rpms/crypto-policies
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update from upstream (sequoia, openssl groups, gnutls ML-DSA, ...)

Browse Source 
- sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia
- sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ...
- sequoia: Add PQC algorithm
- sequoia: Do not include EdDSA in FIPS policy
- sequoia: Generate AEAD policy
- openssl: send one PQ and one classic key_share; prioritize PQ groups
- FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl...
- python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519
- gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert

Resolves: RHEL-98732
Resolves: RHEL-99813
Resolves: RHEL-97763
Resolves: RHEL-101123
This commit is contained in:
Alexander Sosedkin 2025-07-14 15:54:51 +02:00
parent de096a5843
commit e045e42116
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto-policies.spec
View File

@ -1,5 +1,5 @@
%global git_date 20250602
%global git_commit a6d4d0c9db528c335bbe92095df751af87d88414
%global git_date 20250714
%global git_commit 95bf40e7f8853024a2f04fa4687afa5b89b99e98
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
%global _python_bytecompile_extra 0
@ -236,6 +236,17 @@ exit 0
%{_datarootdir}/crypto-policies/python
%changelog
* Mon Jul 14 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250714-1.git95bf40e
- sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia
- sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ...
- sequoia: Add PQC algorithm
- sequoia: Do not include EdDSA in FIPS policy
- sequoia: Generate AEAD policy
- openssl: send one PQ and one classic key_share; prioritize PQ groups
- FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl...
- python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519
- gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert
* Mon Jun 02 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250602-1.gita6d4d0c
- openssl: fix mistakes in integrity-only cipher definitions
- FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA

2
sources
View File

@ -1 +1 @@
SHA512 (crypto-policies-gita6d4d0c.tar.gz) = 7385e757f3897a857259580c52b8ab21b67c1f29b21067fb5b2db885a0e956406f8117674070466b4d61d80fdcbea5b1458816e7ddaf50b49c71c3a75acd21ca
SHA512 (crypto-policies-git95bf40e.tar.gz) = 733689f356fad8052d084b721e0b87a171de90aaa2889725ccad6180d3cc95ca22b79e17894d1bd0dde40438f94d70148f765b33a215361df217015d803f5114