Ubuntu
opencryptoki package

[22.10 FEAT] openCryptoki: support crypto profiles

Bug #1959549 reported by bugproxy
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
opencryptoki (Ubuntu)
Fix Released
High
Skipper Bug Screeners

Bug Description

openCryptoki: support crypto profiles

Description:
Support a new configuration option to restrict cryptographic functions/mechanisms in the spirit of Ubuntu crypto profiles.
And provide the scripts to transform Ubuntu crypto profile settings into openCryptoki profile settings as needed by the the Ubuntu crypto profile scheme.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-196082 severity-high targetmilestone-inin2204
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
affects: linux (Ubuntu) → opencryptoki (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in opencryptoki (Ubuntu):
importance: Undecided → High
Changed in ubuntu-z-systems:
importance: Undecided → High
Revision history for this message
Frank Heimes (fheimes) wrote :

Could you please share the planned target version of opencryptoki this functionality will land in, and/or the needed commits?
I assume it will be a version >3.17? Since I can't find much about it in the changelog <= 3.17.

Changed in opencryptoki (Ubuntu):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: New → Incomplete
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2022-07-26 20:26 EDT-------
This feature is included in opencryptoki 3.18.0,
(see https://github.com/opencryptoki/opencryptoki/releases/tag/v3.18.0)

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Incomplete → New
Changed in opencryptoki (Ubuntu):
status: Incomplete → New
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: [22.04 FEAT] openCryptoki: support crypto profiles

This bug was fixed in the package opencryptoki - 3.18.0+dfsg-0ubuntu1

---------------
opencryptoki (3.18.0+dfsg-0ubuntu1) kinetic; urgency=medium

  * New upstream release, with:
    - minor adjustment in 01-disable-testcases.patch due to different context
    - remove of d/p/6759faed-EP11-Fix-host-library-version-query.patch
      since it's now included in 3.18 upstream
    - remove file AUTHORS from debian/opencryptoki.docs
      since it got removed in 3.18 upstream
    This new version solves LP bugs (feature requests):
    - "openCryptoki: PKCS #11 3.1 - support CKA_DERIVE_TEMPLATE" (LP: #1982842)
    - "openCryptoki: support crypto profiles" (LP: #1959549)
    - "openCryptoki: add crypto counters" (LP: #1959551)
    - Assign pkcs11 group to p11sak_defined_attrs.conf and strength.conf
      in debian/opencryptoki.postinst rather than of Makefile.am
      to solve "invalid group ‘pkcs11’" issues during build.
      Also extend debian/opencryptoki.install and
      debian/opencryptoki.install.s390x to pick up
      /etc/opencryptoki/p11sak_defined_attrs.conf and
      /etc/opencryptoki/strength.conf.

 -- Frank Heimes <email address hidden> Mon, 15 Aug 2022 12:29:35 +0200

Changed in opencryptoki (Ubuntu):
status: New → Fix Released
Frank Heimes (fheimes)
summary: - [22.04 FEAT] openCryptoki: support crypto profiles
+ [22.10 FEAT] openCryptoki: support crypto profiles
Changed in ubuntu-z-systems:
status: New → Fix Released
information type: Private → Public
bugproxy (bugproxy)
tags: added: targetmilestone-inin2210
removed: targetmilestone-inin2204
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.