* v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
@ 2016-04-30 8:32 Jamie Heilman
2016-05-03 7:12 ` Herbert Xu
` (2 more replies)
0 siblings, 3 replies; 15+ messages in thread
From: Jamie Heilman @ 2016-04-30 8:32 UTC (permalink / raw)
To: David Howells; +Cc: Herbert Xu, linux-crypto, linux-kernel
I usually build my kernels to require module signatures and use
automatic signing. As of v4.6-rc1 I'm getting this on boot:
Problem loading in-kernel X.509 certificate (-2)
I bisected that to commit d43de6c780a84def056afaf4fb3e66bdaa1efc00
(akcipher: Move the RSA DER encoding check to the crypto layer)
For some reason after this commit my system keyring always ends up
empty. I use the deb-pkg make target. My kernel config can
be found at
http://audible.transient.net/~jamie/k/modsign.config-4.6.0-rc5-guest
Let me know if you need anything else.
--
Jamie Heilman http://audible.transient.net/~jamie/
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-04-30 8:32 v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2) Jamie Heilman
@ 2016-05-03 7:12 ` Herbert Xu
2016-05-03 17:26 ` Jamie Heilman
2016-05-03 8:54 ` David Howells
2016-05-03 9:10 ` David Howells
2 siblings, 1 reply; 15+ messages in thread
From: Herbert Xu @ 2016-05-03 7:12 UTC (permalink / raw)
To: David Howells, linux-crypto, linux-kernel
On Sat, Apr 30, 2016 at 08:32:48AM +0000, Jamie Heilman wrote:
> I usually build my kernels to require module signatures and use
> automatic signing. As of v4.6-rc1 I'm getting this on boot:
>
> Problem loading in-kernel X.509 certificate (-2)
>
> I bisected that to commit d43de6c780a84def056afaf4fb3e66bdaa1efc00
> (akcipher: Move the RSA DER encoding check to the crypto layer)
>
> For some reason after this commit my system keyring always ends up
> empty. I use the deb-pkg make target. My kernel config can
> be found at
> http://audible.transient.net/~jamie/k/modsign.config-4.6.0-rc5-guest
>
> Let me know if you need anything else.
David, any ideas on this problem? If we can't get a quick fix
on this then we'll have to revert.
Jamie, does reverting this patch by itself resolve the problem?
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-04-30 8:32 v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2) Jamie Heilman
2016-05-03 7:12 ` Herbert Xu
@ 2016-05-03 8:54 ` David Howells
2016-05-03 9:10 ` David Howells
2 siblings, 0 replies; 15+ messages in thread
From: David Howells @ 2016-05-03 8:54 UTC (permalink / raw)
To: Jamie Heilman; +Cc: dhowells, Herbert Xu, linux-crypto, linux-kernel
Jamie Heilman <jamie@audible.transient.net> wrote:
> I usually build my kernels to require module signatures and use
> automatic signing. As of v4.6-rc1 I'm getting this on boot:
>
> Problem loading in-kernel X.509 certificate (-2)
>
> I bisected that to commit d43de6c780a84def056afaf4fb3e66bdaa1efc00
> (akcipher: Move the RSA DER encoding check to the crypto layer)
>
> For some reason after this commit my system keyring always ends up
> empty. I use the deb-pkg make target. My kernel config can
> be found at
> http://audible.transient.net/~jamie/k/modsign.config-4.6.0-rc5-guest
Do you have an example malfunctioning certificate that I can have a look at?
David
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-04-30 8:32 v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2) Jamie Heilman
2016-05-03 7:12 ` Herbert Xu
2016-05-03 8:54 ` David Howells
@ 2016-05-03 9:10 ` David Howells
2016-05-03 17:25 ` Jamie Heilman
2016-05-03 20:35 ` David Howells
2 siblings, 2 replies; 15+ messages in thread
From: David Howells @ 2016-05-03 9:10 UTC (permalink / raw)
To: Jamie Heilman; +Cc: dhowells, Herbert Xu, linux-crypto, linux-kernel
> Problem loading in-kernel X.509 certificate (-2)
ENOENT? Hmmm... The only place that is generated is in the crypto layer.
That suggests missing crypto of some sort.
The attached patch enables some debugging in some relevant files if you can
try applying it to your kernel.
David
---
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 50be2a15e531..573b3960867b 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -8,7 +8,7 @@
* as published by the Free Software Foundation; either version
* 2 of the Licence, or (at your option) any later version.
*/
-
+#define DEBUG
#define pr_fmt(fmt) "PKCS7: "fmt
#include <linux/kernel.h>
#include <linux/export.h>
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 0f8b264b3961..99f297129381 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -10,7 +10,7 @@
* as published by the Free Software Foundation; either version
* 2 of the Licence, or (at your option) any later version.
*/
-
+#define DEBUG
#define pr_fmt(fmt) "PKEY: "fmt
#include <linux/module.h>
#include <linux/export.h>
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 733c046aacc6..373d472022ef 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -8,7 +8,7 @@
* as published by the Free Software Foundation; either version
* 2 of the Licence, or (at your option) any later version.
*/
-
+#define DEBUG
#define pr_fmt(fmt) "X.509: "fmt
#include <linux/module.h>
#include <linux/kernel.h>
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-03 9:10 ` David Howells
@ 2016-05-03 17:25 ` Jamie Heilman
2016-05-03 20:35 ` David Howells
1 sibling, 0 replies; 15+ messages in thread
From: Jamie Heilman @ 2016-05-03 17:25 UTC (permalink / raw)
To: David Howells; +Cc: Herbert Xu, linux-crypto, linux-kernel
David Howells wrote:
> > Problem loading in-kernel X.509 certificate (-2)
>
> ENOENT? Hmmm... The only place that is generated is in the crypto layer.
> That suggests missing crypto of some sort.
>
> The attached patch enables some debugging in some relevant files if you can
> try applying it to your kernel.
Alrighty, presumably relevant bits:
X.509: Cert Issuer: Build time autogenerated kernel key
X.509: Cert Subject: Build time autogenerated kernel key
X.509: Cert Key Algo: rsa
X.509: Cert Valid period: 1461826791-4615426791
X.509: Cert Signature: rsa + sha512
X.509: ==>x509_check_signature()
X.509: ==>x509_get_sig_params()
X.509: <==x509_get_sig_params() = 0
PKEY: ==>public_key_verify_signature()
X.509: Cert Verification: -2
Problem loading in-kernel X.509 certificate (-2)
...
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [0b f2 1f 7e f0 37 12 e6]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [5b b5 bb 52 28 05 ba 55]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11
PKCS7: ==> pkcs7_verify()
PKCS7: ==> pkcs7_verify_one(,1)
PKCS7: ==> pkcs7_digest(,1,sha512)
PKCS7: MsgDigest = [94 a4 59 31 7f a9 d0 3a]
PKCS7: <== pkcs7_digest() = 0
PKCS7: ==> pkcs7_find_key(1)
PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579)
PKCS7: <== pkcs7_verify() = 0
X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579"
X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11
full dmesg at http://audible.transient.net/~jamie/k/modsign.dmesg-debugging
--
Jamie Heilman http://audible.transient.net/~jamie/
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-03 7:12 ` Herbert Xu
@ 2016-05-03 17:26 ` Jamie Heilman
0 siblings, 0 replies; 15+ messages in thread
From: Jamie Heilman @ 2016-05-03 17:26 UTC (permalink / raw)
To: Herbert Xu; +Cc: David Howells, linux-crypto, linux-kernel
Herbert Xu wrote:
> On Sat, Apr 30, 2016 at 08:32:48AM +0000, Jamie Heilman wrote:
> > I usually build my kernels to require module signatures and use
> > automatic signing. As of v4.6-rc1 I'm getting this on boot:
> >
> > Problem loading in-kernel X.509 certificate (-2)
> >
> > I bisected that to commit d43de6c780a84def056afaf4fb3e66bdaa1efc00
> > (akcipher: Move the RSA DER encoding check to the crypto layer)
> >
> > For some reason after this commit my system keyring always ends up
> > empty. I use the deb-pkg make target. My kernel config can
> > be found at
> > http://audible.transient.net/~jamie/k/modsign.config-4.6.0-rc5-guest
> >
> > Let me know if you need anything else.
>
> David, any ideas on this problem? If we can't get a quick fix
> on this then we'll have to revert.
>
> Jamie, does reverting this patch by itself resolve the problem?
Haven't tried that, given the nature of the change I just assumed
it would break too much, but I'll give it a shot this evening after
work.
--
Jamie Heilman http://audible.transient.net/~jamie/
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-03 9:10 ` David Howells
2016-05-03 17:25 ` Jamie Heilman
@ 2016-05-03 20:35 ` David Howells
2016-05-03 20:55 ` Tadeusz Struk
2016-05-04 2:26 ` Jamie Heilman
1 sibling, 2 replies; 15+ messages in thread
From: David Howells @ 2016-05-03 20:35 UTC (permalink / raw)
To: Jamie Heilman
Cc: dhowells, Herbert Xu, linux-crypto, linux-kernel, tadeusz.struk
(cc'ing Tadeusz as he did the pkcs1 padding function)
Jamie Heilman <jamie@audible.transient.net> wrote:
> > > Problem loading in-kernel X.509 certificate (-2)
> >
> > ENOENT? Hmmm... The only place that is generated is in the crypto layer.
> > That suggests missing crypto of some sort.
> >
> > The attached patch enables some debugging in some relevant files if you can
> > try applying it to your kernel.
>
> Alrighty, presumably relevant bits:
>
> X.509: Cert Issuer: Build time autogenerated kernel key
> X.509: Cert Subject: Build time autogenerated kernel key
> X.509: Cert Key Algo: rsa
> X.509: Cert Valid period: 1461826791-4615426791
> X.509: Cert Signature: rsa + sha512
> X.509: ==>x509_check_signature()
> X.509: ==>x509_get_sig_params()
> X.509: <==x509_get_sig_params() = 0
> PKEY: ==>public_key_verify_signature()
> X.509: Cert Verification: -2
Hmmm... Okay, the only ways out of public_key_verify_signature() without
printing a leaving message are for snprintf() to overrun (which would return
error -22) or for crypto_alloc_akcipher() to have failed; everything else must
go through the kleave() at the pr_devel() at the bottom of the function.
Can you stick:
pr_devel("ALGO: %s\n", alg_name);
immediately before this line:
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
and try it again?
Thanks,
David
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-03 20:35 ` David Howells
@ 2016-05-03 20:55 ` Tadeusz Struk
2016-05-04 2:25 ` Jamie Heilman
2016-05-04 2:26 ` Jamie Heilman
1 sibling, 1 reply; 15+ messages in thread
From: Tadeusz Struk @ 2016-05-03 20:55 UTC (permalink / raw)
To: David Howells, Jamie Heilman; +Cc: Herbert Xu, linux-crypto, linux-kernel
Hi Jamie,
On 05/03/2016 01:35 PM, David Howells wrote:
> (cc'ing Tadeusz as he did the pkcs1 padding function)
>
> Jamie Heilman <jamie@audible.transient.net> wrote:
>
>>>> Problem loading in-kernel X.509 certificate (-2)
>>>
>>> ENOENT? Hmmm... The only place that is generated is in the crypto layer.
>>> That suggests missing crypto of some sort.
>>>
>>> The attached patch enables some debugging in some relevant files if you can
>>> try applying it to your kernel.
>>
>> Alrighty, presumably relevant bits:
>>
>> X.509: Cert Issuer: Build time autogenerated kernel key
>> X.509: Cert Subject: Build time autogenerated kernel key
>> X.509: Cert Key Algo: rsa
>> X.509: Cert Valid period: 1461826791-4615426791
>> X.509: Cert Signature: rsa + sha512
>> X.509: ==>x509_check_signature()
>> X.509: ==>x509_get_sig_params()
>> X.509: <==x509_get_sig_params() = 0
>> PKEY: ==>public_key_verify_signature()
>> X.509: Cert Verification: -2
>
> Hmmm... Okay, the only ways out of public_key_verify_signature() without
> printing a leaving message are for snprintf() to overrun (which would return
> error -22) or for crypto_alloc_akcipher() to have failed; everything else must
> go through the kleave() at the pr_devel() at the bottom of the function.
>
> Can you stick:
>
> pr_devel("ALGO: %s\n", alg_name);
>
> immediately before this line:
>
> tfm = crypto_alloc_akcipher(alg_name, 0, 0);
>
> and try it again?
>
Could you please check if this one fixes the problem for you:
https://patchwork.kernel.org/patch/8766361/
Thanks,
--
TS
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-03 20:55 ` Tadeusz Struk
@ 2016-05-04 2:25 ` Jamie Heilman
0 siblings, 0 replies; 15+ messages in thread
From: Jamie Heilman @ 2016-05-04 2:25 UTC (permalink / raw)
To: Tadeusz Struk; +Cc: David Howells, Herbert Xu, linux-crypto, linux-kernel
Tadeusz Struk wrote:
> Could you please check if this one fixes the problem for you:
> https://patchwork.kernel.org/patch/8766361/
That patch is already present by 4.6-rc5 and the problem still exists,
so no, it doesn't.
--
Jamie Heilman http://audible.transient.net/~jamie/
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-03 20:35 ` David Howells
2016-05-03 20:55 ` Tadeusz Struk
@ 2016-05-04 2:26 ` Jamie Heilman
2016-05-04 4:34 ` Tadeusz Struk
2016-05-04 9:01 ` David Howells
1 sibling, 2 replies; 15+ messages in thread
From: Jamie Heilman @ 2016-05-04 2:26 UTC (permalink / raw)
To: David Howells; +Cc: Herbert Xu, linux-crypto, linux-kernel, tadeusz.struk
David Howells wrote:
> (cc'ing Tadeusz as he did the pkcs1 padding function)
>
> Jamie Heilman <jamie@audible.transient.net> wrote:
>
> > > > Problem loading in-kernel X.509 certificate (-2)
> > >
> > > ENOENT? Hmmm... The only place that is generated is in the crypto layer.
> > > That suggests missing crypto of some sort.
> > >
> > > The attached patch enables some debugging in some relevant files if you can
> > > try applying it to your kernel.
> >
> > Alrighty, presumably relevant bits:
> >
> > X.509: Cert Issuer: Build time autogenerated kernel key
> > X.509: Cert Subject: Build time autogenerated kernel key
> > X.509: Cert Key Algo: rsa
> > X.509: Cert Valid period: 1461826791-4615426791
> > X.509: Cert Signature: rsa + sha512
> > X.509: ==>x509_check_signature()
> > X.509: ==>x509_get_sig_params()
> > X.509: <==x509_get_sig_params() = 0
> > PKEY: ==>public_key_verify_signature()
> > X.509: Cert Verification: -2
>
> Hmmm... Okay, the only ways out of public_key_verify_signature() without
> printing a leaving message are for snprintf() to overrun (which would return
> error -22) or for crypto_alloc_akcipher() to have failed; everything else must
> go through the kleave() at the pr_devel() at the bottom of the function.
>
> Can you stick:
>
> pr_devel("ALGO: %s\n", alg_name);
>
> immediately before this line:
>
> tfm = crypto_alloc_akcipher(alg_name, 0, 0);
>
> and try it again?
PKEY: ALGO: pkcs1pad(rsa,sha512)
--
Jamie Heilman http://audible.transient.net/~jamie/
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-04 2:26 ` Jamie Heilman
@ 2016-05-04 4:34 ` Tadeusz Struk
2016-05-04 4:53 ` Jamie Heilman
2016-05-04 9:01 ` David Howells
1 sibling, 1 reply; 15+ messages in thread
From: Tadeusz Struk @ 2016-05-04 4:34 UTC (permalink / raw)
To: Jamie Heilman
Cc: David Howells, Herbert Xu, linux-crypto, linux-kernel, tadeusz.struk
On 05/03/2016 07:26 PM, Jamie Heilman wrote:
>>> Alrighty, presumably relevant bits:
>>> > >
>>> > > X.509: Cert Issuer: Build time autogenerated kernel key
>>> > > X.509: Cert Subject: Build time autogenerated kernel key
>>> > > X.509: Cert Key Algo: rsa
>>> > > X.509: Cert Valid period: 1461826791-4615426791
>>> > > X.509: Cert Signature: rsa + sha512
>>> > > X.509: ==>x509_check_signature()
>>> > > X.509: ==>x509_get_sig_params()
>>> > > X.509: <==x509_get_sig_params() = 0
>>> > > PKEY: ==>public_key_verify_signature()
>>> > > X.509: Cert Verification: -2
>> >
>> > Hmmm... Okay, the only ways out of public_key_verify_signature() without
>> > printing a leaving message are for snprintf() to overrun (which would return
>> > error -22) or for crypto_alloc_akcipher() to have failed; everything else must
>> > go through the kleave() at the pr_devel() at the bottom of the function.
>> >
>> > Can you stick:
>> >
>> > pr_devel("ALGO: %s\n", alg_name);
>> >
>> > immediately before this line:
>> >
>> > tfm = crypto_alloc_akcipher(alg_name, 0, 0);
>> >
>> > and try it again?
> PKEY: ALGO: pkcs1pad(rsa,sha512)
I think the problem is that pkcs1pad template needs CRYPTO_MANAGER, but
your configuration doesn't enable CRYPTO_MANAGER. Could you try this
please:
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 93a1fdc..1d33beb 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER
config CRYPTO_RSA
tristate "RSA algorithm"
select CRYPTO_AKCIPHER
+ select CRYPTO_MANAGER
select MPILIB
select ASN1
help
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-04 4:34 ` Tadeusz Struk
@ 2016-05-04 4:53 ` Jamie Heilman
0 siblings, 0 replies; 15+ messages in thread
From: Jamie Heilman @ 2016-05-04 4:53 UTC (permalink / raw)
To: Tadeusz Struk
Cc: David Howells, Herbert Xu, linux-crypto, linux-kernel, tadeusz.struk
Tadeusz Struk wrote:
> On 05/03/2016 07:26 PM, Jamie Heilman wrote:
> >>> Alrighty, presumably relevant bits:
> >>> > >
> >>> > > X.509: Cert Issuer: Build time autogenerated kernel key
> >>> > > X.509: Cert Subject: Build time autogenerated kernel key
> >>> > > X.509: Cert Key Algo: rsa
> >>> > > X.509: Cert Valid period: 1461826791-4615426791
> >>> > > X.509: Cert Signature: rsa + sha512
> >>> > > X.509: ==>x509_check_signature()
> >>> > > X.509: ==>x509_get_sig_params()
> >>> > > X.509: <==x509_get_sig_params() = 0
> >>> > > PKEY: ==>public_key_verify_signature()
> >>> > > X.509: Cert Verification: -2
> >> >
> >> > Hmmm... Okay, the only ways out of public_key_verify_signature() without
> >> > printing a leaving message are for snprintf() to overrun (which would return
> >> > error -22) or for crypto_alloc_akcipher() to have failed; everything else must
> >> > go through the kleave() at the pr_devel() at the bottom of the function.
> >> >
> >> > Can you stick:
> >> >
> >> > pr_devel("ALGO: %s\n", alg_name);
> >> >
> >> > immediately before this line:
> >> >
> >> > tfm = crypto_alloc_akcipher(alg_name, 0, 0);
> >> >
> >> > and try it again?
> > PKEY: ALGO: pkcs1pad(rsa,sha512)
>
> I think the problem is that pkcs1pad template needs CRYPTO_MANAGER, but
> your configuration doesn't enable CRYPTO_MANAGER. Could you try this
> please:
>
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 93a1fdc..1d33beb 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER
> config CRYPTO_RSA
> tristate "RSA algorithm"
> select CRYPTO_AKCIPHER
> + select CRYPTO_MANAGER
> select MPILIB
> select ASN1
> help
Yep, that does indeed make everything work again.
--
Jamie Heilman http://audible.transient.net/~jamie/
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-04 2:26 ` Jamie Heilman
2016-05-04 4:34 ` Tadeusz Struk
@ 2016-05-04 9:01 ` David Howells
2016-05-04 13:38 ` Tadeusz Struk
1 sibling, 1 reply; 15+ messages in thread
From: David Howells @ 2016-05-04 9:01 UTC (permalink / raw)
To: Tadeusz Struk
Cc: dhowells, Jamie Heilman, Herbert Xu, linux-crypto, linux-kernel,
tadeusz.struk
Tadeusz Struk <tstruk@gmail.com> wrote:
> I think the problem is that pkcs1pad template needs CRYPTO_MANAGER, but
> your configuration doesn't enable CRYPTO_MANAGER. Could you try this
> please:
>
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 93a1fdc..1d33beb 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER
> config CRYPTO_RSA
> tristate "RSA algorithm"
> select CRYPTO_AKCIPHER
> + select CRYPTO_MANAGER
> select MPILIB
> select ASN1
> help
Do you want to push this via Herbert's tree?
David
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-04 9:01 ` David Howells
@ 2016-05-04 13:38 ` Tadeusz Struk
2016-05-05 6:46 ` Herbert Xu
0 siblings, 1 reply; 15+ messages in thread
From: Tadeusz Struk @ 2016-05-04 13:38 UTC (permalink / raw)
To: David Howells, Herbert Xu
Cc: Tadeusz Struk, Jamie Heilman, linux-crypto, linux-kernel
Hi David
On 05/04/2016 02:01 AM, David Howells wrote:
> Do you want to push this via Herbert's tree?
>
Yes, I think Herbert has some more patches queued for rc-7.
Let me also send a proper one with the signed-off tag.
---8<---
Subject: crypto: rsa - select crypto mgr dependency
The pkcs1pad template needs CRYPTO_MANAGER so it needs
to be explicitly selected by CRYPTO_RSA.
Reported-by: Jamie Heilman <jamie@audible.transient.net>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
crypto/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 93a1fdc..1d33beb 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -96,6 +96,7 @@ config CRYPTO_AKCIPHER
config CRYPTO_RSA
tristate "RSA algorithm"
select CRYPTO_AKCIPHER
+ select CRYPTO_MANAGER
select MPILIB
select ASN1
help
--
TS
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2)
2016-05-04 13:38 ` Tadeusz Struk
@ 2016-05-05 6:46 ` Herbert Xu
0 siblings, 0 replies; 15+ messages in thread
From: Herbert Xu @ 2016-05-05 6:46 UTC (permalink / raw)
To: Tadeusz Struk
Cc: David Howells, Tadeusz Struk, Jamie Heilman, linux-crypto, linux-kernel
On Wed, May 04, 2016 at 06:38:46AM -0700, Tadeusz Struk wrote:
> Hi David
> On 05/04/2016 02:01 AM, David Howells wrote:
> > Do you want to push this via Herbert's tree?
> >
>
> Yes, I think Herbert has some more patches queued for rc-7.
> Let me also send a proper one with the signed-off tag.
>
> ---8<---
> Subject: crypto: rsa - select crypto mgr dependency
>
> The pkcs1pad template needs CRYPTO_MANAGER so it needs
> to be explicitly selected by CRYPTO_RSA.
>
> Reported-by: Jamie Heilman <jamie@audible.transient.net>
> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Applied.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2016-05-05 6:46 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-30 8:32 v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2) Jamie Heilman
2016-05-03 7:12 ` Herbert Xu
2016-05-03 17:26 ` Jamie Heilman
2016-05-03 8:54 ` David Howells
2016-05-03 9:10 ` David Howells
2016-05-03 17:25 ` Jamie Heilman
2016-05-03 20:35 ` David Howells
2016-05-03 20:55 ` Tadeusz Struk
2016-05-04 2:25 ` Jamie Heilman
2016-05-04 2:26 ` Jamie Heilman
2016-05-04 4:34 ` Tadeusz Struk
2016-05-04 4:53 ` Jamie Heilman
2016-05-04 9:01 ` David Howells
2016-05-04 13:38 ` Tadeusz Struk
2016-05-05 6:46 ` Herbert Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.