OBSOLETE Patch-ID# 142048-06


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security arcfour rsa pkcs11_softtoken certificate signing t1/t2
Synopsis: Obsoleted by: 141525-09 SunOS 5.10_x86: arcfour and rsa patch
Date: Jan/29/2010


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10_x86

SunOS Release: 5.10_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 142242

Topic: SunOS 5.10_x86: arcfour and rsa patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
501693615202416
656056315398867
666620415459633
675565515512844
676761815520265
678290715528725
679921815538458
681028015544832
681147415545475
681261515546160
681472215547474
682319315552376
682359115552615
682836615555144
684287215563992
684722615566743
685036015568955
685922015575014
686220215576855
686220715576858
686226815576902
690047715602997


Changes incorporated in this version: 6666204

Patches accumulated and obsoleted by this patch: 140591-01 141919-02 142243-02

Patches which conflict with this patch:

Patches required with this patch: 118919-21 120012-14 127128-11 137138-09 139556-08 (or greater)

Obsoleted by: 141525-09

Files included with this patch:

/kernel/crypto/aes
/kernel/crypto/aes256
/kernel/crypto/amd64/aes
/kernel/crypto/amd64/aes256
/kernel/crypto/amd64/arcfour
/kernel/crypto/amd64/arcfour2048
/kernel/crypto/amd64/rsa
/kernel/crypto/arcfour
/kernel/crypto/arcfour2048
/kernel/crypto/rsa
/usr/lib/amd64/libpkcs11.so.1
/usr/lib/libelfsign.so.1
/usr/lib/libpkcs11.so.1
/usr/lib/security/amd64/pkcs11_kernel.so.1
/usr/lib/security/amd64/pkcs11_softtoken.so.1
/usr/lib/security/amd64/pkcs11_softtoken_extra.so.1
/usr/lib/security/pkcs11_kernel.so.1
/usr/lib/security/pkcs11_softtoken.so.1
/usr/lib/security/pkcs11_softtoken_extra.so.1

Problem Description:

6666204 meta slot opens and closes /dev/urandom needlessly for every read
 
(from 142048-05)
 
6755655 len is not set in soft_digest_common()
6842872 race condition in fork() and C_Initialize() causes deadlock in pkcs11
6859220 pkcs11_softoken.so crashes in RC4 when doing a Java benchmark
6862202 token_session mutexes are not covered by at_fork handler
6862207 PKCS11 softtoken:C_Initialize() sets softtoken_initialized to TRUE also when it fails
6862268 C_Initialize() does not correctly clean resources when it fails
6900477 libpkcs11 needs to be friendlier
 
(from 142048-04)
 
	This revision accumulates generic Sustaining patch 140591-01
	into Solaris S10U8 update.
 
(from 142048-03)
 
6850360 some testcases of the ef testsuite hang when run in 64-bit mode
 
(from 142048-02)
 
6767618 need an optimized AES leveraging Intel's AES instructions
 
(from 142048-01)
 
5016936 bignumimpl:big_mul: potential memory leak
6799218 RSA using Solaris Kernel Crypto framework lagging behind OpenSSL
6810280 panic from bignum module: vmem_xalloc(): size == 0
6811474 RSA is slower with Solaris KCF than OpenSSL on amd64
6812615 64-bit RC4 has poor performance on Intel Nehalem
6823193 performance of big_mont_mul() may be improved for better RSA decrypt
 
(from 140591-01)
 
6814722 C_Digest() does not unlock session mutex which causes deadlock
6823591 pkcs11_kernel and pkcs11_softtoken object session reference counter must to be handled after fork
6828366 pkcs11_kernel/softtoken atfork handler should acquire session objects mutex too
6847226 session reference counter is not thread safe in pkcs11_kernel
 
(from 142243-02)
 
	This revision accumulates generic Sustaining patch 141919-02
	into Solaris S10U8 update.
 
(from 142243-01)
 
	This revision accumulates generic Sustaining patch 141919-01
	into Solaris S10U8 update.
 
(from 141919-02)
 
6560563 libpkcs11.so should handle premature library calls better
 
(from 141919-01)
 
6782907 certificate signing request (CSR) using certutil fails on T1/T2 based systems


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
None.


README -- Last modified date: Saturday, November 10, 2012