Eric Biggers <[email protected]> wrote: > If OpenSSL 3.5 is the last version that doesn't support the noattr case, > that would mean that OpenSSL 3.6 does support it, right? OpenSSL 3.6 > was released several months ago. Yet the above code requires version 4.
3.5 and 3.6 support ML-DSA, but not with CMS_NOATTR, so I need to update this. Version 4 will support ML-DSA with CMS_NOATTR, but that's not yet tagged. > How about we just support the new way only? That would be simpler, and > it sounds like it's already supported by the latest OpenSSL. Depends what you mean by "latest OpenSSL". Latest in git, yes; latest in distributions that people can simply install as an rpm/deb/etc., no. Now, assuming OpenSSL releases v4 sometime in the spring, I would probably be fine with saying you have to have OpenSSL v4 if you want ML-DSA; but others might have a different opinion. David
