#118919-12: Obsoleted by: 118919-16 SunOS 5.10_x86: Solaris Crypto Framework patch

Obsoleted by: 118919-16 SunOS 5.10_x86: Solaris Crypto Framework patch

Disclaimer:

Please note: Although OBSOLETED patches are available on SunSolve, Sun recommends using the most recent patches and the most recent revision of those patches. OBSOLETED patches do not include the latest bug fixes and/or product enhancements, and may require the installation of additional patches as a corrective measure.

Status: OBSOLETE

Patch Id: 118919-12

***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Summary: Obsoleted by: 118919-16 SunOS 5.10_x86: Solaris Crypto Framework patch

Date:  Apr/13/2006

Installation Requirements:

Reboot immediately after patch is installed                      
                      Install in Single User Mode

Solaris Release: 10_x86

Sun OS Release: 5.10_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 118918

Topic:

SunOS 5.10_x86: Solaris Crypto Framework patch

Relevant Architecture: i386

BugId's fixed with this patch:

4691624 4721729 4920408 4926742 5039273 5059459 5059461 5067502 6181926 6195934 6197268 6197284 6198116 6199119 6204887 6215509 6215816 6216772 6217866 6220814 6222467 6223863 6223866 6223869 6228384 6231739 6231978 6250963 6252894 6253484 6262344 6264344 6264379 6274680 6276483 6276609 6278459 6280574 6286372 6287425 6288840 6314217 6331488 6332420 6332630 6336131 6342066 6345493 6347073 6352877 6355571 6355597 6357426 6359179 6360218 6368332 6372169 6372587 6376993

Changes incorporated in this version:


4721729 4920408 5059459 5059461 5067502 6181926 6198116 6216772 6278459 6287425 6288840 6331488 6332420 6332630 6336131 6342066 6347073 6352877 6355571 6355597 6368332 6372169 6372587

Patches accumulated and obsoleted by this patch:

118917-03 121283-02 121285-02 121293-01 121787-01

Patches which conflict with this patch:

Required Patches:

Obsoleted by:

Files Included in this Patch:

/etc/crypto/pkcs11.conf
/kernel/crypto/aes
/kernel/crypto/amd64/aes
/kernel/crypto/amd64/blowfish
/kernel/crypto/amd64/md5
/kernel/crypto/amd64/rsa
/kernel/crypto/amd64/sha1
/kernel/crypto/amd64/sha2
/kernel/crypto/blowfish
/kernel/crypto/md5
/kernel/crypto/rsa
/kernel/crypto/sha1
/kernel/crypto/sha2
/kernel/drv/amd64/crypto
/kernel/drv/crypto
/kernel/misc/amd64/kcf
/kernel/misc/amd64/md5
/kernel/misc/amd64/sha1
/kernel/misc/amd64/sha2
/kernel/misc/kcf
/kernel/misc/md5
/kernel/misc/sha1
/kernel/misc/sha2
/lib/amd64/libmd5.so.1
/lib/libmd5.so.1
/usr/bin/digest
/usr/bin/mac
/usr/bin/pktool
/usr/include/security/pkcs11t.h
/usr/lib/amd64/libcryptoutil.so.1
/usr/lib/amd64/libpkcs11.so.1
/usr/lib/libcryptoutil.so.1
/usr/lib/libpkcs11.so.1
/usr/lib/security/amd64/pkcs11_kernel.so.1
/usr/lib/security/amd64/pkcs11_softtoken.so.1
/usr/lib/security/pkcs11_kernel.so.1
/usr/lib/security/pkcs11_softtoken.so.1
/usr/sbin/cryptoadm

Problem Description:

This patch revision was generated to accumulate and obsolete
        the changes introduced in Solaris Update s10u2 feature point
        patches 121787-01 121293-01 121285-02 121283-02.
 
4721729 Support AES Counter mode for encryption
4920408 PKCS#11 v2.20 support for the Crypto Framework
6253484 Support mechanisms with complex mech_param structures across the EF stack
6314217 Hide underlying providers of logical providers
6355571 fix for 6352877 broke the export source build
6355597 fix for 6352877 broke punchin
6352877 ckpi_004 - CKM_AES_ECB mechanism test is failing with lots of Crypto error 29 messages
6181926 Support SHA256, SHA384, SHA512 in kernel
6336131 CKM_TLS_PRF support
6287425 residual bzero's in hmac part of sha2
6331488 OID with NO parameter for RSA sigs using SHA-1 missing from softtoken
6347073 kcf missing some rsa mechs
6198116 dprov in amd64 mode fails when interfacing with 32bit pk11objectkernel test
5067502 dprov no longer generating correct key sizes for some mechanisms
5059459 provide utility to export-to-PKCS#12-file from softttoken
5059461 pktool(1) needs subcommands to list and delete objects in softtoken
6216772 update pktool(1) list/delete subcommands
6278459 add "tokens" subcommand to pktool(1)
6288840 pktool(1) alternate token support
6332420 change pktool CLI to use attr=value format
6332630 Chassis serial number support for Seattle/Boston
6342066 Add Boston and Seattle support to Solaris
6372587 pkcs11_softtoken should use getpwuid_r(3C) to avoid overwriting thread-specific data
6372169 blowfish can read past mblk and panic in cbc mode
6368332 libpkcs11 should report that it is v2.20 not v2.11
 
(from 118919-11)
 
6276483 libpkcs11 pthread_atfork() code can cause child process to hang
6345493 fork(2) handling fixes from 6276483 needs further work in pkcs11_softtoken
6360218 uprev needed for patches that do not manually preserve the 'e' prototype file attribute
6359179 i.script (pkgproto cmd) - is not "e" file friendly (synopsis modified)
 
(from 118919-10)
 
6376993 X86 patch T118844-29 is missing an object causing functional failure
 
(from 118919-09)
 
5039273 Failure in crypto_verify() when using a bignum with value 0 for CKM_RSA_X_509
6264344 Remove gratuitous bzero() calls from SHA1Final() and MD5Final()
6286372 kernel SHA1Update uses global variable making it non-reentrant
6357426 increase rndmag_threshold and rndbuf_len default values
 
(from 118919-08)
 
6274680 Metaslot on Niagara suddenly becomes very slow at high load
 
(from 118919-07)
 
6264379 Metaslot caused 20% performance degradation in crypto operations
6250963 Metaslot doesn't perform well when there are many slots
6276609 memory leak in meta_GetMechanismInfo
6280574 pk11keymgmt_test dumps core
6262344 Metaslot crashes in call to C_UnwrapKey during generation
6252894 BER routines in LDAP library don't work for 64 bit
 
(from 118919-06)
 
6222467 system calls from C_Initialize() get interrupted
 
(from 118919-05)
 
4926742 CKM_DH_PKCS_DERIVE fails if derived secret is shorter than prime
6215816 C_FindObjectsInit fails when token isn't present
6220814 C_DigestKey failure causes C_DestroyObject being hung
 
(from 118919-04)
 
6217866 S1WS sometimes drops SSL connections
6223866 C_SignInit() sometimes doesn't work using a generated key
6223869 Metaslot trying to create key with bogus data
6223863 metaslot needs to return CK_EFFECTIVELY_INFINITE in token info
6231978 Apache/mod_ssl fails SSL connections when Metaslot is present with SCA 1000
 
(from 118919-03)
 
        This patch revision accumulates/obsoletes Solaris Update S10U1
        feature point patch 118917-03
 
(from 118919-02)
 
6228384 cryptoadm gettext for usage too simplistic
6231739 cryptoadm bugfix lost "metaslot" usage keywords
 
(from 118919-01)
 
4691624 libpkcs11: uCF meta slot management
6199119 pk11object test program core dumps with metaslot+pkcs11_kernel+Deimos configured
6215509 fix for 4691624 introduced a lock violation
 
(from 118917-03)
 
        Uprev due to the intersection between Feature and Generic gates
 
(from 118917-02)
 
6197284 implement C_UnwrapKey(<secret keys>) with decrypt/create_object when needed
        in pkcs11_kernel
6197268 pkcs11_kernel shouldn't reject C_GetAttributeValue() for a secret key's 
        CKA_VALUE_LEN attr
6204887 SEGV in process_found_objects()
6195934 pkcs11_kernel C_DecryptInit() can return with the object_mutex still held
 
(from 118917-01)
 
4691624 libpkcs11: uCF meta slot management
6199119 pk11object test program core dumps with metaslot+pkcs11_kernel+Deimos configured
6215509 fix for 4691624 introduced a lock violation
 
(from 121283-02)
 
4721729 Support AES Counter mode for encryption
6253484 Support mechanisms with complex mech_param structures across the EF stack
6314217 Hide underlying providers of logical providers
 
(from 121283-01)
 
4920408 PKCS#11 v2.20 support for the Crypto Framework
 
(from 121285-02)
 
6332630 Chassis serial number support for Seattle/Boston
6342066 Add Boston and Seattle support to Solaris
6372587 pkcs11_softtoken should use getpwuid_r(3C) to avoid overwriting thread-specific data
6372169 blowfish can read past mblk and panic in cbc mode
6368332 libpkcs11 should report that it is v2.20 not v2.11
 
(from 121285-01)
 
4920408 PKCS#11 v2.20 support for the Crypto Framework
6181926 Support SHA256, SHA384, SHA512 in kernel
6336131 CKM_TLS_PRF support
6287425 residual bzero's in hmac part of sha2
6331488 OID with NO parameter for RSA sigs using SHA-1 missing from softtoken
6347073 kcf missing some rsa mechs
6198116 dprov in amd64 mode fails when interfacing with 32bit pk11objectkernel test
5067502 dprov no longer generating correct key sizes for some mechanisms
 
(from 121293-01)
 
5059459 provide utility to export-to-PKCS#12-file from softttoken
5059461 pktool(1) needs subcommands to list and delete objects in softtoken
6216772 update pktool(1) list/delete subcommands
6278459 add "tokens" subcommand to pktool(1)
6288840 pktool(1) alternate token support
6332420 change pktool CLI to use attr=value format
 
(from 121787-01)
 
4721729 Support AES Counter mode for encryption
6355571 fix for 6352877 broke the export source build
6355597 fix for 6352877 broke punchin
6352877 ckpi_004 - CKM_AES_ECB mechanism test is failing with lots of Crypto error 29 messages

Revision History:

118919-10 118919-03 118919-07 118919-05 118919-11 118919-06 118919-02 118919-08

Patch Installation Instructions:

--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:

-----------------------------
 
NOTE 1:  Reboot system after patch installation is complete.
 
NOTE 2:  If you're planning to set up Zones on this system, please make
         sure to install the following patch which fixes bugid 6216195
         (zone installation confused by UPDATE=yes in pkginfo(4) file.)
 
         119255-06 (or greater)  Install and Patch Utilities Patch
 
NOTE 3:  If you have the SUNWcry package installed, you MUST install the
         following patch:
 
         118563-02 (or greater)  Solaris Data Encryption Kit Patch
 
NOTE 4:  To get the complete fix for bug 6222467 (system calls from
         C_Initialize() get interrupted),  please install the following 
         patch:
 
	 118563-03 (or greater)  Solaris Data Encryption Kit Patch
 
NOTE 5:  To obtain the complete support for algorithm optimization
	 for crypto and kernel modules for restricted and non-restricted
	 key lengths, version please install the following patches:
 
	 118563-05 (or greater)	Solaris Data Encryption Kit Patch

NOTE 6: If patches 119013-02 or 119013-03 are installed, itis recommended
        that you installed 118919-16 (or greater) to resolve CR 6403101.

README -- Last modified date:  Wednesday, April 25, 2007

Login Required

Login Required