-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-01af5c1bd1 2024-10-02 01:30:51.688520 -------------------------------------------------------------------------------- Name : opencryptoki Product : Fedora 41 Version : 3.24.0 Release : 2.fc41 URL : https://github.com/opencryptoki/opencryptoki Summary : Implementation of the PKCS#11 (Cryptoki) specification v3.0 Description : Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package contains the Slot Daemon (pkcsslotd) and general utilities. -------------------------------------------------------------------------------- Update Information: update to 3.24.0 * Add support for building Opencryptoki on the IBM AIX platform * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) * Add support for protecting tokens with a token specific user group * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms * ICA/Soft: Add support for SHA based key derivation mechanisms * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE * EP11/CCA: Support live guest relocation for protected key (PKEY) operations * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider * ICSF: Add support for SHA-2 mechanisms * ICSF: Performance improvements for attribute retrieval * p11sak: Add support for exporting a key or certificate as URI-PEM file * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files * p11sak: Add option to show the master key verification patterns of secure keys * Bug fixes -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 13 2024 Than Ngo <than@xxxxxxxxxx> - 3.24.0-2 - build with --enable-pkcscca_migrate - fix build error due to incompatible pointer types * Fri Sep 13 2024 Than Ngo <than@xxxxxxxxxx> - 3.24.0-1 - Update to 3.24.0 * Add support for building Opencryptoki on the IBM AIX platform * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) * Add support for protecting tokens with a token specific user group * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms * ICA/Soft: Add support for SHA based key derivation mechanisms * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE * EP11/CCA: Support live guest relocation for protected key (PKEY) operations * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider * ICSF: Add support for SHA-2 mechanisms * ICSF: Performance improvements for attribute retrieval * p11sak: Add support for exporting a key or certificate as URI-PEM file * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files * p11sak: Add option to show the master key verification patterns of secure keys * Bug fixes - Remove i686 support as upsrtream will get rid of 32-bit support, https://github.com/opencryptoki/opencryptoki/issues/174 - Remove lockdir.patch -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-01af5c1bd1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
