-
Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.21.0-10
- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
Resolves: RHEL-22791
-
Tue Jul 18 2023 Than Ngo <than@redhat.com> - 3.21.0-9
- Resolves: #2223588, FTBFS
-
Tue Jul 18 2023 Than Ngo <than@redhat.com> - 3.21.0-8
- Related: #2222595, add triggerun to reload daemon
-
Fri Jul 14 2023 Than Ngo <than@redhat.com> - 3.21.0-7
- Resolves: #2222595, p11sak tool: slot option does not accept argument 0 for slot index 0
- Resolves: #2222594, p11sak fails as soon as there reside non-key objects
-
Tue Jul 04 2023 Than Ngo <than@redhat.com> - 3.21.0-6
- add workaround for segfault in PEM_write_bio() on OpenSSL 1.1.1
Related: #2159741
-
Tue Jun 13 2023 Than Ngo <than@redhat.com> - 3.21.0-5
- add requirement on selinux-policy >= 3.14.3-121 for pkcsslotd policy sandboxing
Related: #2159697
-
Thu May 25 2023 Than Ngo <than@redhat.com> - 3.21.0-4
- add verify attributes for opencryptoki.conf to ignore the verification
Related: #2159697
-
Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3
- pkcsstats: Fix handling of user name
- p11sak: Fix user confirmation prompt behavior when stdin is closed
Related: #2159697
-
Tue May 16 2023 Than Ngo <than@redhat.com> - 3.21.0-2
- add missing /var/lib/opencryptoki/HSM_MK_CHANGE
- disable unsupported sandbox options and add /run to ReadWritePaths to exclude
/run directory from being made read-only on rhel8
Related: #2159697
-
Mon May 15 2023 Than Ngo <than@redhat.com> - 3.21.0-1
- Resolves: #1984865, ep11 and cca: support concurrent HSM master key changes
- Resolves: #2110500, ep11 token: PKCS #11 3.0 - support AES_XTS
- Resolves: #2111011, cca token: protected key support
- Resolves: #2159697, update to 3.21.0
- Resolves: #2159740, pkcsslotd hardening
- Resolves: #2159741, p11sak support Dilithium and Kyber keys
- Resolves: #2159742, ica and soft tokens: PKCS #11 3.0 - support AES_XTS