x509: Separately calculate sha256 for blacklist - wireguard-linux

diff options

author	David Howells <dhowells@redhat.com>	2026-01-21 13:33:37 +0000
committer	David Howells <dhowells@redhat.com>	2026-01-30 11:32:23 +0000
commit	2c62068ac86bdd917a12eef49ba82ec8b091208b (patch)
tree	6219e873d63ba1078a25d81426946e3c1f802b98 /include/linux/bcma/ssh:/git@git.zx2c4.com
parent	crypto: Add ML-DSA crypto_sig support (diff)

x509: Separately calculate sha256 for blacklist

Calculate the SHA256 hash for blacklisting purposes independently of the signature hash (which may be something other than SHA256). This is necessary because when ML-DSA is used, no digest is calculated. Note that this represents a change of behaviour in that the hash used for the blacklist check would previously have been whatever digest was used for, say, RSA-based signatures. It may be that this is inadvisable. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> cc: Lukas Wunner <lukas@wunner.de> cc: Ignat Korchagin <ignat@cloudflare.com> cc: Stephan Mueller <smueller@chronox.de> cc: Eric Biggers <ebiggers@kernel.org> cc: Herbert Xu <herbert@gondor.apana.org.au> cc: keyrings@vger.kernel.org cc: linux-crypto@vger.kernel.org

Diffstat (limited to 'include/linux/bcma/ssh:/git@git.zx2c4.com')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: