Eric Biggers <[email protected]> wrote: > > 1.) If the CMS object doesn't include signed attributes, then it's a > digest of the real message the caller provided.
Yeah - that needs fixing, but I need to be able to test it. openssl-4.0 (at least that's what appears to be on the master branch) will have a fix for ML-DSA CMS_NOATTR support (it was committed in November), but it's not available yet unless you want to build your own. sign-file would would normally use CMS_NOATTR, and this is worked round by patch 4 in this series by using signed attributes for ML_DSA. David
