Patch-ID# 118563-09

NOTE:
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Keywords: security international encryption sunwcry softtoken
Synopsis: SunOS 5.10_x86: Solaris Data Encryption Kit Patch
Date: Aug/21/2006


Install Requirements: Reboot immediately after patch is installed                      
                      Install in Single User Mode                      
                      
Solaris Release: 10_x86

SunOS Release: 5.10_x86

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for SPARC as patch 118562

Topic: SunOS 5.10_x86: Solaris Data Encryption Kit Patch
	EXPORT INFORMATION: This software contains encryption features
	and requires export approval from the U.S. Department of State,
	prior to exporting from the United States.

Relevant Architectures: i386

BugId's fixed with this patch: 4691624 4721729 4920408 4926742 6195428 6199119 6211857 6215509 6215816 6220814 6222467 6252894 6262344 6264344 6276483 6345493 6363872 6368332 6372169 6372587

Changes incorporated in this version: 

Patches accumulated and obsoleted by this patch: 121291-03

Patches which conflict with this patch: 

Patches required with this patch: 118919-05 (or greater)

Obsoleted by: 

Files included with this patch: 

/kernel/crypto/aes256
/kernel/crypto/amd64/aes256
/kernel/crypto/amd64/blowfish448
/kernel/crypto/blowfish448
/usr/lib/security/amd64/pkcs11_softtoken_extra.so.1
/usr/lib/security/pkcs11_softtoken_extra.so.1

Problem Description:

Respun to remove extra files.
 
(from 118563-08)
 
6363872 AES counter mode increments wrong counter bits on i386

        Added files that were not needed for this patch.
 
(from 118563-07)
 
        This revision accumulates s10u2 feature point patch 121291-03.
 
(from 118563-06)
 
6276483 libpkcs11 pthread_atfork() code can cause child process to hang
6345493 fork(2) handling fixes from 6276483 needs further work in pkcs11_softtoken
 
(from 118563-05)
 
6264344 Remove gratuitous bzero() calls from SHA1Final() and MD5Final()
 
(from 118563-04)
 
6262344 Metaslot crashes in call to C_UnwrapKey during generation
6252894 BER routines in LDAP library don't work for 64 bit
 
(from 118563-03)
 
6222467 system calls from C_Initialize() get interrupted
6195428 "Slot Info is NULL for vca0" error when running SUNvts vcatest on E15K
6211857 driver panics when kcf_free_context() is called
 
(from 118563-02)
 
4926742 CKM_DH_PKCS_DERIVE fails if derived secret is shorter than prime
6215816 C_FindObjectsInit fails when token isn't present
6220814 C_DigestKey failure causes C_DestroyObject being hung
 
(from 118563-01)
 
4691624 libpkcs11: uCF meta slot management
6199119 pk11object test program core dump with metaslot+pkcs11_kernel+Deimos configured
6215509 fix for 4691624 introduced a lock violation
 
(from 121291-03)
 
6372587 pkcs11_softtoken should use getpwuid_r(3C) to avoid overwriting thread-specific data
6372169 blowfish can read past mblk and panic in cbc mode
6368332 libpkcs11 should report that it is v2.20 not v2.11
 
(from 121291-02)
 
4721729 Support AES Counter mode for encryption
 
(from 121291-01)
 
4920408 PKCS#11 v2.20 support for the Crypto Framework

Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
Not all patches listed in this section as needed for the completion
of a fix or feature, may be available at the same time as this patch.
This allows the remaining fixes/features to be made available sooner.
 
NOTE 1: Reboot system after patch installation is complete.
 
NOTE 2: If you're planning to set up Zones on this system, please make
        sure to install the following patch which fixes bugid 6216195
        (zone installation confused by UPDATE=yes in pkginfo(4) file.)
 
        119016-01 (or greater)  packaging commands patch
 
NOTE 3: This patch only applies to systems with the Solaris Data Encryption
        Kit packages (SUNWcry/SUNWcryr) installed.
 
NOTE 4: To obtain the complete support for algorithm optimization for crypto
        and kernel modules for restricted and non-restricted key lengths
        version, please also install the following patch:
 
        118919-11 (or greater)  Solaris Crypto Framework patch
 
NOTE 5: To get the complete fix for the MARS RFE, please also install the
        following patch:
 
        118919-12 (or greater)  Solaris Crypto Framework patch

README -- Last modified date:  Monday, August 21, 2006