OBSOLETE Patch-ID# 139500-04

Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security openssl speed wanboot boot support device network jumpstart chkprobe fast data access mmu race pkcs#11 engine multithreaded international encryption
Synopsis: Obsoleted by: 139555-08 SunOS 5.10: openssl patch
Date: Apr/01/2009

Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 139501

Topic: SunOS 5.10: openssl patch
	EXPORT INFORMATION: This software contains encryption features
	and requires export approval from the U.S. Department of State,
	prior to exporting from the United States.
	NOTE: This patch may contain one or more OEM-specific platform ports.
	      See the appropriate OEM_NOTES file within the patch for
	      information specific to these platforms.
	      DO NOT INSTALL this patch on an OEM system if a corresponding
	      OEM_NOTES file is not present (or is present, but instructs not
	      to install the patch), unless the OEM vendor directs otherwise.

Relevant Architectures: sparc sparc.sun4u sparc.sun4v

Bugs fixed with this patch:

Sun CR # Bug #

Changes incorporated in this version: 6812524

Patches accumulated and obsoleted by this patch: 139385-02 139459-01

Patches which conflict with this patch:

Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 (or greater)

Obsoleted by: 139555-08

Files included with this patch:


Problem Description:

6812524 fix for 6501081 introduced stopper 6797441; backout 6501081
(from 139500-03)
6807211 139500-02 was released to SunSolve as a Security T-patch without OEM port
(from 139500-02)
6786120 CVE-2008-5077 incorrect checks for malformed signature in OpenSSL
(from 139500-01)
6742474 openssl speed will crash if used with -multi and -evp
(from 139385-02)
6734066 booting wanboot from the media fails
6771769 assumptions about metastat output hose update_grub and bfu
(from 139385-01)
(removed) 6501081 wanboot does not honor arguments for device and network boot support
6729596 jumpstart -p check needs to access /usr/sbin/install.d/chkprobe on the media
6737039 'boot net -s' fails because 'Fast Data Access MMU Miss'
(from 139459-01)
6602801 PK11_SESSION cache has to employ reference counting scheme for asymmetric key operations
6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called atomically
6607307 pkcs#11 engine can't read RSA private keys
6652362 pk11_RSA_finish() is cutting corners
6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in suboptimal way
6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more resilient to destroy failures
6667273 OpenSSL engine should not use free() but OPENSSL_free()
6670363 PKCS#11 engine fails to reuse existing symmetric keys
6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size of big numbers leading to failures
6706562 pk11_DH_compute_key() returns 0 in case of failure instead of -1
6706622 pk11_load_{pub,priv}key create corrupted RSA key references
6707129 return values from BN_new() in pk11_DH_generate_key() are not checked
6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to structure reuse
6707782 OpenSSL PKCS#11 engine pretends to be aware of OPENSSL_NO_{RSA,DSA,DH} defines but fails miserably
6709966 make check_new_*() to return values to indicate cache hit/miss
6720197 linked list handling in crypto libraries needs to be more robust

Patch Installation Instructions:
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' scripts provided with Solaris.
The following example installs a patch to a standalone machine:
       example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
       example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.

Special Install Instructions:
NOTE 1:  Before installing this patch, please be sure to install the latest
         patch utilities patches for your OS. This list of patches is defined
         at http://sunsolve.sun.com
         Please use the pull down list which appears after the text:
         "Latest Patch Update: To ensure the correct functioning of the
         patching utilities on your system, stay up to date on the
         following patches"
NOTE 2:  Reboot the system after patch installation or removal.

README -- Last modified date: Saturday, November 10, 2012