[ANNOUNCE] Linux Security Summit North America 2018 - CFP

2018 is: * James Morris, Microsoft * Serge Hallyn, Cisco * Paul Moore, Red Hat * Stephen Smalley, NSA * Elena Reshetova, Intel * John Johansen, Canonical * Kees Cook, Google * Casey Schaufler, Intel * Mimi Zohar, IBM * David A. Wheeler, Institute for Defense Anal

Re: [PATCH v2] tpm: Move Linux RNG connection to hwrng

missing in [1]. Is it supposed to be that way? > > > > 1. > > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6e592a065d51d26f9d62b8b7501a5114076af8b4 > > > > Thanks, > > PrasannaKumar > > Yes, it would be senseful. >

Re: [PATCH] pkcs7: fix check for self-signed certificate

* don't know them, then we can't accept them. > */ > - if (x509->next == x509) { > + if (x509->signer == x509) { > kleave(" = -ENOKEY [unknown self-signed]"); > return -ENOKEY; > } > -- Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com>

Re: [PATCH] pkcs7: return correct error code if pkcs7_check_authattrs() fails

> ret = pkcs7_check_authattrs(ctx->msg); > - if (ret < 0) > + if (ret < 0) { > + msg = ERR_PTR(ret); > goto out; > + } > > msg = ctx->msg; > ctx->msg = NULL; Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com>

Re: [PATCH] X.509: fix buffer overflow detection in sprint_oid()

-- > 1 file changed, 4 insertions(+), 4 deletions(-) Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com>

Re: [PATCH] X.509: fix comparisons of ->pkey_algo

...@vger.kernel.org> # v4.6+ > Signed-off-by: Eric Biggers <ebigg...@google.com> > --- > crypto/asymmetric_keys/pkcs7_verify.c| 2 +- > crypto/asymmetric_keys/x509_public_key.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com>

Re: [PATCH] crypto: rsa - fix buffer overread when stripping leading zeroes

@@ int rsa_get_n(void *context, size_t hdrlen, unsigned char > tag, > return -EINVAL; > > if (fips_enabled) { > - while (!*ptr && n_sz) { > + while (n_sz && !*ptr) { > ptr++; >

Re: [PATCH] X.509: reject invalid BIT STRING for subjectPublicKey

file changed, 2 insertions(+) Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com>

Re: [PATCH] ASN.1: check for error from ASN1_OP_END__ACT actions

On Sun, 26 Nov 2017, Eric Biggers wrote: > Fixes: 42d5ec27f873 ("X.509: Add an ASN.1 decoder") > Cc: <sta...@vger.kernel.org> # v3.7+ > Signed-off-by: Eric Biggers <ebigg...@google.com> Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com>

Re: [GIT PULL] KEYS: Fixes and crypto fixes

On Wed, 27 Sep 2017, Eric Biggers wrote: > On Thu, Sep 28, 2017 at 09:14:58AM +1000, James Morris wrote: > > On Wed, 27 Sep 2017, David Howells wrote: > > > > > (2) Fixing big_key to use safe crypto from Jason A. Donenfeld. > > > > > > > I'm concer

Re: [GIT PULL] KEYS: Fixes and crypto fixes

s code? If not, it would be good to make some. -- James Morris <jmor...@namei.org>

[ANNOUNCE] Linux Security Summit 2017 - CFP

nput to the development process. WEB SITE http://events.linuxfoundation.org/events/linux-security-summit TWITTER For event updates and announcements, follow: https://twitter.com/LinuxSecSummit PROGRAM COMMITTEE The program committee for LSS 2017 is: * James Morris, Oracle * S

Re: [PATCH] KEYS: Add placeholder for KDF usage with DH

gt; > Is this likely to go to Linus before -rc2? If not, we'll need to do things > differently. It should be ok, I'll see how it goes with Linus. -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the bo

[ANNOUNCE] Linux Security Summit 2016 - CFP

and operational practices * Emerging technologies, threats & techniques Proposals should be submitted via the event web site: http://events.linuxfoundation.org/events/linux-security-summit/program/cfp PROGRAM COMMITTEE The Linux Security Summit for 2016 is organized by: * J

Re: [GIT PULL] KEYS: Miscellaneous bits for security/next

On Fri, 4 Mar 2016, David Howells wrote: > Hi James, > > Could you pull this into security/next, please? > Done. -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to ma

Re: [PATCH v4] keys, trusted: select hash algorithm for TPM2 chips

On Thu, 5 Nov 2015, Jarkko Sakkinen wrote: > v4: > > * Added missing select CRYPTO_HASH_INFO in drivers/char/tpm/Kconfig > > Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> Reviewed-by: James Morris <james.l.mor...@oracle.com> -- Jame

Re: [GIT PULL] Move cert handling to certs/ directory

. Pulled to my next branch, thanks. - James -- James Morris jmor...@namei.org -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/4] ASN.1: Fix handling of CHOICE in ASN.1 compiler

. -- James Morris jmor...@namei.org -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[CFP] Reminder: Linux Security Summit 2015 CFP closes this Friday 5th June

developers -- any interesting/novel application of Linux security or research is welcome. We're also looking for round-table discussion topics, and people to lead those discussions. Get your proposals in soon! - James -- James Morris jmor...@namei.org -- To unsubscribe from this list: send

Re: [GIT PULL] Keyrings: PKCS#7 fixup

in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-next-20140725 for you to fetch changes up to 8f3438ccea149647ad1849651d1e14c7b8b85e63: PKCS#7: Missing inclusion of linux/err.h (2014-07-25 11:33:53 +0100) Thanks, pulled. -- James

Re: [GIT PULL] Keyrings and asymmetric keys patches for 3.17

On Tue, 22 Jul 2014, David Howells wrote: I have a number of sets of patches for you to pull. I've git-merged them together into a single branch (keys-next) as there are some conflicts and tagged the end. Pulled, thanks. -- James Morris jmor...@namei.org -- To unsubscribe from this list

[ANNOUNCE] Linux Security Summit 2013 - CFP

Summit for 2013 is organized by: * James Morris, Oracle * Serge Hallyn, Canonical * Paul Moore, Red Hat * Stephen Smalley, NSA * Joshua Brindle, Quark Security * Herbert Xu, Red Hat * John Johansen, Canonical * Kees Cook, Google * Casey Schaufler, Intel * Mimi

Re: [PATCH 14/16] X.509: Add an ASN.1 decoder

may contain ASN.1 X.509 certificates and we may need to use those very early in the boot process, during initrd. Ok that makes some sense. I'd like to see some serious effort at code review and testing before this code is merged. - James -- James Morris jmor...@namei.org

[ANN] Linux Security Summit 2012 - Announcement and CFP

committee at: lss-pc (_at_) ext.namei.org Abstracts should be approximately 150 words in total. PROGRAM COMMITTEE The Linux Security Summit for 2012 is organized by: * James Morris, Oracle * Serge Hallyn, Canonical * Paul Moore, Red Hat * Stephen Smalley, NSA * Joshua Brindle

Re: [Keyrings] [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]

On Mon, 5 Dec 2011, David Howells wrote: However, we don't have to include the DSA stuff in the kernel; I can always discard that patch from the upstream-aimed patchset. I'd encourage dropping DSA, as there appears to be no legacy justification for its inclusion. - James -- James Morris

Re: [PATCH v2.2 1/7] crypto: GnuPG based MPI lib - source files (part 1)

On Mon, 21 Nov 2011, Kasatkin, Dmitry wrote: It can be easily split into 2 commits and one of them would not comply with mailing list limits. James, should I do anything about it? No, it's in my public tree now. - James -- James Morris jmor...@namei.org -- To unsubscribe from this list

Re: [PATCH v2.1 4/7] crypto: GnuPG based MPI lib - additional sources (part 4)

On Mon, 17 Oct 2011, Kasatkin, Dmitry wrote: It is there for completeness and it will not be even compiled at all without CONFIG_MPILIB_EXTRA Still remove? Yes, please. -- James Morris jmor...@namei.org -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body

Re: [PATCH v2.1 4/7] crypto: GnuPG based MPI lib - additional sources (part 4)

On Fri, 14 Oct 2011, Dmitry Kasatkin wrote: +#if 0/* not yet ported to MPI */ + +mpi_limb_t +mpihelp_udiv_w_sdiv(mpi_limp_t *rp, + mpi_limp_t *a1, mpi_limp_t *a0, mpi_limp_t *d) Drop this if it's not working. -- James Morris jmor

Re: [RFC v2.1 0/6] evm: digital signature verification extension

On Thu, 29 Sep 2011, Herbert Xu wrote: Well if James is OK with adding the user for this then I'm fine with adding the necessary infrastructure. Are you happy with the API? -- James Morris jmor...@namei.org -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body

Re: [RFC v2.1 0/6] evm: digital signature verification extension

On Mon, 26 Sep 2011, Kasatkin, Dmitry wrote: It seems nobody wants to share their thoughts about it? Does this silence mean acceptance? Should I prepare final patches for merge? Not yet. I'd like to hear what the crypto folk think about the crypto. -- James Morris jmor...@namei.org

Re: [RFC v1.1 1/5] crypto: GnuPG based MPI lib

.el6. First thing -- this code needs to be formatted using kernel coding style. - James -- James Morris jmor...@namei.org -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org

Re: [RFC v1.1 2/5] crypto: ksign - digital signature verification support

= (struct pubkey_hdr *)ukp-data; + + if (pkh-version != 1) + return -EINVAL; + + if (pkh-algo != PUBKEY_ALGO_RSA) + return -EINVAL; Are you supposed to be still holding key-sem here? -- James Morris jmor...@namei.org -- To unsubscribe from this list: send

Re: [RFC v1.1 3/5] evm: digital signature support

digital signature. This patch enables RSA signature based integrity verification. This description (also the kconfig text) is not very clear. Perhaps start with what the feature does rather than what the lack of it doesn't. -- James Morris jmor...@namei.org -- To unsubscribe from this list

[ANN] Linux Security Summit 2011 - Announcement and CFP

by: * James Morris, Red Hat * Serge Hallyn, Canonical * Paul Moore, HP * Stephen Smalley, NSA * Joshua Brindle, Tresys * Tetsuo Handa, NTT Data * Herbert Xu, Red Hat * John Johansen, Canonical * Kees Cook, Canonical * Casey Schaufler, Smack Project

Re: [PATCH v1.5 0/5] keys: trusted and encrypted keys

/kernel/git/jmorris/security-testing-2.6#next -- James Morris jmor...@namei.org -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] keys: added cleanup code for trusted and encrypted key types

code into the tree. -- James Morris jmor...@namei.org -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[ANNOUNCE] Linux Security Summit 2010 - Schedule Published

://security.wiki.kernel.org/index.php/LinuxSecuritySummit2010 which will be kept updated with all available information on the event. PROGRAM COMMITTEE The Linux Security Summit for 2010 is organized by: * James Morris, Red Hat * Serge Hallyn, IBM * Paul Moore, HP * Stephen Smalley, NSA