Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2234737/?format=api
{ "id": 2234737, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2234737/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260508031710.514574-3-alistair.francis@wdc.com/", "project": { "id": 28, "url": "http://patchwork.ozlabs.org/api/1.2/projects/28/?format=api", "name": "Linux PCI development", "link_name": "linux-pci", "list_id": "linux-pci.vger.kernel.org", "list_email": "linux-pci@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260508031710.514574-3-alistair.francis@wdc.com>", "list_archive_url": null, "date": "2026-05-08T03:16:54", "name": "[02/18] X.509: Make certificate parser public", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "dbe76bd20ce2fe530644bd9f821ef735c5084269", "submitter": { "id": 64571, "url": "http://patchwork.ozlabs.org/api/1.2/people/64571/?format=api", "name": "Alistair Francis", "email": "alistair23@gmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260508031710.514574-3-alistair.francis@wdc.com/mbox/", "series": [ { "id": 503312, "url": "http://patchwork.ozlabs.org/api/1.2/series/503312/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/list/?series=503312", "date": "2026-05-08T03:16:52", "name": "lib: Rust implementation of SPDM", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/503312/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2234737/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2234737/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linux-pci+bounces-54157-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-pci@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=Y3J9ZhQD;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.105.105.114; helo=tor.lore.kernel.org;\n envelope-from=linux-pci+bounces-54157-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"Y3J9ZhQD\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.214.170", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com" ], "Received": [ "from tor.lore.kernel.org (tor.lore.kernel.org [172.105.105.114])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gBZ835Gk3z1yCg\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 08 May 2026 13:18:27 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 9694E305AF2B\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 8 May 2026 03:17:43 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 5B4A62E8B64;\n\tFri, 8 May 2026 03:17:41 +0000 (UTC)", "from mail-pl1-f170.google.com (mail-pl1-f170.google.com\n [209.85.214.170])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CF872EBB99\n\tfor <linux-pci@vger.kernel.org>; Fri, 8 May 2026 03:17:38 +0000 (UTC)", "by mail-pl1-f170.google.com with SMTP id\n d9443c01a7336-2ba21d32776so11073725ad.2\n for <linux-pci@vger.kernel.org>; Thu, 07 May 2026 20:17:38 -0700 (PDT)", "from toolbx.alistair23.me ([2403:581e:fdf9:0:6209:4521:6813:45b7])\n by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2baf1eafa62sm3220685ad.74.2026.05.07.20.17.30\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 07 May 2026 20:17:37 -0700 (PDT)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778210261; cv=none;\n b=Y5y6nZSHbcoptQVSq6BpdsFs6P1/CtgHYqVOi7SW+VIQHmcr8JBqwjlRNWUYAv89GRAt4pyTaQzD7ZY7e2O+S9ouOK/lW3rLrQHaNJb3wc2EEBkAgR5zbL3D4D+/L5L0148/bLkevjPqe228+dfuzLXg4+vqSGyjA98PEqiaVpc=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778210261; c=relaxed/simple;\n\tbh=z5H7IwFWyQ0i2GyTWoOMohX8+M5T1CFBH5xA9uQkq98=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=azmK3HymdE4njBBZ0OdmBrEJR81urGCaYiO0uj79KKNWAOZC1u8hIKKuCPDDGrUpB77T0h9lBPUK+2POTk/3HcHTiuYKX0mUH9Fwn/R6pKEuv1TcKy0KOLDibY5jR/QV6NhFfHPUIMbeR9UhqdCF7JG2p//CRigpzyIfOWa5g+8=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=Y3J9ZhQD; arc=none smtp.client-ip=209.85.214.170", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1778210258; x=1778815058;\n darn=vger.kernel.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=WNztetKq9XMpM5m+98P429Tts0AUJfNMeagdulZTgAo=;\n b=Y3J9ZhQDAFQUR9WNkcoL7BK/wimN/GK/b4PIa2EaSphEsW0hBaalXoc4/w/XtQmF1I\n K+7zoz9nWZBwM0iqoxh8faf678FELgVXjMN44M9A4IFk6TLoUHW7CXu6YAIY3WNG/jjV\n q+EZx8kYEw9Ky7Z6dA1Iz2I8PnUYzzqjULVpqGmuN0r6IClNjP/SLftN0W8RaRprrF/O\n dtP1hr5yateyftfmFIjqXl2c+sF2Js4zZ6GJHv8coeodROKEnF4YTAVE4OYRZIW3Yfvj\n UCGmT+4hhXk/GHyOTrUM74eszY+FwwZpb6YsLFtjRNlI2xAyUUgq0hExDZ/p7zvedflM\n atXA==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1778210258; x=1778815058;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=WNztetKq9XMpM5m+98P429Tts0AUJfNMeagdulZTgAo=;\n b=FK//K/sNBW4O/HpzNTyq9bqOSlwy0DifMWZM1uQKJvg61uBQEh3TrmPxaAiJxaLgcM\n ngAHO7IHvyYrUofuAwanehPJEsHcbuQsQTQQWo+RqaCYKnx6hwdd/J1s8r7mOn9O1LXw\n j7ryRKjKiE5TLwQFq5zQNmHomDba40vni+U3/ADzjiIZEyIXCLImkNeujTe5tf35p9KL\n uloW7OJxCBwx2kBzOQ6rBRuUwSEiomPqexVazJv6dcRVuW6tnUPrwBZYNK4xlzdXBP7V\n T/3OHCwyriFSPb4UVRIgCHXJ9suFQHYctK8+eEp4+BhZ7kZY6DZwWaNPCk7vJTkEAywb\n k4Xw==", "X-Forwarded-Encrypted": "i=1;\n AFNElJ8OUgorh0SUY2LMaQWh8Vds7K0n/RmUDlCXFvP8yRMxo0TsnEzr9AAIpiHFzZH8EQqm6zxccDo0Iv8=@vger.kernel.org", "X-Gm-Message-State": "AOJu0YxZYOXingjPY8Hp3SV2JpjB3actiJKaGOevSqT5D+mA5p0vcSan\n\t7QlakliWwfmutxsjh4GS8WpPgAkmoYVkU+9a5eIzuZ/JNLfYx9IuDsXQ", "X-Gm-Gg": "Acq92OHXS4afWouRkJpWGZYUlUgDNX1ABz7lhw+xP8e6I1Wetg54IxOMX4G6dlrPHXY\n\tTgArx4oJiEtc1Y6wJ2K/4vIky3hejiKXHeXtPF2AXela2e0z5sL04cwGycICbhaMovJHp/+EKtE\n\tdwNOV9dgPpafHViL0D+H7iC2ouBn3flGC3GN/e9J8nkIrQducTQZ5qJHrB6jkuQiiT7Hsw70gVl\n\tIvZQaLgrrK8jg1JIkd7cuEcLcKtMtB10upbZNDxgUl1zoXIv8GmIZFN2+vt0Bj5hiKeBqwOrjLi\n\tpFc5AwtWRXTLZnIP6fYYXS/YJddeuiN9cQg6jifXbi19fUuDDdpE1Jy1W2saTif8HUhw2vCU/YW\n\tleBdxOJ08fLbOM5oPJBXEd1W8hSINZRy7865zV9roL2YwuBLnhqi0XoUyRs8K16KvLDOQKx9zWd\n\tKRwKdCOEBkSStfGCG2Ftznr27wJCDG4GOepXYojteMMaAAU8Ni0iI=", "X-Received": "by 2002:a17:903:124f:b0:2b4:5c0d:314b with SMTP id\n d9443c01a7336-2ba798a8fc5mr108654285ad.38.1778210258226;\n Thu, 07 May 2026 20:17:38 -0700 (PDT)", "From": "alistair23@gmail.com", "X-Google-Original-From": "alistair.francis@wdc.com", "To": "alistair@alistair23.me,\n\tlinux-kernel@vger.kernel.org,\n\tlukas@wunner.de,\n\tJonathan.Cameron@huawei.com,\n\tbhelgaas@google.com,\n\trust-for-linux@vger.kernel.org,\n\takpm@linux-foundation.org,\n\tlinux-cxl@vger.kernel.org,\n\tdjbw@kernel.org,\n\tlinux-pci@vger.kernel.org", "Cc": "alex.gaynor@gmail.com, wilfred.mallawa@wdc.com, gary@garyguo.net,\n bjorn3_gh@protonmail.com, benno.lossin@proton.me, aliceryhl@google.com,\n boqun.feng@gmail.com, a.hindborg@kernel.org, tmgross@umich.edu,\n ojeda@kernel.org, alistair23@gmail.com,\n Dan Williams <dan.j.williams@intel.com>,\n Alistair Francis <alistair.francis@wdc.com>,\n =?utf-8?q?Ilpo_J=C3=A4rvinen?= <ilpo.jarvinen@linux.intel.com>", "Subject": "[PATCH 02/18] X.509: Make certificate parser public", "Date": "Fri, 8 May 2026 13:16:54 +1000", "Message-ID": "<20260508031710.514574-3-alistair.francis@wdc.com>", "X-Mailer": "git-send-email 2.52.0", "In-Reply-To": "<20260508031710.514574-1-alistair.francis@wdc.com>", "References": "<20260508031710.514574-1-alistair.francis@wdc.com>", "Precedence": "bulk", "X-Mailing-List": "linux-pci@vger.kernel.org", "List-Id": "<linux-pci.vger.kernel.org>", "List-Subscribe": "<mailto:linux-pci+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-pci+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=UTF-8", "Content-Transfer-Encoding": "8bit" }, "content": "From: Lukas Wunner <lukas@wunner.de>\n\nThe upcoming support for PCI device authentication with CMA-SPDM\n(PCIe r6.1 sec 6.31) requires validating the Subject Alternative Name\nin X.509 certificates.\n\nHigh-level functions for X.509 parsing such as key_create_or_update()\nthrow away the internal, low-level struct x509_certificate after\nextracting the struct public_key and public_key_signature from it.\nThe Subject Alternative Name is thus inaccessible when using those\nfunctions.\n\nAfford CMA-SPDM access to the Subject Alternative Name by making struct\nx509_certificate public, together with the functions for parsing an\nX.509 certificate into such a struct and freeing such a struct.\n\nThe private header file x509_parser.h previously included <linux/time.h>\nfor the definition of time64_t. That definition was since moved to\n<linux/time64.h> by commit 361a3bf00582 (\"time64: Add time64.h header\nand define struct timespec64\"), so adjust the #include directive as part\nof the move to the new public header file <keys/x509-parser.h>.\n\nNo functional change intended.\n\nSigned-off-by: Lukas Wunner <lukas@wunner.de>\nReviewed-by: Dan Williams <dan.j.williams@intel.com>\nReviewed-by: Alistair Francis <alistair.francis@wdc.com>\nReviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>\nReviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>\n---\n crypto/asymmetric_keys/x509_parser.h | 42 +--------------------\n include/keys/x509-parser.h | 55 ++++++++++++++++++++++++++++\n 2 files changed, 56 insertions(+), 41 deletions(-)\n create mode 100644 include/keys/x509-parser.h", "diff": "diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h\nindex b7aeebdddb36..39f1521b773d 100644\n--- a/crypto/asymmetric_keys/x509_parser.h\n+++ b/crypto/asymmetric_keys/x509_parser.h\n@@ -5,51 +5,11 @@\n * Written by David Howells (dhowells@redhat.com)\n */\n \n-#include <linux/cleanup.h>\n-#include <linux/time.h>\n-#include <crypto/public_key.h>\n-#include <keys/asymmetric-type.h>\n-#include <crypto/sha2.h>\n-\n-struct x509_certificate {\n-\tstruct x509_certificate *next;\n-\tstruct x509_certificate *signer;\t/* Certificate that signed this one */\n-\tstruct public_key *pub;\t\t\t/* Public key details */\n-\tstruct public_key_signature *sig;\t/* Signature parameters */\n-\tu8\t\tsha256[SHA256_DIGEST_SIZE]; /* Hash for blacklist purposes */\n-\tchar\t\t*issuer;\t\t/* Name of certificate issuer */\n-\tchar\t\t*subject;\t\t/* Name of certificate subject */\n-\tstruct asymmetric_key_id *id;\t\t/* Issuer + Serial number */\n-\tstruct asymmetric_key_id *skid;\t\t/* Subject + subjectKeyId (optional) */\n-\ttime64_t\tvalid_from;\n-\ttime64_t\tvalid_to;\n-\tconst void\t*tbs;\t\t\t/* Signed data */\n-\tunsigned\ttbs_size;\t\t/* Size of signed data */\n-\tunsigned\traw_sig_size;\t\t/* Size of signature */\n-\tconst void\t*raw_sig;\t\t/* Signature data */\n-\tconst void\t*raw_serial;\t\t/* Raw serial number in ASN.1 */\n-\tunsigned\traw_serial_size;\n-\tunsigned\traw_issuer_size;\n-\tconst void\t*raw_issuer;\t\t/* Raw issuer name in ASN.1 */\n-\tconst void\t*raw_subject;\t\t/* Raw subject name in ASN.1 */\n-\tunsigned\traw_subject_size;\n-\tunsigned\traw_skid_size;\n-\tconst void\t*raw_skid;\t\t/* Raw subjectKeyId in ASN.1 */\n-\tunsigned\tindex;\n-\tbool\t\tseen;\t\t\t/* Infinite recursion prevention */\n-\tbool\t\tverified;\n-\tbool\t\tself_signed;\t\t/* T if self-signed (check unsupported_sig too) */\n-\tbool\t\tunsupported_sig;\t/* T if signature uses unsupported crypto */\n-\tbool\t\tblacklisted;\n-};\n+#include <keys/x509-parser.h>\n \n /*\n * x509_cert_parser.c\n */\n-extern void x509_free_certificate(struct x509_certificate *cert);\n-DEFINE_FREE(x509_free_certificate, struct x509_certificate *,\n-\t if (!IS_ERR(_T)) x509_free_certificate(_T))\n-extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);\n extern int x509_decode_time(time64_t *_t, size_t hdrlen,\n \t\t\t unsigned char tag,\n \t\t\t const unsigned char *value, size_t vlen);\ndiff --git a/include/keys/x509-parser.h b/include/keys/x509-parser.h\nnew file mode 100644\nindex 000000000000..8b68e720693a\n--- /dev/null\n+++ b/include/keys/x509-parser.h\n@@ -0,0 +1,55 @@\n+/* SPDX-License-Identifier: GPL-2.0-or-later */\n+/* X.509 certificate parser\n+ *\n+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.\n+ * Written by David Howells (dhowells@redhat.com)\n+ */\n+\n+#ifndef _KEYS_X509_PARSER_H\n+#define _KEYS_X509_PARSER_H\n+\n+#include <linux/cleanup.h>\n+#include <linux/time.h>\n+#include <crypto/public_key.h>\n+#include <keys/asymmetric-type.h>\n+#include <crypto/sha2.h>\n+\n+struct x509_certificate {\n+\tstruct x509_certificate *next;\n+\tstruct x509_certificate *signer;\t/* Certificate that signed this one */\n+\tstruct public_key *pub;\t\t\t/* Public key details */\n+\tstruct public_key_signature *sig;\t/* Signature parameters */\n+\tu8\t\tsha256[SHA256_DIGEST_SIZE]; /* Hash for blacklist purposes */\n+\tchar\t\t*issuer;\t\t/* Name of certificate issuer */\n+\tchar\t\t*subject;\t\t/* Name of certificate subject */\n+\tstruct asymmetric_key_id *id;\t\t/* Issuer + Serial number */\n+\tstruct asymmetric_key_id *skid;\t\t/* Subject + subjectKeyId (optional) */\n+\ttime64_t\tvalid_from;\n+\ttime64_t\tvalid_to;\n+\tconst void\t*tbs;\t\t\t/* Signed data */\n+\tunsigned\ttbs_size;\t\t/* Size of signed data */\n+\tunsigned\traw_sig_size;\t\t/* Size of signature */\n+\tconst void\t*raw_sig;\t\t/* Signature data */\n+\tconst void\t*raw_serial;\t\t/* Raw serial number in ASN.1 */\n+\tunsigned\traw_serial_size;\n+\tunsigned\traw_issuer_size;\n+\tconst void\t*raw_issuer;\t\t/* Raw issuer name in ASN.1 */\n+\tconst void\t*raw_subject;\t\t/* Raw subject name in ASN.1 */\n+\tunsigned\traw_subject_size;\n+\tunsigned\traw_skid_size;\n+\tconst void\t*raw_skid;\t\t/* Raw subjectKeyId in ASN.1 */\n+\tunsigned\tindex;\n+\tbool\t\tseen;\t\t\t/* Infinite recursion prevention */\n+\tbool\t\tverified;\n+\tbool\t\tself_signed;\t\t/* T if self-signed (check unsupported_sig too) */\n+\tbool\t\tunsupported_sig;\t/* T if signature uses unsupported crypto */\n+\tbool\t\tblacklisted;\n+};\n+\n+struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);\n+void x509_free_certificate(struct x509_certificate *cert);\n+\n+DEFINE_FREE(x509_free_certificate, struct x509_certificate *,\n+\t if (!IS_ERR(_T)) x509_free_certificate(_T))\n+\n+#endif /* _KEYS_X509_PARSER_H */\n", "prefixes": [ "02/18" ] }