v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Jamie Heilman]

I usually build my kernels to require module signatures and use
automatic signing.  As of v4.6-rc1 I'm getting this on boot:

Problem loading in-kernel X.509 certificate (-2)

I bisected that to commit d43de6c780a84def056afaf4fb3e66bdaa1efc00
(akcipher: Move the RSA DER encoding check to the crypto layer)

For some reason after this commit my system keyring always ends up
empty.  I use the deb-pkg make target.  My kernel config can
be found at
http://audible.transient.net/~jamie/k/modsign.config-4.6.0-rc5-guest

Let me know if you need anything else.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Herbert Xu]

On Sat, Apr 30, 2016 at 08:32:48AM +0000, Jamie Heilman wrote:
> I usually build my kernels to require module signatures and use
> automatic signing.  As of v4.6-rc1 I'm getting this on boot:
> 
> Problem loading in-kernel X.509 certificate (-2)
> 
> I bisected that to commit d43de6c780a84def056afaf4fb3e66bdaa1efc00
> (akcipher: Move the RSA DER encoding check to the crypto layer)
> 
> For some reason after this commit my system keyring always ends up
> empty.  I use the deb-pkg make target.  My kernel config can
> be found at
> http://audible.transient.net/~jamie/k/modsign.config-4.6.0-rc5-guest
> 
> Let me know if you need anything else.

David, any ideas on this problem? If we can't get a quick fix
on this then we'll have to revert.

Jamie, does reverting this patch by itself resolve the problem?

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[David Howells]

Jamie Heilman <jamie@audible.transient.net> wrote:

> I usually build my kernels to require module signatures and use
> automatic signing.  As of v4.6-rc1 I'm getting this on boot:
> 
> Problem loading in-kernel X.509 certificate (-2)
> 
> I bisected that to commit d43de6c780a84def056afaf4fb3e66bdaa1efc00
> (akcipher: Move the RSA DER encoding check to the crypto layer)
> 
> For some reason after this commit my system keyring always ends up
> empty.  I use the deb-pkg make target.  My kernel config can
> be found at
> http://audible.transient.net/~jamie/k/modsign.config-4.6.0-rc5-guest

Do you have an example malfunctioning certificate that I can have a look at?

David

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[David Howells]

> Problem loading in-kernel X.509 certificate (-2)

ENOENT?  Hmmm...  The only place that is generated is in the crypto layer.
That suggests missing crypto of some sort.

The attached patch enables some debugging in some relevant files if you can
try applying it to your kernel.

David
---
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 50be2a15e531..573b3960867b 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -8,7 +8,7 @@
  * as published by the Free Software Foundation; either version
  * 2 of the Licence, or (at your option) any later version.
  */
-
+#define DEBUG
 #define pr_fmt(fmt) "PKCS7: "fmt
 #include <linux/kernel.h>
 #include <linux/export.h>
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 0f8b264b3961..99f297129381 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -10,7 +10,7 @@
  * as published by the Free Software Foundation; either version
  * 2 of the Licence, or (at your option) any later version.
  */
-
+#define DEBUG
 #define pr_fmt(fmt) "PKEY: "fmt
 #include <linux/module.h>
 #include <linux/export.h>
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 733c046aacc6..373d472022ef 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -8,7 +8,7 @@
  * as published by the Free Software Foundation; either version
  * 2 of the Licence, or (at your option) any later version.
  */
-
+#define DEBUG
 #define pr_fmt(fmt) "X.509: "fmt
 #include <linux/module.h>
 #include <linux/kernel.h>

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Jamie Heilman]

David Howells wrote:
> > Problem loading in-kernel X.509 certificate (-2)
> 
> ENOENT?  Hmmm...  The only place that is generated is in the crypto layer.
> That suggests missing crypto of some sort.
> 
> The attached patch enables some debugging in some relevant files if you can
> try applying it to your kernel.

Alrighty, presumably relevant bits:

X.509: Cert Issuer: Build time autogenerated kernel key
X.509: Cert Subject: Build time autogenerated kernel key
X.509: Cert Key Algo: rsa
X.509: Cert Valid period: 1461826791-4615426791
X.509: Cert Signature: rsa + sha512
X.509: ==>x509_check_signature()
X.509: ==>x509_get_sig_params()
X.509: <==x509_get_sig_params() = 0
PKEY: ==>public_key_verify_signature()
X.509: Cert Verification: -2
Problem loading in-kernel X.509 certificate (-2)
...
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [0b f2 1f 7e f0 37 12 e6]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [5b b5 bb 52 28 05 ba 55]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [94 a4 59 31 7f a9 d0 3a]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11

full dmesg at http://audible.transient.net/~jamie/k/modsign.dmesg-debugging


-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Jamie Heilman]

Herbert Xu wrote:
> On Sat, Apr 30, 2016 at 08:32:48AM +0000, Jamie Heilman wrote:
> > I usually build my kernels to require module signatures and use
> > automatic signing.  As of v4.6-rc1 I'm getting this on boot:
> > 
> > Problem loading in-kernel X.509 certificate (-2)
> > 
> > I bisected that to commit d43de6c780a84def056afaf4fb3e66bdaa1efc00
> > (akcipher: Move the RSA DER encoding check to the crypto layer)
> > 
> > For some reason after this commit my system keyring always ends up
> > empty.  I use the deb-pkg make target.  My kernel config can
> > be found at
> > http://audible.transient.net/~jamie/k/modsign.config-4.6.0-rc5-guest
> > 
> > Let me know if you need anything else.
> 
> David, any ideas on this problem? If we can't get a quick fix
> on this then we'll have to revert.
> 
> Jamie, does reverting this patch by itself resolve the problem?

Haven't tried that, given the nature of the change I just assumed
it would break too much, but I'll give it a shot this evening after
work.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[David Howells]

(cc'ing Tadeusz as he did the pkcs1 padding function)

Jamie Heilman <jamie@audible.transient.net> wrote:

> > > Problem loading in-kernel X.509 certificate (-2)
> > 
> > ENOENT?  Hmmm...  The only place that is generated is in the crypto layer.
> > That suggests missing crypto of some sort.
> > 
> > The attached patch enables some debugging in some relevant files if you can
> > try applying it to your kernel.
> 
> Alrighty, presumably relevant bits:
>
> X.509: Cert Issuer: Build time autogenerated kernel key
> X.509: Cert Subject: Build time autogenerated kernel key
> X.509: Cert Key Algo: rsa
> X.509: Cert Valid period: 1461826791-4615426791
> X.509: Cert Signature: rsa + sha512
> X.509: ==>x509_check_signature()
> X.509: ==>x509_get_sig_params()
> X.509: <==x509_get_sig_params() = 0
> PKEY: ==>public_key_verify_signature()
> X.509: Cert Verification: -2

Hmmm...  Okay, the only ways out of public_key_verify_signature() without
printing a leaving message are for snprintf() to overrun (which would return
error -22) or for crypto_alloc_akcipher() to have failed; everything else must
go through the kleave() at the pr_devel() at the bottom of the function.

Can you stick:

	pr_devel("ALGO: %s\n", alg_name);

immediately before this line:

	tfm = crypto_alloc_akcipher(alg_name, 0, 0);

and try it again?

Thanks,
David

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Tadeusz Struk]

Hi Jamie,
On 05/03/2016 01:35 PM, David Howells wrote:
> (cc'ing Tadeusz as he did the pkcs1 padding function)
> 
> Jamie Heilman <jamie@audible.transient.net> wrote:
> 
>>>> Problem loading in-kernel X.509 certificate (-2)
>>>
>>> ENOENT?  Hmmm...  The only place that is generated is in the crypto layer.
>>> That suggests missing crypto of some sort.
>>>
>>> The attached patch enables some debugging in some relevant files if you can
>>> try applying it to your kernel.
>>
>> Alrighty, presumably relevant bits:
>>
>> X.509: Cert Issuer: Build time autogenerated kernel key
>> X.509: Cert Subject: Build time autogenerated kernel key
>> X.509: Cert Key Algo: rsa
>> X.509: Cert Valid period: 1461826791-4615426791
>> X.509: Cert Signature: rsa + sha512
>> X.509: ==>x509_check_signature()
>> X.509: ==>x509_get_sig_params()
>> X.509: <==x509_get_sig_params() = 0
>> PKEY: ==>public_key_verify_signature()
>> X.509: Cert Verification: -2
> 
> Hmmm...  Okay, the only ways out of public_key_verify_signature() without
> printing a leaving message are for snprintf() to overrun (which would return
> error -22) or for crypto_alloc_akcipher() to have failed; everything else must
> go through the kleave() at the pr_devel() at the bottom of the function.
> 
> Can you stick:
> 
> 	pr_devel("ALGO: %s\n", alg_name);
> 
> immediately before this line:
> 
> 	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
> 
> and try it again?
> 

Could you please check if this one fixes the problem for you:
https://patchwork.kernel.org/patch/8766361/
Thanks,
-- 
TS

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Jamie Heilman]

Tadeusz Struk wrote:
> Could you please check if this one fixes the problem for you:
> https://patchwork.kernel.org/patch/8766361/

That patch is already present by 4.6-rc5 and the problem still exists,
so no, it doesn't.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Jamie Heilman]

David Howells wrote:
> (cc'ing Tadeusz as he did the pkcs1 padding function)
> 
> Jamie Heilman <jamie@audible.transient.net> wrote:
> 
> > > > Problem loading in-kernel X.509 certificate (-2)
> > > 
> > > ENOENT?  Hmmm...  The only place that is generated is in the crypto layer.
> > > That suggests missing crypto of some sort.
> > > 
> > > The attached patch enables some debugging in some relevant files if you can
> > > try applying it to your kernel.
> > 
> > Alrighty, presumably relevant bits:
> >
> > X.509: Cert Issuer: Build time autogenerated kernel key
> > X.509: Cert Subject: Build time autogenerated kernel key
> > X.509: Cert Key Algo: rsa
> > X.509: Cert Valid period: 1461826791-4615426791
> > X.509: Cert Signature: rsa + sha512
> > X.509: ==>x509_check_signature()
> > X.509: ==>x509_get_sig_params()
> > X.509: <==x509_get_sig_params() = 0
> > PKEY: ==>public_key_verify_signature()
> > X.509: Cert Verification: -2
> 
> Hmmm...  Okay, the only ways out of public_key_verify_signature() without
> printing a leaving message are for snprintf() to overrun (which would return
> error -22) or for crypto_alloc_akcipher() to have failed; everything else must
> go through the kleave() at the pr_devel() at the bottom of the function.
> 
> Can you stick:
> 
> 	pr_devel("ALGO: %s\n", alg_name);
> 
> immediately before this line:
> 
> 	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
> 
> and try it again?

PKEY: ALGO: pkcs1pad(rsa,sha512)

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Tadeusz Struk]

On 05/03/2016 07:26 PM, Jamie Heilman wrote:
>>> Alrighty, presumably relevant bits:
>>> > >
>>> > > X.509: Cert Issuer: Build time autogenerated kernel key
>>> > > X.509: Cert Subject: Build time autogenerated kernel key
>>> > > X.509: Cert Key Algo: rsa
>>> > > X.509: Cert Valid period: 1461826791-4615426791
>>> > > X.509: Cert Signature: rsa + sha512
>>> > > X.509: ==>x509_check_signature()
>>> > > X.509: ==>x509_get_sig_params()
>>> > > X.509: <==x509_get_sig_params() = 0
>>> > > PKEY: ==>public_key_verify_signature()
>>> > > X.509: Cert Verification: -2
>> > 
>> > Hmmm...  Okay, the only ways out of public_key_verify_signature() without
>> > printing a leaving message are for snprintf() to overrun (which would return
>> > error -22) or for crypto_alloc_akcipher() to have failed; everything else must
>> > go through the kleave() at the pr_devel() at the bottom of the function.
>> > 
>> > Can you stick:
>> > 
>> > 	pr_devel("ALGO: %s\n", alg_name);
>> > 
>> > immediately before this line:
>> > 
>> > 	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
>> > 
>> > and try it again?
> PKEY: ALGO: pkcs1pad(rsa,sha512)

I think the problem is that pkcs1pad template needs CRYPTO_MANAGER, but
your configuration doesn't enable CRYPTO_MANAGER. Could you try this
please:

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 93a1fdc..1d33beb 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER
 config CRYPTO_RSA
 	tristate "RSA algorithm"
 	select CRYPTO_AKCIPHER
+	select CRYPTO_MANAGER
 	select MPILIB
 	select ASN1
 	help

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Jamie Heilman]

Tadeusz Struk wrote:
> On 05/03/2016 07:26 PM, Jamie Heilman wrote:
> >>> Alrighty, presumably relevant bits:
> >>> > >
> >>> > > X.509: Cert Issuer: Build time autogenerated kernel key
> >>> > > X.509: Cert Subject: Build time autogenerated kernel key
> >>> > > X.509: Cert Key Algo: rsa
> >>> > > X.509: Cert Valid period: 1461826791-4615426791
> >>> > > X.509: Cert Signature: rsa + sha512
> >>> > > X.509: ==>x509_check_signature()
> >>> > > X.509: ==>x509_get_sig_params()
> >>> > > X.509: <==x509_get_sig_params() = 0
> >>> > > PKEY: ==>public_key_verify_signature()
> >>> > > X.509: Cert Verification: -2
> >> > 
> >> > Hmmm...  Okay, the only ways out of public_key_verify_signature() without
> >> > printing a leaving message are for snprintf() to overrun (which would return
> >> > error -22) or for crypto_alloc_akcipher() to have failed; everything else must
> >> > go through the kleave() at the pr_devel() at the bottom of the function.
> >> > 
> >> > Can you stick:
> >> > 
> >> > 	pr_devel("ALGO: %s\n", alg_name);
> >> > 
> >> > immediately before this line:
> >> > 
> >> > 	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
> >> > 
> >> > and try it again?
> > PKEY: ALGO: pkcs1pad(rsa,sha512)
> 
> I think the problem is that pkcs1pad template needs CRYPTO_MANAGER, but
> your configuration doesn't enable CRYPTO_MANAGER. Could you try this
> please:
> 
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 93a1fdc..1d33beb 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER
>  config CRYPTO_RSA
>  	tristate "RSA algorithm"
>  	select CRYPTO_AKCIPHER
> +	select CRYPTO_MANAGER
>  	select MPILIB
>  	select ASN1
>  	help

Yep, that does indeed make everything work again.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[David Howells]

Tadeusz Struk <tstruk@gmail.com> wrote:

> I think the problem is that pkcs1pad template needs CRYPTO_MANAGER, but
> your configuration doesn't enable CRYPTO_MANAGER. Could you try this
> please:
> 
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 93a1fdc..1d33beb 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER
>  config CRYPTO_RSA
>  	tristate "RSA algorithm"
>  	select CRYPTO_AKCIPHER
> +	select CRYPTO_MANAGER
>  	select MPILIB
>  	select ASN1
>  	help

Do you want to push this via Herbert's tree?

David

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Tadeusz Struk]

Hi David
On 05/04/2016 02:01 AM, David Howells wrote:
> Do you want to push this via Herbert's tree?
> 

Yes, I think Herbert has some more patches queued for rc-7.
Let me also send a proper one with the signed-off tag.

---8<---
Subject: crypto: rsa - select crypto mgr dependency

The pkcs1pad template needs CRYPTO_MANAGER so it needs
to be explicitly selected by CRYPTO_RSA.

Reported-by: Jamie Heilman <jamie@audible.transient.net>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
 crypto/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 93a1fdc..1d33beb 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER
 config CRYPTO_RSA
 	tristate "RSA algorithm"
 	select CRYPTO_AKCIPHER
+	select CRYPTO_MANAGER
 	select MPILIB
 	select ASN1
 	help

-- 
TS

Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)

[Herbert Xu]

On Wed, May 04, 2016 at 06:38:46AM -0700, Tadeusz Struk wrote:
> Hi David
> On 05/04/2016 02:01 AM, David Howells wrote:
> > Do you want to push this via Herbert's tree?
> > 
> 
> Yes, I think Herbert has some more patches queued for rc-7.
> Let me also send a proper one with the signed-off tag.
> 
> ---8<---
> Subject: crypto: rsa - select crypto mgr dependency
> 
> The pkcs1pad template needs CRYPTO_MANAGER so it needs
> to be explicitly selected by CRYPTO_RSA.
> 
> Reported-by: Jamie Heilman <jamie@audible.transient.net>
> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>

Applied.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt