Bug 2005021 - add SHAKE-256 support and enable it where appropriate
Summary: add SHAKE-256 support and enable it where appropriate
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: crypto-policies
Version: 9.0
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: rc
: ---
Assignee: Alexander Sosedkin
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-09-16 15:00 UTC by Alexander Sosedkin
Modified: 2022-05-17 16:21 UTC (History)
1 user (show)

Fixed In Version: crypto-policies-20220203-1.gitf03e75e.el9
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-17 15:54:31 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gitlab redhat-crypto/fedora-crypto-policies/-/commit/b7e39d96e2f6b1e44176ccb5a76a6685576a66b6 0 None None None 2022-02-03 12:07:01 UTC
Red Hat Issue Tracker CRYPTO-6127 0 None None None 2022-02-03 13:52:11 UTC
Red Hat Issue Tracker RHELPLAN-97559 0 None None None 2021-09-18 10:21:22 UTC
Red Hat Product Errata RHBA-2022:3953 0 None None None 2022-05-17 15:54:41 UTC

Description Alexander Sosedkin 2021-09-16 15:00:04 UTC 
Description of problem:

crypto-policies doesn't have a control for SHAKE-256.
SHAKE-256 is used as part of Ed448.
Allowlisting means Ed448 cannot be used now in gnutls.
SHAKE-256 should be allowlisted explicitly for gnutls
and considered for all other backends.
(see bz1983676 for more context)
Comment 9 errata-xmlrpc 2022-05-17 15:54:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: crypto-policies), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3953
Note You need to log in before you can comment on or make changes to this bug.