Este contenido no está disponible en el idioma seleccionado.

4.203. opencryptoki


Updated opencryptoki packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The openCryptoki package contains version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z).

Bug Fixes

BZ#734489
When setting the length of an RSA key for the IBM Cryptographic Accelerator (ICA) token, initialization of the CKA_MODULUS_BITS internal attribute of PKCS#11 was not properly tested and the RSA key length could have been set incorrectly. As a consequence, RSA key verification in the ICA token failed. To ensure that the RSA key is set correctly, two conditions have been added in the respective function in the ICA specific library. The RSA key operations now work properly on the ICA token.
BZ#730903
Prior to this update, the documentation provided with opencryptoki packages stated that users using opencryptoki needed to be members of the "pkcs11" group but did not mention the real privileges granted by adding a user to the group. Consequently, it was not clear that the members of the "pkcs11" group are assumed to be fully trusted. With this update opencryptoki(7) man page now contains a security note.
BZ#732756
Prior to this update, an unnecessary check in the attach_shared_memory() function was made which therefore required explicit group membership regardless of the current effective privileges. Consequently, upon installation of the opencryptoki packages and creation of the "pkcs11" group, the root user was added to the group. However, root user should not need access to the group to be able to access shared memory. With this update the shared memory checks have been corrected and root user no longer requires membership of the "pkcs11" group.

Enhancement

BZ#693779
The openCryptoki package has been upgraded to upstream version 2.4, which provides a number of bug fixes and enhancements over the previous version.
Users are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.