Use OQS-OpenSSL1.1.1 with OpenSSL3 for PEM_read_bio_PrivateKey #1290
-
I am trying to build some small applications in order to get to learn more about how to use properly the liboqs and openssl fork. In this tiny program i wanted to test reading a pq key generated from the cmd line with openssl genpkey -algorithm dilithium3 -out keyfile, but in key I get NULL. I have also tried with a RSA key and that worked fine, so I think it must be something about how I'm using the lib. The code I'm trying to run is: #include <stdio.h> include <openssl/crypto.h>include <openssl/pem.h>include <openssl/err.h>include <openssl/x509_vfy.h>include <openssl/x509v3.h>include <openssl/cms.h>#include <openssl/pem.h> int main(int argc, char **argv) And i compile it with: It must be something missing because it behaves like it wouldn't recognize the key, I guess. |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 9 replies
-
What appears fishy in my eyes is the build command as it seems to not force linking with OQS-OpenSSL, so you may simply be running classic openssl code -- that clearly cannot handle QSC keys:
-> What |
Beta Was this translation helpful? Give feedback.
-
Can you please specify exactly the environment you are using? The above indicates use of OpenSSL3 but there is no trace of oqs-provider being configured: How did you do that? Again, please spec your full setup: OS, package versions of liboqs, openssl, oqs-provider. Moreover, your LD_LIBRARY_PATH does not seem to point to where |
Beta Was this translation helpful? Give feedback.
-
I try to use OpenSSL1.1.1, and I have to admit now that my problem has been and still is that I don't actually know where to find the proper crypto library that I should link with. ┌──(kali㉿kali)-[ ~ /task5/openssl_dir] └─$ gcc -I/home/kali/task5/openssl_dir/oqs/include -L/home/kali/task5/openssl_dir/oqs/lib mycms_dir/mycms.c -o mycms_dir/mycms -lcrypto -loqs By now, I tried to link the ~openssl/oqs.lib as I thought there should be everything I need. As the 2 different commands gave me same output I could realize I was linking the classic OpenSSL3 library using -lcrypto. But my question right now is where do I find the OQS OpenSSL1.1.1 library to link with? From your bash I can see you are linking with /opt/oqssa/include. Does this have something to do with this? https://github.com/IBM/oqssa/ Setting installation dir: /home/buzi/opt/oqssa and as far as I have seen it fail at Downloading libcurl and my wildguess is that the problem might be line 50 in build-oqssa.sh script that I have to run: If this is what I have to do and libcrypto.so.1.1 is in opt/oqssa/include what am I missing? |
Beta Was this translation helpful? Give feedback.
-
I have refollowed the installation guide of openssl-oqs https://github.com/open-quantum-safe/openssl#linux-and-macOS and i have installed it into a folder named openssl_dir. The librypto.so.1.1 was not there so as I have seen in the IBM script I have retyped the ./Configure linux-x86_64, this time like this: LDFLAGS="-Wl,-rpath -Wl,openssl" ./Configure linux-x86_64. Now I also have those .so into the openssl_dir directory. This would be the content of my instalation directory: Now that I finally have libcrypto.so.1.1 I put everything plus the liboqs.a file into a lib directory for a bit of order, and inspect a bit the include file from the directory I have installed openssl-oqs in following the github guide: buzi@buzi-virtual-machine: ~/openssl_dir/include$ ls Because the IBM script did something before failing on libcurl, I have the opt/oqssa folder with some other folders inside, so I go to opt/oqssa/include which differs a bit from the directory where I have installed the oqs openssl in: The opt/oqssa also has a lib folder with similar libs as my openssl-oqs directory: As there is libcrypto.so.1.1 (which I needed), I'm thinking about using this opt/oqssa (even though it lack some libcurl libraries because of the fail) so I followed your previous guide: buzi@buzi-virtual-machine: ~/opt/oqssa$ pwd buzi@buzi-virtual-machine: ~$ gcc -L/home/buzi/opt/oqssa/include pkey.c -lcrypto buzi@buzi-virtual-machine: ~$ export LD_LIBRARY_PATH=/home/buzi/opt/oqssa/lib The output of the ldd command would be: And I can see that now even though I have libcrypto.so.1.1, I also have libcrypto.so.3, which might be a clash. buzi@buzi-virtual-machine: ~$ gcc -I/home/buzi/opt/oqssa/include -L/home/buzi/opt/oqssa/lib pkey.c -lcrypto So the liboqs.so.2 relies on libcrypto.so.3. I can see that in your /opt/oqssa/lib you have liboqs.a, liboqs.so, liboqs.so.0. Again, just a wildguess, these might not rely on libcrypto.so.3? However, the outputs stays: So, given the fact that I have only followed this https://github.com/open-quantum-safe/openssl#linux-and-macOS using the path to the directory where I want to have my OpenSSL-OQS, what can I do in order to have all the headers i need into a /something/somethinelse/include and all the libraries I need into a something/somethinelse/lib? Thank you! |
Beta Was this translation helpful? Give feedback.
-
Thank you for your support! Worked fine with the 'mixture', now I will also try with the oqs-provider! |
Beta Was this translation helpful? Give feedback.
Thank you for your support! Worked fine with the 'mixture', now I will also try with the oqs-provider!