open-quantum-safe / openssl Goto Github PK

This project forked from openssl/openssl

UNSUPPORTED Fork of OpenSSL 1.1.1 that includes prototype quantum-resistant algorithms and ciphersuites based on liboqs PLEASE SWITCH TO OQS-Provider for OpenSSL 3

Home Page: https://openquantumsafe.org/

License: Other

Shell 0.28% Perl 18.15% DIGITAL Command Language 0.02% C 80.36% C++ 0.22% Assembly 0.63% M4 0.15% eC 0.02% Python 0.18% sed 0.01% Batchfile 0.01%

cryptography post-quantum tls x509 smime

openssl's Introduction

OQS-OpenSSL_1_1_1

Warning

The OpenSSL project has announced that its support for OpenSSL 1.1.1 will stop in September, 2023, and that all users should switch to OpenSSL 3. Consequently, the Open Quantum Safe project is discontinuing development of our OQS-OpenSSL 1.1.1 fork. No more releases are planned for OQS-OpenSSL 1.1.1. The OQS Provider for OpenSSL 3 provides full support for post-quantum key exchange and authentication in TLS 1.3, X.509, and S/MIME.

OpenSSL is an open-source implementation of the TLS protocol and various cryptographic algorithms (View the original README.)

OQS-OpenSSL_1_1_1 is a fork of OpenSSL 1.1.1 that adds quantum-safe key exchange and authentication algorithms using liboqs for prototyping and evaluation purposes. This fork is not endorsed by the OpenSSL project.

Overview
Status
- Limitations and Security
- Supported Algorithms
Quickstart
- Building
- Running
Third Party Integrations
Contributing
License
Team
Acknowledgements

Overview

liboqs is an open source C library for quantum-resistant cryptographic algorithms. See here for more information.

OQS-OpenSSL_1_1_1-stable is a fork that integrates liboqs into OpenSSL 1.1.1. The goal of this integration is to provide easy prototyping of quantum-safe cryptography in the TLS 1.3 protocol.

Both liboqs and this fork are part of the Open Quantum Safe (OQS) project, which aims to develop and prototype quantum-safe cryptography (QSC). More information about the project can be found here.

Note that, referencing the terminology defined by ETSI and CSA, the terms "post-quantum cryptography" (PQC), "quantum-safe cryptography" (QSC) and "quantum-resistant cryptography" (QRC) all refer to the same class of cryptographic algorithms that is made available for use via this fork.

Status

This fork is currently in sync with the OpenSSL_1_1_1u tag, and adds the following:

quantum-safe key exchange in TLS 1.3
hybrid (quantum-safe + elliptic curve) key exchange in TLS 1.3
quantum-safe authentication in TLS 1.3
hybrid (quantum-safe + RSA/elliptic curve) authentication in TLS 1.3
CMS support (sign and verify using any of the supported quantum-safe signature algorithms)

For more information, see the release notes.

WE DO NOT RECOMMEND RELYING ON THIS FORK IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA. This fork is at an experimental stage, and has not received the same level of auditing and analysis that OpenSSL has received. See the Limitations and Security section below for more information.

liboqs and our integration into OpenSSL is provided "as is", without warranty of any kind. See the LICENSE for the full disclaimer.

Limitations and security

As research advances, the supported algorithms may see rapid changes in their security, and may even prove insecure against both classical and quantum computers.

We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying potentially quantum-resistant algorithms, and strongly recommend that applications and protocols rely on the outcomes of the NIST standardization project when deploying quantum-safe cryptography.

While at the time of this writing there are no vulnerabilities known in any of the quantum-safe algorithms used in this fork, it is advisable to wait on deploying quantum-safe algorithms until further guidance is provided by the standards community, especially from the NIST standardization project.

We realize some parties may want to deploy quantum-safe cryptography prior to the conclusion of the standardization project. We strongly recommend such attempts make use of so-called hybrid cryptography, in which quantum-safe public-key algorithms are combined with traditional public key algorithms (like RSA or elliptic curves) such that the solution is at least no less secure than existing traditional cryptography. This fork provides the ability to use hybrid cryptography.

Proofs of TLS such as [JKSS12] and [KPW13] require a key exchange mechanism that has a form of active security, either in the form of the PRF-ODH assumption, or an IND-CCA KEM. Some of the KEMs provided in liboqs do provide IND-CCA security; others do not (these datasheets specify which provide what security), in which case existing proofs of security of TLS against active attackers do not apply.

Supported Algorithms

If an algorithm is provided by liboqs but is not listed below, it might still be possible to use it in the fork through either one of two ways.

Key Exchange

The following quantum-safe algorithms from liboqs are supported (assuming they have been enabled in liboqs):

BIKE: bikel1, bikel3, bikel5
CRYSTALS-Kyber: kyber512, kyber768, kyber1024
FrodoKEM: frodo640aes, frodo640shake, frodo976aes, frodo976shake, frodo1344aes, frodo1344shake
HQC: hqc128, hqc192, hqc256†

If <KEX> is any of the algorithms listed above, the following hybrid algorithms are supported:

if <KEX> claims NIST L1 or L2 security, the fork provides the method p256_<KEX>, which combine <KEX> with ECDH using the P256 curve.
if <KEX> claims NIST L3 or L4 security, the fork provides the method p384_<KEX>, which combines <KEX> with ECDH using the P384 curve.
if <KEX> claims NIST L5 security, the fork provides the method p521_<KEX>, which combines <KEX> with ECDH using the P521 curve.

For example, since kyber768 claims NIST L3 security, the hybrid p384_kyber768 is available.

Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments. For further information about each algorithm's strengths and limitations, see the documentation markdown files at liboqs.

Authentication

The following digital signature algorithms from liboqs are supported by the fork. Note that not all variants of all algorithms are enabled by default; algorithms that are enabled by default are marked with an asterisk, and should you wish to enable additional variants, consult the "Code Generation" section of the documentation in the wiki.

CRYSTALS-Dilithium:dilithium2*, dilithium3*, dilithium5*
Falcon:falcon512*, falcon1024*
SPHINCS-SHA2:sphincssha2128fsimple*, sphincssha2128ssimple*, sphincssha2192fsimple*, sphincssha2192ssimple, sphincssha2256fsimple, sphincssha2256ssimple
SPHINCS-SHAKE:sphincsshake128fsimple*, sphincsshake128ssimple, sphincsshake192fsimple, sphincsshake192ssimple, sphincsshake256fsimple, sphincsshake256ssimple

The following hybrid algorithms are supported; they combine a quantum-safe algorithm listed above with a traditional digital signature algorithm (<SIG> is any one of the algorithms listed above):

if <SIG> claims NIST L1 or L2 security, then the fork provides the methods rsa3072_<SIG> and p256_<SIG>, which combine <SIG> with RSA3072 and with ECDSA using NIST's P256 curve respectively.
if <SIG> claims NIST L3 or L4 security, the fork provides the method p384_<SIG>, which combines <SIG> with ECDSA using NIST's P384 curve.
if <SIG> claims NIST L5 security, the fork provides the method p521_<SIG>, which combines <SIG> with ECDSA using NIST's P521 curve.

For example, since dilithium2 claims NIST L2 security, the hybrids rsa3072_dilithium2 and p256_dilithium2 are available.

For further information about each algorithm's strengths and limitations, see the documentation markdown files at liboqs.

Quickstart

The steps below have been confirmed to work on macOS 10.14 (with clang 10.0.0), Ubuntu 18.04.1 (with gcc-7) and should work on more recent versions of these operating systems/compilers. They have also been confirmed to work on Windows 10 with Visual Studio 2019. All commands below are just examples and might also be used and work differently as per the respective packages' documentations.

Building

Linux and macOS

Step 0: Get pre-requisites

On Ubuntu, you need to install the following packages:

sudo apt install cmake gcc libtool libssl-dev make ninja-build git

On macOS, you need to install the following packages using brew (or a package manager of your choice):

brew install cmake ninja libtool [email protected]

Then, get source code of this fork (<OPENSSL_DIR> is a directory of your choosing):

git clone --branch OQS-OpenSSL_1_1_1-stable https://github.com/open-quantum-safe/openssl.git <OPENSSL_DIR>

Step 1: Build and install liboqs

The following instructions will download and build liboqs, then install it into a subdirectory inside the OpenSSL folder.

git clone --branch main https://github.com/open-quantum-safe/liboqs.git
cd liboqs
mkdir build && cd build
cmake -GNinja -DCMAKE_INSTALL_PREFIX=<OPENSSL_DIR>/oqs ..
ninja
ninja install

Building liboqs requires your system to have (a standard) OpenSSL already installed. configure will detect it if it is located in a standard location, such as /usr or /usr/local/opt/openssl (for brew on macOS). Otherwise, you may need to specify it with -DOPENSSL_ROOT_DIR=<path-to-system-openssl-dir> added to the cmake command.

Note: This will only work correctly, if the OpenSSL version used to build liboqs is a version below 3.0.0. If the standard OpenSSL on the build system or the version pointed to by the above -DOPENSSL_ROOT_DIR=... command is a version >= 3.0.0, then you must add the option -DOQS_USE_OPENSSL=OFF to the above cmake build command to successfully complete the subsequent build steps for this package.

Step 2: Build the fork

Now we follow the standard instructions for building OpenSSL. Navigate to <OPENSSL_DIR>, and:

on Ubuntu, run:

./Configure no-shared linux-x86_64 -lm
make -j

on macOS (x86_64), run:

./Configure no-shared darwin64-x86_64-cc
make -j

on macOS (M1 / arm64), run:

./Configure no-shared darwin64-arm64-cc
make -j

Windows

Step 0

Make sure you can build the unmodified version of OpenSSL by following the instructions in INSTALL and NOTES.WIN.

Then, get the fork source code (<OPENSSL_DIR> is a directory of your choosing):

git clone --branch OQS-OpenSSL_1_1_1-stable https://github.com/open-quantum-safe/openssl.git <OPENSSL_DIR>

The above command uses git, but alternatively, an archive of the source code can be downloaded and expanded into <OPENSSL_DIR>

Step 1: Build and install liboqs

The following instructions will download (using git, alternatively, download an archive of the source and unzip the project) and build the x64 release configuration of liboqs, then copy the required files it into a subdirectory inside the OpenSSL folder. You may need to install dependencies before building liboqs; see the liboqs README.

git clone --branch main https://github.com/open-quantum-safe/liboqs.git
cd liboqs
mkdir build
cd build
cmake -GNinja -DCMAKE_INSTALL_PREFIX=<OPENSSL_DIR>\oqs ..
ninja
ninja install

Step 2: Build the fork

Now we follow the standard instructions for building OpenSSL:

perl Configure VC-WIN64A
nmake

N.B.: The fork can also be built as a set of shared libraries by specifying shared instead of no-shared in the above commands; We have used no-shared to avoid having to get the libraries in the right place for the runtime linker.

Build options

Default algorithms announced

By default, the fork is built to only announce 128-bit strength QSC hybrid KEM algorithms in the initial TLS handshake (using the EC groups announced extension of TLS1.3). This algorithm set can be changed to an arbitrary collection at build time by setting the variable OQS_DEFAULT_GROUPS to a colon-separated list of KEM algorithms supported, e.g., by running

./Configure no-shared linux-x86_64 -DOQS_DEFAULT_GROUPS=\"p384_kyber768:X25519:newhope1024cca\" -lm

Note: When executing the SSL test suite via make test, be sure to include not only X25519 but also ED448 in the algorithm list specified in OQS_DEFAULT_GROUPS to ensure classic algorithm tests pass.

The announced algorithms can also be modified at runtime by setting the -curves or -groups parameter with programs supporting this option (e.g., openssl s_client or openssl s_server) or by using the SSL_CTX_set1_groups_list API call. A final alternative is to set the TLS_DEFAULT_GROUPS environment variable to such colon-separated list of KEM algorithms supported. This option only works if the SSL_CTX_set1_groups_list API call has not been used.

Running

TLS demo

OpenSSL contains a basic TLS server (s_server) and TLS client (s_client) which can be used to demonstrate and test TLS connections.

To run a server, you first need to generate an X.509 certificate, using either a classical (rsa), quantum-safe (any quantum-safe authentication algorithm in the Supported Algorithms section above), or hybrid (any hybrid authentication algorithm in the Supported Algorithms section above) algorithm. The server certificate can either be self-signed or part of a chain. In either case, you need to generate a self-signed root CA certificate using the following command, replacing <SIG> with an algorithm mentioned above:

apps/openssl req -x509 -new -newkey <SIG> -keyout <SIG>_CA.key -out <SIG>_CA.crt -nodes -subj "/CN=oqstest CA" -days 365 -config apps/openssl.cnf

If you want an ECDSA certificate (<SIG> = ecdsa), you instead need to run:

apps/openssl req -x509 -new -newkey ec:<(apps/openssl ecparam -name secp384r1) -keyout <SIG>_CA.key -out <SIG>_CA.crt -nodes -subj "/CN=oqstest" -days 365 -config apps/openssl.cnf

The root CA certificate can be used directly to start the server (see below), or can be used to issue a server certificate, using the usual OpenSSL process (note that for simplicity, we use the same algorithm for the server and CA certificates; in practice the CA is likely to use a stronger one):

The server generates its key pair, a certificate request and sends the latter to the CA:

 apps/openssl req -new -newkey <SIG> -keyout <SIG>_srv.key -out <SIG>_srv.csr -nodes -subj "/CN=oqstest server" -config apps/openssl.cnf

The CA generates the signed server certificate:

 apps/openssl x509 -req -in <SIG>_srv.csr -out <SIG>_srv.crt -CA <SIG>_CA.crt -CAkey <SIG>_CA.key -CAcreateserial -days 365

Using the key and certificate thus created, running a basic TLS server with all possible key-exchange algorithms enabled, can be achieved using the following command, replacing <SERVER> with either <SIG>_CA or <SIG>_srv:

apps/openssl s_server -cert <SERVER>.crt -key <SERVER>.key -www -tls1_3

In another terminal window, you can run a TLS client requesting one of the supported key-exchanges (<KEX> = one of the quantum-safe or hybrid key exchange algorithms listed in the Supported Algorithms section above:

apps/openssl s_client -groups <KEX> -CAfile <SIG>_CA.crt

CMS demo

OpenSSL has facilities to perform signing operations pursuant to RFC 5652. This fork can be used to perform such operations with quantum-safe algorithms.

Building on the artifacts created in the TLS setup above (CA and server certificate creation using a specific (quantum-safe) <SIG> algorithm), the following command can be used to generate a (quantum-safe) signed file from some input file:

apps/openssl cms -in inputfile -sign -signer <SIG>_srv.crt -inkey <SIG>_srv.key -nodetach -outform pem -binary -out signedfile.cms

This command can be used to verify (and extract the contents) of the CMS file resultant from the command above:

apps/openssl cms -verify -CAfile <SIG>_CA.crt -inform pem -in signedfile.cms -crlfeol -out signeddatafile

The contents of inputfile and the resultant signeddatafile should be the same.

Also supported are general signing operations using the standard OpenSSL dgst commands using QSC public/private keys of any of the supported signature algorithms. Example command using the same file notation used above:

    echo TestDataToSign | apps/openssl dgst -sha256 -sign <SIG>_srv.key -out signature

Performance testing

TLS end-to-end testing

"Empty" TLS handshakes can be performance tested via the standard openssl s_time command. In order to suitably trigger this with an OQS KEM/SIG pair of choice, first follow all steps outlined in the TLS demo section to obtain an OQS-algorithm-signed server certificate. You can then run the performance test in one of two ways:

Start the server with the desired certificate and key exchange algorithm as follows (<SERVER> and <KEX> are defined in the TLS demo section above):

apps/openssl s_server -cert <SERVER>.crt -key <SERVER>.key -www -tls1_3 -groups <KEX>

Then run apps/openssl s_time

Start the server with the desired certificate:

apps/openssl s_server -cert <SERVER>.crt -key <SERVER>.key -www -tls1_3

and specify the key-exchange algorithm through s_time using apps/openssl s_time -curves <KEX>.

Algorithm speed testing

OpenSSL also has facilities to perform pure speed tests of the cryptographic algorithms supported. This can be used to compare the relative performance of OQS algorithms.

To measure the speed of all KEM algorithms supported by the underlying liboqs:

apps/openssl speed oqskem

Similarly, to measure the speed of all OQS signature algorithms:

apps/openssl speed oqssig

As with standard OpenSSL, one can also pass a particular algorithm name to be tested, e.g., apps/openssl speed dilithium2.

We also have docker-based performance test environments in the oqs-demos subproject.

Integration testing

We have various pytest test suites for the TLS and CMS functionalities. Consult the oqs-test/ README for more information.

Third Party Integrations

Various third-party software applications, such as nginx and curl use OpenSSL to establish TLS connections; they can be built against our fork to make use of quantum-safe cryptography. The oqs-demos repository provides instructions for building various software like so.

Contributing

Contributions are gratefully welcomed. See our Contributing Guide for more details.

License

All modifications to this repository are released under the same terms as OpenSSL, namely as described in the file LICENSE.

Team

The Open Quantum Safe project is led by Douglas Stebila and Michele Mosca at the University of Waterloo.

Contributors to OQS-OpenSSL_1_1_1 include:

Christian Paquin (Microsoft Research)
Dimitris Sikeridis (University of New Mexico / Cisco Systems)
Douglas Stebila (University of Waterloo)
Goutam Tamvada (University of Waterloo)
Michael Baentsch (baentsch.ch)

Acknowledgments

Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services and the Canadian Centre for Cyber Security.

We'd like to make a special acknowledgement to the companies who have dedicated programmer time to contribute source code to OQS, including Amazon Web Services, evolutionQ, Microsoft Research, Cisco Systems, and IBM Research.

Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see here and here for funding acknowledgments.

openssl's People

Contributors

Stargazers

Watchers

Forkers

injac christianpaquin hippocrates-org zjma brl darg0001 kuonanhong kevinmkane zxm256 32t scarsi42 nvanadrichem banro21 stowage manvari thezedwards msgpo coen-schuijt devoneonline digicert dmjones apython123 crossingtud nuzumco nuzumglobal csosto-pk 68823613 debasishmaji dimisik xvzcf lrubens oieieio compuglobalhypermegacorp zrlmib stjordanis baentsch edyq i470 winterniphredil sahana-sridhar jyao1 kingterry777 skuyra yeswici dauten open-qkd-network drdisexon crest42 nimitzufo samproton tomcruse kalhas jesu20950 sjdthree neeraj-badhani jpadn shahip2016 bhess rfresearch jaorduz simewu cablelabs darcseid reliasoft prchander martyrshot faraimazh chiachin2686 bob10918 stjohenr gothremote smrtslckr fmuinos jedi-lh hyue-1110 laplacekorea metavai rahulvatsaus moongpom artaxerces blank-vax radical-semiconductor soojaelee adityakoranga alexandra-buzatoiu sector113 rowzzy opencrypto yuminyuminlee yuanmabiji pqcy cyberstormdotmu quantropi wtfloris pemmaras akihikokuroda ajbozarth fwh-dc emusal sshaotang

openssl's Issues

Add more algorithms from liboqs

Kyber 90s
LEDAkem
ThreeBears
HQC (open-quantum-safe/liboqs#709)

There's an error in make on ssl3.h

Error creating hybrid certificates with qTesla

When using liboqs-master with OQS-OpenSSL-1_1_1_stable, key generation fails for the combinations: rsa3072_qteslaI, p384_qteslaIIIsize, p384_qteslaIIIspeed. See https://circleci.com/gh/open-quantum-safe/testing/127 or https://circleci.com/gh/open-quantum-safe/testing/128.

Question: Cannot compile standard OpenSSL code using OQS-OpenSSL (already configured and installed)

I have compiled OQS-OpenSSL on CentOS 7.7 using gcc 7.3.1 by following the instructions (First get OQS-OpenSSL, then build and install liboqs at the root of OQS-OpenSSL and finally build OQS-OpenSSL).

Everything seems to work during the build process of OQS-OpenSSL, I've installed OQS-OpenSSL into "/usr/local/1.1.1d-OQS-OpenSSL_1_1_1-stable_snapshot_2019-10-0.2.0"

Issue:
The issue I get is when I try to compile code using standard OpenSSL is it complains that "oqs/oqs.h" couldn't be found. Indeed "oqs/oqs.h" is not installed when I issue a "make install" inside the OQS-OpenSSL directory. Also the instructions doesn't tell to separately install liboqs outside of OQS-OpenSSL.

Here's my build process:

cd /root/build/openssl/openssl-OpenSSL_1_1_1d && make clean ; ./Configure shared linux-x86_64 -lm --prefix="/usr/local/openssl-1.1.1d" && make -j 4 && make install
cd /root/build/liboqs/liboqs-0.2.0/ && autoreconf -i
cd /root/build/liboqs/liboqs-0.2.0/ && make clean ; ./configure --enable-shared --prefix="/root/build/openssloqs/openssl-OQS-OpenSSL_1_1_1-stable-snapshot-2019-10//oqs" --with-openssl="/usr/local/openssl-1.1.1d" "--disable-kem-bike" && make -j 4 && make install
cd /root/build/openssloqs/openssl-OQS-OpenSSL_1_1_1-stable-snapshot-2019-10/ && make clean ; ./Configure --prefix="/usr/local/1.1.1d-OQS-OpenSSL_1_1_1-stable_snapshot_2019-10-0.2.0" shared linux-x86_64 -lm && make -j 4 && make install

Now, when I try to build code that uses standard OpenSSL with OQS-OpenSSL I get this error (evp.h)

Error:

/usr/local/1.1.1d-OQS-OpenSSL_1_1_1-stable_snapshot_2019-10-0.2.0/include/openssl/evp.h:18:11: fatal error: oqs/oqs.h: No such file or directory
include <oqs/oqs.h>
       ^~~~~~~~~~~
compilation terminated.
make: *** [: OutboundTransferMgr.o] Error 1
[ CHROOT ] bash-4.2$>

==> How should I use the OpenSSL fork when building software that uses OpenSSL?
I have added

"-I/root/build/openssloqs/openssl-OQS-OpenSSL_1_1_1-stable-snapshot-2019-10/oqs/include"

to the Makefile so that "oqs/oqs.h" could resolve but I get other strange errors following this.

Thanks for your work here! I appreciate it :)

Sylvain

CHACHA20 Implementation

Since liboqs supports the Google Ciphersuites and they are implemented in the liboqs-Library, i guess it makes sense to let this fork have the ability to use them, too!

Would this be possible?

Thanks

Add Travis build for OQS-OpenSSL

Provide CI testing for the OQS fork

make install takes some errors

Compiling OpenSSL with your instructions works very well, but when I started with "make install" after all other commands, I got some error.

cp include/oqs/*.h /usr/local/ssl/include/oqs
cp: der Aufruf von stat für „include/oqs/kex_lwe_newhope.h“ ist nicht möglich: Datei oder Verzeichnis nicht gefunden
Makefile:551: recipe for target 'install_sw' failed
make: *** [install_sw] Error 1

I tried it on Debian 8 with gcc (Debian 4.9.2-10) 4.9.2.

Pattern matching for hybrid versus non-hybrid KEX in OpenSSL 1.0.2 is quirky

liboqs as a submodule?

I just realized that the liboqs code is redundant in this repository; should we add liboqs as a git submodule rather than copy/pasting all the code?

New OQS breaks the build

Latest OQS update breaks the OpenSSL build. "./config" results in the following error:

cd vendor/liboqs && make links
make[1]: Entering directory '/mnt/c/temp/openssl/vendor/liboqs'
make[1]: *** No rule to make target 'links'. Stop.
make[1]: Leaving directory '/mnt/c/temp/openssl/vendor/liboqs'
Makefile:451: recipe for target 'links' failed
make: *** [links] Error 2

The config script shouldn't be "making" vendor/liboqs. This is currently done in "make".

Question about update OpenSSL in Package-Manager after compile OpenSSL Quantum

Hi!

Can I easily update the following OpenSSL packages in my package-manager after compiling OpenSSL Quantum myself and installed it.

My package-manager shows me new updates of:

openssl
openssl-devel
-openssl-libs
-openssl-pkcs11

Or I always have to compile and install updates of OpenSSL Quantum myself?
Not that I'm overwriting OpenSSL Quantum.

Building as shared library fails

When attempt to build the OQS-OpenSSL_1_1_1-stable branch as a shared library with the following configure statement:

./Configure shared linux-x86_64 -lm

make fails with the following error:

ranlib libssl.a || echo Never mind.
Error: EVP_MD_CTX_create does not have a number assigned
Makefile:762: recipe for target 'libcrypto.map' failed
make[1]: *** [libcrypto.map] Error 25
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/home/peter/Documents/openssl'
Makefile:172: recipe for target 'all' failed
make: *** [all] Error 2

Is there something special that needs to be done in order to build the fork as a shared library?

edit specify branch

Inconsistency in hybrid signature algorithm names

In the C source code e.g. https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/crypto/objects/obj_dat.h#L5798 hybrid signature algorithms have an underscore e.g. p256_oqsdefault.

But in the test harness https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs_test/tests/test_openssl.py#L23 and in README.md, the hybrid signature algorithms have a hyphen e.g. p256-oqsdefault.

Does this mean that they are not running correctly?

Observed by Michael Baentsch.

openssl client/server issue when using OQS cipher suite

I have created an client/server application to establish ssl session via certificates.

Client.c
###############
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <malloc.h>
#include <string.h>
#include <sys/socket.h>
#include <resolv.h>
#include <netdb.h>
#include "ssl.h"
#include "err.h"
#include "crypto.h"
#include "apps.h"
#include "ssl.h"
#include "s_apps.h"
#define FAIL -1

int OpenConnection(const char *hostname, int port)
{ int sd;
struct hostent *host;
struct sockaddr_in addr;

if ( (host = gethostbyname(hostname)) == NULL )
{
    perror(hostname);
    abort();
}
sd = socket(PF_INET, SOCK_STREAM, 0);
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = *(long*)(host->h_addr);
if ( connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0 )
{
    close(sd);
    perror(hostname);
    abort();
}
return sd;

}

SSL_CTX* InitCTX(void)
{ SSL_METHOD *method;
SSL_CTX *ctx;

OpenSSL_add_all_algorithms();  /* Load cryptos, et.al. */
SSL_load_error_strings();   /* Bring in and register error messages */
method = SSLv3_client_method();  /* Create new client-method instance */
ctx = SSL_CTX_new(method);   /* Create new context */
if ( ctx == NULL )
{
    ERR_print_errors_fp(stderr);
    abort();
}
return ctx;

}

void ShowCerts(SSL* ssl)
{ X509 *cert;
char *line;

cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */
if ( cert != NULL )
{
    printf("Server certificates:\n");
    line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
    printf("Subject: %s\n", line);
    free(line);       /* free the malloc'ed string */
    line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
    printf("Issuer: %s\n", line);
    free(line);       /* free the malloc'ed string */
    X509_free(cert);     /* free the malloc'ed certificate copy */
}
else
    printf("No certificates.\n");

}

int main(int count, char *strings[])
{ SSL_CTX *ctx;
int server,cipherset;
SSL *ssl;
char buf[1024];
int bytes;
char *hostname, *portnum;

if ( count != 3 )
{
    printf("usage: %s <hostname> <portnum>\n", strings[0]);
    exit(0);
}
SSL_library_init();
hostname=strings[1];
portnum=strings[2];

ctx = InitCTX();

_cipherset=SSL_CTX_set_cipher_list(ctx,"OQSKEX-GENERIC");
server = OpenConnection(hostname, atoi(portnum));
ssl = SSL_new(ctx); /* create new SSL connection state /
SSL_set_fd(ssl, server); / attach the socket descriptor /
//cipherset=SSL_CTX_set_cipher_list(ctx,"SSL_kOQSKEX_SIDH_CLN16");
if ( SSL_connect(ssl) == FAIL ) / perform the connection */
ERR_print_errors_fp(stderr);
else
{ char *msg = "Hello???";

    printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
    ShowCerts(ssl);        /* get any certs */
    SSL_write(ssl, msg, strlen(msg));   /* encrypt & send message */
    bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */

buf[bytes] = 0;
printf("Received: "%s"\n", buf);
SSL_free(ssl); /* release connection state /
}
close(server); / close socket /
SSL_CTX_free(ctx); / release context */
return 0;
}

server.c
#########################
#include <errno.h>
#include <unistd.h>
#include <malloc.h>
#include <string.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <resolv.h>
#include "openssl/ssl.h"
#include "openssl/err.h"

#define FAIL -1

int OpenListener(int port)
{ int sd;
struct sockaddr_in addr;

sd = socket(PF_INET, SOCK_STREAM, 0);
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
if ( bind(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0 )
{
    perror("can't bind port");
    abort();
}
if ( listen(sd, 10) != 0 )
{
    perror("Can't configure listening port");
    abort();
}
return sd;

}

int isRoot()
{
if (getuid() != 0)
{
return 0;
}
else
{
return 1;
}

}
SSL_CTX* InitServerCTX(void)
{ SSL_METHOD *method;
SSL_CTX *ctx;

OpenSSL_add_all_algorithms();  /* load & register all cryptos, etc. */
SSL_load_error_strings();   /* load all error messages */
method = SSLv3_server_method();  /* create new server-method instance */
ctx = SSL_CTX_new(method);   /* create new context from method */
if ( ctx == NULL )
{
    ERR_print_errors_fp(stderr);
    abort();
}
return ctx;

}

void LoadCertificates(SSL_CTX* ctx, char* CertFile, char* KeyFile)
{
/* set the local certificate from CertFile /
if ( SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0 )
{
ERR_print_errors_fp(stderr);
abort();
}
/ set the private key from KeyFile (may be the same as CertFile) /
if ( SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0 )
{
ERR_print_errors_fp(stderr);
abort();
}
/ verify private key */
if ( !SSL_CTX_check_private_key(ctx) )
{
fprintf(stderr, "Private key does not match the public certificate\n");
abort();
}
}

void ShowCerts(SSL* ssl)
{ X509 *cert;
char *line;

cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
if ( cert != NULL )
{
    printf("Server certificates:\n");
    line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
    printf("Subject: %s\n", line);
    free(line);
    line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
    printf("Issuer: %s\n", line);
    free(line);
    X509_free(cert);
}
else
    printf("No certificates.\n");

}

void Servlet(SSL* ssl) /* Serve the connection -- threadable /
{ char buf[1024];
char reply[1024];
int sd, bytes;
const char HTMLecho="

%s

\n\n";

if ( SSL_accept(ssl) == FAIL )     /* do SSL-protocol accept */
    ERR_print_errors_fp(stderr);
else
{
    ShowCerts(ssl);        /* get any certificates */
    bytes = SSL_read(ssl, buf, sizeof(buf)); /* get request */
    if ( bytes > 0 )
    {
        buf[bytes] = 0;
        printf("Client msg: \"%s\"\n", buf);
        sprintf(reply, HTMLecho, buf);   /* construct reply */
        SSL_write(ssl, reply, strlen(reply)); /* send reply */
    }
    else
        ERR_print_errors_fp(stderr);
}
sd = SSL_get_fd(ssl);       /* get socket connection */
SSL_free(ssl);         /* release SSL state */
close(sd);          /* close connection */

}

int main(int count, char *strings[])
{ SSL_CTX *ctx;
int server;
char *portnum;

if(!isRoot())
{
    printf("This program must be run as root/sudo user!!");
    exit(0);
}
if ( count != 2 )
{
    printf("Usage: %s <portnum>\n", strings[0]);
    exit(0);
}
SSL_library_init();

portnum = strings[1];
ctx = InitServerCTX();        /* initialize SSL */
LoadCertificates(ctx, "mycert.pem", "mycert.pem"); /* load certs */
server = OpenListener(atoi(portnum));    /* create server socket */
while (1)
{   struct sockaddr_in addr;
    socklen_t len = sizeof(addr);
    SSL *ssl;

    int client = accept(server, (struct sockaddr*)&addr, &len);  /* accept connection as usual */
    printf("Connection: %s:%d\n",inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
    ssl = SSL_new(ctx);              /* get new SSL state with context */
    SSL_set_fd(ssl, client);      /* set connection socket to SSL state */
    Servlet(ssl);         /* service connection */
}
close(server);          /* close server socket */
SSL_CTX_free(ctx);         /* release context */

}

#######
compilation command for server.c:gcc -Wall -o server server.c -L/usr/local/ssl/lib/ -lssl -lcrypto -loqs -ldl
compilation command for client.c:gcc -Wall -o client client.c -L/usr/local/ssl/lib/ -lssl -lcrypto -loqs -ldl
(/usr/local/ssl/lib contain compiled libcrypto amd liboqs library).
to run server code:./server port-number
to run client code:./client server-ip port-number

i am using set_cipher_list function to set QS cipher text but when i run client side code it is showing error
ERROR:140135386150560:error:140830B5:SSL routines:ssl3_client_hello:no ciphers available:s3_clnt.c:841:

Update README.md for OQS-OpenSSL_1_0_2-stable

Add ThreeBears key exchange from nist-branch

Add KEMs from open-quantum-safe/liboqs#445

make test fails

"make test" fails on OQS-OpenSSL_1_1_1-stable (and not on the upstream's OpenSSL_1_1_1-stable branch)

testing PQ enabled openssl with s_time cmd

Hi! I'm considering doing a little benchmark of the post quantum ciphers in a openssl playground (mainly kex & signature algorithms). I've tested the command line server that comes with the openssl server and generated a self signed certificate with the pq signature of choice. I could connect to this server via the openssl s_client tool, which lets you specify with the -curves parameter the algorithm. This option is not available with the s_time command, very handy when benchmarking TLS connections. How do I specifically force a KEX algorithm in the test server/client connection with s_time. Are there any workarounds that you might know?

Thank you!

Move OpenSSL integration tests to OpenSSL repository

Also set it up so that it builds the current branch, not just master

run.sh failes. OQS_KEM_alg_newhope_1024_cca_kem undeclared

Good evening,
i just tried to build your openssl fork using the run.sh in ops_test.
It downloads liboqs just fine, compiles it (without any obvious error) and then tries to compile openssl.
Here it fails with the following errors:

/usr/bin/perl test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c
/usr/bin/perl test/generate_buildtest.pl ui > test/buildtest_ui.c
In file included from ssl/statem/extensions_clnt.c:19:
ssl/statem/extensions_clnt.c: In function 'add_key_share':
ssl/statem/../ssl_locl.h:712:37: error: 'OQS_KEM_alg_newhope_512_cca_kem' undeclared (first use in this function); did you mean 'OQS_KEM_alg_newhope_512cca'?
   (nid == NID_OQS_NEWHOPE_512_CCA ? OQS_KEM_alg_newhope_512_cca_kem : \
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssl/statem/extensions_clnt.c:616:36: note: in expansion of macro 'OQS_ALG_NAME'
         const char* oqs_alg_name = OQS_ALG_NAME(oqs_nid);
                                    ^~~~~~~~~~~~
ssl/statem/../ssl_locl.h:712:37: note: each undeclared identifier is reported only once for each function it appears in
   (nid == NID_OQS_NEWHOPE_512_CCA ? OQS_KEM_alg_newhope_512_cca_kem : \
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssl/statem/extensions_clnt.c:616:36: note: in expansion of macro 'OQS_ALG_NAME'
         const char* oqs_alg_name = OQS_ALG_NAME(oqs_nid);
                                    ^~~~~~~~~~~~
In file included from ssl/statem/extensions_srvr.c:18:
ssl/statem/extensions_srvr.c: In function 'tls_construct_stoc_key_share':
ssl/statem/../ssl_locl.h:712:37: error: 'OQS_KEM_alg_newhope_512_cca_kem' undeclared (first use in this function); did you mean 'OQS_KEM_alg_newhope_512cca'?
   (nid == NID_OQS_NEWHOPE_512_CCA ? OQS_KEM_alg_newhope_512_cca_kem : \
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssl/statem/extensions_srvr.c:1817:34: note: in expansion of macro 'OQS_ALG_NAME'
       const char* oqs_alg_name = OQS_ALG_NAME(oqs_nid);
                                  ^~~~~~~~~~~~
ssl/statem/../ssl_locl.h:712:37: note: each undeclared identifier is reported only once for each function it appears in
   (nid == NID_OQS_NEWHOPE_512_CCA ? OQS_KEM_alg_newhope_512_cca_kem : \
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssl/statem/extensions_srvr.c:1817:34: note: in expansion of macro 'OQS_ALG_NAME'
       const char* oqs_alg_name = OQS_ALG_NAME(oqs_nid);
                                  ^~~~~~~~~~~~
/usr/bin/perl test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c
/usr/bin/perl test/generate_buildtest.pl x509 > test/buildtest_x509.c
/usr/bin/perl test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c
/usr/bin/perl test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c
gcc  -Iinclude -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o test/casttest.c
gcc  -I. -Iinclude -Icrypto/include -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o test/chacha_internal_test.c
gcc  -I. -Iinclude -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF test/cipher_overhead_test.d.tmp -MT test/cipher_overhead_test.o -c -o test/cipher_overhead_test.o test/cipher_overhead_test.c
gcc  -Iinclude -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o test/cipherbytes_test.c
gcc  -Iinclude -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o test/cipherlist_test.c
gcc  -Iinclude -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o test/ciphername_test.c
gcc  -Iinclude -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o test/clienthellotest.c
ssl/statem/../ssl_locl.h:713:37: error: 'OQS_KEM_alg_newhope_1024_cca_kem' undeclared (first use in this function); did you mean 'OQS_KEM_alg_newhope_1024cca'?
   (nid == NID_OQS_NEWHOPE_1024_CCA? OQS_KEM_alg_newhope_1024_cca_kem : \
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssl/statem/extensions_clnt.c:616:36: note: in expansion of macro 'OQS_ALG_NAME'
         const char* oqs_alg_name = OQS_ALG_NAME(oqs_nid);
                                    ^~~~~~~~~~~~
ssl/statem/../ssl_locl.h:713:37: error: 'OQS_KEM_alg_newhope_1024_cca_kem' undeclared (first use in this function); did you mean 'OQS_KEM_alg_newhope_1024cca'?
   (nid == NID_OQS_NEWHOPE_1024_CCA? OQS_KEM_alg_newhope_1024_cca_kem : \
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssl/statem/extensions_srvr.c:1817:34: note: in expansion of macro 'OQS_ALG_NAME'
       const char* oqs_alg_name = OQS_ALG_NAME(oqs_nid);
                                  ^~~~~~~~~~~~
gcc  -Iinclude -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DNDEBUG  -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o test/cmsapitest.c
make[1]: *** [Makefile:6186: ssl/statem/extensions_srvr.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: *** [Makefile:6170: ssl/statem/extensions_clnt.o] Error 1
make[1]: Leaving directory '/home/scarjit/Documents/openssl'
make: *** [Makefile:172: all] Error 2

Iv included the full log as a gist. (Please note, that i omitted the clone script, since my internet is very slow. I have however used make clean in both the openssl and oqs_test/tmp/liboqs.

https://gist.github.com/Scarjit/1c7c15e0c37bfa7eb24afc4e2a07364a

Failing to compile NGINX with PQ openssl fork

HI! I'm trying to compile the PQ OpenSSL fork into NGINX, I've run into some problems when building nginx wirth openssl underneath. I'll show my Dockerfile to clarify my procedure for installing Nginx. I have tested the TLS demo and works fine, but when configuring Nginx on Ubuntu 18.04 it fails. I kindly ask if anyone know how to solve this problem.

FROM ubuntu:18.04

### Building NGINX from source with post quantum openssl for TLS connections
RUN apt update && apt upgrade -y
RUN apt install wget autoconf automake libtool libssl-dev make unzip xsltproc git -y
RUN apt install build-essential -y

### Step 1: Build required libraries: pcre, zlib and quantum safe openssl

### PCRE
RUN wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.42.tar.gz && \
 tar -zxf pcre-8.42.tar.gz && \
 cd pcre-8.42 && \
 ./configure && \
 make && \
 make install
### ZLIB
RUN wget http://zlib.net/zlib-1.2.11.tar.gz && \
 tar -zxf zlib-1.2.11.tar.gz && \
 cd zlib-1.2.11 && \
 ./configure && \
 make && \
 make install


### Install liboqs
WORKDIR /usr/local/

RUN git clone --branch OQS-OpenSSL_1_1_1-stable https://github.com/open-quantum-safe/openssl.git

RUN git clone --branch master https://github.com/open-quantum-safe/liboqs.git

WORKDIR /usr/local/liboqs
RUN autoreconf -i
RUN ./configure --prefix=/usr/local/openssl/oqs --enable-shared=no
RUN make -j
RUN make install

### Install openssl
WORKDIR /usr/local/openssl
RUN ./config --prefix=/usr/local/openssl -Wl,-rpath -Wl,/usr/local/openssl/oqs/lib
RUN make -j

RUN cp libcrypto.so.1.1 ./oqs/lib
RUN cp libssl.so.1.1 ./oqs/lib

WORKDIR /

### Step 2: Download NGINX and RTMP module
RUN wget https://nginx.org/download/nginx-1.15.11.tar.gz && \
 tar zxf nginx-1.15.11.tar.gz

RUN wget https://github.com/arut/nginx-rtmp-module/archive/master.zip && \
 unzip master.zip

RUN rm -rf *.tar.gz

### Step 3: Build and install NGINX
RUN wget https://nginx.org/download/nginx-1.15.11.tar.gz && \
 tar zxf nginx-1.15.11.tar.gz

RUN   cd nginx-1.15.11 && ./configure \
--with-cc-opt="-I /usr/local/openssl/oqs/include/" \
--with-ld-opt="-L /usr/local/openssl/oqs/lib/"\
--sbin-path=/usr/local/nginx/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/usr/local/nginx/nginx.pid \
--with-pcre=../pcre-8.42 \
--with-zlib=../zlib-1.2.11 \
--with-openssl=/usr/local/openssl \
--with-http_ssl_module \
--with-stream \
--with-mail=dynamic \
--add-module=/nginx-rtmp-module-master && \
make && \
make install

The error is the following:

/usr/local/openssl/.openssl/lib/libssl.a(s3_lib.o): In function ssl3_clear': s3_lib.c:(.text+0x51b): undefined reference to OQS_KEM_free'
/usr/local/openssl/.openssl/lib/libssl.a(extensions_clnt.o): In function tls_construct_ctos_key_share': extensions_clnt.c:(.text+0x18af): undefined reference to OQS_KEM_new'
extensions_clnt.c:(.text+0x1952): undefined reference to OQS_KEM_keypair' extensions_clnt.c:(.text+0x199c): undefined reference to OQS_MEM_secure_free'
extensions_clnt.c:(.text+0x19a4): undefined reference to OQS_MEM_insecure_free' extensions_clnt.c:(.text+0x19c2): undefined reference to OQS_KEM_free'
/usr/local/openssl/.openssl/lib/libssl.a(extensions_clnt.o): In function tls_parse_stoc_key_share': extensions_clnt.c:(.text+0x3c96): undefined reference to OQS_MEM_secure_free'
extensions_clnt.c:(.text+0x3cb4): undefined reference to OQS_MEM_secure_free' extensions_clnt.c:(.text+0x3cd2): undefined reference to OQS_KEM_free'
extensions_clnt.c:(.text+0x3d77): undefined reference to OQS_KEM_decaps' /usr/local/openssl/.openssl/lib/libssl.a(extensions_srvr.o): In function tls_construct_stoc_key_share':
extensions_srvr.c:(.text+0x3769): undefined reference to OQS_KEM_new' extensions_srvr.c:(.text+0x37be): undefined reference to OQS_KEM_encaps'
extensions_srvr.c:(.text+0x3906): undefined reference to OQS_MEM_secure_free' extensions_srvr.c:(.text+0x390e): undefined reference to OQS_KEM_free'
extensions_srvr.c:(.text+0x3aeb): undefined reference to OQS_MEM_secure_free' extensions_srvr.c:(.text+0x3af3): undefined reference to OQS_KEM_free'
/usr/local/openssl/.openssl/lib/libcrypto.a(oqs_meth.o): In function pkey_oqs_digestverify': oqs_meth.c:(.text+0x101): undefined reference to OQS_SIG_verify'
/usr/local/openssl/.openssl/lib/libcrypto.a(oqs_meth.o): In function pkey_oqs_digestsign': oqs_meth.c:(.text+0x62f): undefined reference to OQS_SIG_sign'
/usr/local/openssl/.openssl/lib/libcrypto.a(oqs_meth.o): In function oqs_free': oqs_meth.c:(.text+0x1d0e): undefined reference to OQS_SIG_free'
/usr/local/openssl/.openssl/lib/libcrypto.a(oqs_meth.o): In function oqs_key_init': oqs_meth.c:(.text+0x1df9): undefined reference to OQS_SIG_new'
oqs_meth.c:(.text+0x1f30): undefined reference to OQS_SIG_free' /usr/local/openssl/.openssl/lib/libcrypto.a(oqs_meth.o): In function oqs_priv_decode':
oqs_meth.c:(.text+0x22f6): undefined reference to OQS_SIG_free' /usr/local/openssl/.openssl/lib/libcrypto.a(oqs_meth.o): In function pkey_oqs_keygen':
oqs_meth.c:(.text+0x2528): undefined reference to OQS_SIG_new' oqs_meth.c:(.text+0x273c): undefined reference to OQS_SIG_keypair'
oqs_meth.c:(.text+0x2778): undefined reference to OQS_SIG_free' oqs_meth.c:(.text+0x2810): undefined reference to OQS_SIG_free'
/usr/local/openssl/.openssl/lib/libcrypto.a(oqs_meth.o): In function oqs_pub_decode': oqs_meth.c:(.text+0x2b6a): undefined reference to OQS_SIG_free'
collect2: error: ld returned 1 exit status
objs/Makefile:323: recipe for target 'objs/nginx' failed
make[1]: Leaving directory '/nginx-1.15.11'
make[1]: *** [objs/nginx] Error 1
Makefile:8: recipe for target 'build' failed
make: *** [build] Error 2

Thanks!

Why aren't CircleCI tests being run?

Issue during Make of PQS OpenSSL

Dear PQS Team,

I am running into the following problem after a successful build of the corresponding library. I am not sure how to further debug the error, as searching for the gcc commands using grep did not find the correct line. What could I do to solve the issue and install the library?

${LDCMD:-gcc} -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -L. -Loqs/lib  \
	-o test/buildtest_c_srp test/buildtest_srp.o \
	 -lssl -lcrypto -ldl -pthread -loqs -lm
rm -f test/buildtest_c_txt_db
/usr/bin/ld: cannot find -loqs
collect2: error: ld returned 1 exit status

Is it an issue with the capital, as using -Loqs does not seem to throw any errors! Perhaps you'll find the problem quicker, as if I spend more time trying to identify the problem. Should oqs be placed as loqs?

Best regards,
Cob

Some BIKE ciphersuites not reliable in TLS 1.3

Some BIKE ciphersuites (e.g., bike2l1, bike2l3, bike2l5, bike3l1, bike3l3, bike3l5) are not reliable for me in TLS 1.3 on my Mac. About 50% of the time, the connection goes through, and 50% of the time I get the following error:

CONNECTED(00000006)
4452943296:error:14200044:SSL routines:add_key_share:internal error:ssl/statem/extensions_clnt.c:626:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

I'm not sure what the problem is.

Any ideas, @christianpaquin?

Sync with OpenSSL 1.1.1d

OpenSSL 1.0.2 build failure on Windows

First error is that oqs/oqs.h can't be found while building ssl3.h.

OQS-OpenSSL 1.0.2 CI tests failing due to undefined EVP_MD_CTX_new/free

See https://circleci.com/gh/open-quantum-safe/openssl/654

Error in $ make -j

I receive an error
on the OpenSSL fork built $ make -j execution:

¿Any help? Thanks!

PKCS7 Support for OQS Algorithms

I'm interested in using the signature algorithms from liboqs thru OpenSSL's PKCS7 interface. Through some experimentation, I've noticed that for the OQS algorithms, an oqs_pkey_ctrl() function that handles the ASN1_PKEY_CTRL_PKCS7_SIGN operation isn't defined in oqs_meth.c as has been done for classical algorithms such as in rsa_ameth.c or ec_ameth.c. I blindly wrote a crude implementation of that function to see what else fails with generating a PKCS7 signature with an quantum safe signature algorithm and I hit a lot of issues with OpenSSL's PKCS7 code not handling a NULL digest associated with OQS private keys.

Could someone provide some background on why PKCS7 support with OQS along wasn't done (totally understand if it wasn't a priority) as it seems a lot of the core ASN1 calls were implemented in oqs_meth.c or if there is some gating technical reason that would make this work a challenge?

openssl speed invalid machine command

When I'm running the version from today on Debian 8, I got with "openssl speed oqskex_lwe_frodo_recommended" the output:

Doing OQS KEX LWE Frodo recommended Alice 0's for 10s: Invalid machine command

All other oqskex cipher will run.

Sync with OpenSSL 1.0.2t

Can't build Windows DLL target on 1.0.2

Running nmake -f ms\ntdll.mak (instead of nt.mak, as described in the README.md) fails; many unresolved external symbol OQS_KEM_* errors. liboqs must be correctly linked in this makefile to fix this.

Update TLS 1.3 wiki page with v0.2 changes

Update the PQC integration into TLS 1.3 page.

Code point interoperability

The current 1.1.1 branch breaks interoperability with the previous tagged release due to different assignment of the code points for the PQ KEM algs. Up to the integration of templating code, the code points (used in TLS to specify the selected "curve") were assigned manually and care was taken to keep previously defined values the same, to ensure that client/server remained interoperable between versions or implementations (e.g., openssl and boringssl). Templating simplifies the integration of new algs, but overwrites previous code point values. This means that, in the future, any changes of the OQS supported list of algs will result in different code point values.

We should design a mechanism to assign specific code points to an algorithm, both if this is specified in a standard, or to preserve interop between releases. We support this already for signature OIDs.

If we break compatibility in this release, we should document that and bump the release version number accordingly.

Generate OQS-based signature stuff from templates

Add OQS KEM and SIG algorithms to openssl speed on OQS-OpenSSL_1_1_1-stable branch

Failed to issue server cert from root CA cert

We should be able to generate a server cert issued by a root CA using these instructions:

Create self-signed root CA
./apps/openssl req -x509 -new -newkey qteslaI -keyout rootCA.key -out rootCA.crt -nodes -subj "/CN=rootCA" -days 365 -config apps/openssl.cnf
Create a private key for the server:
./apps/openssl genpkey -algorithm qteslaI -out server.key
Create a key and CSR for the server
./apps/openssl req -new -newkey qteslaI -keyout server.key -out server.csr -nodes -subj "/CN=server" -days 365 -config apps/openssl.cnf
Sign the CSR, create server cert
./apps/openssl x509 -req -in server.csr -out server.crt -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365

The last step however fails with:
Signature verification error 140249734448896:error:0D0C50C7:asn1 encoding routines:ASN1_item_verify:unknown signature algorithm:crypto/asn1/a_verify.c:111:

(tested with master branch of liboqs)

s_client misreports OQS pubkey size

On 1.1.1, s_client prints out OQS pub key sizes in bytes, rather than in bits.

Script to skip CI builds if no check-in should check if liboqs had a check-in

The newly added .circleci/git_no_checkin_in_last_day.sh script usage in the .circleci/config.yml should only skip if there was no check-in in both OpenSSL and liboqs; currently it skips if there was no check-in in just OpenSSL.

Also needs to be changed in OQS-OpenSSH.

Building fails

I'm getting a whole bunch of errors like

ssl/t1_trce.c:563:6: error: initializer element is not constant
     {OQS_KEM_CURVEID(NID_OQS_ledakem_C1_N02), "ledakem_C1_N02"},
      ^~~~~~~~~~~~~~~
ssl/t1_trce.c:563:6: note: (near initialization for 'ssl_groups_tbl[58].num')

Figure out how to integrate KEMs into EVP layer

For much easier use, KEMs should probably be integrated in the EVP framework. I did some experiments, and I now do have a certified Kyber 512 public key.

This should then be useful to consider OPTLS-like setups.

The challenge of course is EVP_PKEY_derive being almost but not quite suitable for this task. I have not tackled this problem yet, but it may be possible to slightly extend the API to obtain a ciphertext instead of the public key. That seems the main challenge, I think it should be possible to override the derive function such that it conditionally encapsulates or decapsulates:


static int pkey_oqs_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) {
    OQS_KEY *oqs_key = (OQS_KEY*) ctx->pkey->pkey.ptr;
    OQS_KEY *oqs_peer = (OQS_KEY*) ctx->peerkey->pkey.ptr;

    *keylen = oqs_size(ctx->pkey);
    if (key == NULL) {
        return 1;
    }
    if (oqs_peer->ciphertext) {
        if (OQS_KEM_decaps(oqs_key->k, key, oqs_peer->ciphertext, oqs_key->privkey) == OQS_SUCCESS) {
            return 1;
        }
    } else {
        oqs_peer->ciphertext = OPENSSL_malloc(*keylen);
        if (OQS_KEM_encaps(oqs_key->k, key, oqs_peer->ciphertext, oqs_peer->pubkey) == OQS_SUCCESS) {
            return 1;
        }
    }

    return 0;
}

Obviously, that does mean that the users of the EVP API need to do some detection "is this method a KEM" and obtain and/or set the ciphertext if needed.

Enable liboqs nist-branch with OpenSSL 1.1.1

Currently, the OQS-OpenSSL_1_1_1-stable branch only supports liboqs's master. Enable using the nist-branch.

Document generating PQ/hybrid CA chains

Document the examples from issue #68, either in README.md or in the wiki.

Should we also add this to the integration tests?

Docker images for benchmarking

It would be nice to have a Docker image for automatic benchmarking of liboqs-based ciphersuites in this OpenSSL fork.

Crashes in Ubuntu 16.10 with gcc-6

Denis Butin wrote in an email:

I had crashes with Ubuntu 16.10, which uses GCC 6 instead of GCC 5. There may be a link with the aforementioned warnings. Taking a closer look with gdb showed a segfault that went away once I commented out the following lines:

In s3_clnt.c:
OQS_KEX_free(oqskex_kex);
OQS_RAND_free(oqskex_rand);

In s3_srvr.c:
OQS_KEX_free(s->s3->tmp.oqskex_kex);
OQS_RAND_free(s->s3->tmp.oqskex_rand);

Sync OQS-OpenSSL_1_0_2-stable with new 1.0.2q release

TLS demo apparently fails to use a post-quantum cipher

I've tried to run the TLS demo on both Ubuntu and MacOS using the pure post-quantum certificate option for the CA and the server.

When I run the client app to establish a connection based on post-quantum kex ciphers like bike1l1 or sike503, the cipher suite is getting set to TLS_AES_256_GCM_SHA384. Here is what it shows:

"No client certificate CA names sent
Peer signature type: qTESLA-III-size
Server Temp Key: bike1l1

SSL handshake has read 10127 bytes and written 2895 bytes
Verification: OK

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2976 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)"

Shouldn't the cipher be something like BIKEL1-ECDHE-QTESLAIIISIZE-AES256-GCM-SHA384?

Also, I think the server public key shown should be 2976 bytes instead of bits.

P.S.: The CA certificate uses qteslaI and the server certificate uses qteslaIIIsize. (The same issue also happens for other post-quantum signature algorithms such as picnicl1)

Algorithms disabled in liboqs should be disabled in OpenSSL.

When liboqs is built, autoconf outputs config.h, which contains preprocessor defines that state what algorithms are enabled at the variant level; for e.g.: if in the file we have
...
#define OQS_ENABLE_SIG_qTESLA_I 1
/* #define OQS_ENABLE_SIG_qTESLA_III_size*/
...
this means qTESLA_I is enabled and qTESLA_III_size is not.

OpenSSL should also be able to enable and disable the use of these algorithms according to the config.h output.

Need help to compile - OQS_KEM_bike3_l1_ossl_add errors

Hi'!
I need help, when I type in @ terminal: "make -j"

...then I got a few errors:

How can I fix that?

licit-function-declaration]
if (BN_GF2m_add(r, a, b) == 0) {
^~~~~~~~~~~
BN_mod_add
ref//openssl_utils.c:86:13: error: implicit declaration of function ‘BN_GF2m_mod_inv’; did you mean ‘BN_nist_mod_func’? [-Werror=implicit-function-declaration]
inv_res = BN_GF2m_mod_inv(r, a, m, bn_ctx);
^~~~~~~~~~~~~~~
BN_nist_mod_func
ref//openssl_utils.c: In function ‘OQS_KEM_bike3_l1_ossl_add’:
ref//openssl_utils.c:178:6: error: implicit declaration of function ‘BN_GF2m_add’; did you mean ‘BN_mod_add’? [-Werror=implicit-function-declaration]
if (BN_GF2m_add(r, a, b) == 0) {
^~~~~~~~~~~
BN_mod_add
ref//openssl_utils.c: In function ‘ossl_cyclic_product’:
ref//openssl_utils.c:59:6: error: implicit declaration of function ‘BN_GF2m_mod_mul’; did you mean ‘BN_mod_mul’? [-Werror=implicit-function-declaration]
if (BN_GF2m_mod_mul(r, a, b, m, bn_ctx) == 0) {
^~~~~~~~~~~~~~~
BN_mod_mul
ref//openssl_utils.c: In function ‘invert_poly’:
ref//openssl_utils.c:86:13: error: implicit declaration of function ‘BN_GF2m_mod_inv’; did you mean ‘BN_nist_mod_func’? [-Werror=implicit-function-declaration]
inv_res = BN_GF2m_mod_inv(r, a, m, bn_ctx);
^~~~~~~~~~~~~~~
BN_nist_mod_func
ref//openssl_utils.c: In function ‘OQS_KEM_bike3_l3_ossl_add’:
ref//openssl_utils.c:178:6: error: implicit declaration of function ‘BN_GF2m_add’; did you mean ‘BN_mod_add’? [-Werror=implicit-function-declaration]
if (BN_GF2m_add(r, a, b) == 0) {
^~~~~~~~~~~
BN_mod_add
ref//openssl_utils.c: In function ‘ossl_cyclic_product’:
ref//openssl_utils.c:59:6: error: implicit declaration of function ‘BN_GF2m_mod_mul’; did you mean ‘BN_mod_mul’? [-Werror=implicit-function-declaration]
if (BN_GF2m_mod_mul(r, a, b, m, bn_ctx) == 0) {
^~~~~~~~~~~~~~~
BN_mod_mul
ref//openssl_utils.c: In function ‘invert_poly’:
ref//openssl_utils.c:86:13: error: implicit declaration of function ‘BN_GF2m_mod_inv’; did you mean ‘BN_nist_mod_func’? [-Werror=implicit-function-declaration]
inv_res = BN_GF2m_mod_inv(r, a, m, bn_ctx);
^~~~~~~~~~~~~~~
BN_nist_mod_func
ref//openssl_utils.c: In function ‘OQS_KEM_bike3_l5_ossl_add’:
ref//openssl_utils.c:178:6: error: implicit declaration of function ‘BN_GF2m_add’; did you mean ‘BN_mod_add’? [-Werror=implicit-function-declaration]
if (BN_GF2m_add(r, a, b) == 0) {
^~~~~~~~~~~

cc1: all warnings being treated as errors
make[2]: *** [Makefile:1478: ref//libkembike1_l1_la-openssl_utils.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
cc1: all warnings being treated as errors
make[2]: *** [Makefile:1514: ref//libkembike1_l3_la-openssl_utils.lo] Error 1
cc1: all warnings being treated as errors
make[2]: *** [Makefile:1550: ref//libkembike1_l5_la-openssl_utils.lo] Error 1
cc1: all warnings being treated as errors
make[2]: *** [Makefile:1586: ref//libkembike2_l1_la-openssl_utils.lo] Error 1
cc1: all warnings being treated as errors
make[2]: *** [Makefile:1622: ref//libkembike2_l3_la-openssl_utils.lo] Error 1
cc1: all warnings being treated as errors
cc1: all warnings being treated as errors
make[2]: *** [Makefile:1658: ref//libkembike2_l5_la-openssl_utils.lo] Error 1
cc1: all warnings being treated as errors
make[2]: *** [Makefile:1694: ref//libkembike3_l1_la-openssl_utils.lo] Error 1
make[2]: *** [Makefile:1730: ref//libkembike3_l3_la-openssl_utils.lo] Error 1
cc1: all warnings being treated as errors
make[2]: *** [Makefile:1766: ref//libkembike3_l5_la-openssl_utils.lo] Error 1

Sync OQS-OpenSSL_1_1_1-stable with new 1.1.1a release

Merge our depot with the latest OpenSSL release

open-quantum-safe / openssl Goto Github PK

openssl's Introduction

OQS-OpenSSL_1_1_1

Warning

Overview

Status

Limitations and security

Supported Algorithms

Key Exchange

Authentication

Quickstart

Building

Linux and macOS

Step 0: Get pre-requisites

Step 1: Build and install liboqs

Step 2: Build the fork

Windows

Step 0

Step 1: Build and install liboqs

Step 2: Build the fork

Build options

Default algorithms announced

Running

TLS demo

CMS demo

Performance testing

TLS end-to-end testing

Algorithm speed testing

Integration testing

Third Party Integrations

Contributing

License

Team

Acknowledgments

openssl's People

Contributors

Stargazers

Watchers

Forkers

openssl's Issues

In s3_srvr.c: OQS_KEX_free(s->s3->tmp.oqskex_kex); OQS_RAND_free(s->s3->tmp.oqskex_rand);

Recommend Projects

Recommend Topics

Recommend Org

Jobs

In s3_srvr.c:
OQS_KEX_free(s->s3->tmp.oqskex_kex);
OQS_RAND_free(s->s3->tmp.oqskex_rand);