Re: [PATCH v11 3/8] pkcs7, x509: Add ML-DSA support

From: David Howells
Date: Thu Jan 08 2026 - 09:45:06 EST

Next message: Fuad Tabba: "Re: [PATCH v9 07/30] KVM: arm64: Pull ctxt_has_ helpers to start of sysreg-sr.h"
Previous message: Rafael J. Wysocki: "Re: [RESEND][PATCH v2 0/3] net: Discard pm_runtime_put() return value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eric Biggers <ebiggers@xxxxxxxxxx> wrote:

>
> 1.) If the CMS object doesn't include signed attributes, then it's a
> digest of the real message the caller provided.

Yeah - that needs fixing, but I need to be able to test it.

openssl-4.0 (at least that's what appears to be on the master branch) will
have a fix for ML-DSA CMS_NOATTR support (it was committed in November), but
it's not available yet unless you want to build your own.

sign-file would would normally use CMS_NOATTR, and this is worked round by
patch 4 in this series by using signed attributes for ML_DSA.

David

Next message: Fuad Tabba: "Re: [PATCH v9 07/30] KVM: arm64: Pull ctxt_has_ helpers to start of sysreg-sr.h"
Previous message: Rafael J. Wysocki: "Re: [RESEND][PATCH v2 0/3] net: Discard pm_runtime_put() return value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]