1.186. opencryptoki

Updated opencryptoki packages that fix several bugs and add various enhancements are now available for Red Hat Linux 6.
The openCryptoki package contains version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z).
The openCryptoki package has been upgraded to upstream version 2.3.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#632765)

Bug Fixes

BZ#604287
Previously, openCryptoki failed to include secure key support on IBM System z. This was caused by an incorrect build configuration. This update provides the package built with the correct configuration and adds secure key support for System z to the package.
BZ#654088
Prior to this update, openCryptoki failed with the CKR_FUNCTION_FAILED error when trying to sign a certificate for an NSS (Network Security Services) database. This occurred due to the function being called incorrectly. With this update, openCryptoki uses the correct function arguments and the error no longer occurs.
Users of opencryptoki are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Updated opencryptoki packages that fix one bug are now available For Red Hat Enterprise linux 6.
The opencryptoki package contains version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki package also brings a software token implementation that can be used without any cryptographic hardware. This package contains the Slot Daemon (pkcsslotd) and general utilities.
Bug Fix
BZ#743556
When setting the length of an RSA key for the IBM Cryptographic Accelerator(ICA) token, initialization of the CKA_MODULUS_BITS internal attribute of PKCS#11 was not properly tested and the RSA key length could have been set incorrectly. As a consequence, RSA key verification in the ICA token failed. To ensure that the RSA key is set correctly, two conditions have been added in the respective function in the ICA specific library. The RSA key operations now work properly on the ICA token.
All users of opencryptoki are advised to upgrade to these updated packages, which fix this bug.