 15:39:26 +01:00
Than Ngo
22ada1251f - Resolves: RHEL-50064, update to 3.24.0 
- Resolves: RHEL-50063, opencryptoki CCA Token support for x86_64 and ppc64le
- Resolves: RHEL-50058, openCryptoki CCA token support of Dilithium
- Resolves: RHEL-50056, openCryptoki cca token SHA3 support
- Resolves: RHEL-50057, openCryptoki cca token RSA OAEP v2.1 support
 2024-10-22 12:13:04 +02:00
Than Ngo
f632fbe906 - Resolves: RHEL-23671, ep11 token support protected keys for extractable keys 
- Resolves: RHEL-23672, ep11 token support for FIPS 2021-session bound EP11 keys
- Resolves: RHEL-23673, update to 3.23.0
 2024-05-22 12:13:14 +02:00
Than Ngo
d8e7a71882 - Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT 
Related: RHEL-22792
 2024-02-16 13:35:05 +01:00
Than Ngo
3e961f4d0a - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) 
Resolves: RHEL-22792
 2024-02-11 23:31:51 +01:00
Than Ngo
5229a62455 Resolves: RHEL-11412, rebase to 3.22.0 
Resolves: RHEL-10569, openCryptoki for PKCS #11 3.0
 2023-11-21 19:15:46 +00:00
Karel Srot
be77334b0e CI: Add SW token update testplan 
Resolves: RHEL-841
 2023-07-24 08:28:22 +02:00
Than Ngo
e1ae1255d0 Resolves: #2222592, p11sak tool: slot option does not accept argument 0 for slot index 0 
Resolves: #2222596, p11sak fails as soon as there reside non-key objects
 2023-07-14 15:12:46 +02:00
Than Ngo
62e92e9764 - add requirement on selinux-policy >= 38.1.14-1 for pkcsslotd policy sandboxing 
Related: #2160061
 2023-06-13 13:18:52 +02:00
Than Ngo
1edbc18df4 - add verify attributes for opencryptoki.conf to ignore the verification 
Related: #2160061
 2023-05-26 12:36:35 +02:00
Than Ngo
2b264aa21a - Resolves: #2110497, concurrent MK rotation for cca token 
- Resolves: #2110498, concurrent MK rotation for ep11 token
- Resolves: #2110499, ep11 token: PKCS #11 3.0 - support AES_XTS
- Resolves: #2111010, cca token: protected key support
- Resolves: #2160061, rebase to 3.21.0
- Resolves: #2160105, pkcsslotd hardening
- Resolves: #2160107, p11sak support Dilithium and Kyber keys
- Resolves: #2160109, ica and soft tokens: PKCS #11 3.0 - support AES_XTS
 2023-05-22 21:01:35 +02:00
Karel Srot
056d16af13 Enable CI testing for c9s branch. 
Resolves: RHEL-468
 2023-05-17 12:23:48 +02:00
Than Ngo
928b101293 Resolves: #2044182, Support of ep11 token for new IBM Z Hardware (IBM z16) 2023-01-30 15:31:53 +01:00
Than Ngo
15b0b2fb5c Resolves: #2126294, opencryptoki fails after generating > 500 RSA keys 
Resolves: #2110314, rebase to 3.19.0
Resolves: #2110989, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens
Resolves: #2110476, openCryptoki ep11 token: master key consistency
Resolves: #2018458, openCryptoki ep11 token: vendor specific key derivation
 2022-10-11 20:27:20 +02:00
Than Ngo
a7bba15de6 Related: #2044179, do not touch opencryptoki.conf if it is in place already and even if it is unchanged 2022-08-01 14:53:46 +02:00
Than Ngo
fa1dd0625f Related: #2044179, fix json output 2022-06-07 15:02:56 +02:00
Than Ngo
f22c0929d6 Related: #2044179, add missing strength.conf 2022-05-09 22:44:34 +02:00
Than Ngo
7d180d62a0 Resolves: #2044179, rebase to 3.18.0 
Resolves: #2068091, pkcsconf -t failed with Segmentation fault in FIPS mode
Resolves: #2066763, Dilithium support not available
Resolves: #2064697, OpenSSL 3.0 Compatibility for IBM Security Libraries and Tools
Resolves: #2044181, support crypto profiles
Resolves: #2044180, add crypto counters
 2022-05-09 18:23:32 +02:00
Than Ngo
d484f374b6 Resolves: #2066763, Dilithium support not available 2022-05-03 18:38:42 +02:00
Than Ngo
0673ac52f2 Resolves: #2064697, ICA/EP11: Support libica version 4 2022-03-16 14:44:50 +01:00
Than Ngo
613713aa86 Related: #2015888, ICA/EP11: Support libica version 4 2022-03-16 13:54:28 +01:00
Than Ngo
e46fb1d66d Resolves: #2040678, API: Unlock GlobMutex if user and group check fails 2022-01-17 12:20:55 +01:00
Than Ngo
60ab8b115d Related: #2015888, added missing patch pkcsslotd-pidfile 2021-12-04 13:50:24 +01:00
Than Ngo
322c3dde8e Related: #2015888, include p11sak_defined_attrs.conf 2021-11-24 18:02:24 +01:00
Than Ngo
4a07d43d43 Related: #2015888, add missing p11sak_defined_attrs.conf 2021-11-24 17:30:16 +01:00
Than Ngo
cf99734584 Resolves: #2015888, rebase to 3.17.0 
Resolves: #2017720, openCryptoki key management tool
 2021-11-03 12:33:49 +01:00
Than Ngo
d116cb6599 Related: #1989138, Support for OpenSSL 3.0 2021-08-26 17:01:37 +02:00
Than Ngo
86274e8523 Resolves: #1989138, Support for OpenSSL 3.0 2021-08-23 13:00:44 +02:00
Than Ngo
7c21ce0d0a Resolves: #1987186, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes 2021-08-19 18:27:24 +02:00
Mohan Boddu
24c95b2c9c Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-09 22:41:31 +00:00
Florian Weimer
b88726e149 Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097) 
Related: #1984097
 2021-07-28 12:11:43 +02:00
Than Ngo
7ebe966396 Related: #1974365, Fix release number 2021-07-16 13:15:25 +02:00
Than Ngo
e479145be9 Resolves: #1974365, Fix detection if pkcsslotd is still running 2021-07-13 20:43:26 +02:00
Than Ngo
03d0eb1e5f Resolves: #1974693, pkcsslotd PIDfile below legacy directory /var/run/ 2021-06-25 09:52:40 +02:00
Mohan Boddu
a5b49d8bfb Rebuilt for RHEL 9 BETA for openssl 3.0 
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-06-16 03:33:52 +00:00
Than Ngo
ff8d5d25d2 Related: #1924120, add conditional requirement on new selinux-policy 2021-06-15 16:15:13 +02:00
Than Ngo
30f18350a2 Related: #1924120, enable gating for c9s 2021-06-09 16:24:16 +02:00
Than Ngo
9a39455a36 Related: #1924120, add requirement of systemd-devel 2021-05-17 17:38:03 +02:00
Than Ngo
28bfbcca91 - Resolves: #1959894, Soft token does not check if an EC key is valid 
- Resolves: #1924120, Event Notification Support
 2021-05-17 17:23:09 +02:00
Mohan Boddu
fe60ad7512 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-04-16 02:40:03 +00:00