Recommended update for openCryptoki

Announcement ID:	SUSE-RU-2021:2770-1
Rating:	moderate
References:	bsc#1179319 bsc#1182120 bsc#1182190 bsc#1182726 bsc#1185976 bsc#1188879 jsc#ECO-2377 jsc#SLE-14723
Affected Products:	Server Applications Module 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that contains two features and has six fixes can now be installed.

Description:

This update for openCryptoki fixes the following issues:

• Fixed a bug where the pkcscca migration fails with usr/sb2 is not a valid slot ID (bsc#1182120)
• Fixed a segmentation fault of the sess_opstate test on the Soft Token (bsc#1182190)
• Fixed a segmentation fault of the p11sak list-key (bsc#1182726)
• Fixed an issue when soft token does not check if an EC key is valid. (bsc#1185976)
• Fixed an issue when the rendered config file incompatible and opencryptoki slot daemon is not able to start up again after migration. (bsc#1188879)

Upgraded from version 3.12.1 to 3.15.1 (jsc#SLE-14723)

• Conform to PKCS 11 3.0 Baseline Provider profile
• Introduce new vendor defined interface named "Vendor IBM"
• Support C_IBM_ReencryptSingle via "Vendor IBM" interface
• CCA: support key wrapping
• SOFT: support ECC
• p11sak tool: add remove-key command
• EP11: Dilitium support stage 2
• Common: Rework on process, thread, btree and object locking
• TPM, ICA, ICSF: support multiple token instances
• new tool p11sak
• EP11: Dilithium support
• EP11: EdDSA support
• EP11: support RSA-OAEP with non-SHA1 hash and MGF
• Fix compiling with C++ (bsc#1179319)
• Added error message handling for p11sak remove-key command. (bsc#1179319)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Server Applications Module 15-SP2
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2770=1

Package List:

• Server Applications Module 15-SP2 (aarch64 ppc64le s390x x86_64)
  • openCryptoki-debugsource-3.15.1-4.9.1
  • openCryptoki-debuginfo-3.15.1-4.9.1
  • openCryptoki-3.15.1-4.9.1
• Server Applications Module 15-SP2 (ppc64le s390x)
  • openCryptoki-64bit-debuginfo-3.15.1-4.9.1
  • openCryptoki-64bit-3.15.1-4.9.1
• Server Applications Module 15-SP2 (ppc64le s390x x86_64)
  • openCryptoki-devel-3.15.1-4.9.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1179319
• https://bugzilla.suse.com/show_bug.cgi?id=1182120
• https://bugzilla.suse.com/show_bug.cgi?id=1182190
• https://bugzilla.suse.com/show_bug.cgi?id=1182726
• https://bugzilla.suse.com/show_bug.cgi?id=1185976
• https://bugzilla.suse.com/show_bug.cgi?id=1188879
• https://jira.suse.com/browse/ECO-2377
• https://jira.suse.com/browse/SLE-14723