From: Stefan Berger <stefanb@linux.ibm.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, zohar@linux.ibm.com,
roberto.sassu@huawei.com, David Howells <dhowells@redhat.com>,
Lukas Wunner <lukas@wunner.de>, Ignat Korchagin <ignat@linux.win>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH 1/3] crypto: public_key: Remove check for valid hash_algo for ML-DSA keys
Date: Wed, 8 Apr 2026 13:25:17 -0400 [thread overview]
Message-ID: <a38caed3-150c-4438-8ead-465c628899a4@linux.ibm.com> (raw)
In-Reply-To: <20260406165350.GD2971@sol>
On 4/6/26 12:53 PM, Eric Biggers wrote:
> On Sun, Apr 05, 2026 at 07:12:22PM -0400, Stefan Berger wrote:
>> Remove the check for the hash_algo since ML-DSA is only used in pure mode
>> and there is no relevance of a hash_algo for the input data.
>>
>> Cc: David Howells <dhowells@redhat.com>
>> Cc: Lukas Wunner <lukas@wunner.de>
>> Cc: Ignat Korchagin <ignat@linux.win>
>> Cc: keyrings@vger.kernel.org
>> Cc: linux-crypto@vger.kernel.org
>> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
>> ---
>> crypto/asymmetric_keys/public_key.c | 5 -----
>> 1 file changed, 5 deletions(-)
>>
>> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
>> index 09a0b83d5d77..df6918a77ab8 100644
>> --- a/crypto/asymmetric_keys/public_key.c
>> +++ b/crypto/asymmetric_keys/public_key.c
>> @@ -147,11 +147,6 @@ software_key_determine_akcipher(const struct public_key *pkey,
>> strcmp(pkey->pkey_algo, "mldsa87") == 0) {
>> if (strcmp(encoding, "raw") != 0)
>> return -EINVAL;
>> - if (!hash_algo)
>> - return -EINVAL;
>> - if (strcmp(hash_algo, "none") != 0 &&
>> - strcmp(hash_algo, "sha512") != 0)
>> - return -EINVAL;
>
> Does this broaden which hash algorithms are accepted for CMS signatures
> that use ML-DSA and contain signed attributes?
Right... dropping this patch and using the "none" route now.
>
> - Eric
>
next prev parent reply other threads:[~2026-04-08 17:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-05 23:12 [PATCH 0/3] Add support for ML-DSA signature for EVM and IMA Stefan Berger
2026-04-05 23:12 ` [PATCH 1/3] crypto: public_key: Remove check for valid hash_algo for ML-DSA keys Stefan Berger
2026-04-06 16:53 ` Eric Biggers
2026-04-08 17:25 ` Stefan Berger [this message]
2026-04-05 23:12 ` [PATCH 2/3] integrity: Refactor asymmetric_verify for reusability Stefan Berger
2026-04-05 23:12 ` [PATCH 3/3] integrity: Add support for sigv3 verification using ML-DSA keys Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a38caed3-150c-4438-8ead-465c628899a4@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=ignat@linux.win \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=roberto.sassu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.