|
Packit |
8681c6 |
+ Opencryptoki 3.14
|
|
Packit |
8681c6 |
- EP11: Dilitium support stage 2
|
|
Packit |
8681c6 |
- Common: Rework on process and thread locking
|
|
Packit |
8681c6 |
- Common: Rework on btree and object locking
|
|
Packit |
8681c6 |
- ICSF: minor fixes
|
|
Packit |
8681c6 |
- TPM, ICA, ICSF: support multiple token instances
|
|
Packit |
8681c6 |
- new tool p11sak
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
+ openCryptoki 3.13.0
|
|
Packit |
8681c6 |
- EP11: Dilithium support
|
|
Packit |
8681c6 |
- EP11: EdDSA support
|
|
Packit |
8681c6 |
- EP11: support RSA-OAEP with non-SHA1 hash and MGF
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
+ openCryptoki 3.12.1
|
|
Packit |
8681c6 |
- Fix pkcsep11_migrate tool
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
+ openCryptoki 3.12.0
|
|
Packit |
8681c6 |
- Update token pin and data store encryption for soft,ica,cca and ep11
|
|
Packit |
8681c6 |
- EP11: Allow importing of compressed EC public keys
|
|
Packit |
8681c6 |
- EP11: Add support for the CMAC mechanisms
|
|
Packit |
8681c6 |
- EP11: Add support for the IBM-SHA3 mechanisms
|
|
Packit |
8681c6 |
- SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
|
|
Packit |
8681c6 |
- ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
|
|
Packit |
8681c6 |
- EP11: Add config option USE_PRANDOM
|
|
Packit |
8681c6 |
- CCA: Use Random Number Generate Long for token_specific_rng()
|
|
Packit |
8681c6 |
- Common rng function: Prefer /dev/prandom over /dev/urandom
|
|
Packit |
8681c6 |
- ICA: add SHA*_RSA_PKCS_PSS mechanisms
|
|
Packit |
8681c6 |
- Bug fixes
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
+ openCryptoki 3.11.1
|
|
Packit |
8681c6 |
- Bug fixes
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.11.0
|
|
Packit |
8681c6 |
- EP11 enhancements
|
|
Packit |
8681c6 |
- A lot of bug fixes
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.10.0
|
|
Packit |
8681c6 |
- Add support to ECC on ICA token and to common code.
|
|
Packit |
8681c6 |
- Add SHA224 support to SOFT token.
|
|
Packit |
8681c6 |
- Improve pkcsslotd logging.
|
|
Packit |
8681c6 |
- Fix sha512_hmac_sign and rsa_x509_verify for ICA token.
|
|
Packit |
8681c6 |
- Fix tracing of session id.
|
|
Packit |
8681c6 |
- Fix and improve testcases.
|
|
Packit |
8681c6 |
- Fix spec file permission for log directory.
|
|
Packit |
8681c6 |
- Fix build warnings.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.9.0
|
|
Packit |
8681c6 |
- Fix token reinitialization
|
|
Packit |
8681c6 |
- Fix conditional man pages
|
|
Packit |
8681c6 |
- EP11 enhancements
|
|
Packit |
8681c6 |
- EP11 EC Key import
|
|
Packit |
8681c6 |
- Increase RSA max key length
|
|
Packit |
8681c6 |
- Fix broken links on documentation
|
|
Packit |
8681c6 |
- Define CK_FALSE and CK_TRUE macros
|
|
Packit |
8681c6 |
- Improve build flags
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.8.2
|
|
Packit |
8681c6 |
- Update man pages.
|
|
Packit |
8681c6 |
- Improve ock_tests for parallel execution.
|
|
Packit |
8681c6 |
- Fix FindObjectsInit for hidden HW-feature.
|
|
Packit |
8681c6 |
- Fix to allow vendor defined hardware features.
|
|
Packit |
8681c6 |
- Fix unresolved symbols.
|
|
Packit |
8681c6 |
- Fix tracing.
|
|
Packit |
8681c6 |
- Code/project cleanup.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.8.1
|
|
Packit |
8681c6 |
- Fix TPM data-structure reset function.
|
|
Packit |
8681c6 |
- Fix error message when dlsym fails.
|
|
Packit |
8681c6 |
- Update configure.ac
|
|
Packit |
8681c6 |
- Update travis.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.8.0
|
|
Packit |
8681c6 |
- Multi token instance feature.
|
|
Packit |
8681c6 |
- Added possibility to run opencryptoki with transactional memory or locks
|
|
Packit |
8681c6 |
(--enable-locks on configure step).
|
|
Packit |
8681c6 |
- Updated documentation.
|
|
Packit |
8681c6 |
- Fix segfault on ec_test.
|
|
Packit |
8681c6 |
- Bunch of small fixes.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.7.0
|
|
Packit |
8681c6 |
- Update example spec file
|
|
Packit |
8681c6 |
- Performance improvement. Moving from mutexes to transactional memory.
|
|
Packit |
8681c6 |
- Add ECDSA SHA2 support for EP11 and CCA.
|
|
Packit |
8681c6 |
- Fix declaration of inline functions.
|
|
Packit |
8681c6 |
- Fix wrong testcase and ber en/decoding for integers.
|
|
Packit |
8681c6 |
- Check for 'flex' and 'YACC' on configure.
|
|
Packit |
8681c6 |
- EP11 config file rework.
|
|
Packit |
8681c6 |
- Add enable-debug on travis build.
|
|
Packit |
8681c6 |
- Add testcase for C_GetOperationState/C_SetOperationState.
|
|
Packit |
8681c6 |
- Upgrade License to CPL-1.0
|
|
Packit |
8681c6 |
- Ica token: fix openssh/ibmpkcs11 engine/libica crash.
|
|
Packit |
8681c6 |
- Fix segfault and logic in hardware feature test.
|
|
Packit |
8681c6 |
- Fix spelling of documentation and manuals.
|
|
Packit |
8681c6 |
- Fix the retrieval of p from a generated rsa key.
|
|
Packit |
8681c6 |
- Coverity scan fixes - incompatible pointer type and unused variables.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.6.2
|
|
Packit |
8681c6 |
- Support OpenSSL-1.1.
|
|
Packit |
8681c6 |
- Add Travis CI support.
|
|
Packit |
8681c6 |
- Update autotools scripts and documentation.
|
|
Packit |
8681c6 |
- Fix SegFault when a invalid session handle is passed in SC_EncryptUpdate and
|
|
Packit |
8681c6 |
SC_DecryptUpdate.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.6.1
|
|
Packit |
8681c6 |
- Fix SOFT token implementation of digest functions.
|
|
Packit |
8681c6 |
- Replace deprecated OpenSSL interfaces.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.6
|
|
Packit |
8681c6 |
- Replace deprecated libica interfaces.
|
|
Packit |
8681c6 |
- Performance improvement for ICA.
|
|
Packit |
8681c6 |
- Improvement in documentation on system resources.
|
|
Packit |
8681c6 |
- Improvement in testcases.
|
|
Packit |
8681c6 |
- Added support for rc=8, reasoncode=2028 in icsf token.
|
|
Packit |
8681c6 |
- Fix for session handle not set in session issue.
|
|
Packit |
8681c6 |
- Multiple fixes for lock and log directories.
|
|
Packit |
8681c6 |
- Downgraded a syslog error to warning.
|
|
Packit |
8681c6 |
- Multiple fixes based on coverity scan results.
|
|
Packit |
8681c6 |
- Added pkcs11 mapping for icsf reason code 72 for return code 8.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.5.1
|
|
Packit |
8681c6 |
- Fix Illegal Intruction on pkcscca tool.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.5
|
|
Packit |
8681c6 |
- Full Coverity scan fixes.
|
|
Packit |
8681c6 |
- Fixes for compiler warnings.
|
|
Packit |
8681c6 |
- Added support for C_GetObjectSize in icsf token.
|
|
Packit |
8681c6 |
- Various bug fixes and memory leak fixes.
|
|
Packit |
8681c6 |
- Removed global read permissions from token files.
|
|
Packit |
8681c6 |
- Added missing PKCS#11v2.2 constants.
|
|
Packit |
8681c6 |
- Fix for symbol resolution issue seen in Fedora 22 and 23 for
|
|
Packit |
8681c6 |
ep11 and cca tokens.
|
|
Packit |
8681c6 |
- Improvements in socket read operation when a token comes up.
|
|
Packit |
8681c6 |
- Replaced 32 bit CCA API declarations with latest header from
|
|
Packit |
8681c6 |
version 5.0 libsculcca rpm.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.4.1
|
|
Packit |
8681c6 |
- fix 32-bit compiler error for ep11
|
|
Packit |
8681c6 |
- fix buffer overflow for cca token
|
|
Packit |
8681c6 |
- fix a testcase
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.4
|
|
Packit |
8681c6 |
- CCA master key migration added to the pkcscca tool. When the masterkey on
|
|
Packit |
8681c6 |
the CCA adapter changes, this allows the token key objects containing
|
|
Packit |
8681c6 |
keys wrapped with the card's former masterkey to be wrapped under the
|
|
Packit |
8681c6 |
card's new masterkey. And thus "migrated".
|
|
Packit |
8681c6 |
- AES GCM support added to ica token.
|
|
Packit |
8681c6 |
- Ability to generate generic secret keys for CKM_GENERIC_SECRET_KEY_GEN
|
|
Packit |
8681c6 |
added to opencryptoki.
|
|
Packit |
8681c6 |
- The soft, cca, ep11, and icsf tokens support HMAC single and multipart for
|
|
Packit |
8681c6 |
SHA1, SHA256, SHA384, and SHA512.
|
|
Packit |
8681c6 |
- CCA token, a secure key token, can now import AES, DES3 and
|
|
Packit |
8681c6 |
Generic Secret keys.
|
|
Packit |
8681c6 |
- Add -Wall and fix various compiler warnings.
|
|
Packit |
8681c6 |
- Coverity scan cleanup.
|
|
Packit |
8681c6 |
- Additional test vectors and various testcase improvements made.
|
|
Packit |
8681c6 |
- Various bugfixes
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.3
|
|
Packit |
8681c6 |
- Dynamic tracing introduced via the new environment variable,
|
|
Packit |
8681c6 |
OPENCRYPTOKI_TRACE_LEVEL=<level>. The opencryptoki base as well as all
|
|
Packit |
8681c6 |
tokens changed to use the new tracing.
|
|
Packit |
8681c6 |
- Allow root to run pkcs11 commands without being in pkcs11 group.
|
|
Packit |
8681c6 |
- EncryptUpdate, DecryptUpdate, DigestUpdate, SignUpdate, VerifyUpdate
|
|
Packit |
8681c6 |
now allow zero length data.
|
|
Packit |
8681c6 |
- Refactored ICA token's SHA .
|
|
Packit |
8681c6 |
- Various testcase improvements.
|
|
Packit |
8681c6 |
- Various bugfixes.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki 3.2
|
|
Packit |
8681c6 |
- New pkcscca tool. Currently it assists in migrating cca private token
|
|
Packit |
8681c6 |
objects from opencryptoki version 2 to the clear key encryption method
|
|
Packit |
8681c6 |
used in opencryptoki version 3. Includes a manpage for pkcscca tool.
|
|
Packit |
8681c6 |
Changes to README.cca_stdll to assist in using the CCA token and
|
|
Packit |
8681c6 |
migrating the private token objects.
|
|
Packit |
8681c6 |
- Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms.
|
|
Packit |
8681c6 |
- Various bugfixes.
|
|
Packit |
8681c6 |
- New testcases for various crypto algorithms.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-3.1
|
|
Packit |
8681c6 |
- New ep11 token to support IBM Crypto Express adpaters (starting with
|
|
Packit |
8681c6 |
Crypto Express 4S adapters) configured with Enterprise PKCS#11(EP11)
|
|
Packit |
8681c6 |
firmware.
|
|
Packit |
8681c6 |
- New pkcsep11_migrate utility (and manpage) to migrate token objects
|
|
Packit |
8681c6 |
when card's masterkey changes.
|
|
Packit |
8681c6 |
- Various bugfixes.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-3.0
|
|
Packit |
8681c6 |
- Aggregated source files in common, tpm, and cca directories.
|
|
Packit |
8681c6 |
- Re-factored shared memory functions in the stdlls.
|
|
Packit |
8681c6 |
- New opencryptoki.conf file to replace pk_config_data and pkcs11_starup.
|
|
Packit |
8681c6 |
The opencryptoki.conf contains slot entry information for tokens.
|
|
Packit |
8681c6 |
- New manpage for opencryptoki.conf
|
|
Packit |
8681c6 |
- Removed pkcs_slot and pkcs11_startup shell scripts.
|
|
Packit |
8681c6 |
- New ICSF token to do remote crypto.
|
|
Packit |
8681c6 |
- New pkcsicsf utility to setup the ICSF token.
|
|
Packit |
8681c6 |
- New manpage for pkcsicsf utility.
|
|
Packit |
8681c6 |
- ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6 mechanisms
|
|
Packit |
8681c6 |
using 3DES keys.
|
|
Packit |
8681c6 |
- ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL mechanisms.
|
|
Packit |
8681c6 |
- ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64, CKM_AES_CFB128,
|
|
Packit |
8681c6 |
CKM_AES_MAC, and CKM_AES_MAC_GENERAL mechanisms.
|
|
Packit |
8681c6 |
- Some code cleanup in pkcsslotd.
|
|
Packit |
8681c6 |
- pkcsslotd daemon uses a socket rather than shared memory to pass
|
|
Packit |
8681c6 |
slot information to the opencryptoki library.
|
|
Packit |
8681c6 |
- New testcases added for various crypto algorithms and pkcs#11 api calls.
|
|
Packit |
8681c6 |
- Add README to docs directory for how to setup ICSF token.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-2.4.3.1 (May 17, 2013)
|
|
Packit |
8681c6 |
- Allow imported rsa private keys in cca to also decrypt.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-2.4.3 (April 29, 2013)
|
|
Packit |
8681c6 |
- CKM_SHA256_RSA_PKCS,CKM_SHA384_RSA_PKCS,CKM_SHA512_RSA_PKCS support
|
|
Packit |
8681c6 |
for ICA token.
|
|
Packit |
8681c6 |
- Allow import of RSA public and private keys into CCA token.
|
|
Packit |
8681c6 |
- Systemd support added.
|
|
Packit |
8681c6 |
- Various bugfixes and additional testcases.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-2.4.2 (April 27, 2012)
|
|
Packit |
8681c6 |
- Re-factored spinlocks, such that each token has its own spinlock
|
|
Packit |
8681c6 |
in its own directory relative to /var/locks/opencryptoki.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-2.4.1 (February 21, 2012)
|
|
Packit |
8681c6 |
- SHA256 support added for CCA token
|
|
Packit |
8681c6 |
- Several crypto algorithm testcases refactored to include published
|
|
Packit |
8681c6 |
test vectors.
|
|
Packit |
8681c6 |
- Testcase directory restructured for future improvements.
|
|
Packit |
8681c6 |
- Allow tpm stdll to get SRK passwd and mode from new env variables.
|
|
Packit |
8681c6 |
See [1] for info on how to use this feature and please report any bugs.
|
|
Packit |
8681c6 |
- Renamed spinlocks for shared memory to /var/lock dir and did
|
|
Packit |
8681c6 |
some cleanup of unused locking schemes.
|
|
Packit |
8681c6 |
- Various bugfixes and cleanup.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
[1] http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=blob;f=doc/README.tpm_stdll;h=dda0d2263cfbb3df8c65ebc64b8006e3242f6321;hb=HEAD#l58
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-2.4
|
|
Packit |
8681c6 |
- Support for Elliptic Curve Support in CCA token.
|
|
Packit |
8681c6 |
- Support for AES CTR in ICA token.
|
|
Packit |
8681c6 |
- Session handling refactored from using a reference to memory to
|
|
Packit |
8681c6 |
using a handle that references a binray tree node.
|
|
Packit |
8681c6 |
- Cleanup logging. Debug messages now go to a file referenced in
|
|
Packit |
8681c6 |
OPENCRYPTOKI_DEBUG_FILE env variable.
|
|
Packit |
8681c6 |
- Various bugfixes and cleanup.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-2.3.3 (Jan 13 2011)
|
|
Packit |
8681c6 |
- Moderate fixes and clean-ups to key unwrapping mechanisms
|
|
Packit |
8681c6 |
- several pkcsconf fixes, some minor changes
|
|
Packit |
8681c6 |
- Important fix to CCA library name in pkcs11_startup
|
|
Packit |
8681c6 |
- PKCS padding length fix for symmetric ciphers
|
|
Packit |
8681c6 |
- Better RSA public exponent validations in all supported tokens
|
|
Packit |
8681c6 |
- Huge testsuite refactor
|
|
Packit |
8681c6 |
- Several other minor fixes and cleanups
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* opencryptoki-2.3.2 (Jul 29 2010)
|
|
Packit |
8681c6 |
- Significant clean-ups to the building and packaging systems and many
|
|
Packit |
8681c6 |
small fixes by Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
|
|
Packit |
8681c6 |
- Various minor fixes to slot daemon and init script by Dan HorĂ¡k
|
|
Packit |
8681c6 |
<dan@danny.cz>
|
|
Packit |
8681c6 |
- Some RSA PKCS#1 v1.5 padding clean-ups by Ramon de Carvalho Valle
|
|
Packit |
8681c6 |
<rcvalle@linux.vnet.ibm.com>
|
|
Packit |
8681c6 |
- Human-readable flags output to pkcsconf, some minor soft-token
|
|
Packit |
8681c6 |
fixes by Kent Yoder <key@linux.vnet.ibm.com>
|
|
Packit |
8681c6 |
- Improved overall session/object look-up performance. Note that this
|
|
Packit |
8681c6 |
change might crash buggy callers with badly-written session/object
|
|
Packit |
8681c6 |
handle tracking - Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* openCryptoki-2.3.1
|
|
Packit |
8681c6 |
- Moved ICA token to use libica-2.0, supporting newer hardware and 4K
|
|
Packit |
8681c6 |
RSA modulus. Libica-2.x is now *required* to build the ICA token.
|
|
Packit |
8681c6 |
- Moved CCA token to use CCA-4.0, supporting AES, SHA-2 and 4K RSA
|
|
Packit |
8681c6 |
keys in newer hardware. Although not required for building, CCA-4.0
|
|
Packit |
8681c6 |
is *required* for running the CCA token.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* openCryptoki-2.2.5
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
- Fixed bug in comparison of PINs in pkcsconf.
|
|
Packit |
8681c6 |
- Added code to set the encryption and signature schemes of keys imported
|
|
Packit |
8681c6 |
into the TPM token.
|
|
Packit |
8681c6 |
- Added tpm token message to warn when only owner can read the pub SRK.
|
|
Packit |
8681c6 |
- Fixed return code of function failed when it should be buffer too small in
|
|
Packit |
8681c6 |
various mech_des.c mech_des3.c and mech_aes.c files.
|
|
Packit |
8681c6 |
- Moved doc/*.txt to manpage format and integrated them into the build/install
|
|
Packit |
8681c6 |
- Updated testcases to query env vars for PINs and call a set of common
|
|
Packit |
8681c6 |
routines for common operations
|
|
Packit |
8681c6 |
- Added SHA256 support for all tokens
|
|
Packit |
8681c6 |
- Fixed object cleanup when max number of token objects is hit
|
|
Packit |
8681c6 |
- Fixed fd exhaustion bug with spin lock fd
|
|
Packit |
8681c6 |
- Updated TPM stdll for TSS policy handling changes. Trousers 0.2.9+ now
|
|
Packit |
8681c6 |
required with openCryptoki 2.2.5
|
|
Packit |
8681c6 |
- Updated TPM stdll to use TSS_TSPATTRIB_KEYINFO_RSA_MODULUS when retrieving
|
|
Packit |
8681c6 |
the public modulus
|
|
Packit |
8681c6 |
- pkcs11_startup fix for use with s/w fallback support in libica on s390
|
|
Packit |
8681c6 |
- Added the CCA secure key token and migration utility
|
|
Packit |
8681c6 |
- Replaced bcopy/bzero with memcpy/memset throughout the code
|
|
Packit |
8681c6 |
- Removed unused variables throughout the code
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
* openCryptoki-2.2.4
|