Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-125929

Support of MLKEM+NIST curves in FIPS mode - OpenSSH

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • openssh-9.9p1-19.el10
    • No
    • Low
    • 1
    • rhel-security-crypto-diamonds
    • 21
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto26-01
    • Hide

      AC1: self-compatibility: ssh connection using newly implemented MLKEM hybrid key exchange with NIST works in FIPS mode
      AC2: interoperability with PuTTY: ssh connection using MLKEM hybrid key exchange with NIST is successfully estabilished in FIPS mode
      AC3: manual check if connection between x86_64 and s390x platforms works in FIPS mode

      Show
      AC1: self-compatibility: ssh connection using newly implemented MLKEM hybrid key exchange with NIST works in FIPS mode AC2: interoperability with PuTTY: ssh connection using MLKEM hybrid key exchange with NIST is successfully estabilished in FIPS mode AC3: manual check if connection between x86_64 and s390x platforms works in FIPS mode
    • Pass
    • Not Needed
    • New Test Coverage
    • Feature
    • Support of MLKEM+NIST curves in FIPS mode added to OpenSSH
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      A follow-up to https://issues.redhat.com/browse/RHEL-70824

      In RHEL FIPS provider we don't have MLKEM, so we presume that we fetch ML-KEM from the default provider and NIST curves from FIPS one. 

       

              dbelyavs@redhat.com Dmitry Belyavskiy
              dbelyavs@redhat.com Dmitry Belyavskiy
              Dmitry Belyavskiy Dmitry Belyavskiy
              Miluse Bezo Konecna Miluse Bezo Konecna
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: