LinuxSecSummit
#linuxsecuritysummit
PROGRAM COMMITTEE
The program committee for LSS 2021 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Cisco
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Sc
rs at all, and
this will work with existing signed modules?
--
James Morris
On Thu, 21 Jun 2018, Herbert Xu wrote:
> Hi James:
>
> I presume you will pick this up then?
I will -- not sure why David hasn't merged it into his tree.
Can I add your acked or reviewed by?
--
James Morris
re
> > > is missing/invalid
> >
> > Kernel modules signature verification probably has similar problem, too.
> >
> > That's why it would be nice if you could ack this patch, please.
>
> David/James, is there an issue with the patch?
Not from my POV.
--
James Morris
S 2018 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Red Hat
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Schaufler, Intel
* Mimi Zohar, IBM
* David A. Wheeler, Institute for Defense Analys
to be that way?
> >
> > 1.
> > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6e592a065d51d26f9d62b8b7501a5114076af8b4
> >
> > Thanks,
> > PrasannaKumar
>
> Yes, it would be senseful.
>
> James, would it still be possible to amend this tag to security tree?
Nope, it's been pushed to Linus.
--
James Morris
#x27;t know them, then we can't accept them.
> */
> - if (x509->next == x509) {
> + if (x509->signer == x509) {
> kleave(" = -ENOKEY [unknown self-signed]");
> return -ENOKEY;
> }
> --
Reviewed-by: James Morris
--
James Morris
;
> - if (ret < 0)
> + if (ret < 0) {
> + msg = ERR_PTR(ret);
> goto out;
> + }
>
> msg = ctx->msg;
> ctx->msg = NULL;
Reviewed-by: James Morris
--
James Morris
On Sun, 26 Nov 2017, Eric Biggers wrote:
>
> Fixes: 4f73175d0375 ("X.509: Add utility functions to render OIDs as strings")
> Cc: Takashi Iwai
> Signed-off-by: Eric Biggers
> ---
> lib/oid_registry.c | 8
> 1 file changed, 4 insertions(+), 4 deletions
gers
> ---
> crypto/asymmetric_keys/pkcs7_verify.c| 2 +-
> crypto/asymmetric_keys/x509_public_key.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: James Morris
--
James Morris
return -EINVAL;
>
> if (fips_enabled) {
> - while (!*ptr && n_sz) {
> + while (n_sz && !*ptr) {
> ptr++;
> n_sz--;
> }
Reviewed-by: James Morris
--
James Morris
On Sun, 26 Nov 2017, Eric Biggers wrote:
> Fixes: 42d5ec27f873 ("X.509: Add an ASN.1 decoder")
> Cc: # v3.7+
> Signed-off-by: Eric Biggers
> ---
> crypto/asymmetric_keys/x509_cert_parser.c | 2 ++
> 1 file changed, 2 insertions(+)
Reviewed-by: James Morris
--
James Morris
On Sun, 26 Nov 2017, Eric Biggers wrote:
> Fixes: 42d5ec27f873 ("X.509: Add an ASN.1 decoder")
> Cc: # v3.7+
> Signed-off-by: Eric Biggers
Reviewed-by: James Morris
--
James Morris
On Wed, 27 Sep 2017, Eric Biggers wrote:
> On Thu, Sep 28, 2017 at 09:14:58AM +1000, James Morris wrote:
> > On Wed, 27 Sep 2017, David Howells wrote:
> >
> > > (2) Fixing big_key to use safe crypto from Jason A. Donenfeld.
> > >
> >
> > I'm c
s code? If not, it would be good to make
some.
--
James Morris
ut to the
development process.
WEB SITE
http://events.linuxfoundation.org/events/linux-security-summit
TWITTER
For event updates and announcements, follow:
https://twitter.com/LinuxSecSummit
PROGRAM COMMITTEE
The program committee for LSS 2017 is:
* James Morris, Oracle
> Is this likely to go to Linus before -rc2? If not, we'll need to do things
> differently.
It should be ok, I'll see how it goes with Linus.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to m
t and operational practices
* Emerging technologies, threats & techniques
Proposals should be submitted via the event web site:
http://events.linuxfoundation.org/events/linux-security-summit/program/cfp
PROGRAM COMMITTEE
The Linux Security Summit for 2016 is organized by:
On Fri, 4 Mar 2016, David Howells wrote:
> Hi James,
>
> Could you pull this into security/next, please?
>
Done.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More m
at you'll
> > fix it up later. Sorry for the misunderstanding. Do you want me to
> > revert?
>
> If you can back them out, I'll apply them to my keys-next branch. Unless
> James is willing to rebase security/next on top of your crypto branch?
>
I don't want to
On Thu, 5 Nov 2015, Jarkko Sakkinen wrote:
> v4:
>
> * Added missing select CRYPTO_HASH_INFO in drivers/char/tpm/Kconfig
>
> Signed-off-by: Jarkko Sakkinen
Reviewed-by: James Morris
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux
> place to make them easier to find and clean up.
>
Pulled to my next branch, thanks.
- James
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
his
class of bugfix.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
ate in the -rc cycle.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
even developers -- any
interesting/novel application of Linux security or research is welcome.
We're also looking for round-table discussion topics, and people to lead
those discussions.
Get your proposals in soon!
- James
--
James Morris
--
To unsubscribe from this list: send the line &q
#7: Missing inclusion of linux/err.h (2014-07-25 11:33:53 +0100)
Thanks, pulled.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 22 Jul 2014, David Howells wrote:
> I have a number of sets of patches for you to pull. I've git-merged them
> together into a single branch (keys-next) as there are some conflicts and
> tagged the end.
Pulled, thanks.
--
James Morris
--
To unsubscribe from this list:
The Linux Security Summit for 2013 is organized by:
* James Morris, Oracle
* Serge Hallyn, Canonical
* Paul Moore, Red Hat
* Stephen Smalley, NSA
* Joshua Brindle, Quark Security
* Herbert Xu, Red Hat
* John Johansen, Canonical
* Kees Cook, Google
* Cas
On Wed, 30 Jan 2013, Dmitry Kasatkin wrote:
> From: Andy Shevchenko
>
> Remove MIN, MAX and ABS macros that are duplicates kernel's native
> implementation.
>
> Signed-off-by: Andy Shevchenko
Applied.
As maintainer, you should have added your signed-off-by.
On Wed, 30 Jan 2013, Dmitry Kasatkin wrote:
> In existing use case, copying of the decoded data is unnecessary in
> pkcs_1_v1_5_decode_emsa. It is just enough to get pointer to the message.
> Removing copying and extra buffer allocation.
Applied.
--
James Morris
--
To unsubscribe
he UEFI signature/key database may contain ASN.1 X.509 certificates
> > and
> > we may need to use those very early in the boot process, during initrd.
>
> Ok that makes some sense.
I'd like to see some serious effort at code review and testing before this
code is m
mail to the program
committee at: lss-pc (_at_) ext.namei.org
Abstracts should be approximately 150 words in total.
PROGRAM COMMITTEE
The Linux Security Summit for 2012 is organized by:
* James Morris, Oracle
* Serge Hallyn, Canonical
* Paul Moore, Red Hat
* Stephen Smalle
On Mon, 5 Dec 2011, David Howells wrote:
> However, we don't have to include the DSA stuff in the kernel; I can always
> discard that patch from the upstream-aimed patchset.
I'd encourage dropping DSA, as there appears to be no legacy justification
for its inclusion.
- James
On Mon, 21 Nov 2011, Kasatkin, Dmitry wrote:
> It can be easily split into 2 commits and one of them would not comply
> with mailing list limits.
>
> James, should I do anything about it?
No, it's in my public tree now.
- James
--
James Morris
--
To unsubscribe from this li
On Mon, 17 Oct 2011, Kasatkin, Dmitry wrote:
> It is there for completeness and it will not be even compiled at all
> without CONFIG_MPILIB_EXTRA
>
> Still remove?
Yes, please.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto&
On Fri, 14 Oct 2011, Dmitry Kasatkin wrote:
> +#if 0/* not yet ported to MPI */
> +
> +mpi_limb_t
> +mpihelp_udiv_w_sdiv(mpi_limp_t *rp,
> + mpi_limp_t *a1, mpi_limp_t *a0, mpi_limp_t *d)
Drop this if it's not working.
--
type.
Also, kmalloc return values do not need to be cast, they're void *.
> +EXPORT_SYMBOL(mpi_alloc);
New interfaces should be EXPORT_SYMBOL_GPL.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@
On Thu, 29 Sep 2011, Herbert Xu wrote:
> Well if James is OK with adding the user for this then I'm fine
> with adding the necessary infrastructure.
Are you happy with the API?
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
On Mon, 26 Sep 2011, Kasatkin, Dmitry wrote:
> It seems nobody wants to share their thoughts about it?
> Does this silence mean acceptance?
> Should I prepare final patches for merge?
Not yet.
I'd like to hear what the crypto folk think about the crypto.
--
James Morris
--
gital signature.
> This patch enables RSA signature based integrity verification.
This description (also the kconfig text) is not very clear. Perhaps start
with what the feature does rather than what the lack of it doesn't.
--
James Morris
--
To unsubscribe from this list: send the
t; + down_read(&key->sem);
> + ukp = key->payload.data;
> + pkh = (struct pubkey_hdr *)ukp->data;
> +
> + if (pkh->version != 1)
> + return -EINVAL;
> +
> + if (pkh->algo != PUBKEY_ALGO_RSA)
> + return -EINVAL;
Are you
6.
First thing -- this code needs to be formatted using kernel coding style.
- James
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
inux Security Summit for 2011 is organized by:
* James Morris, Red Hat
* Serge Hallyn, Canonical
* Paul Moore, HP
* Stephen Smalley, NSA
* Joshua Brindle, Tresys
* Tetsuo Handa, NTT Data
* Herbert Xu, Red Hat
* John Johansen, Canonical
* Kees Cook, Canonical
* Casey
kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
ommit known-broken code into the tree.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Updates and announcements about the event will also be sent to
the list.
WEB SITE
Please also note the Linux Security Summit web site:
https://security.wiki.kernel.org/index.php/LinuxSecuritySummit2010
which will be kept updated with all available information on the event.
PRO
tySummit2010
which will be kept updated with all available information on the event.
PROGRAM COMMITTEE
The Linux Security Summit for 2010 is organized by:
* James Morris, Red Hat
* Serge Hallyn, IBM
* Paul Moore, HP
* Stephen Smalley, NSA
* Joshua Brindle
nes whether sleeping is allowed. Unlike the earlier version,
> the default is to not allow sleeping. This ensures that no existing code
> can break.
>
> As usual, this flag may either be set through crypto_alloc_tfm(), or
> just before a specific crypto operation.
>
> Sign
48 matches
Mail list logo