From: Jarkko Sakkinen <jarkko@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: Lukas Wunner <lukas@wunner.de>,
Ignat Korchagin <ignat@cloudflare.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Eric Biggers <ebiggers@kernel.org>,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Daniel Gomez <da.gomez@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Ard Biesheuvel <ardb@kernel.org>,
Stephan Mueller <smueller@chronox.de>,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org,
linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v16 7/7] pkcs7: Allow authenticatedAttributes for ML-DSA
Date: Tue, 3 Feb 2026 02:35:26 +0200 [thread overview]
Message-ID: <aYFCzv9MKNnROg2Y@kernel.org> (raw)
In-Reply-To: <20260202170216.2467036-8-dhowells@redhat.com>
On Mon, Feb 02, 2026 at 05:02:12PM +0000, David Howells wrote:
> Allow the rejection of authenticatedAttributes in PKCS#7 (signedAttrs in
> CMS) to be waived in the kernel config for ML-DSA when used for module
> signing. This reflects the issue that openssl < 4.0 cannot do this and
> openssl-4 has not yet been released.
>
> This does not permit RSA, ECDSA or ECRDSA to be so waived (behaviour
> unchanged).
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Lukas Wunner <lukas@wunner.de>
> cc: Ignat Korchagin <ignat@cloudflare.com>
> cc: Jarkko Sakkinen <jarkko@kernel.org>
> cc: Stephan Mueller <smueller@chronox.de>
> cc: Eric Biggers <ebiggers@kernel.org>
> cc: Herbert Xu <herbert@gondor.apana.org.au>
> cc: keyrings@vger.kernel.org
> cc: linux-crypto@vger.kernel.org
> ---
> crypto/asymmetric_keys/Kconfig | 11 +++++++++++
> crypto/asymmetric_keys/pkcs7_parser.c | 8 ++++++++
> crypto/asymmetric_keys/pkcs7_parser.h | 3 +++
> crypto/asymmetric_keys/pkcs7_verify.c | 6 ++++++
> 4 files changed, 28 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
> index e1345b8f39f1..1dae2232fe9a 100644
> --- a/crypto/asymmetric_keys/Kconfig
> +++ b/crypto/asymmetric_keys/Kconfig
> @@ -53,6 +53,17 @@ config PKCS7_MESSAGE_PARSER
> This option provides support for parsing PKCS#7 format messages for
> signature data and provides the ability to verify the signature.
>
> +config PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + bool "Waive rejection of authenticatedAttributes for ML-DSA"
> + depends on PKCS7_MESSAGE_PARSER
> + depends on CRYPTO_MLDSA
> + help
> + Due to use of CMS_NOATTR with ML-DSA not being supported in
> + OpenSSL < 4.0 (and thus any released version), enabling this
> + allows authenticatedAttributes to be used with ML-DSA for
> + module signing. Use of authenticatedAttributes in this
> + context is normally rejected.
> +
> config PKCS7_TEST_KEY
> tristate "PKCS#7 testing key type"
> depends on SYSTEM_DATA_VERIFICATION
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 594a8f1d9dfb..db1c90ca6fc1 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -92,9 +92,17 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg)
> if (!sinfo)
> goto inconsistent;
>
> +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + msg->authattrs_rej_waivable = true;
> +#endif
> +
> if (sinfo->authattrs) {
> want = true;
> msg->have_authattrs = true;
> +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + if (strncmp(sinfo->sig->pkey_algo, "mldsa", 5) != 0)
> + msg->authattrs_rej_waivable = false;
> +#endif
> } else if (sinfo->sig->algo_takes_data) {
> sinfo->sig->hash_algo = "none";
> }
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.h b/crypto/asymmetric_keys/pkcs7_parser.h
> index e17f7ce4fb43..6ef9f335bb17 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.h
> +++ b/crypto/asymmetric_keys/pkcs7_parser.h
> @@ -55,6 +55,9 @@ struct pkcs7_message {
> struct pkcs7_signed_info *signed_infos;
> u8 version; /* Version of cert (1 -> PKCS#7 or CMS; 3 -> CMS) */
> bool have_authattrs; /* T if have authattrs */
> +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + bool authattrs_rej_waivable; /* T if authatts rejection can be waived */
> +#endif
>
> /* Content Data (or NULL) */
> enum OID data_type; /* Type of Data */
> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
> index 06abb9838f95..519eecfe6778 100644
> --- a/crypto/asymmetric_keys/pkcs7_verify.c
> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
> @@ -425,6 +425,12 @@ int pkcs7_verify(struct pkcs7_message *pkcs7,
> return -EKEYREJECTED;
> }
> if (pkcs7->have_authattrs) {
> +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA
> + if (pkcs7->authattrs_rej_waivable) {
> + pr_warn("Waived invalid module sig (has authattrs)\n");
> + break;
> + }
> +#endif
> pr_warn("Invalid module sig (has authattrs)\n");
> return -EKEYREJECTED;
> }
>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
next prev parent reply other threads:[~2026-02-03 0:35 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-02 17:02 [PATCH v16 0/7] x509, pkcs7, crypto: Add ML-DSA signing David Howells
2026-02-02 17:02 ` [PATCH v16 1/7] crypto: Add ML-DSA crypto_sig support David Howells
2026-02-02 17:02 ` [PATCH v16 2/7] x509: Separately calculate sha256 for blacklist David Howells
2026-02-02 17:02 ` [PATCH v16 3/7] pkcs7, x509: Rename ->digest to ->m David Howells
2026-02-02 17:02 ` [PATCH v16 4/7] pkcs7: Allow the signing algo to do whatever digestion it wants itself David Howells
2026-02-03 0:29 ` Jarkko Sakkinen
2026-02-03 8:37 ` David Howells
2026-02-02 17:02 ` [PATCH v16 5/7] pkcs7, x509: Add ML-DSA support David Howells
2026-02-03 0:30 ` Jarkko Sakkinen
2026-02-02 17:02 ` [PATCH v16 6/7] modsign: Enable ML-DSA module signing David Howells
2026-02-02 17:02 ` [PATCH v16 7/7] pkcs7: Allow authenticatedAttributes for ML-DSA David Howells
2026-02-03 0:35 ` Jarkko Sakkinen [this message]
2026-02-05 15:47 ` [PATCH v16 8/7] pkcs7: Change a pr_warn() to pr_warn_once() David Howells
2026-02-08 13:41 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYFCzv9MKNnROg2Y@kernel.org \
--to=jarkko@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=da.gomez@kernel.org \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=mcgrof@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=samitolvanen@google.com \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.