Tadeusz Struk wrote: > On 05/03/2016 07:26 PM, Jamie Heilman wrote: > >>> Alrighty, presumably relevant bits: > >>> > > > >>> > > X.509: Cert Issuer: Build time autogenerated kernel key > >>> > > X.509: Cert Subject: Build time autogenerated kernel key > >>> > > X.509: Cert Key Algo: rsa > >>> > > X.509: Cert Valid period: 1461826791-4615426791 > >>> > > X.509: Cert Signature: rsa + sha512 > >>> > > X.509: ==>x509_check_signature() > >>> > > X.509: ==>x509_get_sig_params() > >>> > > X.509: <==x509_get_sig_params() = 0 > >>> > > PKEY: ==>public_key_verify_signature() > >>> > > X.509: Cert Verification: -2 > >> > > >> > Hmmm... Okay, the only ways out of public_key_verify_signature() without > >> > printing a leaving message are for snprintf() to overrun (which would return > >> > error -22) or for crypto_alloc_akcipher() to have failed; everything else must > >> > go through the kleave() at the pr_devel() at the bottom of the function. > >> > > >> > Can you stick: > >> > > >> > pr_devel("ALGO: %s\n", alg_name); > >> > > >> > immediately before this line: > >> > > >> > tfm = crypto_alloc_akcipher(alg_name, 0, 0); > >> > > >> > and try it again? > > PKEY: ALGO: pkcs1pad(rsa,sha512) > > I think the problem is that pkcs1pad template needs CRYPTO_MANAGER, but > your configuration doesn't enable CRYPTO_MANAGER. Could you try this > please: > > diff --git a/crypto/Kconfig b/crypto/Kconfig > index 93a1fdc..1d33beb 100644 > --- a/crypto/Kconfig > +++ b/crypto/Kconfig > @@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER > config CRYPTO_RSA > tristate "RSA algorithm" > select CRYPTO_AKCIPHER > + select CRYPTO_MANAGER > select MPILIB > select ASN1 > help Yep, that does indeed make everything work again. -- Jamie Heilman http://audible.transient.net/~jamie/ -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html