On Mon, Feb 02, 2026 at 05:02:12PM +0000, David Howells wrote: > Allow the rejection of authenticatedAttributes in PKCS#7 (signedAttrs in > CMS) to be waived in the kernel config for ML-DSA when used for module > signing. This reflects the issue that openssl < 4.0 cannot do this and > openssl-4 has not yet been released. > > This does not permit RSA, ECDSA or ECRDSA to be so waived (behaviour > unchanged). > > Signed-off-by: David Howells <[email protected]> > cc: Lukas Wunner <[email protected]> > cc: Ignat Korchagin <[email protected]> > cc: Jarkko Sakkinen <[email protected]> > cc: Stephan Mueller <[email protected]> > cc: Eric Biggers <[email protected]> > cc: Herbert Xu <[email protected]> > cc: [email protected] > cc: [email protected] > --- > crypto/asymmetric_keys/Kconfig | 11 +++++++++++ > crypto/asymmetric_keys/pkcs7_parser.c | 8 ++++++++ > crypto/asymmetric_keys/pkcs7_parser.h | 3 +++ > crypto/asymmetric_keys/pkcs7_verify.c | 6 ++++++ > 4 files changed, 28 insertions(+) > > diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig > index e1345b8f39f1..1dae2232fe9a 100644 > --- a/crypto/asymmetric_keys/Kconfig > +++ b/crypto/asymmetric_keys/Kconfig > @@ -53,6 +53,17 @@ config PKCS7_MESSAGE_PARSER > This option provides support for parsing PKCS#7 format messages for > signature data and provides the ability to verify the signature. > > +config PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA > + bool "Waive rejection of authenticatedAttributes for ML-DSA" > + depends on PKCS7_MESSAGE_PARSER > + depends on CRYPTO_MLDSA > + help > + Due to use of CMS_NOATTR with ML-DSA not being supported in > + OpenSSL < 4.0 (and thus any released version), enabling this > + allows authenticatedAttributes to be used with ML-DSA for > + module signing. Use of authenticatedAttributes in this > + context is normally rejected. > + > config PKCS7_TEST_KEY > tristate "PKCS#7 testing key type" > depends on SYSTEM_DATA_VERIFICATION > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c > b/crypto/asymmetric_keys/pkcs7_parser.c > index 594a8f1d9dfb..db1c90ca6fc1 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.c > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > @@ -92,9 +92,17 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg) > if (!sinfo) > goto inconsistent; > > +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA > + msg->authattrs_rej_waivable = true; > +#endif > + > if (sinfo->authattrs) { > want = true; > msg->have_authattrs = true; > +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA > + if (strncmp(sinfo->sig->pkey_algo, "mldsa", 5) != 0) > + msg->authattrs_rej_waivable = false; > +#endif > } else if (sinfo->sig->algo_takes_data) { > sinfo->sig->hash_algo = "none"; > } > diff --git a/crypto/asymmetric_keys/pkcs7_parser.h > b/crypto/asymmetric_keys/pkcs7_parser.h > index e17f7ce4fb43..6ef9f335bb17 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.h > +++ b/crypto/asymmetric_keys/pkcs7_parser.h > @@ -55,6 +55,9 @@ struct pkcs7_message { > struct pkcs7_signed_info *signed_infos; > u8 version; /* Version of cert (1 -> PKCS#7 or CMS; > 3 -> CMS) */ > bool have_authattrs; /* T if have authattrs */ > +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA > + bool authattrs_rej_waivable; /* T if authatts rejection can > be waived */ > +#endif > > /* Content Data (or NULL) */ > enum OID data_type; /* Type of Data */ > diff --git a/crypto/asymmetric_keys/pkcs7_verify.c > b/crypto/asymmetric_keys/pkcs7_verify.c > index 06abb9838f95..519eecfe6778 100644 > --- a/crypto/asymmetric_keys/pkcs7_verify.c > +++ b/crypto/asymmetric_keys/pkcs7_verify.c > @@ -425,6 +425,12 @@ int pkcs7_verify(struct pkcs7_message *pkcs7, > return -EKEYREJECTED; > } > if (pkcs7->have_authattrs) { > +#ifdef CONFIG_PKCS7_WAIVE_AUTHATTRS_REJECTION_FOR_MLDSA > + if (pkcs7->authattrs_rej_waivable) { > + pr_warn("Waived invalid module sig (has > authattrs)\n"); > + break; > + } > +#endif > pr_warn("Invalid module sig (has authattrs)\n"); > return -EKEYREJECTED; > } >
Reviewed-by: Jarkko Sakkinen <[email protected]> BR, Jarkko
