Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-65585

TEST-PQ crypto policy should enable hybrid ML-KEM groups for OpenSSL

XMLWordPrintable

    • crypto-policies-20241104-1.git6a67b8c.el10
    • No
    • Low
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 15
    • 0.5
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto24Q4
    • Hide

      AC1) TEST-PQ lists all four names with the ? optional syntax: ?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768

      Show
      AC1) TEST-PQ lists all four names with the ? optional syntax: ?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768
    • Pass
    • Enabled
    • Automated
    • Unspecified Release Note Type - Unknown
    • None

      Using `DEFAULT:TEST-PQ` policy, the openssl config file (/etc/crypto-policies/back-ends/opensslcnf.config) lists 

      Groups = ?mlkem512:?p256_mlkem512:?x25519_mlkem512:?mlkem768:?p384_mlkem768:?x448_mlkem768:?x25519_mlkem768:?p256_mlkem768:?mlkem1024:?p521_mlkem1024:?p384_mlkem1024:X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192

      The groups we need enabled are named SecP256r1MLKEM768 and X25519MLKEM768

      crypto-policies-20241010-1.git7a71364.el10.noarch
      crypto-policies-scripts-20241010-1.git7a71364.el10.noarch
      crypto-policies-pq-preview-20241010-1.git7a71364.el10.noarch

              asosedki@redhat.com Alexander Sosedkin
              hkario@redhat.com Alicja Kario
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: