Fix/update for post-quantum cryptography in TLS

[vcrhonek]

Hi,

OpenSSL 3.5 offers post quantum cryptography (PQC) support:

• default TLS keyshares have been changed to offer X25519MLKEM768
• support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)

See https://github.com/openssl/openssl/releases for more info.

Additional info can be found in these drafts:
https://datatracker.ietf.org/doc/html/draft-kwiatkowski-tls-ecdhe-mlkem-03
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-07

a)
openwsman DOESN'T use post-quantum key exchange by default if the peer supports it:

# openssl s_client  -connect localhost:5986 </dev/null
[...]
Peer signing digest: SHA256
Peer signature type: rsa_pss_rsae_sha256
Peer Temp Key: ECDH, prime256v1, 256 bits
[...]

This is because 'EC_KEY_new_by_curve_name()' usage. Patch removes this function, which is deprecated since OpenSSL 3.0 anyway. See https://docs.openssl.org/3.0/man3/EC_KEY_new/

TLS 1.3 and the X25519MLKEM768 key exchange is used by default if the peer supports it then:

# openssl s_client  -connect localhost:5986 </dev/null
[...]
Peer signing digest: SHA256
Peer signature type: rsa_pss_rsae_sha256
Negotiated TLS1.3 group: X25519MLKEM768
[...]

b)
This change makes 'owsmangencert.sh' generate ML-DSA certificate:

# patch /etc/openwsman/owsmangencert.sh << 'EOF'
--- /etc/openwsman/owsmangencert.sh.orig	2025-05-27 00:50:50.131071368 -0400
+++ /etc/openwsman/owsmangencert.sh	2025-05-27 00:52:30.239071368 -0400
@@ -26,7 +26,7 @@
 # certificate is created
 
 openssl req -days 365 $@ -config $CNFFILE \
-  -new -x509 -nodes -out $CERTFILE \
+  -newkey mldsa65 -x509 -nodes -out $CERTFILE \
   -keyout $KEYFILE
 chmod 600 $KEYFILE

EOF

If one wants to use a TLS certificate using ML-DSA , then connection works as expected (assuming 'EC_KEY_new_by_curve_name()' was already removed):

# openssl x509 -in /etc/openwsman/servercert.pem --text --noout
[...]
Signature Algorithm: ML-DSA-65
[...]
Public Key Algorithm: ML-DSA-65
[...]
# openssl s_client  -connect localhost:5986 -CAfile /etc/openwsman/servercert.pem </dev/null
[...]
Peer signature type: mldsa65
Negotiated TLS1.3 group: X25519MLKEM768
[...]
Verify return code: 0 (ok)
[...]
# echo $?
0

But openwsman DOESN'T support an ML-DSA certificate and classic certificate chain (fall back for clients not having access to PQC) at the same time. There's no configuration or option to load more than one certificate in the server. This could be useful and the rest of the patch implements this functionality.