(cc'ing Tadeusz as he did the pkcs1 padding function) Jamie Heilman <jamie@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > Problem loading in-kernel X.509 certificate (-2) > > > > ENOENT? Hmmm... The only place that is generated is in the crypto layer. > > That suggests missing crypto of some sort. > > > > The attached patch enables some debugging in some relevant files if you can > > try applying it to your kernel. > > Alrighty, presumably relevant bits: > > X.509: Cert Issuer: Build time autogenerated kernel key > X.509: Cert Subject: Build time autogenerated kernel key > X.509: Cert Key Algo: rsa > X.509: Cert Valid period: 1461826791-4615426791 > X.509: Cert Signature: rsa + sha512 > X.509: ==>x509_check_signature() > X.509: ==>x509_get_sig_params() > X.509: <==x509_get_sig_params() = 0 > PKEY: ==>public_key_verify_signature() > X.509: Cert Verification: -2 Hmmm... Okay, the only ways out of public_key_verify_signature() without printing a leaving message are for snprintf() to overrun (which would return error -22) or for crypto_alloc_akcipher() to have failed; everything else must go through the kleave() at the pr_devel() at the bottom of the function. Can you stick: pr_devel("ALGO: %s\n", alg_name); immediately before this line: tfm = crypto_alloc_akcipher(alg_name, 0, 0); and try it again? Thanks, David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html