| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260211032935.2705841-4-alistair.francis@wdc.com>
Date: Wed, 11 Feb 2026 13:29:10 +1000
From: alistair23@...il.com
To: bhelgaas@...gle.com,
lukas@...ner.de,
rust-for-linux@...r.kernel.org,
akpm@...ux-foundation.org,
linux-pci@...r.kernel.org,
Jonathan.Cameron@...wei.com,
linux-cxl@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: alex.gaynor@...il.com,
benno.lossin@...ton.me,
boqun.feng@...il.com,
a.hindborg@...nel.org,
gary@...yguo.net,
bjorn3_gh@...tonmail.com,
tmgross@...ch.edu,
alistair23@...il.com,
ojeda@...nel.org,
wilfred.mallawa@....com,
aliceryhl@...gle.com,
Alistair Francis <alistair.francis@....com>,
Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>,
Dan Williams <dan.j.williams@...el.com>
Subject: [RFC v3 03/27] X.509: Parse Subject Alternative Name in certificates
From: Lukas Wunner <lukas@...ner.de>
The upcoming support for PCI device authentication with CMA-SPDM
(PCIe r6.1 sec 6.31) requires validating the Subject Alternative Name
in X.509 certificates.
Store a pointer to the Subject Alternative Name upon parsing for
consumption by CMA-SPDM.
Signed-off-by: Lukas Wunner <lukas@...ner.de>
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@....com>
Reviewed-by: Alistair Francis <alistair.francis@....com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@...wei.com>
Acked-by: Dan Williams <dan.j.williams@...el.com>
---
crypto/asymmetric_keys/x509_cert_parser.c | 9 +++++++++
include/keys/x509-parser.h | 2 ++
2 files changed, 11 insertions(+)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 2fe094f5caf3..363acd87dba1 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -596,6 +596,15 @@ int x509_process_extension(void *context, size_t hdrlen,
return 0;
}
+ if (ctx->last_oid == OID_subjectAltName) {
+ if (ctx->cert->raw_san)
+ return -EBADMSG;
+
+ ctx->cert->raw_san = v;
+ ctx->cert->raw_san_size = vlen;
+ return 0;
+ }
+
if (ctx->last_oid == OID_keyUsage) {
/*
* Get hold of the keyUsage bit string
diff --git a/include/keys/x509-parser.h b/include/keys/x509-parser.h
index 8b68e720693a..4e6a05a8c7a6 100644
--- a/include/keys/x509-parser.h
+++ b/include/keys/x509-parser.h
@@ -38,6 +38,8 @@ struct x509_certificate {
unsigned raw_subject_size;
unsigned raw_skid_size;
const void *raw_skid; /* Raw subjectKeyId in ASN.1 */
+ const void *raw_san; /* Raw subjectAltName in ASN.1 */
+ unsigned raw_san_size;
unsigned index;
bool seen; /* Infinite recursion prevention */
bool verified;
--
2.52.0
Powered by blists - more mailing lists