Re: [PATCH v8 09/30] s390x/diag: Implement DIAG 320 subcode 2

Tue, 17 Feb 2026 13:30:09 -0800 

On 2/17/26 3:18 AM, Markus Armbruster wrote:
> Zhuoying Cai <[email protected]> writes:
> 
>> DIAG 320 subcode 2 provides verification-certificates (VCs) that are in the
>> certificate store. Only X509 certificates in DER format and SHA-256 hash
>> type are recognized.
>>
>> The subcode value is denoted by setting the second-left-most bit
>> of an 8-byte field.
>>
>> The Verification Certificate Block (VCB) contains the output data
>> when the operation completes successfully. It includes a common
>> header followed by zero or more Verification Certificate Entries (VCEs),
>> depending on the VCB input length and the VC range (from the first VC
>> index to the last VC index) in the certificate store.
>>
>> Each VCE contains information about a certificate retrieved from
>> the S390IPLCertificateStore, such as the certificate name, key type,
>> key ID length, hash length, and the raw certificate data.
>> The key ID and hash are extracted from the raw certificate by the crypto API.
>>
>> Note: SHA2-256 VC hash type is required for retrieving the hash
>> (fingerprint) of the certificate.
>>
>> Signed-off-by: Zhuoying Cai <[email protected]>
> 
> [...]
> 
>> @@ -235,8 +237,324 @@ static int handle_diag320_query_vcsi(S390CPU *cpu, 
>> uint64_t addr, uint64_t r1,
>>      return DIAG_320_RC_OK;
>>  }
>>  
>> +static bool is_cert_valid(const S390IPLCertificate *cert)
>> +{
>> +    int rc;
>> +    Error *err = NULL;
>> +
>> +    rc = qcrypto_x509_check_cert_times(cert->raw, cert->size, &err);
>> +    if (rc != 0) {
>> +        error_report_err(err);
> 
> Does not build for me:
> 
>     ../target/s390x/diag.c: In function ‘is_cert_valid’:
>     ../target/s390x/diag.c:249:9: error: implicit declaration of function 
> ‘error_report_err’; did you mean ‘error_report’? 
> [-Wimplicit-function-declaration]
>       249 |         error_report_err(err);
>           |         ^~~~~~~~~~~~~~~~
>           |         error_report
> 

Thanks for pointing this out. The build error is resolved by adding
#include "qapi/error.h" to the file. I’ll update this in the next version.

>> +        return false;
>> +    }
>> +
>> +    return true;
>> +}
> 
> [...]
>

Reply via email to