Patch-ID# 114796-04


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security kcl2 mod ssl
Synopsis: Crypto Accelerator 4000 - 1.0: product patch
Date: May/17/2004


Install Requirements: See Special Install Instructions

Solaris Release: 8 9

SunOS Release: 5.8 5.9

Unbundled Product: Sun Crypto Accelerator 4000

Unbundled Release: 1.0

Xref:

Topic:

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
486242515159619
486242715159620
489519615169227
494053815181837
494055515181843
494862115183853
495924015186874
502896515205639


Changes incorporated in this version: 5028965

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/opt/SUNWconn/cryptov2/bin/openssl
/opt/SUNWconn/cryptov2/include/openssl/aes.h
/opt/SUNWconn/cryptov2/include/openssl/asn1.h
/opt/SUNWconn/cryptov2/include/openssl/asn1_mac.h
/opt/SUNWconn/cryptov2/include/openssl/asn1t.h
/opt/SUNWconn/cryptov2/include/openssl/bio.h
/opt/SUNWconn/cryptov2/include/openssl/blowfish.h
/opt/SUNWconn/cryptov2/include/openssl/bn.h
/opt/SUNWconn/cryptov2/include/openssl/buffer.h
/opt/SUNWconn/cryptov2/include/openssl/comp.h
/opt/SUNWconn/cryptov2/include/openssl/conf.h
/opt/SUNWconn/cryptov2/include/openssl/conf_api.h
/opt/SUNWconn/cryptov2/include/openssl/crypto.h
/opt/SUNWconn/cryptov2/include/openssl/des.h
/opt/SUNWconn/cryptov2/include/openssl/des_old.h
/opt/SUNWconn/cryptov2/include/openssl/dh.h
/opt/SUNWconn/cryptov2/include/openssl/dsa.h
/opt/SUNWconn/cryptov2/include/openssl/dso.h
/opt/SUNWconn/cryptov2/include/openssl/e_os2.h
/opt/SUNWconn/cryptov2/include/openssl/ec.h
/opt/SUNWconn/cryptov2/include/openssl/engine.h
/opt/SUNWconn/cryptov2/include/openssl/err.h
/opt/SUNWconn/cryptov2/include/openssl/evp.h
/opt/SUNWconn/cryptov2/include/openssl/hmac.h
/opt/SUNWconn/cryptov2/include/openssl/krb5_asn.h
/opt/SUNWconn/cryptov2/include/openssl/kssl.h
/opt/SUNWconn/cryptov2/include/openssl/lhash.h
/opt/SUNWconn/cryptov2/include/openssl/md2.h
/opt/SUNWconn/cryptov2/include/openssl/md4.h
/opt/SUNWconn/cryptov2/include/openssl/md5.h
/opt/SUNWconn/cryptov2/include/openssl/obj_mac.h
/opt/SUNWconn/cryptov2/include/openssl/objects.h
/opt/SUNWconn/cryptov2/include/openssl/ocsp.h
/opt/SUNWconn/cryptov2/include/openssl/opensslconf.h
/opt/SUNWconn/cryptov2/include/openssl/opensslv.h
/opt/SUNWconn/cryptov2/include/openssl/ossl_typ.h
/opt/SUNWconn/cryptov2/include/openssl/pem.h
/opt/SUNWconn/cryptov2/include/openssl/pkcs12.h
/opt/SUNWconn/cryptov2/include/openssl/pkcs7.h
/opt/SUNWconn/cryptov2/include/openssl/rand.h
/opt/SUNWconn/cryptov2/include/openssl/rc2.h
/opt/SUNWconn/cryptov2/include/openssl/rc4.h
/opt/SUNWconn/cryptov2/include/openssl/rsa.h
/opt/SUNWconn/cryptov2/include/openssl/safestack.h
/opt/SUNWconn/cryptov2/include/openssl/sha.h
/opt/SUNWconn/cryptov2/include/openssl/ssl.h
/opt/SUNWconn/cryptov2/include/openssl/ssl2.h
/opt/SUNWconn/cryptov2/include/openssl/ssl3.h
/opt/SUNWconn/cryptov2/include/openssl/symhacks.h
/opt/SUNWconn/cryptov2/include/openssl/tls1.h
/opt/SUNWconn/cryptov2/include/openssl/txt_db.h
/opt/SUNWconn/cryptov2/include/openssl/ui.h
/opt/SUNWconn/cryptov2/include/openssl/ui_compat.h
/opt/SUNWconn/cryptov2/include/openssl/x509.h
/opt/SUNWconn/cryptov2/include/openssl/x509_vfy.h
/opt/SUNWconn/cryptov2/include/openssl/x509v3.h
/opt/SUNWconn/cryptov2/lib/libcrypto.a
/opt/SUNWconn/cryptov2/lib/libcrypto.so.0.9.7
/opt/SUNWconn/cryptov2/lib/libssl.a
/opt/SUNWconn/cryptov2/lib/libssl.so.0.9.7
/opt/SUNWconn/cryptov2/lib/mod_ssl.so.1.3.26
/opt/SUNWconn/cryptov2/lib/mod_ssl.so.1.3.26_S8
/opt/SUNWconn/cryptov2/lib/mod_ssl.so.1.3.27
/opt/SUNWconn/cryptov2/ssl/openssl.cnf

Problem Description:

5028965 Upgrade to OpenSSL 0.9.7d for SCA 4000
 
(from 114796-03)
4959240 OpenSSL 0.9.7c fails verify with certain certificate/Root CAs
 
(from 114796-02)
4940555 Include MD2 and MD4 algorithms in SCA OpenSSL libraries
4940538 Upgrade SCA 4000 to use OpenSSL 0.9.7c
4948621 SCA 4000 OpenSSL engine fixes
 
(from 114796-01)
4862427 SCA 4000 needs update from openssl 0.9.6g to latest rev
4895196 SCA 4000 mod_ssl libs cause Apache to seg fault when restarted or on HUP
4862425 SCA 4000 needs mod_ssl support for Apache 1.3.27 w/ Solaris 9


Patch Installation Instructions:
--------------------------------
For Solaris 8 and 9 releases, refer to the man pages for instructions on
using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
        example# patchadd /var/spool/patch/109715-01
 
The following example removes a patch from a standalone system:
 
        example# patchrm 109715-01
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
NOTE: Updating Apache when used with the Sun Crypto Accelerator 4000 Board
==========================================================================
 
Different releases of Apache are unable to share modules.  Therefore,
when you upgrade your Apache software, you must also update any modules
you have installed, including the mod_ssl module (for SSL) supplied with
the Sun Crypto Accelerator 4000 board.
 
If you are using Apache 1.3.26, then once you have installed this patch,
you must also run the sslconfig program (/opt/SUNWconn/crypto/bin/sslconfig)
and edit your httpd.conf to change the line that reads
 
        LoadModule ssl_module /usr/apache/libexec/mod_ssl.so.1.3.26
 
so that instead it reads
 
        LoadModule ssl_module /usr/apache/libexec/mod_ssl.so.1.3.27
 
Then you should be able to restart the Apache server using the startup
script (/etc/init.d/apache start).


README -- Last modified date: Saturday, November 10, 2012