Re: [PATCH 3/5] X.509: Support leap seconds

On Friday 18 December 2015 00:02:09 David Howells wrote: > The format of ASN.1 GeneralizedTime seems to be specified by ISO 8601 > [X.680 46.3] and this apparently supports leap seconds (ie. the seconds > field is 60). It's not entirely clear that ASN.1 expects it, but we can > relax the seconds

Re: [PATCH 2/5] Handle leap seconds in mktime64()

On Friday 18 December 2015 00:02:02 David Howells wrote: > Handle leap seconds in mktime64() - where the seconds parameter is the > value 60 - by treating it the same as 59. > > This facility will be used by the X.509 parser. Doing it in mktime64() > makes the policy common to the whole kernel

Re: [PATCH 4/5] Handle both ISO 8601 encodings of midnight in mktime64()

On Friday 18 December 2015 00:02:17 David Howells wrote: > ISO 8601 format dates permit two different encodings of midnight - 00:00:00 > and 24:00:00 - the first is midnight today and the second is midnight > tomorrow and is exactly equivalent to the first with tomorrow's date. > > Note that the

Re: [PATCH] X.509: Fix determination of self-signedness

On Thu, Dec 17, 2015 at 7:03 PM, David Howells wrote: > Fix determination of whether an X.509 certificate is self-signed or not. > > It is currently assumed that a cert is self-signed if has no > authorityKeyIdentifier or the authorityKeyIdentifier matches the >

Re: [PATCH] X.509: Fix determination of self-signedness

Josh Boyer wrote: > Should this also be Cc'd to stable? Argh. Probably. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at

Re: [GIT PULL] Keys fixes

On Thu, Dec 17, 2015 at 8:10 PM, James Morris wrote: > > David Howells (7): > Handle leap seconds in mktime64() This one is completely wrong. Leap seconds are inserted *at* the minute, not at the secodn before the minute. So this code: + /* Handle leap seconds

Re: [GIT PULL] Keys fixes

On Fri, Dec 18, 2015 at 11:56 AM, John Stultz wrote: > > So leap-seconds are inserted at the minute, but the kernel represents > it as repeating the last second of the day. Maybe there is some reason why you want to do that, but at least from a mktime64() standpoint, it's

Re: [GIT PULL] Keys fixes

On Fri, Dec 18, 2015 at 11:46 AM, Linus Torvalds wrote: > On Thu, Dec 17, 2015 at 8:10 PM, James Morris wrote: >> >> David Howells (7): >> Handle leap seconds in mktime64() > > This one is completely wrong. > > Leap seconds are inserted

Re: [GIT PULL] Keys fixes

On Fri, Dec 18, 2015 at 11:46 AM, Linus Torvalds wrote: > > The fact that people add extra code to make things extra wrong is > annoying. Side note: the key handling extra checks seem pretty pointless too. There's no reason to have those "some time formats allow

Re: [GIT PULL] Keys fixes

On Fri, 18 Dec 2015, Linus Torvalds wrote: > So there is no way in hell I am pulling this. > Sorry for the confusion. Please pull the first patch from here: The following changes since commit 73796d8bf27372e26c2b79881947304c14c2d353: Merge

Re: [GIT PULL] Keys fixes

On Fri, Dec 18, 2015 at 2:37 PM, David Howells wrote: > > Except that it has been argued that they have to be there or someone can use > dates that contribute to the signature to fake a signed content. Admittedly > being able to have a seconds=60 value in somewhere that

Re: Exposing secid to secctx mapping to user-space

On Tue, Dec 15, 2015 at 3:58 PM, Daniel Cashman wrote: > On 12/15/2015 07:00 AM, Stephen Smalley wrote: >> 1. I don't think it is the size of the context that is the concern but >> rather the fact that it is a variable-length string, whereas current >> binder commands use

Re: Exposing secid to secctx mapping to user-space

On Tue, Dec 15, 2015 at 2:09 PM, Joe Nall wrote: >> On Dec 15, 2015, at 12:03 PM, Stephen Smalley wrote: >> Are you patching the kernel to support > 4K contexts? >> Otherwise, I'd expect you run up against the proc and selinuxfs API >> limitations (page size)

Re: [GIT PULL] Keys fixes

Linus Torvalds wrote: > > David Howells (7): > > Handle leap seconds in mktime64() > > This one is completely wrong. > > Leap seconds are inserted *at* the minute, not at the secodn before the > minute. > > So this code: > > + /* Handle leap

Re: [GIT PULL] Keys fixes

Linus Torvalds wrote: > Side note: the key handling extra checks seem pretty pointless too. Except that it has been argued that they have to be there or someone can use dates that contribute to the signature to fake a signed content. Admittedly being able to have