From: Jamie Heilman Subject: Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2) Date: Wed, 4 May 2016 04:53:56 +0000 Message-ID: <20160504045356.GG20775@cucamonga.audible.transient.net> References: <20160503172536.GC20775@cucamonga.audible.transient.net> <20160430083248.GA20775@cucamonga.audible.transient.net> <26795.1462266613@warthog.procyon.org.uk> <11323.1462307740@warthog.procyon.org.uk> <20160504022608.GF20775@cucamonga.audible.transient.net> <45d1a06b-4ec4-17f5-2888-3068558da0bb@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: David Howells , Herbert Xu , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, tadeusz.struk@intel.com To: Tadeusz Struk Return-path: Received: from audible.transient.net ([24.143.126.66]:36068 "HELO audible.transient.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1751234AbcEDEx6 (ORCPT ); Wed, 4 May 2016 00:53:58 -0400 Content-Disposition: inline In-Reply-To: <45d1a06b-4ec4-17f5-2888-3068558da0bb@gmail.com> Sender: linux-crypto-owner@vger.kernel.org List-ID: Tadeusz Struk wrote: > On 05/03/2016 07:26 PM, Jamie Heilman wrote: > >>> Alrighty, presumably relevant bits: > >>> > > > >>> > > X.509: Cert Issuer: Build time autogenerated kernel key > >>> > > X.509: Cert Subject: Build time autogenerated kernel key > >>> > > X.509: Cert Key Algo: rsa > >>> > > X.509: Cert Valid period: 1461826791-4615426791 > >>> > > X.509: Cert Signature: rsa + sha512 > >>> > > X.509: ==>x509_check_signature() > >>> > > X.509: ==>x509_get_sig_params() > >>> > > X.509: <==x509_get_sig_params() = 0 > >>> > > PKEY: ==>public_key_verify_signature() > >>> > > X.509: Cert Verification: -2 > >> > > >> > Hmmm... Okay, the only ways out of public_key_verify_signature() without > >> > printing a leaving message are for snprintf() to overrun (which would return > >> > error -22) or for crypto_alloc_akcipher() to have failed; everything else must > >> > go through the kleave() at the pr_devel() at the bottom of the function. > >> > > >> > Can you stick: > >> > > >> > pr_devel("ALGO: %s\n", alg_name); > >> > > >> > immediately before this line: > >> > > >> > tfm = crypto_alloc_akcipher(alg_name, 0, 0); > >> > > >> > and try it again? > > PKEY: ALGO: pkcs1pad(rsa,sha512) > > I think the problem is that pkcs1pad template needs CRYPTO_MANAGER, but > your configuration doesn't enable CRYPTO_MANAGER. Could you try this > please: > > diff --git a/crypto/Kconfig b/crypto/Kconfig > index 93a1fdc..1d33beb 100644 > --- a/crypto/Kconfig > +++ b/crypto/Kconfig > @@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER > config CRYPTO_RSA > tristate "RSA algorithm" > select CRYPTO_AKCIPHER > + select CRYPTO_MANAGER > select MPILIB > select ASN1 > help Yep, that does indeed make everything work again. -- Jamie Heilman http://audible.transient.net/~jamie/