Bug 692515 - sha512hmac expects different checksum, fails on PPC64
sha512hmac expects different checksum, fails on PPC64
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
ppc64 Unspecified
high Severity high
: rc
: ---
Assigned To: Aristeu Rozanski
Martin Banas
Depends On: 691419
Blocks: RHEL62CCC 670159 846801 846802
  Show dependency treegraph
Reported: 2011-03-31 09:13 EDT by Martin Banas
Modified: 2012-08-08 14:29 EDT (History)
4 users (show)

See Also:
Fixed In Version: kernel-2.6.32-131.0.1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-05-19 08:54:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
IBM Linux Technology Center 71358 None None None Never

  None (edit)
Description Martin Banas 2011-03-31 09:13:00 EDT
Description of problem:
sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac fails on PPC64.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install RHEL6, and hmaccalc package
2. run # sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac
Actual results:
sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac 
/boot/vmlinuz-2.6.32-128.el6.ppc64: FAILED
 computed = 6f39b5c725ead894b22fd334b9b349e7c1444d6a705d95a1f1c1655472d744a478d5da5f725287150a5aa45233e59b6ab447714075cf8e4fc88281246dcc7d64
 expected = 6c5c405c9031d5dffae0223e4e5567ab31a64b65b83f50b22ace3e1166d3700bddebb20a522b2a52ad08a447bdab6efe4fb5c59bff0688c61adf1f72a92b19bc

Installation in fips mode is not possible.

Expected results:
sha512hmac should pass.
Comment 2 Martin Banas 2011-04-05 02:27:59 EDT
Any progress on this bug? It would be nice to be fixed as soon as possible so that we could continue testing FIPS.
Comment 3 Aristeu Rozanski 2011-04-07 17:37:47 EDT
The problem is on RPM's post installation macro that will strip the notes section
from the kernel image, changing the checksum. I have one tentative patch being
built and will test it afterwards. I should have the patch submitted tomorrow
if everything goes as planned.
Comment 4 Aristeu Rozanski 2011-04-07 17:40:41 EDT
More information:
/usr/lib/rpm/redhat/brp-strip-comment-note runs on:
%__os_install_post    \
    /usr/lib/rpm/redhat/brp-compress \
    %{!?__debug_package:/usr/lib/rpm/redhat/brp-strip %{__strip}} \
    /usr/lib/rpm/redhat/brp-strip-static-archive %{__strip} \
    /usr/lib/rpm/redhat/brp-strip-comment-note %{__strip} %{__objdump} \
    /usr/lib/rpm/brp-python-bytecompile \
    /usr/lib/rpm/redhat/brp-python-hardlink \
    %{!?__jar_repack:/usr/lib/rpm/redhat/brp-java-repack-jars} \
(Red Hat's RPM macros)
Since ppc64 is the only one to use vmlinux, it'll be stripped in
brp-strip-comment-note, changing the checksum.
Comment 5 Aristeu Rozanski 2011-04-08 11:24:49 EDT
Patch submitted to the mailing list.
Comment 6 Aristeu Rozanski 2011-04-13 15:05:04 EDT
Patch(es) available on kernel-2.6.32-131.0.1.el6
Comment 9 Martin Banas 2011-04-14 08:15:04 EDT
Verified on RHEL6.1-20110413.1 (Snapshot 4), kernel-2.6.32-131.0.1.el6.

[root@ibm-js12-vios-01-lp1 ~]# sha512hmac -c /boot/.vmlinuz-2.6.32-131.0.1.el6.ppc64.hmac 
/boot/vmlinuz-2.6.32-131.0.1.el6.ppc64: OK

Boot is also OK:
sd 0:0:7:0: [sdc] Assuming drive cache: write through
sd 0:0:8:0: [sdd] Assuming drive cache: write through
/boot/vmlinuz-2.6.32-131.0.1.el6.ppc64: OK
            Welcome to Red Hat Enterprise Linux Server
Starting udev: [  OK  ]
Comment 10 errata-xmlrpc 2011-05-19 08:54:59 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.