search

open-quantum-safe / oqs-provider

OpenSSL 3 provider containing post-quantum algorithms
https://openquantumsafe.org
MIT License
200 stars 83 forks source link

Too many advertised sig algs cause TLS server hang-up #399

Open mouse07410 opened 5 months ago

mouse07410 commented 5 months ago

Describe the bug Provider built from the main branch pulled after Fri Apr 12, 2024, somehow causes OpenSSL to hang and then time-out on requests over corporate firewall (to https://index.crates.io, in case it matters).

When I comment out oqs provider in openssl.cnf the problem disappears.

I must add that before Apr 12th everything worked just fine. So, it's OpenSSL, or liboqs, or oqs-provider.

@levitte could you please take a look as well? I don't know whether it's the provider's fault, or that of the OpenSSL itself.

To Reproduce A little complicated, but here's what I have.

Steps to reproduce the behavior:

  1. Install Rust toolchain.
  2. Install cargo-update via cargo install cargo-update
  3. Have OpenSSL-3.2.1 installed.
  4. Install current master of liboqs.
  5. Clone and install oqs-provider (main branch).
  6. Edit openssl.cnf to add oqs provider (some add it as oqsprovider, for me naming it oqs suffices).
  7. Try cargo install-update -l
  8. See error

Expected behavior

Something like

$ cargo install-update -l
    Polling registry 'https://index.crates.io/'.......................................

Package          Installed             Latest                               Needs update
asn1rs           v0.3.1                v0.3.1                               No
b3sum            v1.5.1                v1.5.1                               No
.  .  .

Actual behavior

$ cargo install-update -l
    Polling registry 'https://index.crates.io/'
Failed to update index repository crates-io: package asn1rs: [35] SSL connect error (OpenSSL SSL_connect: SSL_ERROR_ZERO_RETURN in connection to index.crates.io:443 ).
$ 
$ OQSPROV=1 cargo install-update -l
OQS PROV: successfully registered dilithium2 with NID 1320
OQS PROV: successfully registered p256_dilithium2 with NID 1321
OQS PROV: successfully registered rsa3072_dilithium2 with NID 1322
OQS PROV: successfully registered dilithium3 with NID 1323
OQS PROV: successfully registered p384_dilithium3 with NID 1324
OQS PROV: successfully registered dilithium5 with NID 1325
OQS PROV: successfully registered p521_dilithium5 with NID 1326
OQS PROV: successfully registered mldsa44 with NID 1327
OQS PROV: successfully registered p256_mldsa44 with NID 1328
OQS PROV: successfully registered rsa3072_mldsa44 with NID 1329
OQS PROV: successfully registered mldsa44_pss2048 with NID 1330
OQS PROV: successfully registered mldsa44_rsa2048 with NID 1331
OQS PROV: successfully registered mldsa44_ed25519 with NID 1332
OQS PROV: successfully registered mldsa44_p256 with NID 1333
OQS PROV: successfully registered mldsa44_bp256 with NID 1334
OQS PROV: successfully registered mldsa65 with NID 1335
OQS PROV: successfully registered p384_mldsa65 with NID 1336
OQS PROV: successfully registered mldsa65_pss3072 with NID 1337
OQS PROV: successfully registered mldsa65_rsa3072 with NID 1338
OQS PROV: successfully registered mldsa65_p256 with NID 1339
OQS PROV: successfully registered mldsa65_bp256 with NID 1340
OQS PROV: successfully registered mldsa65_ed25519 with NID 1341
OQS PROV: successfully registered mldsa87 with NID 1342
OQS PROV: successfully registered p521_mldsa87 with NID 1343
OQS PROV: successfully registered mldsa87_p384 with NID 1344
OQS PROV: successfully registered mldsa87_bp384 with NID 1345
OQS PROV: successfully registered mldsa87_ed448 with NID 1346
OQS PROV: successfully registered falcon512 with NID 1347
OQS PROV: successfully registered p256_falcon512 with NID 1348
OQS PROV: successfully registered rsa3072_falcon512 with NID 1349
OQS PROV: successfully registered falconpadded512 with NID 1350
OQS PROV: successfully registered p256_falconpadded512 with NID 1351
OQS PROV: successfully registered rsa3072_falconpadded512 with NID 1352
OQS PROV: successfully registered falcon1024 with NID 1353
OQS PROV: successfully registered p521_falcon1024 with NID 1354
OQS PROV: successfully registered falconpadded1024 with NID 1355
OQS PROV: successfully registered p521_falconpadded1024 with NID 1356
OQS PROV: successfully registered sphincssha2128fsimple with NID 1357
OQS PROV: successfully registered p256_sphincssha2128fsimple with NID 1358
OQS PROV: successfully registered rsa3072_sphincssha2128fsimple with NID 1359
OQS PROV: successfully registered sphincssha2128ssimple with NID 1360
OQS PROV: successfully registered p256_sphincssha2128ssimple with NID 1361
OQS PROV: successfully registered rsa3072_sphincssha2128ssimple with NID 1362
OQS PROV: successfully registered sphincssha2192fsimple with NID 1363
OQS PROV: successfully registered p384_sphincssha2192fsimple with NID 1364
OQS PROV: successfully registered sphincsshake128fsimple with NID 1365
OQS PROV: successfully registered p256_sphincsshake128fsimple with NID 1366
OQS PROV: successfully registered rsa3072_sphincsshake128fsimple with NID 1367
OQS PROV: Default or FIPS provider available.
    Polling registry 'https://index.crates.io/'Unknown operation 5 requested from OQS provider
Unknown operation 5 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 2 requested from OQS provider
Unknown operation 1 requested from OQS provider
Unknown operation 1 requested from OQS provider
Unknown operation 1 requested from OQS provider
Unknown operation 1 requested from OQS provider
Unknown operation 1 requested from OQS provider
Unknown operation 1 requested from OQS provider
Unknown operation 1 requested from OQS provider
Unknown operation 11 requested from OQS provider
Unknown operation 11 requested from OQS provider

Failed to update index repository crates-io: package asn1rs: [35] SSL connect error (OpenSSL SSL_connect: SSL_ERROR_ZERO_RETURN in connection to index.crates.io:443 ).
$

Environment (please complete the following information):

Please run the following commands to obtain the version information:

$ openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
$ openssl list -providers
Providers:
  base
    name: OpenSSL Base Provider
    version: 3.2.1
    status: active
  default
    name: OpenSSL Default Provider
    version: 3.2.1
    status: active
  legacy
    name: OpenSSL Legacy Provider
    version: 3.2.1
    status: active
  oqs
    name: OpenSSL OQS Provider
    version: 0.6.0
    status: active
  pkcs11
    name: PKCS#11 Provider
    version: 3.2.1
    status: active
$
baentsch commented 3 months ago

I don't think such an expectation is reasonable.

Which is my other point - we can't get away from dynamic providers (nor do we want to), so the process becomes not merely tedious, but requiring an expert.

I completely agree. Hence my question above

Are you aware of a facility within openssl to extract all such (currently registered) algorithm combinations along the lines (but extending to all permitted configurable sigalg combinations) of openssl list -signature-algorithms?

Now raised in https://github.com/openssl/openssl/discussions/24522 to get input from the openssl community. Also tagging @levitte @mattcaswell @romen fyi.

mouse07410 commented 3 months ago

So far, all this discussion strengthened my conviction that the only practical doable-now way is to allow every provider (starting with this one) to define a subset of all the algorithms it supports that it will offer/expose to TLS.

beldmit commented 3 months ago

Unfortunately no, see my comment https://github.com/openssl/openssl/issues/24535#issuecomment-2141290463