Add full Windows support (open-quantum-safe#192)

* adding full Windows build support * add github badges Signed-off-by: Felipe Ventura <felipe.ventura@entrust.com>
EntrustCorporation · Mar 13, 2024 · 56f38bf · 56f38bf
1 parent 0bdc2ea
commit 56f38bf
Show file tree

Hide file tree

Showing 7 changed files with 703 additions and 23 deletions.
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
@@ -0,0 +1,204 @@
+name: Windows tests
+
+on: [pull_request, push]
+
+permissions:
+  contents: read
+
+jobs:
+  cygwin:
+# Run a job for each of the specified target architectures:
+    strategy:
+      matrix:
+        os:
+          - windows-2019
+#          - windows-2022
+        platform:
+          - arch: win64
+            oqsconfig: -DOQS_ALGS_ENABLED=STD
+#          - arch: win32
+#            config: --strict-warnings no-fips enable-quic
+    runs-on: ${{matrix.os}}
+    env:
+      CYGWIN_NOWINPATH: 1
+      SHELLOPTS: igncr
+# Don't overwhelm github CI VMs:
+      MAKE_PARAMS: -j 4
+    steps:
+      - name: Checkout provider
+        uses: actions/checkout@v3
+      - name: Checkout openssl
+        uses: actions/checkout@v3
+        with:
+          set-safe-directory: true
+          repository: openssl/openssl
+          path: openssl
+      - name: checkout liboqs
+        uses: actions/checkout@v3
+        with:
+          set-safe-directory: true
+          repository: open-quantum-safe/liboqs
+          ref: main
+          path: liboqs
+      - name: Install cygwin
+        uses: cygwin/cygwin-install-action@master
+        with:
+          packages: perl git ninja gcc-core cmake make
+      - name: Retrieve OpenSSL32 from cache
+        id: cache-openssl32
+        uses: actions/cache@v3
+        with:
+          path: c:\cygwin\opt\openssl32
+          key: ${{ runner.os }}-cygwinopenssl32
+      - name: Set installpath
+        run: |
+           echo "IP=$(cygpath -u $PWD)/.local" >> "$env:GITHUB_ENV"
+      - name: build liboqs
+        run: |
+           which cmake
+           cmake --version
+           gcc --version
+           mkdir _build
+           cd _build
+           cmake -GNinja -DOPENSSL_ROOT_DIR=/opt/openssl32 -DCMAKE_INSTALL_PREFIX="${{ env.IP }}" ${{ matrix.platform.oqsconfig }} -DCMAKE_C_COMPILER=gcc ..
+           ninja
+           ninja install
+        working-directory: liboqs
+      - name: Build openssl3 if not cached
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        run: bash -c "./config --prefix=/opt/openssl32 ${{ matrix.platform.config }} && perl configdata.pm --dump && make $MAKE_PARAMS && make install_sw"
+        working-directory: openssl
+      - name: Check OpenSSL install3 
+        run: dir c:\cygwin\opt\openssl32
+      - name: Save OpenSSL
+        id: cache-openssl-save
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v3
+        with:
+          path: |
+            c:\cygwin\opt\openssl32
+          key: ${{ runner.os }}-cygwinopenssl32
+      - name: build oqs-provider
+        run: bash -c "git config --global --add safe.directory $(cygpath -u $PWD) && liboqs_DIR='${{ env.IP }}' cmake -GNinja -DCMAKE_C_COMPILER=gcc -DOPENSSL_ROOT_DIR=/opt/openssl32 -S . -B _build && cd _build && ninja && cd .."
+      - name: Adapt oqsprovider.dll name
+        run: bash -c "cp oqsprovider-1.dll oqsprovider.dll"
+        working-directory: _build/bin
+      - name: Check Openssl providers
+        run: bash -c "OPENSSL_MODULES=_build/bin /opt/openssl32/bin/openssl list -providers -provider oqsprovider -provider default"
+      - name: Run tests
+        run: bash -c "echo $PATH && PATH=/opt/openssl32/bin:/usr/bin ctest -V"
+        working-directory: _build
+      - name: Retain oqsprovider.dll
+        uses: actions/upload-artifact@v3
+        with:
+          name: oqs-provider-cygwin
+          path: D:/a/oqs-provider/oqs-provider/_build/bin/oqsprovider.dll
+
+  msvc:
+# Run a job for each of the specified target architectures:
+    strategy:
+      matrix:
+        os:
+          - windows-2019
+#          - windows-2022
+        platform:
+          - arch: win64
+            oqsconfig: -DOQS_ALGS_ENABLED=STD
+            osslconfig: no-shared no-fips VC-WIN64A-masm
+#          - arch: win32
+#            oqsconfig: -DOQS_ALGS_ENABLED=STD
+#            osslconfig: --strict-warnings no-fips enable-quic
+    runs-on: ${{matrix.os}}
+    steps:
+      - name: Restore OpenSSL32 cache
+        id: cache-openssl32
+        uses: actions/cache@v3
+        with:
+          path: c:\openssl32
+          key: ${{ runner.os }}-msvcopenssl32
+      - uses: actions/checkout@v3
+      - name: Checkout OpenSSL master
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        uses: actions/checkout@v3
+        with:
+          set-safe-directory: true
+          repository: openssl/openssl
+          path: openssl
+      - uses: actions/checkout@v3
+        with:
+          set-safe-directory: true
+          repository: open-quantum-safe/liboqs
+          path: liboqs
+      - uses: ilammy/msvc-dev-cmd@v1
+        with:
+          arch: ${{ matrix.platform.arch }}
+      - name: Setup nasm for OpenSSL build
+        uses: ilammy/setup-nasm@v1
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        with:
+          platform: ${{ matrix.platform.arch }}
+      - name: Setup perl for OpenSSl build
+        uses: shogo82148/actions-setup-perl@v1
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+# OQS_USE_OPENSSL=OFF by default on Win32
+# if cmake --build fails, try explicit
+# cd _build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release
+# fails:          cmake -DCMAKE_C_FLAGS="/wd5105" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX="c:\liboqs" ${{ matrix.platform.oqsconfig }} -S . -B _build
+#          cd _build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release && cd ..
+#          cmake --install _build
+      - name: build liboqs
+        run: |
+          cmake --version
+          mkdir build
+          cd build
+          cmake -GNinja -DCMAKE_C_FLAGS="/wd5105" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX="c:\liboqs" ${{ matrix.platform.oqsconfig }} -DOQS_DIST_BUILD=ON ..
+          ninja
+          ninja install
+        working-directory: liboqs
+      - name: prepare the OpenSSL build directory
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        run: mkdir _build
+        working-directory: openssl
+      - name: OpenSSL config
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        working-directory: openssl\_build
+        run: |
+          perl ..\Configure --banner=Configured --prefix=c:\openssl32 no-makedepend ${{ matrix.platform.osslconfig }}
+          perl configdata.pm --dump
+      - name: OpenSSL build
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        working-directory: openssl\_build
+        run: nmake /S
+# Skip testing openssl for now
+#      - name: test
+#        working-directory: openssl\_build
+#        run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
+      - name: OpenSSL install
+        # Run on 64 bit only as 32 bit is slow enough already
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        run: |
+          mkdir c:\openssl32
+          nmake install_sw
+        working-directory: openssl\_build
+      - name: Save OpenSSL
+        id: cache-openssl-save
+        if: steps.cache-openssl32.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v3
+        with:
+          path: |
+            c:\openssl32
+          key: ${{ runner.os }}-msvcopenssl32
+      - name: build oqs-provider
+        run: |
+          cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build
+          cd _build
+          ninja
+      - name: Run tests
+        run: |
+          ctest -V --test-dir _build
+      - name: Retain oqsprovider.dll
+        uses: actions/upload-artifact@v3
+        with:
+          name: oqs-provider-msvc
+          path: D:/a/oqs-provider/oqs-provider/_build/bin/oqsprovider.dll
+
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -15,8 +15,10 @@ if(MSVC)
       "${CMAKE_EXE_LINKER_FLAGS} /NODEFAULTLIB:LIBCMT")
   add_definitions(-DOQS_PROVIDER_NOATOMIC)
   add_definitions(-D_CRT_SECURE_NO_WARNINGS)
+  set(OQS_ADDL_SOCKET_LIBS "ws2_32.lib gdi32.lib crypt32.lib")
 else()
   add_compile_options(-Wunused-function)
+  set(OQS_ADDL_SOCKET_LIBS "")
 endif()
 
 option(NOPUBKEY_IN_PRIVKEY "Do not include public keys in private key structures/PKCS#8 " OFF)
@@ -37,9 +39,13 @@ endif()
 include(CheckLibraryExists)
 include(CheckFunctionExists)
 
+# Add required includes for openssl and liboqs
 find_package(OpenSSL 3.0 REQUIRED)
 include_directories(${OPENSSL_INCLUDE_DIR})
 find_package(liboqs REQUIRED)
+get_target_property(LIBOQS_INCLUDE_DIR OQS::oqs INTERFACE_INCLUDE_DIRECTORIES)
+message(STATUS "liboqs found: Include dir at ${LIBOQS_INCLUDE_DIR}")
+include_directories(${LIBOQS_INCLUDE_DIR})
 
 # Provider module
 add_subdirectory(oqsprov)

diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+[![GitHub actions](https://github.com/open-quantum-safe/oqs-provider/actions/workflows/linux.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-provider/actions/workflows/linux.yml)
+[![GitHub actions](https://github.com/open-quantum-safe/oqs-provider/actions/workflows/windows.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-provider/actions/workflows/windows.yml)
 [![oqs-provider](https://circleci.com/gh/open-quantum-safe/oqs-provider.svg?style=svg)](https://app.circleci.com/pipelines/github/open-quantum-safe/oqs-provider)
 
 oqsprovider - Open Quantum Safe provider for OpenSSL (3.x)
@@ -201,7 +203,11 @@ By setting `-DNOPUBKEY_IN_PRIVKEY=<ON/OFF>` at compile-time, it can be further s
 
 Building on Windows
 --------------------
-The following steps have been tested on Windows 10 and 11 using MSYS2 MINGW64 and were successful. However, building with Visual Studio 2019 was unsuccessful (see [#47](https://github.com/open-quantum-safe/oqs-provider/issues/47)). Note that the process of building on Windows is considered experimental and may need further adjustments. Please report further issues to [#47](https://github.com/open-quantum-safe/oqs-provider/issues/47). Despite skipping the testing process, setting up a test server and client with post-quantum cryptography algorithms can still be accomplished.
+Building `oqsprovider` following the steps outlined above have been
+successfully tested on Windows 10 and 11 using MSYS2 MINGW64.
+For building `oqsprovider` successfully using Microsoft Visual Studio
+or `cygwin`, please check out the build instructions for those platforms
+in the CI control file at ".github/workflows/windows.yml".
 
 Using
 -----
@@ -227,7 +233,12 @@ eliminates the need for specific PATH setting as showcased below.
 
     LD_LIBRARY_PATH=.local/lib64 .local/bin/openssl list -providers -verbose -provider-path _build/lib -provider oqsprovider 
 
-## Creating keys and certificates
+If using a standard install of openssl(3) and including `oqsprovider` activation
+in the global "openssl.cnf" file, the command accordingly gets simplified to:
+
+    openssl list -providers -verbose
+
+## Creating (classic) keys and certificates
 
 This can be facilitated for example by using the usual `openssl` commands:
 

diff --git a/oqsprov/CMakeLists.txt b/oqsprov/CMakeLists.txt
@@ -45,7 +45,7 @@ set_target_properties(oqsprovider
     SOVERSION 1
     # For Windows DLLs
     RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin")
-target_link_libraries(oqsprovider OQS::oqs ${OPENSSL_CRYPTO_LIBRARY})
+target_link_libraries(oqsprovider OQS::oqs ${OPENSSL_CRYPTO_LIBRARY} ${OQS_ADDL_SOCKET_LIBS})
 if (USE_ENCODING_LIB)
   target_link_libraries(oqsprovider qsc_key_encoder)
   target_include_directories(oqsprovider PRIVATE ${encoder_LIBRARY_INCLUDE})

diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c
@@ -587,6 +587,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
     for (i=0; i<OQS_OID_CNT;i+=2) {
         if (!c_obj_create(handle, oqs_oid_alg_list[i], oqs_oid_alg_list[i+1], oqs_oid_alg_list[i+1])) {
                 ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
+                fprintf(stderr, "error registering NID for %s\n", oqs_oid_alg_list[i+1]);
                 return 0;
         }
 
@@ -596,13 +597,19 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         }
 
         if (!c_obj_add_sigid(handle, oqs_oid_alg_list[i+1], "", oqs_oid_alg_list[i+1])) {
-              OQS_PROV_PRINTF2("error registering %s with no hash\n", oqs_oid_alg_list[i+1]);
+              fprintf(stderr, "error registering %s with no hash\n", oqs_oid_alg_list[i+1]);
               ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
               return 0;
         }
 
-        OQS_PROV_PRINTF3("OQS PROV: successfully registered %s with NID %d\n", oqs_oid_alg_list[i+1], OBJ_sn2nid(oqs_oid_alg_list[i+1]));
-
+        if (OBJ_sn2nid(oqs_oid_alg_list[i+1]) != 0) {
+            OQS_PROV_PRINTF3("OQS PROV: successfully registered %s with NID %d\n", oqs_oid_alg_list[i+1], OBJ_sn2nid(oqs_oid_alg_list[i+1]));
+        }
+        else {
+            fprintf(stderr, "OQS PROV: Impossible error: NID unregistered for %s.\n", oqs_oid_alg_list[i+1]);
+            return 0;
+        }
+
     }
 
     // if libctx not yet existing, create a new one