Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.1
Affects Version/s: rhel-10.0
Component/s: openssl
Labels:
- Accepted
- CY25Q3
- Committed
- rn-yml

Fixed in Build:
openssl-3.5.1-1.el10
Regression:
No
Severity:
Low
Epic Link:
CRYPTO-15725
sprint_count:
3

AssignedTeam:
rhel-security-crypto
Sub-System Group:

ssg_security

Dev Target Milestone:
16
Internal Target Milestone:
26
Story Points:
0.2
ACKs Check:

QE ack, Dev ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
Crypto25Q1, Crypto25Q2, Crypto25July

Acceptance Criteria:

Hide

For both ML-DSA and ML-KEM algorithms:
1. OpenSSL is able to create and read files in the IETF standard format, with "seed", "expandedKey" and "both" variants of the private key format
2. OpenSSL is able to read files created by the oqsprovider we shipped in RHEL-10.0 and convert them to the "expandedKey" format

Show
For both ML-DSA and ML-KEM algorithms: 1. OpenSSL is able to create and read files in the IETF standard format, with "seed", "expandedKey" and "both" variants of the private key format 2. OpenSSL is able to read files created by the oqsprovider we shipped in RHEL-10.0 and convert them to the "expandedKey" format
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/148482
Gating Tests:

Not Needed
Test Coverage:

Automated

Release Note Type:
Known Issue
Release Note Text:

Hide
.`oqsprovider` stores ML-KEM and ML-DSA private keys in a non-standard format

The open quantum-safe provider for OpenSSL (`oqsprovider`) generates private keys in a format that does not conform with any of the file formats proposed by the IETF LAMPS work group. Consequently, the key files might be unreadable by other applications that follow the IETF standard and cannot be handled by applications that require providing the key in the seed format for import.

Because there currently is no workaround, do not use the keys for storing long-term secrets.

Show
.`oqsprovider` stores ML-KEM and ML-DSA private keys in a non-standard format The open quantum-safe provider for OpenSSL (`oqsprovider`) generates private keys in a format that does not conform with any of the file formats proposed by the IETF LAMPS work group. Consequently, the key files might be unreadable by other applications that follow the IETF standard and cannot be handled by applications that require providing the key in the seed format for import. Because there currently is no workaround, do not use the keys for storing long-term secrets.
Release Note Status:
Proposed

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

When oqsprovider-0.8.0 is used to generate ML-KEM private keys (to PKCS#8 files), the keys are stored as concatenation of the expanded private key and public key value, not as seed or just the expanded value.

This is in conflict with https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-06 draft and all the other proposed formats.

depends on

RHEL-72720 liboqs can't derive private key from passed-in seed

Closed

relates to

RHEL-82676 Describe key conversion from oqsprovider into a standard format

Release Pending

links to

https://github.com/open-quantum-safe/liboqs/issues/2032

https://github.com/open-quantum-safe/oqs-provider/issues/613

RHBA-2025:148482 openssl bug fix and enhancement update

Assignee:: Dmitry Belyavskiy

Reporter:: Alicja Kario

Developer:: Dmitry Belyavskiy

QA Contact:: George Pantelakis

Doc Contact:: Mirek Jahoda

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2025/01/03 4:46 PM

Updated:: 2025/07/27 11:52 AM

Dev Target end:: 2025/06/16

Target end:: 2025/08/25

Next Planned Release Date:: 2025/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide