git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	David Howells <dhowells@redhat.com>
	Fri, 17 Oct 2025 07:46:43 +0000 (08:46 +0100)
committer	David Howells <dhowells@redhat.com>
	Fri, 30 Jan 2026 11:34:34 +0000 (11:34 +0000)
commit	8bbdeb7a25b4cd3d829136a2e12982b8ee7d7991
tree	ec11a5f67add7bd6883c43de2c38a764f3e1cd38	tree
parent	f3eccecd782dbaf33d5ad0d1fd22ea277300acdb	commit \| diff

pkcs7, x509: Add ML-DSA support

Add support for ML-DSA keys and signatures to the CMS/PKCS#7 and X.509
implementations. ML-DSA-44, -65 and -87 are all supported. For X.509
certificates, the TBSCertificate is required to be signed directly; for
CMS, direct signing of the data is preferred, though use of SHA512 (and
only that) as an intermediate hash of the content is permitted with
signedAttrs.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Lukas Wunner <lukas@wunner.de>
cc: Ignat Korchagin <ignat@cloudflare.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Eric Biggers <ebiggers@kernel.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org

crypto/asymmetric_keys/pkcs7_parser.c		diff \| blob \| blame \| history
crypto/asymmetric_keys/public_key.c		diff \| blob \| blame \| history
crypto/asymmetric_keys/x509_cert_parser.c		diff \| blob \| blame \| history
include/linux/oid_registry.h		diff \| blob \| blame \| history