openssl bug fix and enhancement update

Updated openssl packages that fix two bugs and add several enhancements are now
available for Red Hat Enterprise Linux 6.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.

This update fixes the following bugs:

* Prior to this update, repeatedly loading and unloading the CHIL engine could
cause the calling program to terminate unexpectedly with a segmentation fault.
This happened, because a function pointer was not properly cleared after the
engine was unloaded. With this update, the underlying source code has been
corrected to clear the function pointer when the engine is unloaded, and the
calling program no longer crashes in this scenario. (BZ#693863)

* Due to missing variable initialization, the CHIL engine could occasionally
fail to load. This update corrects the underlying source code to properly
initialize this variable so that the CHIL engine is no longer prevented from
loading. (BZ#740188)

In addition, this update adds the following enhancements:

* The performance of the AES encryption algorithm on CPUs with the AES-NI
instruction set, as well as SHA-1 and RC4 algorithms on 32-bit and 64-bit x86
architectures has been significantly improved. (BZ#696389)

* For testing purposes, the OpenSSL source RPM package can now be built without
additional patches. (BZ#708511)

* Partial RELRO is now enabled during the build of the OpenSSL libraries to
improve security vulnerability properties of applications that use these
libraries. (BZ#723994)

* Users can now explicitly disable the built-in AES-NI (Advanced Encryption
Standard New Instruction) CPU instruction acceleration support by setting the
OPENSSL_DISABLE_AES_NI environment variable to any value. (BZ#726081)

* Prior to this update, there was no direct KAT (known answer test) self-test
for the SHA-2 algorithms in FIPS mode; these algorithms were self-tested only
during the HMAC self-tests. This update provides an implementation of the direct
KAT self-test for SHA-2 algorithms. (BZ#740872)

* Previously, the manual and help pages for various subcommands of the openssl
utility did not specify all digest algorithms. This update adapts these pages
and users are now instructed to run the "openssl dgst -h" command, which lists
all available digests. (BZ#693858)

All users of openssl are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

693858 - man pages and help text do not list all digests
693863 - Backport OpenSSL CHIL Engine fixes
708511 - fails to build without downstream patches
723994 - Library needs partial RELRO support added
740188 - Missing initialization of a variable in the CHIL engine (openssl)

AES-NI, CHIL, crash, engine, FIPS, RELRO, SHA, SHA2