James Morris wrote:
> I'd like to see some serious effort at code review and testing before this
> code is merged.
With regard to testing, I've run multiple simultaneous instances of a number
of test scripts against it continuously for the best part of a day:
(1) A script to generate complete
David Howells wrote:
> > has it been fuzz tested extensively ?
Here's a perl script to generate validly structured X.509 certificates with
random data in them. It can be run as follows:
while :; do ./x509random.pl | keyctl padd asymmetric vlad @s; done
and it can also be made to injec
On Tue, 18 Sep 2012, Alan Cox wrote:
> On Tue, 18 Sep 2012 18:34:12 +0100
> David Howells wrote:
>
> > Alan Cox wrote:
> >
> > > Why do this in the kernel.That appears to be completely insane.
> >
> > A number of reasons:
> >
> > (1) The UEFI signature/key database may contain ASN.1 X.509 c
David Howells wrote:
> Also, here's a generator of random binary ASN.1. I think it should mostly
> produce valid X.509, but invalid ASN.1 is okay too.
> ...
> $len = 4; #
With this line removed, obviously...
David
--
To unsubscribe from this list: send the line "unsubsc
On Tue, 2012-09-18 at 19:51 +0100, Alan Cox wrote:
> On Tue, 18 Sep 2012 18:34:12 +0100
> David Howells wrote:
>
> > Alan Cox wrote:
> >
> > > Why do this in the kernel.That appears to be completely insane.
> >
> > A number of reasons:
> >
> > (1) The UEFI signature/key database may contain
David Howells wrote:
> > has it been fuzz tested extensively ?
Also, here's a generator of random binary ASN.1. I think it should mostly
produce valid X.509, but invalid ASN.1 is okay too.
Run with something like:
while :; do ./asn1random.pl | keyctl padd asymmetric vlad @s; done
Dav
On Tue, 18 Sep 2012 18:34:12 +0100
David Howells wrote:
> Alan Cox wrote:
>
> > Why do this in the kernel.That appears to be completely insane.
>
> A number of reasons:
>
> (1) The UEFI signature/key database may contain ASN.1 X.509 certificates and
> we may need to use those very early
Alan Cox wrote:
> Why do this in the kernel.That appears to be completely insane.
A number of reasons:
(1) The UEFI signature/key database may contain ASN.1 X.509 certificates and
we may need to use those very early in the boot process, during initrd.
(2) Even if userspace is available,
On Fri, 14 Sep 2012 00:50:05 +0100
David Howells wrote:
> Add an ASN.1 BER/DER/CER decoder. This uses the bytecode from the ASN.1
> compiler in the previous patch to inform it as to what to expect to find in
> the
> encoded byte stream. The output from the compiler also tells it what
> functi
9 matches
Mail list logo
