Error installing and creating server

[DaSoty]

Hi,

I am testing the operation of the provider and I have a few doubts. First of all, I am not sure about the installation process. The process I am currently following after trial/error is as follows:

1. Run the command ./scripts/fullbuild.sh
2. Execute the command ./scripts/runtests.sh
   (at this point it does not work correctly so I continue with the following steps)
3. Run cmake -S . -B _build && cmake --build _build && ctest --test-dir _build && cmake --install _build in the folder liboqs
4. Run cmake -S . -B _build && cmake --build _build && ctest --test-dir _build && cmake --install _build in the main _build folder.
5. Modify /etc/ssl/openssl.cnf file to add the provider
6. Run python3 oqs-template/generate.py

At this point, I can create dilithium3 keys and pass the tests of this script

However, at this point normal OpenSSL actions break (for example, performing a pip package installation):
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1007)')')'

In addition, creating KEM keys such as Kyber768 also fails:

$ openssl genpkey -algorithm kyber768 -out private_kyber768.key
Error writing key
40676A84197F0000:error:1D800065:ENCODER routines:OSSL_ENCODER_to_bio:reason(101):../crypto/encode_decode/encoder_lib.c:55:No encoders were found. For standard encoders you need at least one of the default or base providers available. Did you forget to load them?
40676A84197F0000:error:04800073:PEM routines:do_pk8pkey:error converting private key:../crypto/pem/pem_pk8.c:133:

Finally, I have tried to create a server as indicated in this page and I got the same error as in #74 . Is there any way to create a kyber encrypted communication between two nodes?

Other information:

Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.2
    status: active
  oqsprovider
    name: OpenSSL OQS Provider
    version: 0.5.2-dev
    status: active

Thank you very much.

[baentsch]

at this point it does not work correctly so I continue with the following steps

A full description of what fails (as well as which environment you're using) would be helpful to fix this for you and others (as is requested when opening a bug report via "New Issue").

creating KEM keys such as Kyber768 also fails:

This is expected: See #194. Please chime in there with your use case for this feature.

Finally, I have tried to create a server as indicated in this page and I got the same error as in #74

Please read the statement in #74: OpenSSL 3.0.2 as used by you is simply too old (lacks key provider features). See https://github.com/open-quantum-safe/oqs-provider#note-on-openssl-versions . Please consider using OpenSSL3.2-dev (as contained e.g., in docker image openquantumsafe/oqs-ossl3).

[baentsch]

Is it possible that there are problems with the old version of OpenSSL?

Yes: https://github.com/open-quantum-safe/oqs-provider#note-on-openssl-versions

[DaSoty]

Sorry, I have explained myself badly. The thing is that the installation of OpenSSL 3.2-dev was successful as you can see below:

openssl list -providers -verbose
Providers:
default
name: OpenSSL Default Provider
version: 3.2.0
status: active
build info: 3.2.0-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
oqsprovider
name: OpenSSL OQS Provider
version: 0.5.2-dev
status: active
build info: OQS Provider v.0.5.2-dev (f463621) based on liboqs v.0.9.0-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)

But the old version of OpenSSL (3.0.2). It still exists (although I don't use it) in /etc/ssl while the version I'm using is in /usr/local/ssl (defined by the OpenSSL developers).

I don't know if using this configuration can generate that error.

[baentsch]

everything works correctly except for the creation of server and client.
I don't know if using this configuration can generate that error.

What does "LIBRPATH" contain in your build script? I'd suggest running ldd on the openssl executable to make sure it's not pulling in old libcrypto or libssl. The "unknown cert" error cannot happen if everything is 3.2.0-dev (and oqsprovider is active).

[DaSoty]

Good afternoon baentsch,

I have managed to fix the error. I have looked at the fullbuild.sh file and I have seen that when the OpenSSL installation is done by the same script, the $OPENSSL_INSTALL parameter is modified.

As I install OpenSSL in /usr/local/ssl, I had to modify the parameter manually to be able to point to that address.

The modifications I have made are as follows:

1. Modify this line by the following code:

else
export OPENSSL_INSTALL="/usr/local/ssl"
fi

With this modification I was able to successfully create the server.

Thank you very much!

[baentsch]

The variable OPENSSL_INSTALL is meant to be used exclusively for pointing to an OpenSSL installation done outside of the "fullbuild.sh" script, e.g., as such: OPENSSL_INSTALL=/usr/local/ssl ./scripts/fullbuild.sh. This should then skip building openssl by the script (and guaranteeing use of that openssl, e.g., when building liboqs). So as indeed you build openssl yourself in steps 5-12 above, all that should have been necessary is execute step 14 changed to set "OPENSSL_INSTALL" (as per the above OPENSSL_INSTALL=/usr/local/ssl ./scripts/fullbuild.sh). Apologies for not having spotted this earlier.

[DaSoty]

Good morning, I'm sorry to bother you so much. I am now testing client/server connections using the following commands:

• Server: openssl s_server -cert dilithium3_srv.crt -key dilithium3_srv.key -www -tls1_3 -groups kyber768:frodo640shake -accept 4433
• Client: openssl s_client -groups frodo640shake -connect 192.168.0.48:4433

When sending the command from the client, I get the following message:

Connecting to 192.168.0.48
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN=test server
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN=test server
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN=test server
verify return:1
---
Certificate chain
 0 s:CN=test server
   i:CN=test CA
   a:PKEY: UNDEF, 192 (bit); sigalg: dilithium3
   v:NotBefore: Aug 14 11:04:10 2023 GMT; NotAfter: Aug 13 11:04:10 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
...
AAAAAAAHDxoeJik=
-----END CERTIFICATE-----
subject=CN=test server
issuer=CN=test CA
---
No client certificate CA names sent
Peer signature type: dilithium3
---
SSL handshake has read 18774 bytes and written 9983 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 192 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: BDF6B8A3390F36EC6EA8011B6B80DD9666E9450547C59385A3352FA9D902EB76
    Session-ID-ctx: 
    Resumption PSK: DD2214B886007ABBB90B5CF001A60F4697822FF6825681B2E8EBF304641F615863515477295B1130EAB75AEDE51F9349
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 11 e4 9c 39 a3 fc 7a 48-c5 ce d0 40 10 b6 03 02   ...9..zH...@....
    ...
    00c0 - 00 73 e0 45 87 16 30 d3-7a de 5f 86 46 66 05 f6   .s.E..0.z._.Ff..

    Start Time: 1692171310
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 05E50AAB2E75935BA94F8829B2B661320EC823A36AD755A82B102AAEB4CD5C0B
    Session-ID-ctx: 
    Resumption PSK: 31379C1BF8DE8A1E9A6B6830B68E10A26B7309B5F52290FA7308E38284904D8C8525869074D92FC266090ABC09F229B8
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 11 e4 9c 39 a3 fc 7a 48-c5 ce d0 40 10 b6 03 02   ...9..zH...@....
    ...
    00c0 - 6d 62 25 db 92 36 6d 76-ac 34 87 71 0f 7a a4 b1   mb%..6mv.4.q.z..

    Start Time: 1692171310
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
DONE
root@rp1:~/test# echo "test" | openssl s_client -groups frodo640shake -connect 192.168.0.48:4433
Connecting to 192.168.0.48
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN=test server
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN=test server
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN=test server
verify return:1
---
Certificate chain
 0 s:CN=test server
   i:CN=test CA
   a:PKEY: UNDEF, 192 (bit); sigalg: dilithium3
   v:NotBefore: Aug 14 11:04:10 2023 GMT; NotAfter: Aug 13 11:04:10 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
...
AAAAAAAHDxoeJik=
-----END CERTIFICATE-----
subject=CN=test server
issuer=CN=test CA
---
No client certificate CA names sent
Peer signature type: dilithium3
---
SSL handshake has read 18774 bytes and written 9983 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 192 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 605EB62F41493C494F5B920EA687B54EC1FADEA770DB61FA3D320DE6ECADFF7D
    Session-ID-ctx: 
    Resumption PSK: 746A8F52828D143646388EFC7A719EF5E8214C78B5C596207BD04681D0731433EA8831EE6746E481E8859FFA239E82AE
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 8e 2b ca b7 f8 e3 e3 2d-e0 b5 e0 66 78 04 b8 98   .+.....-...fx...
    ...
    00c0 - a3 cc 6a 22 0f 80 bb 0f-20 f3 c2 a0 f1 2c 3b fe   ..j".... ....,;.

    Start Time: 1692171456
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 2DBEDE5E072672F27AA3F2E90B1F19D1970E55BB01647549E5A49C56BF29E283
    Session-ID-ctx: 
    Resumption PSK: 36A02CB9CB5023DD7D38D782D80BC6D0EC847E33598DC6AE118CC924E4E172AFC648D3036DB50648039AF1768582609A
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 8e 2b ca b7 f8 e3 e3 2d-e0 b5 e0 66 78 04 b8 98   .+.....-...fx...
    ...
    00c0 - 3c 2e 58 2f 60 05 53 a2-c0 96 ef 76 b9 b4 3f 82   <.X/`.S....v..?.

    Start Time: 1692171456
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
DONE
root@rp1:~/test# openssl s_client -groups frodo640shake -connect 192.168.0.48:4433
Connecting to 192.168.0.48
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN=test server
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN=test server
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN=test server
verify return:1
---
Certificate chain
 0 s:CN=test server
   i:CN=test CA
   a:PKEY: UNDEF, 192 (bit); sigalg: dilithium3
   v:NotBefore: Aug 14 11:04:10 2023 GMT; NotAfter: Aug 13 11:04:10 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=CN=test server
issuer=CN=test CA
---
No client certificate CA names sent
Peer signature type: dilithium3
---
SSL handshake has read 18774 bytes and written 9983 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 192 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 287D87624B05714462E3C90C61E04687DFF934B0EEE2D816CB23A0EEB3649B58
    Session-ID-ctx: 
    Resumption PSK: 6348CC62DF3FC19C801F429B69513A57302ACEFE30DA0AC48879941EC6D7E71BC52235FB7E2EB2FE4F69DA1B76C28400
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 8e 2b ca b7 f8 e3 e3 2d-e0 b5 e0 66 78 04 b8 98   .+.....-...fx...
    ...
    00c0 - 2e 83 a6 aa 49 e2 52 95-9f 3c ad 5b b5 c1 f8 97   ....I.R..<.[....

    Start Time: 1692171465
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: C28C1B351FF5C474DEC20F4D490213095D0CDC178954ED8E1322E7161B464571
    Session-ID-ctx: 
    Resumption PSK: A14770516B7052539FA74CA0D44E009AB7DFB3109DA198630FB7AD5DE998E750F1EE11242E903B1628360731095700DE
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 8e 2b ca b7 f8 e3 e3 2d-e0 b5 e0 66 78 04 b8 98   .+.....-...fx...
    ...
    00c0 - c3 a8 41 a2 1b 30 07 b8-c6 c1 fd 47 af 18 61 a8   ..A..0.....G..a.

    Start Time: 1692171465
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

As the certificates are self-assigned, I don't know if the error message is normal. However, the server cannot see the message sent by the client (so I understand that there is an error).

Do you know what could be happening?

Thank you very much.

[baentsch]

Do you know what could be happening?

I'd start with the first error message(s): The chain seems to be not OK and not using a proper server name (but IP addresses) may confuse the OpenSSL logic. None of these errors seem to be OQS related, though.