Commit Graph

41 Commits

Author SHA1 Message Date
Than Ngo
d8e7a71882 - Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
Related: RHEL-22792
2024-02-16 13:35:05 +01:00
Than Ngo
3e961f4d0a - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
Resolves: RHEL-22792
2024-02-11 23:31:51 +01:00
Than Ngo
5229a62455 Resolves: RHEL-11412, rebase to 3.22.0
Resolves: RHEL-10569, openCryptoki for PKCS #11 3.0
2023-11-21 19:15:46 +00:00
Than Ngo
e1ae1255d0 Resolves: #2222592, p11sak tool: slot option does not accept argument 0 for slot index 0
Resolves: #2222596, p11sak fails as soon as there reside non-key objects
2023-07-14 15:12:46 +02:00
Than Ngo
62e92e9764 - add requirement on selinux-policy >= 38.1.14-1 for pkcsslotd policy sandboxing
Related: #2160061
2023-06-13 13:18:52 +02:00
Than Ngo
1edbc18df4 - add verify attributes for opencryptoki.conf to ignore the verification
Related: #2160061
2023-05-26 12:36:35 +02:00
Than Ngo
2b264aa21a - Resolves: #2110497, concurrent MK rotation for cca token
- Resolves: #2110498, concurrent MK rotation for ep11 token
- Resolves: #2110499, ep11 token: PKCS #11 3.0 - support AES_XTS
- Resolves: #2111010, cca token: protected key support
- Resolves: #2160061, rebase to 3.21.0
- Resolves: #2160105, pkcsslotd hardening
- Resolves: #2160107, p11sak support Dilithium and Kyber keys
- Resolves: #2160109, ica and soft tokens: PKCS #11 3.0 - support AES_XTS
2023-05-22 21:01:35 +02:00
Than Ngo
928b101293 Resolves: #2044182, Support of ep11 token for new IBM Z Hardware (IBM z16) 2023-01-30 15:31:53 +01:00
Than Ngo
15b0b2fb5c Resolves: #2126294, opencryptoki fails after generating > 500 RSA keys
Resolves: #2110314, rebase to 3.19.0
Resolves: #2110989, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens
Resolves: #2110476, openCryptoki ep11 token: master key consistency
Resolves: #2018458, openCryptoki ep11 token: vendor specific key derivation
2022-10-11 20:27:20 +02:00
Than Ngo
a7bba15de6 Related: #2044179, do not touch opencryptoki.conf if it is in place already and even if it is unchanged 2022-08-01 14:53:46 +02:00
Than Ngo
fa1dd0625f Related: #2044179, fix json output 2022-06-07 15:02:56 +02:00
Than Ngo
f22c0929d6 Related: #2044179, add missing strength.conf 2022-05-09 22:44:34 +02:00
Than Ngo
7d180d62a0 Resolves: #2044179, rebase to 3.18.0
Resolves: #2068091, pkcsconf -t failed with Segmentation fault in FIPS mode
Resolves: #2066763, Dilithium support not available
Resolves: #2064697, OpenSSL 3.0 Compatibility for IBM Security Libraries and Tools
Resolves: #2044181, support crypto profiles
Resolves: #2044180, add crypto counters
2022-05-09 18:23:32 +02:00
Than Ngo
d484f374b6 Resolves: #2066763, Dilithium support not available 2022-05-03 18:38:42 +02:00
Than Ngo
0673ac52f2 Resolves: #2064697, ICA/EP11: Support libica version 4 2022-03-16 14:44:50 +01:00
Than Ngo
613713aa86 Related: #2015888, ICA/EP11: Support libica version 4 2022-03-16 13:54:28 +01:00
Than Ngo
e46fb1d66d Resolves: #2040678, API: Unlock GlobMutex if user and group check fails 2022-01-17 12:20:55 +01:00
Than Ngo
60ab8b115d Related: #2015888, added missing patch pkcsslotd-pidfile 2021-12-04 13:50:24 +01:00
Than Ngo
322c3dde8e Related: #2015888, include p11sak_defined_attrs.conf 2021-11-24 18:02:24 +01:00
Than Ngo
4a07d43d43 Related: #2015888, add missing p11sak_defined_attrs.conf 2021-11-24 17:30:16 +01:00
Than Ngo
cf99734584 Resolves: #2015888, rebase to 3.17.0
Resolves: #2017720, openCryptoki key management tool
2021-11-03 12:33:49 +01:00
Than Ngo
d116cb6599 Related: #1989138, Support for OpenSSL 3.0 2021-08-26 17:01:37 +02:00
Than Ngo
86274e8523 Resolves: #1989138, Support for OpenSSL 3.0 2021-08-23 13:00:44 +02:00
Than Ngo
7c21ce0d0a Resolves: #1987186, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes 2021-08-19 18:27:24 +02:00
Mohan Boddu
24c95b2c9c Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:41:31 +00:00
Florian Weimer
b88726e149 Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
Related: #1984097
2021-07-28 12:11:43 +02:00
Than Ngo
7ebe966396 Related: #1974365, Fix release number 2021-07-16 13:15:25 +02:00
Than Ngo
e479145be9 Resolves: #1974365, Fix detection if pkcsslotd is still running 2021-07-13 20:43:26 +02:00
Than Ngo
03d0eb1e5f Resolves: #1974693, pkcsslotd PIDfile below legacy directory /var/run/ 2021-06-25 09:52:40 +02:00
Mohan Boddu
a5b49d8bfb Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-16 03:33:52 +00:00
Than Ngo
ff8d5d25d2 Related: #1924120, add conditional requirement on new selinux-policy 2021-06-15 16:15:13 +02:00
Than Ngo
9a39455a36 Related: #1924120, add requirement of systemd-devel 2021-05-17 17:38:03 +02:00
Than Ngo
28bfbcca91 - Resolves: #1959894, Soft token does not check if an EC key is valid
- Resolves: #1924120, Event Notification Support
2021-05-17 17:23:09 +02:00
Mohan Boddu
fe60ad7512 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:40:03 +00:00
DistroBaker
67146057e6 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/opencryptoki.git#785153759b171e520707b76b3924bc0826a938ba
2021-04-04 02:10:17 +00:00
DistroBaker
7800e7302c Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/opencryptoki.git#7bb34251c5faf605f5747bd9c2ce6db555e0c44c
2021-02-03 01:20:58 +00:00
DistroBaker
f9faf440f8 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/opencryptoki.git#1ab7c615e40c56b29f4602c819bdb25d44ad6454
2020-12-22 14:05:56 +00:00
DistroBaker
a2a03ff3ae Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/opencryptoki.git#a9de92bcdaeff132c3b00e3de0d8d0af6ce3122e
2020-12-22 11:02:11 +00:00
DistroBaker
4dd94ed261 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/opencryptoki.git#692d1bc57b90f2a31bec54f1fe5bb265968af2cf
2020-11-02 14:13:44 +00:00
DistroBaker
1d47492875 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/opencryptoki.git#7efcdd3173d12f91795271ae5ed07047e6ae7e4d
2020-10-27 21:40:26 +01:00
Petr Šabata
fdb1d74ac8 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/opencryptoki#28f33cc369b00493951d176ecb864885577c381b
2020-10-15 21:52:06 +02:00