Hi Jamie, On 05/03/2016 01:35 PM, David Howells wrote: > (cc'ing Tadeusz as he did the pkcs1 padding function) > > Jamie Heilman <jamie@xxxxxxxxxxxxxxxxxxxxx> wrote: > >>>> Problem loading in-kernel X.509 certificate (-2) >>> >>> ENOENT? Hmmm... The only place that is generated is in the crypto layer. >>> That suggests missing crypto of some sort. >>> >>> The attached patch enables some debugging in some relevant files if you can >>> try applying it to your kernel. >> >> Alrighty, presumably relevant bits: >> >> X.509: Cert Issuer: Build time autogenerated kernel key >> X.509: Cert Subject: Build time autogenerated kernel key >> X.509: Cert Key Algo: rsa >> X.509: Cert Valid period: 1461826791-4615426791 >> X.509: Cert Signature: rsa + sha512 >> X.509: ==>x509_check_signature() >> X.509: ==>x509_get_sig_params() >> X.509: <==x509_get_sig_params() = 0 >> PKEY: ==>public_key_verify_signature() >> X.509: Cert Verification: -2 > > Hmmm... Okay, the only ways out of public_key_verify_signature() without > printing a leaving message are for snprintf() to overrun (which would return > error -22) or for crypto_alloc_akcipher() to have failed; everything else must > go through the kleave() at the pr_devel() at the bottom of the function. > > Can you stick: > > pr_devel("ALGO: %s\n", alg_name); > > immediately before this line: > > tfm = crypto_alloc_akcipher(alg_name, 0, 0); > > and try it again? > Could you please check if this one fixes the problem for you: https://patchwork.kernel.org/patch/8766361/ Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html