| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160503172536.GC20775@cucamonga.audible.transient.net> Date: Tue, 3 May 2016 17:25:36 +0000 From: Jamie Heilman <jamie@...ible.transient.net> To: David Howells <dhowells@...hat.com> Cc: Herbert Xu <herbert@...dor.apana.org.au>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2) David Howells wrote: > > Problem loading in-kernel X.509 certificate (-2) > > ENOENT? Hmmm... The only place that is generated is in the crypto layer. > That suggests missing crypto of some sort. > > The attached patch enables some debugging in some relevant files if you can > try applying it to your kernel. Alrighty, presumably relevant bits: X.509: Cert Issuer: Build time autogenerated kernel key X.509: Cert Subject: Build time autogenerated kernel key X.509: Cert Key Algo: rsa X.509: Cert Valid period: 1461826791-4615426791 X.509: Cert Signature: rsa + sha512 X.509: ==>x509_check_signature() X.509: ==>x509_get_sig_params() X.509: <==x509_get_sig_params() = 0 PKEY: ==>public_key_verify_signature() X.509: Cert Verification: -2 Problem loading in-kernel X.509 certificate (-2) ... PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [0b f2 1f 7e f0 37 12 e6] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [5b b5 bb 52 28 05 ba 55] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [94 a4 59 31 7f a9 d0 3a] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 full dmesg at http://audible.transient.net/~jamie/k/modsign.dmesg-debugging -- Jamie Heilman http://audible.transient.net/~jamie/
Powered by blists - more mailing lists