David Howells wrote: > (cc'ing Tadeusz as he did the pkcs1 padding function) > > Jamie Heilman <jamie@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > > Problem loading in-kernel X.509 certificate (-2) > > > > > > ENOENT? Hmmm... The only place that is generated is in the crypto layer. > > > That suggests missing crypto of some sort. > > > > > > The attached patch enables some debugging in some relevant files if you can > > > try applying it to your kernel. > > > > Alrighty, presumably relevant bits: > > > > X.509: Cert Issuer: Build time autogenerated kernel key > > X.509: Cert Subject: Build time autogenerated kernel key > > X.509: Cert Key Algo: rsa > > X.509: Cert Valid period: 1461826791-4615426791 > > X.509: Cert Signature: rsa + sha512 > > X.509: ==>x509_check_signature() > > X.509: ==>x509_get_sig_params() > > X.509: <==x509_get_sig_params() = 0 > > PKEY: ==>public_key_verify_signature() > > X.509: Cert Verification: -2 > > Hmmm... Okay, the only ways out of public_key_verify_signature() without > printing a leaving message are for snprintf() to overrun (which would return > error -22) or for crypto_alloc_akcipher() to have failed; everything else must > go through the kleave() at the pr_devel() at the bottom of the function. > > Can you stick: > > pr_devel("ALGO: %s\n", alg_name); > > immediately before this line: > > tfm = crypto_alloc_akcipher(alg_name, 0, 0); > > and try it again? PKEY: ALGO: pkcs1pad(rsa,sha512) -- Jamie Heilman http://audible.transient.net/~jamie/ -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html