lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 3 May 2016 17:25:36 +0000
From:	Jamie Heilman <jamie@...ible.transient.net>
To:	David Howells <dhowells@...hat.com>
Cc:	Herbert Xu <herbert@...dor.apana.org.au>,
	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509
 certificate (-2)

David Howells wrote:
> > Problem loading in-kernel X.509 certificate (-2)
> 
> ENOENT?  Hmmm...  The only place that is generated is in the crypto layer.
> That suggests missing crypto of some sort.
> 
> The attached patch enables some debugging in some relevant files if you can
> try applying it to your kernel.

Alrighty, presumably relevant bits:

X.509: Cert Issuer: Build time autogenerated kernel key
X.509: Cert Subject: Build time autogenerated kernel key
X.509: Cert Key Algo: rsa
X.509: Cert Valid period: 1461826791-4615426791
X.509: Cert Signature: rsa + sha512
X.509: ==>x509_check_signature()
X.509: ==>x509_get_sig_params()
X.509: <==x509_get_sig_params() = 0
PKEY: ==>public_key_verify_signature()
X.509: Cert Verification: -2
Problem loading in-kernel X.509 certificate (-2)
...
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [0b f2 1f 7e f0 37 12 e6]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [5b b5 bb 52 28 05 ba 55]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [94 a4 59 31 7f a9 d0 3a]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11

full dmesg at http://audible.transient.net/~jamie/k/modsign.dmesg-debugging


-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ