Re: [PATCH 1/4] lib/crypto: Add ML-DSA verification support

Next message: David Lechner: "Re: [PATCH 0/2] iio: Add support for TI ADS1X18 ADCs"
Previous message: Viacheslav Dubeyko: "RE: [PATCH v2] fs/hfs: fix s_fs_info leak on setup_bdev_super() failure"
In reply to: Eric Biggers: "Re: [PATCH 1/4] lib/crypto: Add ML-DSA verification support"
Next in thread: Eric Biggers: "Re: [PATCH 1/4] lib/crypto: Add ML-DSA verification support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lukas Wunner

Date: Fri Nov 21 2025 - 17:29:18 EST

On Fri, Nov 21, 2025 at 10:23:09PM +0000, Eric Biggers wrote:
> That list actually includes the same three files that use -EKEYREJECTED.
> It looks like if the signature verification fails "early" it's -EBADMSG,
> whereas if it fails "late" it's -EKEYREJECTED?

-EBADMSG denotes malformed data (e.g. incorrectly formatted ASN.1 payload).

-EKEYREJECTED denotes a well-formed, but incorrect signature (e.g. made
by a wrong key).

I think it's important and useful to be able to differentiate that.

Thanks,

Lukas