lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a1f844ff4817a6b183ac857527df6505449c8af6.camel@HansenPartnership.com>
Date: Wed, 12 Nov 2025 10:58:31 -0500
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: David Howells <dhowells@...hat.com>
Cc: Petr Pavlu <petr.pavlu@...e.com>, David Woodhouse <dwmw2@...radead.org>,
  Luis Chamberlain <mcgrof@...nel.org>, Daniel Gomez <da.gomez@...nel.org>,
 Sami Tolvanen <samitolvanen@...gle.com>, Aaron Tomlin
 <atomlin@...mlin.com>,  keyrings@...r.kernel.org,
 linux-modules@...r.kernel.org,  linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] sign-file: Remove support for signing with PKCS#7

On Wed, 2025-11-12 at 15:52 +0000, David Howells wrote:
> James Bottomley <James.Bottomley@...senPartnership.com> wrote:
> 
> > > We're looking at moving to ML-DSA, and the CMS support there is
> > > slightly dodgy at the moment, so we need to hold off a bit on
> > > this change.
> > 
> > How will removing PKCS7_sign, which can only do sha1 signatures
> > affect that? Is the dodginess that the PKCS7_... API is better than
> > CMS_... for PQS at the moment?  In which case we could pretty much
> > do a rip and replace of the CMS_ API if necessary, but that would
> > be a completely separate patch.
> 
> OpenSSL-3.5.1's ML-DSA support isn't completely right - in particular
> CMS_NOATTR is not currently supported.  I believe there is a fix in
> the works there, but I doubt it has made it to all the distributions
> yet.

I get that PQC in openssl-3.5 is highly experimental, but that merely
means we tell people not to use it for a while.  However, what I don't
see is how this impacts PKCS7_sign removal.  The CMS API can do a sha1
signature if that's what people want and keeping the PKCS7_sign API
won't prevent anyone with openssl-3.5 installed from trying a PQ
signature. 

>   I'm only asking that we hold off a cycle; that will probably
> suffice.

Right but why?  Is your thought that we'll have to change the CMS_ code
slightly and this might conflict?

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ