From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934933AbbLRJMk (ORCPT ); Fri, 18 Dec 2015 04:12:40 -0500 Received: from mout.kundenserver.de ([212.227.17.10]:56340 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966740AbbLRJKb (ORCPT ); Fri, 18 Dec 2015 04:10:31 -0500 From: Arnd Bergmann To: David Howells Cc: keyrings@vger.kernel.org, David Woodhouse , linux-kernel@vger.kernel.org, stable@vger.kernel.org, linux-security-module@vger.kernel.org, Rudolf Polzer , John Stultz Subject: Re: [PATCH 3/5] X.509: Support leap seconds Date: Fri, 18 Dec 2015 10:10:12 +0100 Message-ID: <10024561.ctYHZaznk8@wuerfel> User-Agent: KMail/4.11.5 (Linux/3.16.0-10-generic; KDE/4.11.5; x86_64; ; ) In-Reply-To: <20151218000209.29483.56212.stgit@warthog.procyon.org.uk> References: <20151218000148.29483.67155.stgit@warthog.procyon.org.uk> <20151218000209.29483.56212.stgit@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Provags-ID: V03:K0:uw0SRi4JN85CvX1OKR5b3+88y+h2M7D85OYC+4hF4774crVWoVr n7XwuPd+85K+loCI4eyZm5Sf9bV+aXvCqTCQUXJ2XaA9x+l6nd1zKIYBpYc1JaQ3M7t1Q1k UXihqWONIVzjoM3pomAKX786AXXck3GRTQAYR0nbvzuXkTxHeZw4zOa1OebaIpKdq4VLw0e gjHRtrZqTuC4SXfA+iPxw== X-UI-Out-Filterresults: notjunk:1;V01:K0:VlmlEh1yTsc=:jMsdj1haHL9IdIeO5/kB+f YfM23jjrmjytTasFry31N4ifJnY0gkgKyiM4b05+uIL4VMc72uZLPv/9RgcGyro8LuIHvmXw/ m9GCzP52XYvAz+U5CmvEJTsCYKUXCjpZ6cYp0du4LM683Ft8WYOdjXR0eMcc25XYUNJqgY9aY bp6tTTkS18xNP4we2S6XqdB59jvPE/Q/CgqxCQ4dJAFusMx+slZloEiXSjLnxn7R7/66eipdn EJ21dSQhTKB7mmiWQS6be4S18XrU2zfjc8cSVTUApu0toJ29MuY+BAa9SArSeSlN/mx659ioZ sv8H8KtXFPztxCBM2MMETt9kxegm1ynia/gXamnWsAdg/lVHYGtbmzmLooXV6a0j020ARgDed KnWji1xxLo5WeVDRW6kSa1kJzCSgJtMGBcxzK/Nd+Sx5tUCfQRlbdkyweQurXckSeUQzEBdvg qTx1ZDPhYAu16evxYEnDG36pd/w6VkqPyUXjQ+81qroAPPiyaVEGiO17yrRxSxv7fSNBXD8M3 uNDVAwVbXzKJeptLjAlYpnFNCtY3Zh/66ldNhgyBfBtlSrPQ9D0pHfJjZtsYAb+kHsp/qSRty EuT1Q1iQ+ZopawQWseGw87meMBlpskS7gTkbLMuBw4abmu9pbvHMMEyGjqvSx8+BtEYHr0L5y IFqvBEHRVl4Hs9T/qkUuND7Y5hZMgzrDKz5DGap3qNdydMjmzrOY2kCb/5COu5EXHqxR9IIT3 06xl7aYh0zXCYCjq Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Friday 18 December 2015 00:02:09 David Howells wrote: > The format of ASN.1 GeneralizedTime seems to be specified by ISO 8601 > [X.680 46.3] and this apparently supports leap seconds (ie. the seconds > field is 60). It's not entirely clear that ASN.1 expects it, but we can > relax the seconds check slightly for GeneralizedTime. > > This, however, results in us passing a time with sec as 60 to mktime64() > which, unpatched, doesn't really handle such things. What it will do is > equate the 60th second of a minute to the 0th second of the next minute. > > We can't really do otherwise without giving the kernel much greater > knowledge of where all the leap seconds are. Unfortunately, this would > require change the mapping of the kernel's current-time-in-seconds. > > UTCTime, however, only supports a seconds value in the range 00-59. > > Without this patch, certain X.509 certificates will be rejected, > potentially making a kernel unbootable. > > Reported-by: Rudolf Polzer > Signed-off-by: David Howells > cc: David Woodhouse > cc: John Stultz > cc: Arnd Bergmann > cc: stable@vger.kernel.org Acked-by: Arnd Bergmann