Bug 692515 - sha512hmac expects different checksum, fails on PPC64
Summary: sha512hmac expects different checksum, fails on PPC64
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.1
Hardware: ppc64
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Aristeu Rozanski
QA Contact: Martin Banas
Depends On: 691419
Blocks: RHEL62CCC 670159 846801 846802
TreeView+ depends on / blocked
Reported: 2011-03-31 13:13 UTC by Martin Banas
Modified: 2012-08-08 18:29 UTC (History)
4 users (show)

Fixed In Version: kernel-2.6.32-131.0.1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-05-19 12:54:59 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0542 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update 2011-05-19 11:58:07 UTC
IBM Linux Technology Center 71358 None None None Never

Description Martin Banas 2011-03-31 13:13:00 UTC
Description of problem:
sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac fails on PPC64.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install RHEL6, and hmaccalc package
2. run # sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac
Actual results:
sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac 
/boot/vmlinuz-2.6.32-128.el6.ppc64: FAILED
 computed = 6f39b5c725ead894b22fd334b9b349e7c1444d6a705d95a1f1c1655472d744a478d5da5f725287150a5aa45233e59b6ab447714075cf8e4fc88281246dcc7d64
 expected = 6c5c405c9031d5dffae0223e4e5567ab31a64b65b83f50b22ace3e1166d3700bddebb20a522b2a52ad08a447bdab6efe4fb5c59bff0688c61adf1f72a92b19bc

Installation in fips mode is not possible.

Expected results:
sha512hmac should pass.

Comment 2 Martin Banas 2011-04-05 06:27:59 UTC
Any progress on this bug? It would be nice to be fixed as soon as possible so that we could continue testing FIPS.

Comment 3 Aristeu Rozanski 2011-04-07 21:37:47 UTC
The problem is on RPM's post installation macro that will strip the notes section
from the kernel image, changing the checksum. I have one tentative patch being
built and will test it afterwards. I should have the patch submitted tomorrow
if everything goes as planned.

Comment 4 Aristeu Rozanski 2011-04-07 21:40:41 UTC
More information:
/usr/lib/rpm/redhat/brp-strip-comment-note runs on:
%__os_install_post    \
    /usr/lib/rpm/redhat/brp-compress \
    %{!?__debug_package:/usr/lib/rpm/redhat/brp-strip %{__strip}} \
    /usr/lib/rpm/redhat/brp-strip-static-archive %{__strip} \
    /usr/lib/rpm/redhat/brp-strip-comment-note %{__strip} %{__objdump} \
    /usr/lib/rpm/brp-python-bytecompile \
    /usr/lib/rpm/redhat/brp-python-hardlink \
    %{!?__jar_repack:/usr/lib/rpm/redhat/brp-java-repack-jars} \
(Red Hat's RPM macros)
Since ppc64 is the only one to use vmlinux, it'll be stripped in
brp-strip-comment-note, changing the checksum.

Comment 5 Aristeu Rozanski 2011-04-08 15:24:49 UTC
Patch submitted to the mailing list.

Comment 6 Aristeu Rozanski 2011-04-13 19:05:04 UTC
Patch(es) available on kernel-2.6.32-131.0.1.el6

Comment 9 Martin Banas 2011-04-14 12:15:04 UTC
Verified on RHEL6.1-20110413.1 (Snapshot 4), kernel-2.6.32-131.0.1.el6.

[root@ibm-js12-vios-01-lp1 ~]# sha512hmac -c /boot/.vmlinuz-2.6.32-131.0.1.el6.ppc64.hmac 
/boot/vmlinuz-2.6.32-131.0.1.el6.ppc64: OK

Boot is also OK:
sd 0:0:7:0: [sdc] Assuming drive cache: write through
sd 0:0:8:0: [sdd] Assuming drive cache: write through
/boot/vmlinuz-2.6.32-131.0.1.el6.ppc64: OK
            Welcome to Red Hat Enterprise Linux Server
Starting udev: [  OK  ]

Comment 10 errata-xmlrpc 2011-05-19 12:54:59 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.