Skip to navigation

Bug Fix Advisory openCryptoki bug fix update

Advisory: RHBA-2010:0699-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2010-09-15
Last updated on: 2010-09-15
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated openCryptoki packages that resolve an issue are now available.

The openCryptoki package contains version 2.11 of the PKCS#11 API, implemented
for IBM Cryptocards. This package includes support for the IBM 4758
Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer
Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto
Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for
Cryptographic Function (FC 3863 on IBM System z).

These updated openCryptoki packages provide fix for the following bug:

* previously, the overall performance of cryptographic operations degraded
exponentially with the number of objects per token or open sessions per process.
This was caused by the fact that OpenCryptoki used linked-lists to track objects
and sessions in memory, thus, performing an exhaustive search in practically
every PKCS#11 call. With this update, the overall performance remains constant.
(BZ#627560)

All users of openCryptoki are advised to upgrade to these updated packages,
which resolve this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
openCryptoki-2.2.4-22.el5_5.1.src.rpm
File outdated by:  RHBA-2012:0239
    MD5: 3bc07f283ac701ff1a7a13cc45f89c21
SHA-256: 44f0d59f62a988654a5f4277cd249ac1f9ad9945e4097b027be7b1768e3c741d
 
IA-32:
openCryptoki-devel-2.2.4-22.el5_5.1.i386.rpm
File outdated by:  RHBA-2012:0239
    MD5: bf7ff86dcd9260db95cbb0a49839524f
SHA-256: ce4a3ffa2a4de30d2eb6c210c6178c9557849247ac368cea98935b9352d48138
 
x86_64:
openCryptoki-devel-2.2.4-22.el5_5.1.i386.rpm
File outdated by:  RHBA-2012:0239
    MD5: bf7ff86dcd9260db95cbb0a49839524f
SHA-256: ce4a3ffa2a4de30d2eb6c210c6178c9557849247ac368cea98935b9352d48138
openCryptoki-devel-2.2.4-22.el5_5.1.x86_64.rpm
File outdated by:  RHBA-2012:0239
    MD5: d3994406eca998a00e1b3353daae70d8
SHA-256: 5bfcc1c58182ac0f2ea0caa994156f83b74b7da8a63bd89016592cbf0d37cddb
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
openCryptoki-2.2.4-22.el5_5.1.src.rpm
File outdated by:  RHBA-2012:0239
    MD5: 3bc07f283ac701ff1a7a13cc45f89c21
SHA-256: 44f0d59f62a988654a5f4277cd249ac1f9ad9945e4097b027be7b1768e3c741d
 
IA-32:
openCryptoki-2.2.4-22.el5_5.1.i386.rpm
File outdated by:  RHBA-2012:0239
    MD5: 94d5cda41f4232602a51f91cedee8248
SHA-256: 4ccfce5d1d77b36e9d4a31282bf167f9e1658758f7dc83111338be2ecdefa9f3
openCryptoki-devel-2.2.4-22.el5_5.1.i386.rpm
File outdated by:  RHBA-2012:0239
    MD5: bf7ff86dcd9260db95cbb0a49839524f
SHA-256: ce4a3ffa2a4de30d2eb6c210c6178c9557849247ac368cea98935b9352d48138
 
PPC:
openCryptoki-2.2.4-22.el5_5.1.ppc64.rpm
File outdated by:  RHBA-2012:0239
    MD5: a189117eb45c67ee561e60325de48227
SHA-256: 2dfd6b5888f321124aceef99fa13ba461033f5a1301d831bfdc11da4559dcf95
openCryptoki-devel-2.2.4-22.el5_5.1.ppc64.rpm
File outdated by:  RHBA-2012:0239
    MD5: 847c93c19dd4e16de05604fda7b93a36
SHA-256: 6ec9b5ac7fa6005d10d8d981e4b71f2bcdf46296f2d22908a6423fd1a3ffd2c6
 
s390x:
openCryptoki-2.2.4-22.el5_5.1.s390.rpm
File outdated by:  RHBA-2012:0239
    MD5: cd703557e43aec024e3e18de70d2eeb5
SHA-256: 6440e2502aa55d2982cad469a5fedac2aac277b46a2cfc2054e5491eac0c3c6d
openCryptoki-2.2.4-22.el5_5.1.s390x.rpm
File outdated by:  RHBA-2012:0239
    MD5: 3b37c8f2ad978629bf44d95c00976622
SHA-256: 4937aaf4c56281cb0142238f2748670f3e9300a8e5fa348abd4e30cd2edc0101
openCryptoki-devel-2.2.4-22.el5_5.1.s390x.rpm
File outdated by:  RHBA-2012:0239
    MD5: eb877308f3aeb95a8848b58b54295de4
SHA-256: 02c092c3e7605161ae57bf774400dc2c17ad9a6f8f4ad582ceebfb238c24b0b5
 
x86_64:
openCryptoki-2.2.4-22.el5_5.1.i386.rpm
File outdated by:  RHBA-2012:0239
    MD5: 94d5cda41f4232602a51f91cedee8248
SHA-256: 4ccfce5d1d77b36e9d4a31282bf167f9e1658758f7dc83111338be2ecdefa9f3
openCryptoki-2.2.4-22.el5_5.1.x86_64.rpm
File outdated by:  RHBA-2012:0239
    MD5: 48019a845f74cbc58a412bc8550a7ba5
SHA-256: 64fd9c85b2753156e62287364a0da846dfc301007ad9e297449e458473ae25a3
openCryptoki-devel-2.2.4-22.el5_5.1.i386.rpm
File outdated by:  RHBA-2012:0239
    MD5: bf7ff86dcd9260db95cbb0a49839524f
SHA-256: ce4a3ffa2a4de30d2eb6c210c6178c9557849247ac368cea98935b9352d48138
openCryptoki-devel-2.2.4-22.el5_5.1.x86_64.rpm
File outdated by:  RHBA-2012:0239
    MD5: d3994406eca998a00e1b3353daae70d8
SHA-256: 5bfcc1c58182ac0f2ea0caa994156f83b74b7da8a63bd89016592cbf0d37cddb
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
openCryptoki-2.2.4-22.el5_5.1.src.rpm
File outdated by:  RHBA-2012:0239
    MD5: 3bc07f283ac701ff1a7a13cc45f89c21
SHA-256: 44f0d59f62a988654a5f4277cd249ac1f9ad9945e4097b027be7b1768e3c741d
 
IA-32:
openCryptoki-2.2.4-22.el5_5.1.i386.rpm
File outdated by:  RHBA-2012:0239
    MD5: 94d5cda41f4232602a51f91cedee8248
SHA-256: 4ccfce5d1d77b36e9d4a31282bf167f9e1658758f7dc83111338be2ecdefa9f3
 
x86_64:
openCryptoki-2.2.4-22.el5_5.1.i386.rpm
File outdated by:  RHBA-2012:0239
    MD5: 94d5cda41f4232602a51f91cedee8248
SHA-256: 4ccfce5d1d77b36e9d4a31282bf167f9e1658758f7dc83111338be2ecdefa9f3
openCryptoki-2.2.4-22.el5_5.1.x86_64.rpm
File outdated by:  RHBA-2012:0239
    MD5: 48019a845f74cbc58a412bc8550a7ba5
SHA-256: 64fd9c85b2753156e62287364a0da846dfc301007ad9e297449e458473ae25a3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

627560 - Opencryptoki session/object performance degradation



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/