Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service
- To: 1012741@bugs.debian.org
- Subject: Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service
- From: Ansgar <ansgar@debian.org>
- Date: Mon, 04 Jul 2022 14:04:05 +0200
- Message-id: <[🔎] 2d348f2b19734f30c518a9abcc9b444b679f010d.camel@43-1.org>
- Reply-to: Ansgar <ansgar@debian.org>, 1012741@bugs.debian.org
- In-reply-to: <7e79a9f48d57850fa7a7a0c0afe6b10c47efa21f.camel@decadent.org.uk>
- References: <165510108027.13973.10383758976508782069.reportbug@coffee.vetmed.illinois.edu> <afc8d12b177c4bb8bfbf8cbd59224afaca9f4446.camel@decadent.org.uk> <4b3a65d604f01e435b58d469b0ea8a46fb3338dd.camel@decadent.org.uk> <551f036b26fbefa33fb2cf41ac8396bda157a7bb.camel@decadent.org.uk> <7e79a9f48d57850fa7a7a0c0afe6b10c47efa21f.camel@decadent.org.uk> <165510108027.13973.10383758976508782069.reportbug@coffee.vetmed.illinois.edu>
On Sun, 19 Jun 2022 12:59:55 +0200 Ben Hutchings wrote:
> > I'm now looking at whether the missing bytes are recoverable (e.g. are
> > they always zeroes).
> [...]
>
> I wrote a script to try all possible byte values for 2 bytes before or
> after the short signature. For this particular file, none of them
> producd a valid signature. So the short signatures seem to be
> corrupted in a more complex way.
The "OCTET STRING" containing the actual signature is shorter for the
seemingly corrupted signatures:
+---
| $dumpasn1 ./linux-image-4.19.0-21-amd64-unsigned/lib/modules/4.19.0-21-amd64/kernel/net/openvswitch/vport-vxlan.ko.sig
| 0 404: SEQUENCE {
| [...]
| 151 254: OCTET STRING
+---
vs
+---
| $ dumpasn1 ./linux-image-4.19.0-21-cloud-amd64-unsigned/lib/modules/4.19.0-21-cloud-amd64/kernel/net/openvswitch/vport-vxlan.ko.sig
| 0 407: SEQUENCE {
| [...]
| 151 256: OCTET STRING
+---
Given the number of corrupted signatures is pretty much the number of
signatures where the two leading bytes should be 0 (as stated in [1]),
I suspect something (incorrectly?) outputs a shorter OCTET STRING
leaving out the 0 (as one might for a large integer type), but the
other side expects a fixed size?
If so, the file should validate if one injects two leading 0 bytes in
the OCTET STRING (and updates all length values). I would need to check
how to manipulate files using ASN.1's DER encoding to try this...
Ansgar
[1]: https://bugs.debian.org/1012741#48
Reply to: