#118562-13: Obsoleted by: 118562-14 SunOS 5.10: Solaris Data Encryption Kit Patch

Obsoleted by: 118562-14 SunOS 5.10: Solaris Data Encryption Kit Patch

Disclaimer:

Please note: Although OBSOLETED patches are available on SunSolve, Sun recommends using the most recent patches and the most recent revision of those patches. OBSOLETED patches do not include the latest bug fixes and/or product enhancements, and may require the installation of additional patches as a corrective measure.

Status: OBSOLETE

Patch Id: 118562-13

***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Summary: Obsoleted by: 118562-14 SunOS 5.10: Solaris Data Encryption Kit Patch

Date:  Apr/24/2007


******************************************************************
  The items made available through this website are subject to
  United States export laws and may be subject to export and
  import laws of other countries.  You agree to strictly comply
  with all such laws and obtain licenses to export, re-export, 
  or import as may be required. 
  Unless expressly authorized by the United States Government 
  to do so you will not, directly or indirectly, export or 
  re-export the items made available through this website, nor
  direct the items therefrom, to any embargoed or restricted 
  country identified in the United States export laws, including
  but not limited to the Export Administration Regulations 
  (15 C.F.R. Parts 730-774). 
  IMPORT INFORMATION:  This software contains encryption features
  with symmetric key lengths greater than 128-bit,  that may be
  restricted for import into some countries.
******************************************************************

Installation Requirements:

Reboot immediately after patch is installed                      
                      Install in Single User Mode

Solaris Release: 10

Sun OS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 118563

Topic:

SunOS 5.10: Solaris Data Encryption Kit Patch
	EXPORT INFORMATION: This software contains encryption features
	and requires export approval from the U.S. Department of State,
	prior to exporting from the United States.

Relevant Architecture: sparc

BugId's fixed with this patch:

4691624 4721729 4925453 4926742 5039273 5062050 5067964 6195428 6199119 6211857 6215509 6215816 6220814 6222467 6226862 6230146 6245378 6249979 6252894 6253744 6256312 6262344 6264344 6271754 6276483 6278572 6278578 6286167 6286372 6331488 6345493 6358078 6368332 6372133 6372169 6372587 6373525 6379529 6427002 6427559 6449294 6466370 6467218 6476279 6476772 6483054

Changes incorporated in this version:


6466370 6467218 6476279 6476772 6483054

Patches accumulated and obsoleted by this patch:

121290-03 123564-01

Patches which conflict with this patch:

Required Patches:

118918-05 (or greater)

Obsoleted by:

Files Included in this Patch:

/kernel/crypto/sparcv9/aes256
/kernel/crypto/sparcv9/blowfish448
/platform/SUNW,A70/kernel/crypto/sparcv9/aes256
/platform/SUNW,SPARC-Enterprise/kernel/crypto/sparcv9/aes256
/platform/SUNW,Sun-Fire-V215/kernel/crypto/sparcv9/aes256
/platform/SUNW,Sun-Fire-V445/kernel/crypto/sparcv9/aes256
/platform/sun4u-us3/kernel/crypto/sparcv9/aes256
/platform/sun4u/kernel/crypto/sparcv9/arcfour2048
/platform/sun4v/kernel/crypto/sparcv9/arcfour2048
/usr/lib/security/pkcs11_softtoken_extra.so.1
/usr/lib/security/sparcv9/pkcs11_softtoken_extra.so.1
/usr/sfw/lib/libcrypto_extra.so.0.9.7
/usr/sfw/lib/libssl_extra.so.0.9.7
/usr/sfw/lib/sparcv9/libcrypto_extra.so.0.9.7
/usr/sfw/lib/sparcv9/libssl_extra.so.0.9.7

Problem Description:

6466370 security vulnerabilities in OpenSSL may lead to DoS or code execution (CVE-2006-3738,CVE-2006-4343)
6467218 fix RSA signature forgery (CVE-2006-4339)
6476279 multiple vulnerabilities in OpenSSL (CVE-2006-2937, CVE-2006-2940)
6476772 update OpenSSL version string with information about security patches included
6483054 OpenSSL lacks Thread Support
 
(from 118562-12)
 
6286167 SSLException thrown when using Solaris PKCS provider
 
(from 118562-11)
 
6271754 pkcs11_softtoken too aggressive in looking for token data files
 
(from 118562-10)
 
        This revision accumulates S10U3 feature point patch 123564-01
        and also includes the following changes:
 
6379529 Solaris for OPL Project
6427002 Connect(cfgadm) fails after hotplug into empty slots 2,3 and 4
6427559 Oberon hotplug requires updates from Oberon Spec v1.01
 
(from 118562-09)
 
        This revision accumulates S10U2 feature point patch 121290-03.
 
(from 118562-08)
 
6276483 libpkcs11 pthread_atfork() code can cause child process to hang
6345493 fork(2) handling fixes from 6276483 needs further work in pkcs11_softtoken
 
(from 118562-07)
 
5039273 failure in crypto_verify() when using a bignum with value 0 for CKM_RSA_X_509
5062050 kernel bignum (thus rsa) should use the sparc optimized version
6264344 remove gratuitous bzero() calls from SHA1Final() and MD5Final()
6278572 %asi registers based MD5 implementation for Niagara in solaris
6278578 reduce store stalls by in-register coalescing for a faster RC4 on Niagara
6286372 kernel SHA1Update uses global variable making it non-reentrant
4925453 further optimization can be done for RC4 on SPARC
 
(from 118562-06)
 
6249979 sha1 slow on Niagara
 
(from 118562-05)
 
6256312 ON support for Chicago platform
6226862 Ontario and Chicago systems panic (mpt) during sunvts bringup
6245378 mpt needs to create property for SATA disks to enable sd in creating pm-components
6230146 sd should export pm-components property for sata drives
6253744 mpt: assertion failed: Tgt(cmd) != target
5067964 bge assertion failed: srp->tx_flow == 0
6262344 Metaslot crashes in call to C_UnwrapKey during generation
6252894 BER routines in LDAP library don't work for 64 bit
 
(from 118562-04)
 
6222467 system calls from C_Initialize() get interrupted
6195428 "Slot Info is NULL for vca0" error when running SUNvts vcatest on E15K
6211857 driver panics when kcf_free_context() is called
 
(from 118562-03)
 
        This revision fixes the hard dependency requirement from 118918-03
        to 118918-05.
 
(from 118562-02)
 
4926742 CKM_DH_PKCS_DERIVE fails if derived secret is shorter than prime
6215816 C_FindObjectsInit fails when token isn't present
6220814 C_DigestKey failure causes C_DestroyObject being hung
 
(from 118562-01)
 
4691624 libpkcs11: uCF meta slot management
6199119 pk11object test program core dump with metaslot+pkcs11_kernel+Deimos configured
6215509 fix for 4691624 introduced a lock violation
 
(from 121290-03)
 
6372133 Seattle/Boston platform NUMA/MPO support non-functional
6373525 Boston platmod does not return correct cpu unum in plat_get_cpu_unum
6358078 Boston/Seattle property usage incorrect for power/pmugpio/mi2cv
6372587 pkcs11_softtoken should use getpwuid_r(3C) to avoid overwriting thread-specific data
6372169 blowfish can read past mblk and panic in cbc mode
6368332 libpkcs11 should report that it is v2.20 not v2.11
 
(from 121290-02)
 
4721729 support AES Counter mode for encryption
 
(from 121290-01)
 
6331488 OID with NO parameter for RSA sigs using SHA-1 missing from softtoken
 
(from 123564-01)
 
6449294 OPL aes256 should be delivered in separate FPP

Revision History:

118562-08 118562-12 118562-06 118562-03 118562-10 118562-05 118562-04 118562-07 118562-09 118562-11 118562-02

Patch Installation Instructions:

--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:

-----------------------------
 
Not all patches listed in this section as needed for the completion
of a fix or feature, may be available at the same time as this patch.
This allows the remaining fixes/features to be made available sooner.
 
NOTE 1:  Reboot system after patch installation is complete.
 
NOTE 2:  If you're planning to set up Zones on this system, please make
         sure to install the following patch which fixes bugid 6216195
         (zone installation confused by UPDATE=yes in pkginfo(4) file):
 
         119015-01 (or greater)  Install and Patch Utilities Patch
 
         (Note that 119254 has superseded 119015; installation of the
          current version is recommended to be preferred, due to its
          central role in the installation and removal of patches.)
 
NOTE 3:  This patch only applies to systems with the Solaris Data
         Encryption Kit (SUNWcry/SUNWcryr) packages installed.
 
NOTE 4:  To get the complete fix for bugid 4926742 (CKM_DH_PKCS_DERIVE fails
         if derived secret is shorter than prime), please also install the
         following patch:
 
         118918-06 (or greater)  Solaris Crypto Framework patch
 
NOTE 5:  To get the complete fix for bugids:
 
         6256312 ON support for Chicago platform
         6226862 Ontario and Chicago systems panic (mpt) during sunvts bringup
         6245378 mpt needs to create property for SATA disks to enable sd in
                 creating pm-components
         6230146 sd should export pm-components property for sata drives
         6253744 mpt: assertion failed: Tgt(cmd) != target
         5067964 bge assertion failed: srp->tx_flow == 0
 
         please also install the following patches:
 
         118822-15 (or greater)  kernel patch
         119374-04 (or greater)  sd and ssd patch
         119850-04 (or greater)  mpt patch
         120197-02 (or greater)  uata patch
         120304-02 (or greater)  bge patch
         119981-01 (or greater)  libc_psr patch
 
NOTE 6:  To get the complete support for algorithm optimization for crypto
         and kernel modules for restricted and non-restricted key lengths
         versions, please also install the following patch:
 
         118918-11 (or greater)  Solaris Crypto Framework patch
 
NOTE 7:  To get the complete fix for bugids 6276483 (libpkcs11 pthread_atfork()
         code can cause child process to hang) and 6345493 (fork(2) handling
         fixes from 6276483 needs further work in pkcs11_softtoken), please
         also include the following patch:
 
         118918-12 (or greater)  Solaris Crypto Framework patch
 
NOTE 8:  To get the complete Crypto Accelerator 6000 RFE, please also install
         the following patch:
 
         118833-04 (or greater)  kernel patch
 
NOTE 9:  To get the complete support for SPARC(R) Enterprise Mx000 servers,
         please also install the following patches:
 
         118833-25 (or greater)  Kernel Patch
         123839-01 (or greater)  FMA Patch
         123914-01 (or greater)  Header Files Patch
 
NOTE 10: To get the complete fix for 6286167 (SSLException thrown when using
         Solaris PKCS provider) on sun4v platform, please also install the
         following patch:
 
         125432-01 (or greater)  ncp Patch

README -- Last modified date:  Tuesday, April 24, 2007

Login Required

Login Required