Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.0
Affects Version/s: rhel-10.0
Component/s: crypto-policies
Labels:
- Accepted
- CY24Q4

Fixed in Build:
crypto-policies-20241106-1.git1bdaba3.el10
Regression:
No
Severity:
Low
Epic Link:
CRYPTO-15258
sprint_count:
1

Pool Team:

rhel-sst-security-crypto
Sub-System Group:

ssg_security

Dev Target Milestone:
12
Internal Target Milestone:
12
Story Points:
0.75
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
Crypto24Q4

Acceptance Criteria:

Hide

AC1) Applying TEST-PQ enables mlkem768x25519:mlkem768secp256r1 under allow= in nss config

Show
AC1) Applying TEST-PQ enables mlkem768x25519:mlkem768secp256r1 under allow= in nss config
Preliminary Testing:
Pass
Test Link:
https://pkgs.devel.redhat.com/cgit/tests/crypto-policies/tree/Sanity/retention/main.fmf
Errata Link:
https://errata.engineering.redhat.com/advisory/139952
Gating Tests:

Enabled
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

When the TEST-PQ subpolicy is enabled, the necessary algorithms aren't enabled in the NSS policy.

In the crypto-policies-20241104-1.git6a67b8c.el10.noarch setting the policy to `DEFAULT:TEST-PQ` does not add to the `/etc/crypto-policies/back-ends/nss.config` file the `allow=mlkem768x25519:mlkem768secp256r1:`

links to

RHBA-2024:139952 crypto-policies bug fix and enhancement update

Assignee:: Alexander Sosedkin

Reporter:: Alicja Kario

Developer:: Alexander Sosedkin

QA Contact:: Ondrej Moris

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/11/06 12:24 PM

Updated:: 2024/11/12 4:19 PM

Dev Target end:: 2024/11/11

Target end:: 2024/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates