On Sun, 2024-06-30 at 21:37 +0200, Lukas Wunner wrote: > The upcoming support for PCI device authentication with CMA-SPDM > (PCIe r6.1 sec 6.31) requires validating the Subject Alternative Name > in X.509 certificates. > > Store a pointer to the Subject Alternative Name upon parsing for > consumption by CMA-SPDM. > > Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx> > Reviewed-by: Wilfred Mallawa <wilfred.mallawa@xxxxxxx> > Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx> > Reviewed-by: Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx> > Acked-by: Dan Williams <dan.j.williams@xxxxxxxxx> Reviewed-by: Alistair Francis <alistair.francis@xxxxxxx> Alistair > --- > crypto/asymmetric_keys/x509_cert_parser.c | 9 +++++++++ > include/keys/x509-parser.h | 2 ++ > 2 files changed, 11 insertions(+) > > diff --git a/crypto/asymmetric_keys/x509_cert_parser.c > b/crypto/asymmetric_keys/x509_cert_parser.c > index 25cc4273472f..92314e4854f1 100644 > --- a/crypto/asymmetric_keys/x509_cert_parser.c > +++ b/crypto/asymmetric_keys/x509_cert_parser.c > @@ -588,6 +588,15 @@ int x509_process_extension(void *context, size_t > hdrlen, > return 0; > } > > + if (ctx->last_oid == OID_subjectAltName) { > + if (ctx->cert->raw_san) > + return -EBADMSG; > + > + ctx->cert->raw_san = v; > + ctx->cert->raw_san_size = vlen; > + return 0; > + } > + > if (ctx->last_oid == OID_keyUsage) { > /* > * Get hold of the keyUsage bit string > diff --git a/include/keys/x509-parser.h b/include/keys/x509-parser.h > index 37436a5c7526..8e450befe3b9 100644 > --- a/include/keys/x509-parser.h > +++ b/include/keys/x509-parser.h > @@ -36,6 +36,8 @@ struct x509_certificate { > unsigned raw_subject_size; > unsigned raw_skid_size; > const void *raw_skid; /* Raw subjectKeyId > in ASN.1 */ > + const void *raw_san; /* Raw > subjectAltName in ASN.1 */ > + unsigned raw_san_size; > unsigned index; > bool seen; /* Infinite > recursion prevention */ > bool verified;