検索

このコンテンツは選択した言語では利用できません。

4.126. openCryptoki

download PDF
An updated openCryptoki package that fixes four bugs is now available for Red Hat Enterprise Linux 5.
The openCryptoki package contains version 2.11 of the public-key cryptography standards (PKCS)#11 API, implemented for IBM Cryptocards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z).

Bug Fixes

BZ#538879
Prior to this update, the process to unwrap an Advanced Encryption Standard (AES) key could, under certain circumstances, fail after a hardware cryptographic token was initialized. As a result, openCryptoki returned the error "CKR_TEMPLATE_INCOMPLETE". This update modifies the AES key unwrapping process so that it no longer fails.
BZ#539168
Prior to this update, the message authentication code (MAC) could, under certain circumstances, fail to be verified when using the PKCS#11 API for the acceleration of cryptographic instructions and the error "411 = MAC did not verify." was retunred. This update modifies the underlying code so that the MAC is now computed successfully after being offloaded to the CPACF.
BZ#541028
Prior to this update, openCryptoki did not correctly recognize whether secure-key crypto support was installed when the pkcs11_startup and pkcs_slot scripts were running. As a consequence, the Common Cryptographic Architecture (CCA) token did not correctly work. This update modifies the pkcs11_startup and pkcs_slot scripts to improve the secure-key crypto support check. Now, the CCA token works as expected.
BZ#612274
Prior to this update, OpenCryptoki used linked lists to track objects and sessions in memory, performing an exhaustive search in practically every PKCS#11 call. As a consequence, the overall performance of cryptographic operations degraded exponentially with the number of objects per token or open sessions per process. This update modifies the underlying source code so that the overall performance remains constant.
All users of openCryptoki are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.