search

open-quantum-safe / openssl

UNSUPPORTED Fork of OpenSSL 1.1.1 that includes prototype quantum-resistant algorithms and ciphersuites based on liboqs PLEASE SWITCH TO OQS-Provider for OpenSSL 3
https://openquantumsafe.org/
Other
286 stars 124 forks source link

Unable to enable sphincssha256128fsimple and sphincssha256128ssimple schemes #424

Closed sandilya761 closed 1 year ago

sandilya761 commented 1 year ago

I want to enable sphincssha256128fsimple and sphincssha256128ssimple schemes. So, I changed enable command from false to true in generate.yml file and executed python3 oqs-template/generate.py and make generate_crypto_objects  commands.

All the steps are successful but output is as follows:

Unknown algorithm sphincssha256128ssimple

Unknown algorithm sphincssha256128fsimple

baentsch commented 1 year ago

Please be specific as to where you get this output: Which command generates this?

Edit/Add: When doing this for fun in oqs-provider as it has nicer output facilities, all tests pass and the output is clear:

$ LD_LIBRARY_PATH=.local/lib64 .local/bin/openssl list --signature-algorithms -provider-path _build/oqsprov -provider oqsprovider
  dilithium2 @ oqsprovider
  p256_dilithium2 @ oqsprovider
  rsa3072_dilithium2 @ oqsprovider
  dilithium3 @ oqsprovider
  p384_dilithium3 @ oqsprovider
  dilithium5 @ oqsprovider
  p521_dilithium5 @ oqsprovider
  falcon512 @ oqsprovider
  p256_falcon512 @ oqsprovider
  rsa3072_falcon512 @ oqsprovider
  falcon1024 @ oqsprovider
  p521_falcon1024 @ oqsprovider
  sphincssha256128fsimple @ oqsprovider
  p256_sphincssha256128fsimple @ oqsprovider
  rsa3072_sphincssha256128fsimple @ oqsprovider
  sphincssha256128ssimple @ oqsprovider
  p256_sphincssha256128ssimple @ oqsprovider
  rsa3072_sphincssha256128ssimple @ oqsprovider
  sphincsshake256192fsimple @ oqsprovider
  p384_sphincsshake256192fsimple @ oqsprovider
  sphincsshake256256fsimple @ oqsprovider
  p521_sphincsshake256256fsimple @ oqsprovider
sandilya761 commented 1 year ago

sorry for not mentioning the command. This is the command that I used:

apps/openssl req -x509 -new -newkey <SIG> -keyout <SIG>_CA.key -out <SIG>_CA.crt -nodes -subj "/CN=oqstest CA" -days 365 -config apps/openssl.cnf

baentsch commented 1 year ago

Here's what happens when I do this:

apps/openssl req -x509 -new -newkey sphincssha256128ssimple -keyout sphincssha256128ssimple_CA.key -out sphincssha256128ssimple_CA.crt -nodes -subj "/CN=oqstest CA" -days 365 -config apps/openssl.cnf
Generating a sphincssha256128ssimple private key
writing new private key to 'sphincssha256128ssimple_CA.key'
-----

Please run (and show the output of) apps/openssl version, apps/openssl speed test and ldd apps/openssl to ensure you run the right code (and are not using a wrong shared crypto lib).

sandilya761 commented 1 year ago

Following is the output:

image

baentsch commented 1 year ago

Did you install the newly built oqs-openssl in /usr/local/lib?

Edit/add: Should the answer be "No" as I presume, please use LD_LIBRARY_PATH to solve your problem (and close this issue).

sandilya761 commented 1 year ago

I changed the path using following command: export LD_LIBRARY_PATH=/usr/local/lib

Now, I am getting following error: image

baentsch commented 1 year ago

Do you understand what LD_LIBRARY_PATH does and how it can be used in your setup?

sandilya761 commented 1 year ago

No. Please guide me.

dstebila commented 1 year ago

Please check for various instructions on the internet on how to use the LD_LIBRARY_PATH environment variable to override where Linux looks for shared libraries. Comment https://github.com/open-quantum-safe/openssl/issues/424#issuecomment-1385230129 above gives one example, but there are many ways to do it.

Closing since this isn't an OQS issue.