Missing algorithms even though enabled in liboqs

[iyanmv]

Describe the bug
I compiled liboqs in the following way:

build() {
    cmake -G Ninja -B build -S "${pkgname}-${pkgver//_/-}"\
        -DBUILD_SHARED_LIBS=ON \
        -DCMAKE_BUILD_TYPE=None \
        -DCMAKE_INSTALL_PREFIX="${pkgdir}/usr" \
        -DOQS_ALGS_ENABLED=All \
        -DOQS_BUILD_ONLY_LIB=OFF \
        -DOQS_DIST_BUILD=ON \
        -DOQS_USE_OPENSSL=ON \
        -DOQS_USE_AES_OPENSSL=ON \
        -DOQS_USE_SHA2_OPENSSL=ON \
        -DOQS_USE_SHA3_OPENSSL=ON \
        -DOQS_OPT_TARGET=x86-64 \
        -DOQS_STRICT_WARNINGS=ON \
        -Wno-dev
    ninja -C build
    ninja -C build gen_docs
}

The complete PKGBUILD can be found here.

Then I compiled oqs-provider with:

build() {
    cmake -B build -S "${_pkgname}-${pkgver}" \
        -DCMAKE_BUILD_TYPE='None' \
        -DCMAKE_INSTALL_PREFIX='/usr' \
        -Wno-dev
    cmake --build build
}

The full PKGBUILD is also here.

The issue is that I don't get all the available algorithms that I can use with liboqs directly. For example,

$ openssl list -signature-algorithms -provider oqsprovider | grep sphincsshake
  sphincsshake128fsimple @ oqsprovider
  p256_sphincsshake128fsimple @ oqsprovider
  rsa3072_sphincsshake128fsimple @ oqsprovider

Only the NIST level 1 and fast variant of SPHINCS+ are available. Is this a known limitation or am I doing something wrong?

The complete list of signature algorithms that I get from the oqs-provider is this:

openssl list -signature-algorithms -provider oqsprovider                    
  dilithium2 @ oqsprovider
  p256_dilithium2 @ oqsprovider
  rsa3072_dilithium2 @ oqsprovider
  dilithium3 @ oqsprovider
  p384_dilithium3 @ oqsprovider
  dilithium5 @ oqsprovider
  p521_dilithium5 @ oqsprovider
  falcon512 @ oqsprovider
  p256_falcon512 @ oqsprovider
  rsa3072_falcon512 @ oqsprovider
  falcon1024 @ oqsprovider
  p521_falcon1024 @ oqsprovider
  sphincssha2128fsimple @ oqsprovider
  p256_sphincssha2128fsimple @ oqsprovider
  rsa3072_sphincssha2128fsimple @ oqsprovider
  sphincssha2128ssimple @ oqsprovider
  p256_sphincssha2128ssimple @ oqsprovider
  rsa3072_sphincssha2128ssimple @ oqsprovider
  sphincssha2192fsimple @ oqsprovider
  p384_sphincssha2192fsimple @ oqsprovider
  sphincsshake128fsimple @ oqsprovider
  p256_sphincsshake128fsimple @ oqsprovider
  rsa3072_sphincsshake128fsimple @ oqsprovider

Environment (please complete the following information):

• OS: Arch Linux
• OpenSSL version: OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
• Version: 0.5.0

[baentsch]

Only the NIST level 1 and fast variant of SPHINCS+ are available. Is this a known limitation or am I doing something wrong?

No limitation, not (really :) wrong, either: Please check out the README:

algorithms not denoted with "*" above are not enabled for TLS operations. This designation can be changed by modifying the "enabled" flags in the main alorithm configuration file.

The reason for this limitation as far as I remember was a "historical" one (in OQS-OpenSSL111 some fields were size limited for all I remember), but in OpenSSL3 I don't see a reason for not activating more algorithms by default. Any opinion, @dstebila ?

[iyanmv]

Oh, I totally missed that note! My bad. I will give it a try.

[dstebila]

The reason for this limitation as far as I remember was a "historical" one (in OQS-OpenSSL111 some fields were size limited for all I remember), but in OpenSSL3 I don't see a reason for not activating more algorithms by default. Any opinion, @dstebila ?

Yes 111 used some size-limited bit fields to list algorithms. If there are no such limitations in OpenSSL 3 providers, then indeed no reason not to activate more, I think.

[baentsch]

Yes 111 used some size-limited bit fields to list algorithms.

Ah, now I remember: It was the auth bit field. This does not need touching in OpenSSL as we manipulate the core ssl_cert_info table now dynamically upstream (added in openssl/openssl#19312). So in essence, activating all sig algs should now be possible without problems. Will create draft PR to have CI confirm this.

[baentsch]

So, the (CI) test results are in (see e.g. here): Build time hardly changes; all tests pass but test times go up 3x-5x for the SIG tests: Sphincs+ really is slow. So, to be nice to the environment (saving CI compute cycles) I'd suggest keeping the default sig algs enabled as-is unless someone (@iyanmv ?) makes a good case why enabling more, particularly slow Sphincs+, algorithms is a good idea.

[iyanmv]

I don't have any good arguments to enable all by default. I thought it was a bug but it was just me not reading properly the README.