diff --git a/ChangeLog b/ChangeLog index 030c2532b..89f61b924 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,31 @@ ++ openCryptoki 3.24 +- Add support for building Opencryptoki on the IBM AIX platform +- Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) +- Add support for protecting tokens with a token specific user group +- EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE +- CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later +- CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). On Linux on IBM Z: + Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 + variants. On other platforms: Requires CCA v7.2.43 or later for Round2-65, + the Round 3 variants are currently not supported +- CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. + Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms +- CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. Requires CCA v8.1 on Linux + on IBM Z, not supported on other platforms +- ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later +- ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms +- ICA/Soft: Add support for SHA based key derivation mechanisms +- ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH +- EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE +- EP11/CCA: Support live guest relocation for protected key (PKEY) operations +- Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider +- ICSF: Add support for SHA-2 mechanisms +- ICSF: Performance improvements for attribute retrieval +- p11sak: Add support for exporting a key or certificate as URI-PEM file +- p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files +- p11sak: Add option to show the master key verification patterns of secure keys +- Bug fixes + + openCryptoki 3.23 - EP11: Add support for FIPS-session mode - Updates to harden against RSA timing attacks diff --git a/README.md b/README.md index c270b4719..0f38428fa 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,13 @@ # openCryptoki -Package version 3.23 +Package version 3.24 Please see [ChangeLog](ChangeLog) for release specific information. ## OVERVIEW -openCryptoki version 3.23 implements the PKCS#11 specification version 3.0. +openCryptoki version 3.24 implements the PKCS#11 specification version 3.0. This package includes several cryptographic tokens: CCA, ICA, TPM, SWToken, ICSF and EP11. diff --git a/configure.ac b/configure.ac index d34e6fd63..d39757734 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ([2.69]) -AC_INIT([openCryptoki],[3.23],[https://github.com/opencryptoki/opencryptoki/issues],[],[https://github.com/opencryptoki/opencryptoki]) +AC_INIT([openCryptoki],[3.24],[https://github.com/opencryptoki/opencryptoki/issues],[],[https://github.com/opencryptoki/opencryptoki]) AC_CONFIG_SRCDIR([testcases/common/common.c]) dnl Needed for $target! diff --git a/rpm/opencryptoki.spec b/rpm/opencryptoki.spec index fbfabe2ba..05229b345 100644 --- a/rpm/opencryptoki.spec +++ b/rpm/opencryptoki.spec @@ -2,7 +2,7 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 -Version: 3.23.0 +Version: 3.24.0 Release: 1%{?dist} License: CPL Group: System Environment/Base diff --git a/testcases/ciconfig.sh b/testcases/ciconfig.sh index adb42d533..93ef49267 100755 --- a/testcases/ciconfig.sh +++ b/testcases/ciconfig.sh @@ -95,7 +95,7 @@ if test ! -z ${PKCS11_TEST_USER}; then fi # initialize opencryptoki.conf -echo "version opencryptoki-3.23" > "${OCKCONFDIR}/opencryptoki.conf" +echo "version opencryptoki-3.24" > "${OCKCONFDIR}/opencryptoki.conf" # enable full statistics echo "statistics (on,implicit,internal)" >> "${OCKCONFDIR}/opencryptoki.conf" diff --git a/usr/sbin/pkcsslotd/opencryptoki.conf b/usr/sbin/pkcsslotd/opencryptoki.conf index abb89d5d8..d997f5d0e 100644 --- a/usr/sbin/pkcsslotd/opencryptoki.conf +++ b/usr/sbin/pkcsslotd/opencryptoki.conf @@ -1,4 +1,4 @@ -version opencryptoki-3.23 +version opencryptoki-3.24 # The following defaults are defined: # hwversion = "0.0"