Re: [PATCH v16 7/7] pkcs7: Allow authenticatedAttributes for ML-DSA
From: Jarkko Sakkinen
Date: Mon Feb 02 2026 - 19:39:10 EST
On Mon, Feb 02, 2026 at 05:02:12PM +0000, David Howells wrote:
> Allow the rejection of authenticatedAttributes in PKCS#7 (signedAttrs in
> CMS) to be waived in the kernel config for ML-DSA when used for module
> signing. This reflects the issue that openssl < 4.0 cannot do this and
> openssl-4 has not yet been released.
>
> This does not permit RSA, ECDSA or ECRDSA to be so waived (behaviour
> unchanged).
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> cc: Lukas Wunner <lukas@xxxxxxxxx>
> cc: Ignat Korchagin <ignat@xxxxxxxxxxxxxx>
> cc: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> cc: Stephan Mueller <smueller@xxxxxxxxxx>
> cc: Eric Biggers <ebiggers@xxxxxxxxxx>
> cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> cc: keyrings@xxxxxxxxxxxxxxx
> cc: linux-crypto@xxxxxxxxxxxxxxx
> ---
> crypto/asymmetric_keys/Kconfig | 11 +++++++++++
> crypto/asymmetric_keys/pkcs7_parser.c | 8 ++++++++
> crypto/asymmetric_keys/pkcs7_parser.h | 3 +++
> crypto/asymmetric_keys/pkcs7_verify.c | 6 ++++++
> 4 files changed, 28 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
> index e1345b8f39f1..1dae2232fe9a 100644
> --- a/crypto/asymmetric_keys/Kconfig
> +++ b/crypto/asymmetric_keys/Kconfig
> @@ -53,6 +53,17 @@ config PKCS7_MESSAGE_PARSER
> This option provides support for parsing PKCS#7 format messages for
> signature data and provides the ability to verify the signature.
>
> +config PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + bool "Waive rejection of authenticatedAttributes for ML-DSA"
> + depends on PKCS7_MESSAGE_PARSER
> + depends on CRYPTO_MLDSA
> + help
> + Due to use of CMS_NOATTR with ML-DSA not being supported in
> + OpenSSL < 4.0 (and thus any released version), enabling this
> + allows authenticatedAttributes to be used with ML-DSA for
> + module signing. Use of authenticatedAttributes in this
> + context is normally rejected.
> +
> config PKCS7_TEST_KEY
> tristate "PKCS#7 testing key type"
> depends on SYSTEM_DATA_VERIFICATION
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 594a8f1d9dfb..db1c90ca6fc1 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -92,9 +92,17 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg)
> if (!sinfo)
> goto inconsistent;
>
> +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + msg->authattrs_rej_waivable = true;
> +#endif
> +
> if (sinfo->authattrs) {
> want = true;
> msg->have_authattrs = true;
> +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + if (strncmp(sinfo->sig->pkey_algo, "mldsa", 5) != 0)
> + msg->authattrs_rej_waivable = false;
> +#endif
> } else if (sinfo->sig->algo_takes_data) {
> sinfo->sig->hash_algo = "none";
> }
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.h b/crypto/asymmetric_keys/pkcs7_parser.h
> index e17f7ce4fb43..6ef9f335bb17 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.h
> +++ b/crypto/asymmetric_keys/pkcs7_parser.h
> @@ -55,6 +55,9 @@ struct pkcs7_message {
> struct pkcs7_signed_info *signed_infos;
> u8 version; /* Version of cert (1 -> PKCS#7 or CMS; 3 -> CMS) */
> bool have_authattrs; /* T if have authattrs */
> +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + bool authattrs_rej_waivable; /* T if authatts rejection can be waived */
> +#endif
>
> /* Content Data (or NULL) */
> enum OID data_type; /* Type of Data */
> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
> index 06abb9838f95..519eecfe6778 100644
> --- a/crypto/asymmetric_keys/pkcs7_verify.c
> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
> @@ -425,6 +425,12 @@ int pkcs7_verify(struct pkcs7_message *pkcs7,
> return -EKEYREJECTED;
> }
> if (pkcs7->have_authattrs) {
> +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + if (pkcs7->authattrs_rej_waivable) {
> + pr_warn("Waived invalid module sig (has authattrs)\n");
> + break;
> + }
> +#endif
> pr_warn("Invalid module sig (has authattrs)\n");
> return -EKEYREJECTED;
> }
>
Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
BR, Jarkko