Bug 692515 - sha512hmac expects different checksum, fails on PPC64
sha512hmac expects different checksum, fails on PPC64
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.1
ppc64 Unspecified
high Severity high
: rc
: ---
Assigned To: Aristeu Rozanski
Martin Banas
:
Depends On: 691419
Blocks: RHEL62CCC 670159 846801 846802
  Show dependency treegraph
 
Reported: 2011-03-31 09:13 EDT by Martin Banas
Modified: 2012-08-08 14:29 EDT (History)
4 users (show)

See Also:
Fixed In Version: kernel-2.6.32-131.0.1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-19 08:54:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
IBM Linux Technology Center 71358 None None None Never

  None (edit)
Description Martin Banas 2011-03-31 09:13:00 EDT
Description of problem:
sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac fails on PPC64.

Version-Release number of selected component (if applicable):
kernel-2.6.32-128

How reproducible:
always

Steps to Reproduce:
1. Install RHEL6, and hmaccalc package
2. run # sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac
  
Actual results:
sha512hmac -c /boot/.vmlinuz-2.6.32-128.el6.ppc64.hmac 
/boot/vmlinuz-2.6.32-128.el6.ppc64: FAILED
 computed = 6f39b5c725ead894b22fd334b9b349e7c1444d6a705d95a1f1c1655472d744a478d5da5f725287150a5aa45233e59b6ab447714075cf8e4fc88281246dcc7d64
 expected = 6c5c405c9031d5dffae0223e4e5567ab31a64b65b83f50b22ace3e1166d3700bddebb20a522b2a52ad08a447bdab6efe4fb5c59bff0688c61adf1f72a92b19bc

Installation in fips mode is not possible.

Expected results:
sha512hmac should pass.
Comment 2 Martin Banas 2011-04-05 02:27:59 EDT
Hello,
Any progress on this bug? It would be nice to be fixed as soon as possible so that we could continue testing FIPS.
Comment 3 Aristeu Rozanski 2011-04-07 17:37:47 EDT
The problem is on RPM's post installation macro that will strip the notes section
from the kernel image, changing the checksum. I have one tentative patch being
built and will test it afterwards. I should have the patch submitted tomorrow
if everything goes as planned.
Comment 4 Aristeu Rozanski 2011-04-07 17:40:41 EDT
More information:
/usr/lib/rpm/redhat/brp-strip-comment-note runs on:
%__os_install_post    \
    /usr/lib/rpm/redhat/brp-compress \
    %{!?__debug_package:/usr/lib/rpm/redhat/brp-strip %{__strip}} \
    /usr/lib/rpm/redhat/brp-strip-static-archive %{__strip} \
    /usr/lib/rpm/redhat/brp-strip-comment-note %{__strip} %{__objdump} \
    /usr/lib/rpm/brp-python-bytecompile \
    /usr/lib/rpm/redhat/brp-python-hardlink \
    %{!?__jar_repack:/usr/lib/rpm/redhat/brp-java-repack-jars} \
%{nil}
(Red Hat's RPM macros)
Since ppc64 is the only one to use vmlinux, it'll be stripped in
brp-strip-comment-note, changing the checksum.
Comment 5 Aristeu Rozanski 2011-04-08 11:24:49 EDT
Patch submitted to the mailing list.
Comment 6 Aristeu Rozanski 2011-04-13 15:05:04 EDT
Patch(es) available on kernel-2.6.32-131.0.1.el6
Comment 9 Martin Banas 2011-04-14 08:15:04 EDT
Verified on RHEL6.1-20110413.1 (Snapshot 4), kernel-2.6.32-131.0.1.el6.

[root@ibm-js12-vios-01-lp1 ~]# sha512hmac -c /boot/.vmlinuz-2.6.32-131.0.1.el6.ppc64.hmac 
/boot/vmlinuz-2.6.32-131.0.1.el6.ppc64: OK

Boot is also OK:
...
sd 0:0:7:0: [sdc] Assuming drive cache: write through
sd 0:0:8:0: [sdd] Assuming drive cache: write through
/boot/vmlinuz-2.6.32-131.0.1.el6.ppc64: OK
            Welcome to Red Hat Enterprise Linux Server
Starting udev: [  OK  ]
...
Comment 10 errata-xmlrpc 2011-05-19 08:54:59 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0542.html

Note You need to log in before you can comment on or make changes to this bug.