Skip to navigation

Bug Fix Advisory openssl bug fix and enhancement update

Advisory: RHBA-2011:1730-2
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-12-06
Last updated on: 2011-12-06
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated openssl packages that fix two bugs and add several enhancements are now
available for Red Hat Enterprise Linux 6.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.

This update fixes the following bugs:

* Prior to this update, repeatedly loading and unloading the CHIL engine could
cause the calling program to terminate unexpectedly with a segmentation fault.
This happened, because a function pointer was not properly cleared after the
engine was unloaded. With this update, the underlying source code has been
corrected to clear the function pointer when the engine is unloaded, and the
calling program no longer crashes in this scenario. (BZ#693863)

* Due to missing variable initialization, the CHIL engine could occasionally
fail to load. This update corrects the underlying source code to properly
initialize this variable so that the CHIL engine is no longer prevented from
loading. (BZ#740188)

In addition, this update adds the following enhancements:

* The performance of the AES encryption algorithm on CPUs with the AES-NI
instruction set, as well as SHA-1 and RC4 algorithms on 32-bit and 64-bit x86
architectures has been significantly improved. (BZ#696389)

* For testing purposes, the OpenSSL source RPM package can now be built without
additional patches. (BZ#708511)

* Partial RELRO is now enabled during the build of the OpenSSL libraries to
improve security vulnerability properties of applications that use these
libraries. (BZ#723994)

* Users can now explicitly disable the built-in AES-NI (Advanced Encryption
Standard New Instruction) CPU instruction acceleration support by setting the
OPENSSL_DISABLE_AES_NI environment variable to any value. (BZ#726081)

* Prior to this update, there was no direct KAT (known answer test) self-test
for the SHA-2 algorithms in FIPS mode; these algorithms were self-tested only
during the HMAC self-tests. This update provides an implementation of the direct
KAT self-test for SHA-2 algorithms. (BZ#740872)

* Previously, the manual and help pages for various subcommands of the openssl
utility did not specify all digest algorithms. This update adapts these pages
and users are now instructed to run the "openssl dgst -h" command, which lists
all available digests. (BZ#693858)

All users of openssl are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openssl-1.0.0-20.el6.src.rpm
File outdated by:  RHSA-2014:0376
    MD5: 9a05778ffdc3f7c19f1f2f2af6c8c499
SHA-256: 25898709c0c6a30dabb93fbca102d44d796cfee23c8358ea98da4b197fa95b5d
 
IA-32:
openssl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 24bf49bb28de4e2e812625f5a57eb416
SHA-256: e05524537ab56eb185dd21a18ccfbbc57d904969a5070abc7a5061aa5760bfda
openssl-debuginfo-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 7f222b45fe9a108c6d2e4c1a25d886a0
SHA-256: 386a2a0106ab55dc06dbc9ea19c6567882ac2aea0f323ef53fde72b910b99e85
openssl-devel-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 06d89fd730421d3110b8b76a5c19d3c7
SHA-256: 7c2771c4e06a99b397d5593d0783da9ad216a0f7a759d330fbe01993043b6c1e
openssl-perl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 56dbab453760c25bbffa6b0aefa1e863
SHA-256: 07ed3ec3da92e2486b3e0e3c0abe1d588fd7d032f6e71e8738ec077a14e77e51
openssl-static-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 2b1f8906bb1883d0faaf3e73c3d18b0c
SHA-256: 4c03210f564d145e6da10e37eca387fce669c6a042418043ba77d297a4c8ff42
 
x86_64:
openssl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 24bf49bb28de4e2e812625f5a57eb416
SHA-256: e05524537ab56eb185dd21a18ccfbbc57d904969a5070abc7a5061aa5760bfda
openssl-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 9cb77e412618842fe757a6baec457e42
SHA-256: 3cf560a902067ea30b41abf9a8f219220041e3782fbfcf6171c9800c90b7481b
openssl-debuginfo-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 7f222b45fe9a108c6d2e4c1a25d886a0
SHA-256: 386a2a0106ab55dc06dbc9ea19c6567882ac2aea0f323ef53fde72b910b99e85
openssl-debuginfo-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: b3d2490a4b016775be986ba009c9752e
SHA-256: 937c84fd28383597321a1b6ef8a4df9c9e53f0aca584de7bc850b86d58ed039b
openssl-devel-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 06d89fd730421d3110b8b76a5c19d3c7
SHA-256: 7c2771c4e06a99b397d5593d0783da9ad216a0f7a759d330fbe01993043b6c1e
openssl-devel-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 91c827ae72316b21d8e21689d1bd992b
SHA-256: 37f14710a904015465897d120c5d0c6d0076b71d4dc9ad60c683ac870a5c259a
openssl-perl-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 004a7727ba70ce617520f6593dc48b8d
SHA-256: 0d89f24f9604b46d1ba569bf2d9b73dd6084a3c36eed472ab7dbb721a5ca4198
openssl-static-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 56caaa6175d6aab2812bfd735aafb98c
SHA-256: bca80387c3e0eab0c310ec2d6eddfd894d984849561a6263766e75953176d3fb
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
openssl-1.0.0-20.el6.src.rpm
File outdated by:  RHSA-2014:0376
    MD5: 9a05778ffdc3f7c19f1f2f2af6c8c499
SHA-256: 25898709c0c6a30dabb93fbca102d44d796cfee23c8358ea98da4b197fa95b5d
 
x86_64:
openssl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 24bf49bb28de4e2e812625f5a57eb416
SHA-256: e05524537ab56eb185dd21a18ccfbbc57d904969a5070abc7a5061aa5760bfda
openssl-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 9cb77e412618842fe757a6baec457e42
SHA-256: 3cf560a902067ea30b41abf9a8f219220041e3782fbfcf6171c9800c90b7481b
openssl-debuginfo-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 7f222b45fe9a108c6d2e4c1a25d886a0
SHA-256: 386a2a0106ab55dc06dbc9ea19c6567882ac2aea0f323ef53fde72b910b99e85
openssl-debuginfo-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: b3d2490a4b016775be986ba009c9752e
SHA-256: 937c84fd28383597321a1b6ef8a4df9c9e53f0aca584de7bc850b86d58ed039b
openssl-devel-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 06d89fd730421d3110b8b76a5c19d3c7
SHA-256: 7c2771c4e06a99b397d5593d0783da9ad216a0f7a759d330fbe01993043b6c1e
openssl-devel-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 91c827ae72316b21d8e21689d1bd992b
SHA-256: 37f14710a904015465897d120c5d0c6d0076b71d4dc9ad60c683ac870a5c259a
openssl-perl-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 004a7727ba70ce617520f6593dc48b8d
SHA-256: 0d89f24f9604b46d1ba569bf2d9b73dd6084a3c36eed472ab7dbb721a5ca4198
openssl-static-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 56caaa6175d6aab2812bfd735aafb98c
SHA-256: bca80387c3e0eab0c310ec2d6eddfd894d984849561a6263766e75953176d3fb
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openssl-1.0.0-20.el6.src.rpm
File outdated by:  RHSA-2014:0376
    MD5: 9a05778ffdc3f7c19f1f2f2af6c8c499
SHA-256: 25898709c0c6a30dabb93fbca102d44d796cfee23c8358ea98da4b197fa95b5d
 
IA-32:
openssl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 24bf49bb28de4e2e812625f5a57eb416
SHA-256: e05524537ab56eb185dd21a18ccfbbc57d904969a5070abc7a5061aa5760bfda
openssl-debuginfo-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 7f222b45fe9a108c6d2e4c1a25d886a0
SHA-256: 386a2a0106ab55dc06dbc9ea19c6567882ac2aea0f323ef53fde72b910b99e85
openssl-devel-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 06d89fd730421d3110b8b76a5c19d3c7
SHA-256: 7c2771c4e06a99b397d5593d0783da9ad216a0f7a759d330fbe01993043b6c1e
openssl-perl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 56dbab453760c25bbffa6b0aefa1e863
SHA-256: 07ed3ec3da92e2486b3e0e3c0abe1d588fd7d032f6e71e8738ec077a14e77e51
openssl-static-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 2b1f8906bb1883d0faaf3e73c3d18b0c
SHA-256: 4c03210f564d145e6da10e37eca387fce669c6a042418043ba77d297a4c8ff42
 
PPC:
openssl-1.0.0-20.el6.ppc.rpm
File outdated by:  RHSA-2014:0376
    MD5: abe0e3de829d7e482be0bf3a271cf5f1
SHA-256: fe94b9a4ce4d15c604ee7c83adf3240c1e8bb444b3e024a1a7bd496960090a9f
openssl-1.0.0-20.el6.ppc64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 496f7b66a51e7fd9dfb195d4eb8dd2e1
SHA-256: 3866ba4af92a3bcd160b885e11f5a0666e2a92b9b10e8d47b5b0c3fe2eb9082a
openssl-debuginfo-1.0.0-20.el6.ppc.rpm
File outdated by:  RHSA-2014:0376
    MD5: 40b5fa5ca117d47455a6413223030772
SHA-256: f5ed3429829e2f8c32d370258c2935fcbd94df2cc9febb1a1d4dd276c46bcf6c
openssl-debuginfo-1.0.0-20.el6.ppc64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 55d4e8d9b96268c75db6d0b690d4e8bb
SHA-256: 17faf4df10602abf62dd76d16fb2f950cab496cfcc375c09c858e1827bfddd80
openssl-devel-1.0.0-20.el6.ppc.rpm
File outdated by:  RHSA-2014:0376
    MD5: b7a2bfd11258550729dbf72b06568ef4
SHA-256: fa38483ca9a5c088e81320a810b9b935480ca1c1845ced93273f8f1cf9695741
openssl-devel-1.0.0-20.el6.ppc64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 4f25e6ab435def704076b3fd92d3857e
SHA-256: 9a537eda0b0592c7db3f02e4fbaab71e0a6b7bff9177e0ba206d2eb928b62fc3
openssl-perl-1.0.0-20.el6.ppc64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 3e1229954998e81280e262bff73e2afb
SHA-256: a4da49267694abfd590f6809847eed43ea7b35e4d0f968ebc922efbf0748ec83
openssl-static-1.0.0-20.el6.ppc64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 0d3257f90d5469c60ce05bfe789cafa8
SHA-256: 3ad628db6cce7e9a9ac1452b78145ba1025464d58706bd8ec0ac546a9f8d8a3c
 
s390x:
openssl-1.0.0-20.el6.s390.rpm
File outdated by:  RHSA-2014:0376
    MD5: 85062a3d3d1d0863c8478b829fb0954b
SHA-256: 13a39b57c3294fea8a70bb39d18c333b4174cd1d2cf71759e7f90923168e4442
openssl-1.0.0-20.el6.s390x.rpm
File outdated by:  RHSA-2014:0376
    MD5: c1599833be3a3d4f99d298c33f014ebf
SHA-256: 83659b488bd20664dd78892ac40c268727a6e813b971cde3d4d3eac78f9551f7
openssl-debuginfo-1.0.0-20.el6.s390.rpm
File outdated by:  RHSA-2014:0376
    MD5: 28acc8071dae5f375c4418961349eb1f
SHA-256: fc16984c521e8f19b1e57bc0f47b98834a7a4d93a312a212c851168eb679be28
openssl-debuginfo-1.0.0-20.el6.s390x.rpm
File outdated by:  RHSA-2014:0376
    MD5: d4e9eec92b66afe24d78b361d100e89d
SHA-256: ef1f82928123d3494edb962c3f3a0543f89cb6adcf2dfd02b2b0eb82c51063d0
openssl-devel-1.0.0-20.el6.s390.rpm
File outdated by:  RHSA-2014:0376
    MD5: fa5dc0164a13f8630edec719aed368e0
SHA-256: 642d26cf0da5f0827a4461df93a29212088d4b34a3bb3bac5160fa0900ca516e
openssl-devel-1.0.0-20.el6.s390x.rpm
File outdated by:  RHSA-2014:0376
    MD5: 700c2353f304b9a1f163991f7ed6f0e1
SHA-256: e08c0404d9a6db3b1862e8b4d094c168aed7c01dc14555a483e43062ff7d9fe9
openssl-perl-1.0.0-20.el6.s390x.rpm
File outdated by:  RHSA-2014:0376
    MD5: 45b341c0d6a70370616daa146ea700b5
SHA-256: 48ea6bbc515876cb9bef403898049e7cadcf1ecf77762fade096ca05ed673d73
openssl-static-1.0.0-20.el6.s390x.rpm
File outdated by:  RHSA-2014:0376
    MD5: dcee8c95e5b3312e39494b317033e631
SHA-256: 2d19864595a36738961cb9598a069129b0dc529341af244698608e236d52079f
 
x86_64:
openssl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 24bf49bb28de4e2e812625f5a57eb416
SHA-256: e05524537ab56eb185dd21a18ccfbbc57d904969a5070abc7a5061aa5760bfda
openssl-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 9cb77e412618842fe757a6baec457e42
SHA-256: 3cf560a902067ea30b41abf9a8f219220041e3782fbfcf6171c9800c90b7481b
openssl-debuginfo-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 7f222b45fe9a108c6d2e4c1a25d886a0
SHA-256: 386a2a0106ab55dc06dbc9ea19c6567882ac2aea0f323ef53fde72b910b99e85
openssl-debuginfo-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: b3d2490a4b016775be986ba009c9752e
SHA-256: 937c84fd28383597321a1b6ef8a4df9c9e53f0aca584de7bc850b86d58ed039b
openssl-devel-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 06d89fd730421d3110b8b76a5c19d3c7
SHA-256: 7c2771c4e06a99b397d5593d0783da9ad216a0f7a759d330fbe01993043b6c1e
openssl-devel-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 91c827ae72316b21d8e21689d1bd992b
SHA-256: 37f14710a904015465897d120c5d0c6d0076b71d4dc9ad60c683ac870a5c259a
openssl-perl-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 004a7727ba70ce617520f6593dc48b8d
SHA-256: 0d89f24f9604b46d1ba569bf2d9b73dd6084a3c36eed472ab7dbb721a5ca4198
openssl-static-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 56caaa6175d6aab2812bfd735aafb98c
SHA-256: bca80387c3e0eab0c310ec2d6eddfd894d984849561a6263766e75953176d3fb
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openssl-1.0.0-20.el6.src.rpm
File outdated by:  RHSA-2014:0376
    MD5: 9a05778ffdc3f7c19f1f2f2af6c8c499
SHA-256: 25898709c0c6a30dabb93fbca102d44d796cfee23c8358ea98da4b197fa95b5d
 
IA-32:
openssl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 24bf49bb28de4e2e812625f5a57eb416
SHA-256: e05524537ab56eb185dd21a18ccfbbc57d904969a5070abc7a5061aa5760bfda
openssl-debuginfo-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 7f222b45fe9a108c6d2e4c1a25d886a0
SHA-256: 386a2a0106ab55dc06dbc9ea19c6567882ac2aea0f323ef53fde72b910b99e85
openssl-devel-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 06d89fd730421d3110b8b76a5c19d3c7
SHA-256: 7c2771c4e06a99b397d5593d0783da9ad216a0f7a759d330fbe01993043b6c1e
openssl-perl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 56dbab453760c25bbffa6b0aefa1e863
SHA-256: 07ed3ec3da92e2486b3e0e3c0abe1d588fd7d032f6e71e8738ec077a14e77e51
openssl-static-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 2b1f8906bb1883d0faaf3e73c3d18b0c
SHA-256: 4c03210f564d145e6da10e37eca387fce669c6a042418043ba77d297a4c8ff42
 
x86_64:
openssl-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 24bf49bb28de4e2e812625f5a57eb416
SHA-256: e05524537ab56eb185dd21a18ccfbbc57d904969a5070abc7a5061aa5760bfda
openssl-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 9cb77e412618842fe757a6baec457e42
SHA-256: 3cf560a902067ea30b41abf9a8f219220041e3782fbfcf6171c9800c90b7481b
openssl-debuginfo-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 7f222b45fe9a108c6d2e4c1a25d886a0
SHA-256: 386a2a0106ab55dc06dbc9ea19c6567882ac2aea0f323ef53fde72b910b99e85
openssl-debuginfo-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: b3d2490a4b016775be986ba009c9752e
SHA-256: 937c84fd28383597321a1b6ef8a4df9c9e53f0aca584de7bc850b86d58ed039b
openssl-devel-1.0.0-20.el6.i686.rpm
File outdated by:  RHSA-2014:0376
    MD5: 06d89fd730421d3110b8b76a5c19d3c7
SHA-256: 7c2771c4e06a99b397d5593d0783da9ad216a0f7a759d330fbe01993043b6c1e
openssl-devel-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 91c827ae72316b21d8e21689d1bd992b
SHA-256: 37f14710a904015465897d120c5d0c6d0076b71d4dc9ad60c683ac870a5c259a
openssl-perl-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 004a7727ba70ce617520f6593dc48b8d
SHA-256: 0d89f24f9604b46d1ba569bf2d9b73dd6084a3c36eed472ab7dbb721a5ca4198
openssl-static-1.0.0-20.el6.x86_64.rpm
File outdated by:  RHSA-2014:0376
    MD5: 56caaa6175d6aab2812bfd735aafb98c
SHA-256: bca80387c3e0eab0c310ec2d6eddfd894d984849561a6263766e75953176d3fb
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

693858 - man pages and help text do not list all digests
693863 - Backport OpenSSL CHIL Engine fixes
708511 - fails to build without downstream patches
723994 - Library needs partial RELRO support added
740188 - Missing initialization of a variable in the CHIL engine (openssl)


Keywords

AES-NI, CHIL, crash, engine, FIPS, RELRO, SHA, SHA2


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/