ELBA-2024-2462

ULN >
Oracle Linux Errata repository >
ELBA-2024-2462

ELBA-2024-2462 - opencryptoki bug fix and enhancement update

Type:	BUG
Severity:	NA
Release Date:	2024-05-02

Description

[3.22.0-3]
- Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
Related: RHEL-22792

[3.22.0-2]
- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
Resolves: RHEL-22792

[3.22.0-1]
- Resolves: RHEL-11412, rebase to 3.22.0
- Resolves: RHEL-10569, openCryptoki for PKCS #11 3.0

[3.21.0-8]
- Resolves: #2222592, p11sak tool: slot option does not accept argument 0 for slot index 0
- Resolves: #2222596, p11sak fails as soon as there reside non-key objects

[3.21.0-5]
- add requirement on selinux-policy >= 38.1.14-1 for pkcsslotd policy sandboxing
Related: #2160061

[3.21.0-4]
- add verify attributes for opencryptoki.conf to ignore the verification

Related: #2160061

[3.21.0-3]
- Resolves: #2110497, concurrent MK rotation for cca token
- Resolves: #2110498, concurrent MK rotation for ep11 token
- Resolves: #2110499, ep11 token: PKCS #11 3.0 - support AES_XTS
- Resolves: #2111010, cca token: protected key support
- Resolves: #2160061, rebase to 3.21.0
- Resolves: #2160105, pkcsslotd hardening
- Resolves: #2160107, p11sak support Dilithium and Kyber keys
- Resolves: #2160109, ica and soft tokens: PKCS #11 3.0 - support AES_XTS

[3.19.0-2]
- Resolves: #2044182, Support of ep11 token for new IBM Z Hardware (IBM z16)

[3.19.0-1]
- Resolves: #2126294, opencryptoki fails after generating > 500 RSA keys
- Resolves: #2110314, rebase to 3.19.0
- Resolves: #2110989, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens
- Resolves: #2110476, openCryptoki ep11 token: master key consistency
- Resolves: #2018458, openCryptoki ep11 token: vendor specific key derivation

[3.18.0-4]
- Related: #2044179, do not touch opencryptoki.conf if it is in place already and even if it is unchanged

[3.18.0-3]
- Related: #2044179, fix json output

[3.18.0-2]
- Related: #2044179, add missing strength.conf

[3.18.0-1]
- Resolves: #2044179, rebase to 3.18.0
- Resolves: #2068091, pkcsconf -t failed with Segmentation fault in FIPS mode
- Resolves: #2066763, Dilithium support not available
- Resolves: #2064697, OpenSSL 3.0 Compatibility for IBM Security Libraries and Tools
- Resolves: #2044181, support crypto profiles
- Resolves: #2044180, add crypto counters

[3.17.0-6]
- Resolves: #2066763, Dilithium support not available

[3.17.0-5]
- Resolves: #2064697, ICA/EP11: Support libica version 4

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	opencryptoki-3.22.0-3.el9.src.rpm	94ac86f816b4f4cfd736a8fc19973d5b	-	ol9_aarch64_baseos_latest
	opencryptoki-3.22.0-3.el9.src.rpm	94ac86f816b4f4cfd736a8fc19973d5b	-	ol9_aarch64_codeready_builder
	opencryptoki-3.22.0-3.el9.src.rpm	94ac86f816b4f4cfd736a8fc19973d5b	-	ol9_aarch64_u4_baseos_base
	opencryptoki-3.22.0-3.el9.aarch64.rpm	2e6f9148177b377f3219e67f96ec4197	-	ol9_aarch64_baseos_latest
	opencryptoki-3.22.0-3.el9.aarch64.rpm	2e6f9148177b377f3219e67f96ec4197	-	ol9_aarch64_u4_baseos_base
	opencryptoki-devel-3.22.0-3.el9.aarch64.rpm	bb48c9a573a84a51f1c675aae0b266d9	-	ol9_aarch64_codeready_builder
	opencryptoki-icsftok-3.22.0-3.el9.aarch64.rpm	16f0ad689a1c2571fcdffbfea3e45a88	-	ol9_aarch64_baseos_latest
	opencryptoki-icsftok-3.22.0-3.el9.aarch64.rpm	16f0ad689a1c2571fcdffbfea3e45a88	-	ol9_aarch64_u4_baseos_base
	opencryptoki-libs-3.22.0-3.el9.aarch64.rpm	5a618c37489dcb8be85abc9529970862	-	ol9_aarch64_baseos_latest
	opencryptoki-libs-3.22.0-3.el9.aarch64.rpm	5a618c37489dcb8be85abc9529970862	-	ol9_aarch64_u4_baseos_base
	opencryptoki-swtok-3.22.0-3.el9.aarch64.rpm	2580746f0b01a84a1d35cef27dd0649a	-	ol9_aarch64_baseos_latest
	opencryptoki-swtok-3.22.0-3.el9.aarch64.rpm	2580746f0b01a84a1d35cef27dd0649a	-	ol9_aarch64_u4_baseos_base

Oracle Linux 9 (x86_64)	opencryptoki-3.22.0-3.el9.src.rpm	94ac86f816b4f4cfd736a8fc19973d5b	-	ol9_x86_64_baseos_latest
	opencryptoki-3.22.0-3.el9.src.rpm	94ac86f816b4f4cfd736a8fc19973d5b	-	ol9_x86_64_codeready_builder
	opencryptoki-3.22.0-3.el9.src.rpm	94ac86f816b4f4cfd736a8fc19973d5b	-	ol9_x86_64_u4_baseos_base
	opencryptoki-3.22.0-3.el9.x86_64.rpm	36091880f1a2f052f05eb4f570368d5c	-	ol9_x86_64_baseos_latest
	opencryptoki-3.22.0-3.el9.x86_64.rpm	36091880f1a2f052f05eb4f570368d5c	-	ol9_x86_64_u4_baseos_base
	opencryptoki-devel-3.22.0-3.el9.i686.rpm	8c129c1fc582b720205c9943afb3f35b	-	ol9_x86_64_codeready_builder
	opencryptoki-devel-3.22.0-3.el9.x86_64.rpm	53700ac04739b96902aa7960c9d25c0a	-	ol9_x86_64_codeready_builder
	opencryptoki-icsftok-3.22.0-3.el9.x86_64.rpm	14d9f06962f0d8d9d480176879211ff8	-	ol9_x86_64_baseos_latest
	opencryptoki-icsftok-3.22.0-3.el9.x86_64.rpm	14d9f06962f0d8d9d480176879211ff8	-	ol9_x86_64_u4_baseos_base
	opencryptoki-libs-3.22.0-3.el9.i686.rpm	0df7183d1cbada75711526e5f2270d5d	-	ol9_x86_64_baseos_latest
	opencryptoki-libs-3.22.0-3.el9.i686.rpm	0df7183d1cbada75711526e5f2270d5d	-	ol9_x86_64_u4_baseos_base
	opencryptoki-libs-3.22.0-3.el9.x86_64.rpm	320e650440f368cf74f18e3b2fff0bf8	-	ol9_x86_64_baseos_latest
	opencryptoki-libs-3.22.0-3.el9.x86_64.rpm	320e650440f368cf74f18e3b2fff0bf8	-	ol9_x86_64_u4_baseos_base
	opencryptoki-swtok-3.22.0-3.el9.x86_64.rpm	277bea18fff7a51b271c79701a5a639d	-	ol9_x86_64_baseos_latest
	opencryptoki-swtok-3.22.0-3.el9.x86_64.rpm	277bea18fff7a51b271c79701a5a639d	-	ol9_x86_64_u4_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691