Flag Day: cryptosvc and elfsign need closed bin update (fwd)
Date: Sat, 18 Jul 2009 09:47:18 -0700 (PDT) From: Valerie Bubb Fenwick <Valerie.Fenwick at sun dot com> To: on-all at sun dot com, onnv-gate at onnv dot eng dot sun dot com Subject: Flag Day: cryptosvc and elfsign need closed bin update (fwd) Hi Everyone - My integration yesterday for: 6852240 libelfsign should use pkcs11_softtoken instead of OpenSSL for FIPS-140 integrity checking 6851814 tools elfsign is unnecessarily linked against pkcs11_softtoken constitutes a flag day for all developers, particularly external developers. You need to make sure you have the closed binary tarball that corresponds with these bits, or you will get an infinite loop in cryptosvcs that will look something like this: Jul 18 15:11:05 moritz svc.startd[7]: [ID 122153 daemon.warning] svc:/system/cryptosvc:default: Method or service exit timed out. Killing contract 15. Jul 18 15:11:05 moritz kcf: [ID 949968 kern.warning] WARNING: Module verification door upcall failed for /kernel/crypto/amd64/arcfour. errno = 4 Jul 18 15:11:05 moritz svc.startd[7]: [ID 636263 daemon.warning] svc:/system/cryptosvc:default: Method "/sbin/cryptoadm start" failed due to signal KILL Unfortunately, it doesn't seem like the closed-bins tar ball has been updated since May 19, so right now these bits will be toxic for external developers, though there have been many other changes to the closed bins since that date, so I am surprised this is the first issue coming up. I will contact the gatekeeping staff immediately to try to resolve this. I'm sorry for the inconvenience this has caused. Valerie ~-- Valerie Fenwick, http://blogs.sun.com/bubbva/ @bubbva Solaris Security Technologies, Developer, Sun Microsystems, Inc. 17 Network Circle, Menlo Park, CA, 94025.
on 2009/11/20 23:48