openstack/barbican
Code Issues Proposed changes

Merge "Fix minor formats of release note"

Browse Source
This commit is contained in:
Zuul 2025-03-28 14:42:18 +00:00 committed by Gerrit Code Review
commit 0acec3c0c0
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
releasenotes/notes/fix-bug-2036506-bf171b5949495457.yaml
View File

@ -1,8 +1,8 @@
--- ---
deprecations: deprecations:
- | - |
The `[p11_crypto_plugin]hmac_keywrap_mechanism` option has been replaced The ``[p11_crypto_plugin]hmac_keywrap_mechanism`` option has been replaced
by `[p11_crypto_plugin]hmac_mechanism`. This option was renamed to avoid by ``[p11_crypto_plugin]hmac_mechanism``. This option was renamed to avoid
confusion since this mechanism is only used to sign encrypted data and confusion since this mechanism is only used to sign encrypted data and
never used for key wrap encryption. never used for key wrap encryption.
security: security:
@ -14,9 +14,10 @@ security:
Version 3.0. Version 3.0.
fixes: fixes:
- | - |
Fixed Bug #2036506 - This patch replaces the hard-coded CKM_AES_CBC_PAD Bug `#2036506 <https://bugs.launchpad.net/barbican/+bug/2036506>`_:
mechanism used to wrap pKEKs with an option to configure this mechanism. Replaced the hard-coded CKM_AES_CBC_PAD mechanism used to wrap pKEKs with
Two new options have been added to the [p11_crypto_plugin] section of the an option to configure this mechanism.
configuration file: `key_wrap_mechanism` and `key_wrap_generate_iv`. These Two new options have been added to the ``[p11_crypto_plugin]`` section of
options default to `CKM_AES_CBC_PAD` and `True` respectively to preserve the configuration file: ``key_wrap_mechanism`` and
backwards compatibility. ``key_wrap_generate_iv``. These options default to ``CKM_AES_CBC_PAD``
and ``True`` respectively to preserve backwards compatibility.