diff --git a/.gitmodules b/.gitmodules index 1dca04b4..c6c61d96 100644 --- a/.gitmodules +++ b/.gitmodules @@ -10,3 +10,6 @@ [submodule "src/libhamcore"] path = src/libhamcore url = https://github.com/SoftEtherVPN/libhamcore.git +[submodule "src/Mayaqua/3rdparty/oqs-provider"] + path = src/Mayaqua/3rdparty/oqs-provider + url = https://github.com/open-quantum-safe/oqs-provider.git diff --git a/src/Mayaqua/3rdparty/oqs-provider b/src/Mayaqua/3rdparty/oqs-provider new file mode 160000 index 00000000..bfaf2981 --- /dev/null +++ b/src/Mayaqua/3rdparty/oqs-provider @@ -0,0 +1 @@ +Subproject commit bfaf29819e8e7679eb7b440c20312449d311e86a diff --git a/src/Mayaqua/CMakeLists.txt b/src/Mayaqua/CMakeLists.txt index 32a121a9..e7308d8c 100644 --- a/src/Mayaqua/CMakeLists.txt +++ b/src/Mayaqua/CMakeLists.txt @@ -93,6 +93,15 @@ if(UNIX) $<$:${LIB_RT}> ) + if (SKIP_OQS_PROVIDER) + add_definitions(-DSKIP_OQS_PROVIDER) + else() + set(OQS_PROVIDER_BUILD_STATIC ON CACHE BOOL "Build a static library instead of a shared library") # Build oqsprovider as a static library (defaults to shared) + add_subdirectory(3rdparty/oqs-provider) + set_property(TARGET oqsprovider PROPERTY POSITION_INDEPENDENT_CODE ON) + target_link_libraries(mayaqua PRIVATE oqsprovider) + endif() + if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(armv7l|aarch64|s390x)$" OR NOT HAVE_SYS_AUXV OR SKIP_CPU_FEATURES) add_definitions(-DSKIP_CPU_FEATURES) else() diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index fab64387..1b34b831 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -40,6 +40,10 @@ #include #if OPENSSL_VERSION_NUMBER >= 0x30000000L #include +// Static oqsprovider initialization function +#ifndef SKIP_OQS_PROVIDER + extern OSSL_provider_init_fn oqs_provider_init; +#endif #endif #ifdef _MSC_VER @@ -64,6 +68,10 @@ #endif #endif // _MSC_VER +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + +#endif + // OpenSSL <1.1 Shims #if OPENSSL_VERSION_NUMBER < 0x10100000L # define EVP_PKEY_get0_RSA(obj) ((obj)->pkey.rsa) @@ -4003,7 +4011,13 @@ void InitCryptLibrary() #if OPENSSL_VERSION_NUMBER >= 0x30000000L ossl_provider_default = OSSL_PROVIDER_load(NULL, "legacy"); ossl_provider_legacy = OSSL_PROVIDER_load(NULL, "default"); - ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, "oqsprovider"); + + char *oqs_provider_name = "oqsprovider"; + #ifndef SKIP_OQS_PROVIDER + # Registers "oqsprovider" as a provider -- necessary because oqsprovider is built in now. + OSSL_PROVIDER_add_builtin(NULL, oqs_provider_name, oqs_provider_init); + #endif + ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, oqs_provider_name); #endif ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);