- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0239 - Bug Fix Advisory
Synopsis
openCryptoki bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated openCryptoki package that fixes four bugs is now available for Red
Hat Enterprise Linux 5.
Description
The openCryptoki package contains version 2.11 of the public-key cryptography
standards (PKCS)#11 API, implemented for IBM Cryptocards. This package includes
support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware
loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer
System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the
IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z).
This update fixes the following bugs:
- Prior to this update, the process to unwrap an Advanced Encryption Standard
(AES) key could, under certain circumstances, fail after a hardware
cryptographic token was initialized. As a result, openCryptoki returned the
error "CKR_TEMPLATE_INCOMPLETE". This update modifies the AES key unwrapping
process so that it no longer fails. (BZ#538879)
- Prior to this update, the message authentication code (MAC) could, under
certain circumstances, fail to be verified when using the PKCS#11 API for the
acceleration of cryptographic instructions and the error "411 = MAC did not
verify." was retunred. This update modifies the underlying code so that the MAC
is now computed successfully after being offloaded to the CPACF. (BZ#539168)
- Prior to this update, openCryptoki did not correctly recognize whether
secure-key crypto support was installed when the pkcs11_startup and pkcs_slot
scripts were running. As a consequence, the Common Cryptographic Architecture
(CCA) token did not correctly work. This update modifies the pkcs11_startup and
pkcs_slot scripts to improve the secure-key crypto support check. Now, the CCA
token works as expected. (BZ#541028)
- Prior to this update, OpenCryptoki used linked lists to track objects and
sessions in memory, performing an exhaustive search in practically every PKCS#11
call. As a consequence, the overall performance of cryptographic operations
degraded exponentially with the number of objects per token or open sessions per
process. This update modifies the underlying source code so that the overall
performance remains constant. (BZ#612274)
All users of openCryptoki are advised to upgrade to these updated packages,
which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant
to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
(none)CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
openCryptoki-2.2.4-25.el5.src.rpm | SHA-256: a7e40854dd6dc35eb04bdaef087d5842bcbdec7ba38b28ba837656cbbcab23a9 |
x86_64 | |
openCryptoki-2.2.4-25.el5.i386.rpm | SHA-256: 56a683ca29ffba61fb2f1173e2fb903ee2378327a4184a8d8357489c4ce4ee9a |
openCryptoki-2.2.4-25.el5.x86_64.rpm | SHA-256: 3cb7de927751722b0efb27831affab10d904b32a92747cf1c3553c5e727e5e31 |
openCryptoki-devel-2.2.4-25.el5.i386.rpm | SHA-256: 8612612b1c358db8e0a36d86c18fdf6c6bd1185ed0e2ba0970c22af38cd3b70e |
openCryptoki-devel-2.2.4-25.el5.x86_64.rpm | SHA-256: ca3b896c83062594e845c0202b97ae0202a3c985bf06e63fac8c519b441e533a |
i386 | |
openCryptoki-2.2.4-25.el5.i386.rpm | SHA-256: 56a683ca29ffba61fb2f1173e2fb903ee2378327a4184a8d8357489c4ce4ee9a |
openCryptoki-devel-2.2.4-25.el5.i386.rpm | SHA-256: 8612612b1c358db8e0a36d86c18fdf6c6bd1185ed0e2ba0970c22af38cd3b70e |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
openCryptoki-2.2.4-25.el5.src.rpm | SHA-256: a7e40854dd6dc35eb04bdaef087d5842bcbdec7ba38b28ba837656cbbcab23a9 |
x86_64 | |
openCryptoki-2.2.4-25.el5.i386.rpm | SHA-256: 56a683ca29ffba61fb2f1173e2fb903ee2378327a4184a8d8357489c4ce4ee9a |
openCryptoki-2.2.4-25.el5.x86_64.rpm | SHA-256: 3cb7de927751722b0efb27831affab10d904b32a92747cf1c3553c5e727e5e31 |
openCryptoki-devel-2.2.4-25.el5.i386.rpm | SHA-256: 8612612b1c358db8e0a36d86c18fdf6c6bd1185ed0e2ba0970c22af38cd3b70e |
openCryptoki-devel-2.2.4-25.el5.x86_64.rpm | SHA-256: ca3b896c83062594e845c0202b97ae0202a3c985bf06e63fac8c519b441e533a |
i386 | |
openCryptoki-2.2.4-25.el5.i386.rpm | SHA-256: 56a683ca29ffba61fb2f1173e2fb903ee2378327a4184a8d8357489c4ce4ee9a |
openCryptoki-devel-2.2.4-25.el5.i386.rpm | SHA-256: 8612612b1c358db8e0a36d86c18fdf6c6bd1185ed0e2ba0970c22af38cd3b70e |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
openCryptoki-2.2.4-25.el5.src.rpm | SHA-256: a7e40854dd6dc35eb04bdaef087d5842bcbdec7ba38b28ba837656cbbcab23a9 |
x86_64 | |
openCryptoki-2.2.4-25.el5.i386.rpm | SHA-256: 56a683ca29ffba61fb2f1173e2fb903ee2378327a4184a8d8357489c4ce4ee9a |
openCryptoki-2.2.4-25.el5.x86_64.rpm | SHA-256: 3cb7de927751722b0efb27831affab10d904b32a92747cf1c3553c5e727e5e31 |
i386 | |
openCryptoki-2.2.4-25.el5.i386.rpm | SHA-256: 56a683ca29ffba61fb2f1173e2fb903ee2378327a4184a8d8357489c4ce4ee9a |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
openCryptoki-2.2.4-25.el5.src.rpm | SHA-256: a7e40854dd6dc35eb04bdaef087d5842bcbdec7ba38b28ba837656cbbcab23a9 |
s390x | |
openCryptoki-2.2.4-25.el5.s390.rpm | SHA-256: fe36e3c151a355a4ed0d628966b7862488b1dbd01cba1e40b422165e2ca51462 |
openCryptoki-2.2.4-25.el5.s390x.rpm | SHA-256: 0f1a2325497a1836a2a60336e74e592d75a000fa152c76a4120bbe524e446a62 |
openCryptoki-devel-2.2.4-25.el5.s390x.rpm | SHA-256: 47f4d1fe85a740278ff185d1d798c97eba00d14e8c2aecae40a33ff9eeef57d7 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
openCryptoki-2.2.4-25.el5.src.rpm | SHA-256: a7e40854dd6dc35eb04bdaef087d5842bcbdec7ba38b28ba837656cbbcab23a9 |
ppc | |
openCryptoki-2.2.4-25.el5.ppc64.rpm | SHA-256: ea95ad5fe3912d4a1a653e3e3934818e99403ab0853b9c75644fa3326cda7b8a |
openCryptoki-devel-2.2.4-25.el5.ppc64.rpm | SHA-256: 95c42acc334825e891711541924febe61c6a97847ae5c87b11bfdf1598146419 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
openCryptoki-2.2.4-25.el5.src.rpm | SHA-256: a7e40854dd6dc35eb04bdaef087d5842bcbdec7ba38b28ba837656cbbcab23a9 |
x86_64 | |
openCryptoki-2.2.4-25.el5.i386.rpm | SHA-256: 56a683ca29ffba61fb2f1173e2fb903ee2378327a4184a8d8357489c4ce4ee9a |
openCryptoki-2.2.4-25.el5.x86_64.rpm | SHA-256: 3cb7de927751722b0efb27831affab10d904b32a92747cf1c3553c5e727e5e31 |
openCryptoki-devel-2.2.4-25.el5.i386.rpm | SHA-256: 8612612b1c358db8e0a36d86c18fdf6c6bd1185ed0e2ba0970c22af38cd3b70e |
openCryptoki-devel-2.2.4-25.el5.x86_64.rpm | SHA-256: ca3b896c83062594e845c0202b97ae0202a3c985bf06e63fac8c519b441e533a |
i386 | |
openCryptoki-2.2.4-25.el5.i386.rpm | SHA-256: 56a683ca29ffba61fb2f1173e2fb903ee2378327a4184a8d8357489c4ce4ee9a |
openCryptoki-devel-2.2.4-25.el5.i386.rpm | SHA-256: 8612612b1c358db8e0a36d86c18fdf6c6bd1185ed0e2ba0970c22af38cd3b70e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.