git.ipfire.org Git - thirdparty/linux.git/commit

author	David Howells <dhowells@redhat.com>
	Mon, 26 Jan 2026 11:46:58 +0000 (11:46 +0000)
committer	David Howells <dhowells@redhat.com>
	Mon, 2 Feb 2026 16:58:21 +0000 (16:58 +0000)
commit	91db696adea4d76017b1e1f45915a5cbf04e8da3
tree	2cc63c2352a5e8bbac1b17dcbf1295daaddf4b94	tree
parent	0ad9a71933e73c8a2af101d28e9a1dc35bae02d5	commit \| diff

pkcs7: Allow authenticatedAttributes for ML-DSA

Allow the rejection of authenticatedAttributes in PKCS#7 (signedAttrs in
CMS) to be waived in the kernel config for ML-DSA when used for module
signing. This reflects the issue that openssl < 4.0 cannot do this and
openssl-4 has not yet been released.

This does not permit RSA, ECDSA or ECRDSA to be so waived (behaviour
unchanged).

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Lukas Wunner <lukas@wunner.de>
cc: Ignat Korchagin <ignat@cloudflare.com>
cc: Jarkko Sakkinen <jarkko@kernel.org>
cc: Stephan Mueller <smueller@chronox.de>
cc: Eric Biggers <ebiggers@kernel.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org

crypto/asymmetric_keys/Kconfig		diff \| blob \| blame \| history
crypto/asymmetric_keys/pkcs7_parser.c		diff \| blob \| blame \| history
crypto/asymmetric_keys/pkcs7_parser.h		diff \| blob \| blame \| history
crypto/asymmetric_keys/pkcs7_verify.c		diff \| blob \| blame \| history