On Wed, 2025-11-12 at 15:52 +0000, David Howells wrote: > James Bottomley <[email protected]> wrote: > > > > We're looking at moving to ML-DSA, and the CMS support there is > > > slightly dodgy at the moment, so we need to hold off a bit on > > > this change. > > > > How will removing PKCS7_sign, which can only do sha1 signatures > > affect that? Is the dodginess that the PKCS7_... API is better than > > CMS_... for PQS at the moment? In which case we could pretty much > > do a rip and replace of the CMS_ API if necessary, but that would > > be a completely separate patch. > > OpenSSL-3.5.1's ML-DSA support isn't completely right - in particular > CMS_NOATTR is not currently supported. I believe there is a fix in > the works there, but I doubt it has made it to all the distributions > yet.
I get that PQC in openssl-3.5 is highly experimental, but that merely means we tell people not to use it for a while. However, what I don't see is how this impacts PKCS7_sign removal. The CMS API can do a sha1 signature if that's what people want and keeping the PKCS7_sign API won't prevent anyone with openssl-3.5 installed from trying a PQ signature. > I'm only asking that we hold off a cycle; that will probably > suffice. Right but why? Is your thought that we'll have to change the CMS_ code slightly and this might conflict? Regards, James
