Improve installation

.github/workflows/linux.yml

@@ -44,4 +44,13 @@ jobs:
           ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \
           python3 oqs-template/generate.py && \
           ! git status | grep modified
+      - name: Build .deb install package
+        run: cpack
+        working-directory: _build
+      - name: Retain .deb installer
+        uses: actions/upload-artifact@v3
+        with:
+          name: oqsprovider-x64
+          path: _build/*.deb
+
 

CMakeLists.txt

@@ -1,4 +1,8 @@
+if (WIN32)
+cmake_minimum_required(VERSION 3.20 FATAL_ERROR)
+else()
 cmake_minimum_required(VERSION 3.0 FATAL_ERROR)
+endif()
 project(oqs-provider LANGUAGES C)
 set(OQSPROVIDER_VERSION_TEXT "0.5.1-dev")
 set(CMAKE_C_STANDARD 11)
@@ -39,9 +43,20 @@ endif()
 include(CheckLibraryExists)
 include(CheckFunctionExists)
 
-# Add required includes for openssl and liboqs
+# Add required includes and install locations for openssl
 find_package(OpenSSL 3.0 REQUIRED)
 include_directories(${OPENSSL_INCLUDE_DIR})
+if (WIN32)
+# get_filename_component seems to fail when facing windows paths
+# so use new(er) cmake_path instruction there
+cmake_path(GET OPENSSL_CRYPTO_LIBRARY PARENT_PATH OQS_MODULES_PARENT_PATH)
+cmake_path(APPEND OQS_MODULES_PARENT_PATH "ossl-modules" OUTPUT_VARIABLE OPENSSL_MODULES_PATH)
+else()
+get_filename_component(OPENSSL_LIB_DIR ${OPENSSL_CRYPTO_LIBRARY} DIRECTORY)
+set(OPENSSL_MODULES_PATH ${OPENSSL_LIB_DIR}/ossl-modules)
+endif()
+
+# Add required include for liboqs
 find_package(liboqs REQUIRED)
 get_target_property(LIBOQS_INCLUDE_DIR OQS::oqs INTERFACE_INCLUDE_DIRECTORIES)
 message(STATUS "liboqs found: Include dir at ${LIBOQS_INCLUDE_DIR}")

README.md

@@ -137,7 +137,7 @@ Example for building and installing liboqs in `.local`:
 
 Further `liboqs` build options are [documented here](https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs).
 
-## Building the provider
+## Building the provider (UNIX - Linux - OSX)
 
 `oqsprovider` using the local OpenSSL3 build as done above can be built for example via the following:
 
@@ -146,23 +146,63 @@ Further `liboqs` build options are [documented here](https://github.com/open-qua
 
 ## Testing
 
-Core component testing can be run via the following command:
+Core component testing can be run via the common `cmake` command:
 
-    (cd _build; ctest)
+    ctest --parallel 5 --test-dir _build --rerun-failed --output-on-failure
 
 Add `-V` to the `ctest` command for verbose output.
 
-*Note*: Some parts of testing depend on OpenSSL components. Be sure to have
-these available (done automatically by the scripts provided).
-See [the test README](test/README.md) for details.
-
 Additional interoperability tests (with OQS-OpenSSL1.1.1) are available in the
-script `scripts/runtests.sh`.
+script `scripts/runtests.sh` but are disabled by default as oqs-openssl111 has
+a smaller set of algorithms and features supported.
 
 ## Packaging
 
 A build target to create .deb packaging is available via the standard `package`
 target, e.g., executing `make package` in the `_build` subdirectory.
+The resultant file can be installed as usual via `dpkg -i ...`.
+
+## Installing the provider
+
+`oqsprovider` can be installed using the common `cmake` command
+
+    cmake --install _build
+
+If it is desired to activate `oqsprovider` by default in the system `openssl.cnf`
+file, amend the "[provider_sect]" as follows:
+
+```
+[provider_sect]
+default = default_sect
+oqsprovider = oqsprovider_sect
+[oqsprovider_sect]
+activate = 1
+```
+
+This file is typically located at (operating system dependent):
+- /etc/ssl/openssl.cnf (UNIX/Linux)
+- /opt/homebrew/etc/openssl@3/openssl.cnf (OSX Homebrew)
+- C:\Program Files\Common Files\SSL\openssl.cnf (Windows)
+
+Doing this will enable `oqsprovider` to be seamlessly used alongside the other
+`openssl` providers. If successfully done, running, e.g., `openssl list -providers`
+should output something along these lines (version IDs variable of course):
+
+```
+providers:
+  default
+    name: OpenSSL Default Provider
+    version: 3.1.1
+    status: active
+  oqsprovider
+    name: OpenSSL OQS Provider
+    version: 0.5.0
+    status: active
+```
+
+If this is the case, all `openssl` commands can be used as usual, extended
+by the option to use quantum safe cryptographic algorithms in addition/instead
+of classical crypto algorithms.
 
 ## Build and test options
 
@@ -172,6 +212,11 @@ In order to reduce the size of the oqsprovider, it is possible to limit the numb
 of algorithms supported, e.g., to the set of NIST standardized algorithms. This is
 facilitated by setting the `liboqs` build option `-DOQS_ALGS_ENABLED=STD`.
 
+Another option to reduce the size of `oqsprovider` is to have it rely on a
+separate installation of `liboqs` (as a shared library). For such deployment be
+sure to specify the standard [BUILD_SHARED_LIBS](https://cmake.org/cmake/help/latest/variable/BUILD_SHARED_LIBS.html)
+option of `cmake`.
+
 ### ninja
 
 By adding the standard CMake option `-GNinja` the ninja build system can be used,
@@ -190,16 +235,21 @@ can be disabled in testing. For example
 
     OQS_SKIP_TESTS="sphincs" ./scripts/runtests.sh
 
-excludes all algorithms of the "Sphincs" family.
+excludes all algorithms of the "Sphincs" family (speeding up testing significantly).
 
 *Note*: By default, interoperability testing with oqs-openssl111 is no longer
 performed by default but can be manually enabled in the script `scripts/runtests.sh`.
 
 ### Key Encoding
 
-By setting `-DUSE_ENCODING_LIB=<ON/OFF>` at compile-time, oqs-provider can be compiled with with an an external encoding library `qsc-key-encoder`. Configuring the encodings is done via environment as described in [ALGORITHMS.md](ALGORITHMS.md).
+By setting `-DUSE_ENCODING_LIB=<ON/OFF>` at compile-time, oqs-provider can be
+compiled with with an an external encoding library `qsc-key-encoder`.
+Configuring the encodings is done via environment as described in [ALGORITHMS.md](ALGORITHMS.md).
+The default value is `OFF`.
 
-By setting `-DNOPUBKEY_IN_PRIVKEY=<ON/OFF>` at compile-time, it can be further specified to omit explicitly serializing the public key in a `privateKey` structure. The default value is `OFF`.
+By setting `-DNOPUBKEY_IN_PRIVKEY=<ON/OFF>` at compile-time, it can be further
+specified to omit explicitly serializing the public key in a `privateKey`
+structure. The default value is `OFF`.
 
 Building on Windows
 --------------------

oqsprov/CMakeLists.txt

@@ -51,12 +51,12 @@ if (USE_ENCODING_LIB)
   target_include_directories(oqsprovider PRIVATE ${encoder_LIBRARY_INCLUDE})
 endif()
 install(TARGETS oqsprovider
-        LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}"
-        RUNTIME DESTINATION "${CMAKE_INSTALL_LIBDIR}")
+        LIBRARY DESTINATION "${OPENSSL_MODULES_PATH}"
+        RUNTIME DESTINATION "${OPENSSL_MODULES_PATH}")
 set(CPACK_GENERATOR "DEB")
 set(CPACK_PACKAGE_VENDOR "www.openquantumsafe.org")
 set(CPACK_PACKAGE_VERSION ${OQSPROVIDER_VERSION_TEXT})
-set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6, openssl (>= 3.0.0)")
+set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6, openssl (>= 3.0.0), liboqs (>= 0.8.0)")
 set(CPACK_DEBIAN_PACKAGE_MAINTAINER "www.openquantumsafe.org")
 include(CPack)