Re: [PATCH v2 05/21] X.509: Parse Subject Alternative Name in certificates

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] The X.509 parser completely ignores the `critical` flag on certificate extensions, allowing certificates with unrecognized critical constraints to be successfully validated.
--

commit b12732c2d7a7dc077f0c1d3f0be7c0a415bae376
Author: Lukas Wunner <lukas@wunner.de>

X.509: Parse Subject Alternative Name in certificates

This commit adds support for parsing the Subject Alternative Name (SAN)
extension in X.509 certificates. It stores a pointer to the SAN for later
consumption by CMA-SPDM for PCI device authentication.

> diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
> index bfd10f0195e01..c3ec2846695a5 100644
> --- a/crypto/asymmetric_keys/x509_cert_parser.c
> +++ b/crypto/asymmetric_keys/x509_cert_parser.c
> @@ -596,6 +596,15 @@ int x509_process_extension(void *context, size_t hdrlen,
>  		return 0;
>  	}
>  
> +	if (ctx->last_oid == OID_subjectAltName) {
> +		if (ctx->cert->raw_san)
> +			return -EBADMSG;
> +
> +		ctx->cert->raw_san = v;
> +		ctx->cert->raw_san_size = vlen;
> +		return 0;
> +	}
> +
>  	if (ctx->last_oid == OID_keyUsage) {

[Severity: High]
This is a pre-existing issue, but while looking at how we process X.509
extensions here, does the parser ignore the critical flag on extensions?

Looking at the ASN.1 definition in crypto/asymmetric_keys/x509.asn1:

Extension ::= SEQUENCE {
    extnId      OBJECT IDENTIFIER ({ x509_note_OID }),
    critical    BOOLEAN DEFAULT,
    extnValue   OCTET STRING ({ x509_process_extension })
}

Because there is no action attached to the critical BOOLEAN field, its
value seems to be discarded during parsing.

At the end of x509_process_extension(), unrecognized extensions are
unconditionally ignored:

crypto/asymmetric_keys/x509_cert_parser.c:x509_process_extension() {
    ...
    if (ctx->last_oid == OID_basicConstraints) {
        ...
        return 0;
    }
    
    return 0;
}

Since X.509 certificates are supplied by potentially untrusted sources
(like during SPDM authentication), could an attacker bypass required
certificate constraints by presenting unrecognized extensions marked with
the critical flag that get silently ignored and treated as a success (0)?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260623045406.2589547-1-alistair.francis@wdc.com?part=5