From 1aa3cd4ef60f5550b94d73aa36fc01b310d0e7a1 Mon Sep 17 00:00:00 2001
From: Michael <57787676+baentsch@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:35:02 +0200
Subject: [PATCH 1/6] correct provider install path

---
 CMakeLists.txt         | 3 +++
 oqsprov/CMakeLists.txt | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 82091cc8..e830f9ff 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -42,6 +42,9 @@ include(CheckFunctionExists)
 # Add required includes for openssl and liboqs
 find_package(OpenSSL 3.0 REQUIRED)
 include_directories(${OPENSSL_INCLUDE_DIR})
+get_filename_component(OPENSSL_LIB_DIR ${OPENSSL_CRYPTO_LIBRARY} DIRECTORY)
+set(OPENSSL_MODULES_PATH ${OPENSSL_LIB_DIR}/ossl-modules)
+
 find_package(liboqs REQUIRED)
 get_target_property(LIBOQS_INCLUDE_DIR OQS::oqs INTERFACE_INCLUDE_DIRECTORIES)
 message(STATUS "liboqs found: Include dir at ${LIBOQS_INCLUDE_DIR}")
diff --git a/oqsprov/CMakeLists.txt b/oqsprov/CMakeLists.txt
index 95f94382..232f7023 100644
--- a/oqsprov/CMakeLists.txt
+++ b/oqsprov/CMakeLists.txt
@@ -51,8 +51,8 @@ if (USE_ENCODING_LIB)
   target_include_directories(oqsprovider PRIVATE ${encoder_LIBRARY_INCLUDE})
 endif()
 install(TARGETS oqsprovider
-        LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}"
-        RUNTIME DESTINATION "${CMAKE_INSTALL_LIBDIR}")
+        LIBRARY DESTINATION "${OPENSSL_MODULES_PATH}"
+        RUNTIME DESTINATION "${OPENSSL_MODULES_PATH}")
 set(CPACK_GENERATOR "DEB")
 set(CPACK_PACKAGE_VENDOR "www.openquantumsafe.org")
 set(CPACK_PACKAGE_VERSION ${OQSPROVIDER_VERSION_TEXT})

From 7319a23d5509f602b4d9e71fff1545b6217cbeca Mon Sep 17 00:00:00 2001
From: Michael <57787676+baentsch@users.noreply.github.com>
Date: Fri, 23 Jun 2023 08:15:28 +0200
Subject: [PATCH 2/6] create installer and retain as artifact

---
 .github/workflows/linux.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index d1a85ec2..c6bf3c15 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -44,4 +44,13 @@ jobs:
           ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \
           python3 oqs-template/generate.py && \
           ! git status | grep modified
+      - name: Build .deb install package
+        run: cpack
+        working-directory: _build
+      - name: Retain .deb installer
+        uses: actions/upload-artifact@v3
+        with:
+          name: oqsprovider-x64
+          path: _build/*.deb
+
 

From d8cfdd58ac905c76abcc2cd73cfed063e498ff9a Mon Sep 17 00:00:00 2001
From: Michael <57787676+baentsch@users.noreply.github.com>
Date: Fri, 23 Jun 2023 08:18:16 +0200
Subject: [PATCH 3/6] add liboqs dependency

---
 oqsprov/CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oqsprov/CMakeLists.txt b/oqsprov/CMakeLists.txt
index 232f7023..690e75cf 100644
--- a/oqsprov/CMakeLists.txt
+++ b/oqsprov/CMakeLists.txt
@@ -56,7 +56,7 @@ install(TARGETS oqsprovider
 set(CPACK_GENERATOR "DEB")
 set(CPACK_PACKAGE_VENDOR "www.openquantumsafe.org")
 set(CPACK_PACKAGE_VERSION ${OQSPROVIDER_VERSION_TEXT})
-set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6, openssl (>= 3.0.0)")
+set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6, openssl (>= 3.0.0), liboqs (>= 0.8.0)")
 set(CPACK_DEBIAN_PACKAGE_MAINTAINER "www.openquantumsafe.org")
 include(CPack)
 

From 1c110e5191a693f4865fc83a69cc091a7d9922b9 Mon Sep 17 00:00:00 2001
From: Michael <57787676+baentsch@users.noreply.github.com>
Date: Fri, 23 Jun 2023 09:23:08 +0200
Subject: [PATCH 4/6] work around cmake path manupulation problems in Windows

---
 CMakeLists.txt | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index e830f9ff..855140a8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,4 +1,8 @@
+if (WIN32)
+cmake_minimum_required(VERSION 3.20 FATAL_ERROR)
+else()
 cmake_minimum_required(VERSION 3.0 FATAL_ERROR)
+endif()
 project(oqs-provider LANGUAGES C)
 set(OQSPROVIDER_VERSION_TEXT "0.5.1-dev")
 set(CMAKE_C_STANDARD 11)
@@ -39,12 +43,20 @@ endif()
 include(CheckLibraryExists)
 include(CheckFunctionExists)
 
-# Add required includes for openssl and liboqs
+# Add required includes and install locations for openssl
 find_package(OpenSSL 3.0 REQUIRED)
 include_directories(${OPENSSL_INCLUDE_DIR})
+if (WIN32)
+# get_filename_component seems to fail when facing windows paths
+# so use new(er) cmake_path instruction there
+cmake_path(GET OPENSSL_CRYPTO_LIBRARY PARENT_PATH OQS_MODULES_PARENT_PATH)
+cmake_path(APPEND OQS_MODULES_PARENT_PATH "ossl-modules" OUTPUT_VARIABLE OPENSSL_MODULES_PATH)
+else()
 get_filename_component(OPENSSL_LIB_DIR ${OPENSSL_CRYPTO_LIBRARY} DIRECTORY)
 set(OPENSSL_MODULES_PATH ${OPENSSL_LIB_DIR}/ossl-modules)
+endif()
 
+# Add required include for liboqs
 find_package(liboqs REQUIRED)
 get_target_property(LIBOQS_INCLUDE_DIR OQS::oqs INTERFACE_INCLUDE_DIRECTORIES)
 message(STATUS "liboqs found: Include dir at ${LIBOQS_INCLUDE_DIR}")

From e3c1d2c164048079a22084421d1eca1b98accc8b Mon Sep 17 00:00:00 2001
From: Michael <57787676+baentsch@users.noreply.github.com>
Date: Mon, 26 Jun 2023 07:39:55 +0200
Subject: [PATCH 5/6] amend README [skip ci]

---
 README.md | 72 ++++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 61 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index c4e593c8..3342b35c 100644
--- a/README.md
+++ b/README.md
@@ -137,7 +137,7 @@ Example for building and installing liboqs in `.local`:
 
 Further `liboqs` build options are [documented here](https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs).
 
-## Building the provider
+## Building the provider (UNIX - Linux - OSX)
 
 `oqsprovider` using the local OpenSSL3 build as done above can be built for example via the following:
 
@@ -146,23 +146,63 @@ Further `liboqs` build options are [documented here](https://github.com/open-qua
 
 ## Testing
 
-Core component testing can be run via the following command:
+Core component testing can be run via the common `cmake` command:
 
-    (cd _build; ctest)
+    ctest --parallel 5 --test-dir _build --rerun-failed --output-on-failure
 
 Add `-V` to the `ctest` command for verbose output.
 
-*Note*: Some parts of testing depend on OpenSSL components. Be sure to have
-these available (done automatically by the scripts provided).
-See [the test README](test/README.md) for details.
-
 Additional interoperability tests (with OQS-OpenSSL1.1.1) are available in the
-script `scripts/runtests.sh`.
+script `scripts/runtests.sh` but are disabled by default as oqs-openssl111 has
+a smaller set of algorithms and features supported.
 
 ## Packaging
 
 A build target to create .deb packaging is available via the standard `package`
 target, e.g., executing `make package` in the `_build` subdirectory.
+The resultant file can be installed as usual via `dpkg -i ...`.
+
+## Installing the provider
+
+`oqsprovider` can be installed using the common `cmake` command
+
+    cmake --install _build
+
+If it is desired to activate `oqsprovider` by default in the system `openssl.cnf`
+file, amend the "[provider_sect]" as follows:
+
+```
+[provider_sect]
+default = default_sect
+oqsprovider = oqsprovider_sect
+[oqsprovider_sect]
+activate = 1
+```
+
+This file is typically located at
+- /etc/ssl/openssl.cnf (UNIX/Linux)
+- /opt/homebrew/etc/openssl@3/openssl.cnf (OSX Homebrew)
+- C:\Program Files\OpenSSL\openssl.cnf (Windows)
+
+Doing this will enable `oqsprovider` to be seamlessly used alongside the other
+`openssl` providers. If successfully done, running `openssl list -providers`
+should output something along these lines:
+
+```
+providers:
+  default
+    name: OpenSSL Default Provider
+    version: 3.1.1
+    status: active
+  oqsprovider
+    name: OpenSSL OQS Provider
+    version: 0.5.1
+    status: active
+```
+
+If this is the case, all `openssl` commands can be used as usual, extended
+by the option to use quantum safe cryptographic algorithms in addition/instead
+of classical crypto algorithms.
 
 ## Build and test options
 
@@ -172,6 +212,11 @@ In order to reduce the size of the oqsprovider, it is possible to limit the numb
 of algorithms supported, e.g., to the set of NIST standardized algorithms. This is
 facilitated by setting the `liboqs` build option `-DOQS_ALGS_ENABLED=STD`.
 
+Another option to reduce the size of `oqsprovider` is to have it rely on a
+separate installation of `liboqs` (as a shared library). For such deployment be
+sure to specify the standard [BUILD_SHARED_LIBS](https://cmake.org/cmake/help/latest/variable/BUILD_SHARED_LIBS.html)
+option of `cmake`.
+
 ### ninja
 
 By adding the standard CMake option `-GNinja` the ninja build system can be used,
@@ -190,16 +235,21 @@ can be disabled in testing. For example
 
     OQS_SKIP_TESTS="sphincs" ./scripts/runtests.sh
 
-excludes all algorithms of the "Sphincs" family.
+excludes all algorithms of the "Sphincs" family (speeding up testing significantly).
 
 *Note*: By default, interoperability testing with oqs-openssl111 is no longer
 performed by default but can be manually enabled in the script `scripts/runtests.sh`.
 
 ### Key Encoding
 
-By setting `-DUSE_ENCODING_LIB=<ON/OFF>` at compile-time, oqs-provider can be compiled with with an an external encoding library `qsc-key-encoder`. Configuring the encodings is done via environment as described in [ALGORITHMS.md](ALGORITHMS.md).
+By setting `-DUSE_ENCODING_LIB=<ON/OFF>` at compile-time, oqs-provider can be
+compiled with with an an external encoding library `qsc-key-encoder`.
+Configuring the encodings is done via environment as described in [ALGORITHMS.md](ALGORITHMS.md).
+The default value is `OFF`.
 
-By setting `-DNOPUBKEY_IN_PRIVKEY=<ON/OFF>` at compile-time, it can be further specified to omit explicitly serializing the public key in a `privateKey` structure. The default value is `OFF`.
+By setting `-DNOPUBKEY_IN_PRIVKEY=<ON/OFF>` at compile-time, it can be further
+specified to omit explicitly serializing the public key in a `privateKey`
+structure. The default value is `OFF`.
 
 Building on Windows
 --------------------

From bcdfcfa5d2d036407229a6e8b463adf0101c98ae Mon Sep 17 00:00:00 2001
From: Michael <57787676+baentsch@users.noreply.github.com>
Date: Mon, 26 Jun 2023 08:04:30 +0200
Subject: [PATCH 6/6] update Windows path [skip ci]

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 3342b35c..04fc433e 100644
--- a/README.md
+++ b/README.md
@@ -179,14 +179,14 @@ oqsprovider = oqsprovider_sect
 activate = 1
 ```
 
-This file is typically located at
+This file is typically located at (operating system dependent):
 - /etc/ssl/openssl.cnf (UNIX/Linux)
 - /opt/homebrew/etc/openssl@3/openssl.cnf (OSX Homebrew)
-- C:\Program Files\OpenSSL\openssl.cnf (Windows)
+- C:\Program Files\Common Files\SSL\openssl.cnf (Windows)
 
 Doing this will enable `oqsprovider` to be seamlessly used alongside the other
-`openssl` providers. If successfully done, running `openssl list -providers`
-should output something along these lines:
+`openssl` providers. If successfully done, running, e.g., `openssl list -providers`
+should output something along these lines (version IDs variable of course):
 
 ```
 providers:
@@ -196,7 +196,7 @@ providers:
     status: active
   oqsprovider
     name: OpenSSL OQS Provider
-    version: 0.5.1
+    version: 0.5.0
     status: active
 ```