Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-110994

rpm --import mldsa87.pub fails in FIPS

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • rust-rpm-sequoia-1.9.0.3-1.el10_1
    • No
    • Important
    • 1
    • rhel-security-crypto-spades
    • 31
    • 2
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto25September
    • Approved Blocker
    • Hide
      1. RPMs dual-signed with RSA (2k or 4k) and MLDSA87-Ed448 pass verification in FIPS
      2. RPMs signed with just MLDSA87-Ed448 pass verification in FIPS
        (from algorithm perspective, signatures must be of course correct otherwise - trusted keys etc.)
      Show
      RPMs dual-signed with RSA (2k or 4k) and MLDSA87-Ed448 pass verification in FIPS RPMs signed with just MLDSA87-Ed448 pass verification in FIPS (from algorithm perspective, signatures must be of course correct otherwise - trusted keys etc.)
    • Pass
    • Automated
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      In FIPS mode, RPM is not able to import MLDSA-87 public key, therefore verification of RPMs will start failing once we ship dual-signed packages.

      Reproducer: https://gitlab.com/redhat/rhel/tests/rust-rpm-sequoia/-/tree/48a463b8fb48a49c901d54c4bfc426525c53b32e/Integration/rpm-before-RHEL10

              jjelen@redhat.com Jakub Jelen
              szidek@redhat.com Stanislav Zidek
              Jakub Jelen Jakub Jelen
              Stanislav Zidek Stanislav Zidek
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: