Allow the user to build oqs-provider as a static library.

This commit removes the `SHARED` argument of the `add_library`.
By doing so, we let the user choose the build type of library.

By default, CMake will build a static library. Thus, [`BUILD_SHARED_LIBS`]
must be used to switch to a shared library.

`oqs-provider` as a static library allows us to use the provider without
having to store its shared library somewhere. In addition, it happens that
some operating systems prohibit the use of `dlopen`/`dlsym`.

To load `oqs-provider` when it is embedded into a library of a binary, one
can use the [`OSSL_PROVIDER_add_builtin`] API from OpenSSL 3.

[`BUILD_SHARED_LIBS`]: https://cmake.org/cmake/help/latest/variable/BUILD_SHARED_LIBS.html
[`OSSL_PROVIDER_add_builtin`]: https://www.openssl.org/docs/man3.1/man3/OSSL_PROVIDER_add_builtin.html

.circleci/config.yml

@@ -46,7 +46,7 @@ jobs:
               equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ]
           steps:
             - run:
-                name: Clone and build OpenSSL(3) 
+                name: Clone and build OpenSSL(3)
                 command: |
                    git clone --branch master git://git.openssl.org/openssl.git openssl &&
                    cd openssl && ./config --prefix=$(echo $(pwd)/../.local) && make -j 18 && make install_sw && cd ..
@@ -69,11 +69,11 @@ jobs:
       - run:
           name: Run tests (with encodings, positive and negative test)
           command: |
-            ./scripts/runtests_encodings.sh -V > log 
-            if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then 
+            ./scripts/runtests_encodings.sh -V > log
+            if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
                cat log
                ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
-            else 
+            else
                cat log
             fi
       - run:
@@ -88,10 +88,10 @@ jobs:
           name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON, with encodings, positive and negative test)
           command: |
             ./scripts/runtests_encodings.sh -V
-            if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then 
+            if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
                cat log
                ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
-            else 
+            else
                cat log
             fi
 
@@ -120,7 +120,7 @@ jobs:
              git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git &&
              export LIBOQS_INSTALLPATH=$(pwd)/.local && cd liboqs && mkdir _build && cd _build &&
              cmake -GNinja -DCMAKE_INSTALL_PREFIX=$LIBOQS_INSTALLPATH << parameters.CMAKE_ARGS >> .. && ninja install &&
-             cd .. && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$LIBOQS_INSTALLPATH/lib" >> "$BASH_ENV" 
+             cd .. && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$LIBOQS_INSTALLPATH/lib" >> "$BASH_ENV"
       - when:
           condition:
             not:
@@ -158,11 +158,11 @@ jobs:
       - run:
           name: Run tests (with encodings)
           command: |
-            ./scripts/runtests_encodings.sh -V > log 
-            if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then 
+            ./scripts/runtests_encodings.sh -V > log
+            if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
                cat log
                ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
-            else 
+            else
                cat log
             fi
 
@@ -202,6 +202,12 @@ workflows:
           IMAGE: openquantumsafe/ci-ubuntu-jammy:latest
           CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD
           OPENSSL_PREINSTALL: openssl@3
+      - ubuntu:
+          name: ubuntu-jammy-static
+          context: openquantumsafe
+          IMAGE: openquantumsafe/ci-ubuntu-jammy:latest
+          CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DOQS_PROVIDER_BUILD_STATIC=ON
+          OPENSSL_PREINSTALL: openssl@3
       - macOS:
           name: macOS-noopenssl
           CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF
@@ -210,6 +216,10 @@ workflows:
           name: macOS-shared
           CMAKE_ARGS: -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF -DOQS_ENABLE_KEM_CLASSIC_MCELIECE=OFF
           OPENSSL_PREINSTALL: openssl@3
+      - macOS:
+          name: macOS-static
+          CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_ENABLE_KEM_CLASSIC_MCELIECE=OFF -DOQS_PROVIDER_BUILD_STATIC=ON
+          OPENSSL_PREINSTALL: openssl@3
   on-main-branch:
     when:
       or:

.github/workflows/windows.yml

@@ -68,7 +68,7 @@ jobs:
         if: steps.cache-openssl32.outputs.cache-hit != 'true'
         run: bash -c "./config --prefix=/opt/openssl32 ${{ matrix.platform.config }} && perl configdata.pm --dump && make $MAKE_PARAMS && make install_sw"
         working-directory: openssl
-      - name: Check OpenSSL install3 
+      - name: Check OpenSSL install3
         run: dir c:\cygwin\opt\openssl32
       - name: Save OpenSSL
         id: cache-openssl-save

CMakeLists.txt

@@ -40,6 +40,11 @@ else()
     message(STATUS "Build will not include external encoding library for SPKI/PKCS#8")
 endif()
 
+option(OQS_PROVIDER_BUILD_STATIC "Build a static library instead of a shared library" OFF)
+if(OQS_PROVIDER_BUILD_STATIC AND BUILD_SHARED_LIBS)
+  message(FATAL_ERROR "`OQS_PROVIDER_BUILD_STATIC` is not compatible with `BUILD_SHARED_LIBS`.")
+endif()
+
 include(CheckLibraryExists)
 include(CheckFunctionExists)
 
@@ -62,6 +67,16 @@ get_target_property(LIBOQS_INCLUDE_DIR OQS::oqs INTERFACE_INCLUDE_DIRECTORIES)
 message(STATUS "liboqs found: Include dir at ${LIBOQS_INCLUDE_DIR}")
 include_directories(${LIBOQS_INCLUDE_DIR})
 
+# Hints the compiler on the fact that the provider is being compiled into a static library.
+function(targets_set_static_provider)
+  foreach(target ${ARGN})
+    target_compile_definitions(${target} PRIVATE "OQS_PROVIDER_STATIC")
+    if(NOT target STREQUAL oqsprovider)
+      target_link_libraries(${target} PRIVATE oqsprovider)
+    endif()
+  endforeach()
+endfunction()
+
 # Provider module
 add_subdirectory(oqsprov)
 

CONFIGURE.md

@@ -45,6 +45,16 @@ By setting this to "ON", it can be specified to omit explicitly serializing
 the public key in a `privateKey` structure, e.g., for interoperability testing.
 The default value is `OFF`.
 
+### OQS_PROVIDER_BUILD_STATIC
+
+By setting `-DOQS_PROVIDER_BUILD_STATIC=ON` at compile-time, oqs-provider can be
+compiled as a static library (`oqs-provider.a`).
+The provider can be added using the [`OSSL_PROVIDER_add_builtin`](https://www.openssl.org/docs/man3.1/man3/OSSL_PROVIDER_add_builtin.html)
+function.
+
+> **Warning**
+> `OQS_PROVIDER_BUILD_STATIC` and `BUILD_SHARED_LIBS` are mutually exclusive.
+
 ## Convenience build script options
 
 For anyone interested in building the complete software stack
@@ -106,7 +116,7 @@ performed by default but can be manually enabled in the script `scripts/runtests
 
 ### OPENSSL_CONF
 
-This test environment variable can be used to instruct `openssl` to use a 
+This test environment variable can be used to instruct `openssl` to use a
 configuration file from a non-standard location. Setting this value also
 disables the automation logic built into `runtests.sh`, thus requiring
 knowledge of `openssl` operations when setting it.

README.md

@@ -152,6 +152,7 @@ Contributors to the `oqsprovider` include:
 - Julian Segeth
 - Alex Zaslavsky
 - Will Childs-Klein
+- Thomas Bailleux
 
 History
 -------

oqsprov/CMakeLists.txt

@@ -31,7 +31,13 @@ set(PROVIDER_SOURCE_FILES
 set(PROVIDER_HEADER_FILES
   oqs_prov.h oqs_endecoder_local.h
 )
-add_library(oqsprovider SHARED ${PROVIDER_SOURCE_FILES})
+
+set(OQS_LIBRARY_TYPE SHARED)
+if(OQS_PROVIDER_BUILD_STATIC)
+  set(OQS_LIBRARY_TYPE STATIC)
+endif()
+
+add_library(oqsprovider ${OQS_LIBRARY_TYPE} ${PROVIDER_SOURCE_FILES})
 if (USE_ENCODING_LIB)
   add_dependencies(oqsprovider encoder)
 endif()
@@ -45,9 +51,9 @@ set_target_properties(oqsprovider
     SOVERSION 1
     # For Windows DLLs
     RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin")
-target_link_libraries(oqsprovider OQS::oqs ${OPENSSL_CRYPTO_LIBRARY} ${OQS_ADDL_SOCKET_LIBS})
+target_link_libraries(oqsprovider PUBLIC OQS::oqs ${OPENSSL_CRYPTO_LIBRARY} ${OQS_ADDL_SOCKET_LIBS})
 if (USE_ENCODING_LIB)
-  target_link_libraries(oqsprovider qsc_key_encoder)
+  target_link_libraries(oqsprovider PUBLIC qsc_key_encoder)
   target_include_directories(oqsprovider PRIVATE ${encoder_LIBRARY_INCLUDE})
 endif()
 install(TARGETS oqsprovider
@@ -60,3 +66,6 @@ set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6, openssl (>= 3.0.0), liboqs (>= 0.8.0)")
 set(CPACK_DEBIAN_PACKAGE_MAINTAINER "www.openquantumsafe.org")
 include(CPack)
 
+if (OQS_PROVIDER_BUILD_STATIC)
+  targets_set_static_provider(oqsprovider)
+endif()

oqsprov/oqsprov.c

@@ -1,8 +1,8 @@
 // SPDX-License-Identifier: Apache-2.0 AND MIT
 
-/* 
+/*
  * OQS OpenSSL 3 provider
- * 
+ *
  * Code strongly inspired by OpenSSL legacy provider.
  *
  */
@@ -37,7 +37,7 @@ static OSSL_FUNC_provider_get_params_fn oqsprovider_get_params;
 static OSSL_FUNC_provider_query_operation_fn oqsprovider_query;
 extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities;
 
-/* 
+/*
  * List of all algorithms with given OIDs
  */
 ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START
@@ -105,51 +105,51 @@ const char* oqs_alg_encoding_list[OQS_OID_CNT] = { 0 };
 
 int oqs_patch_encodings(void) {
 ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_START
-   if (getenv("OQS_ENCODING_DILITHIUM2")) oqs_alg_encoding_list[0] = getenv("OQS_ENCODING_DILITHIUM2"); 
+   if (getenv("OQS_ENCODING_DILITHIUM2")) oqs_alg_encoding_list[0] = getenv("OQS_ENCODING_DILITHIUM2");
    if (getenv("OQS_ENCODING_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[1] = getenv("OQS_ENCODING_DILITHIUM2_ALGNAME");
-   if (getenv("OQS_ENCODING_P256_DILITHIUM2")) oqs_alg_encoding_list[2] = getenv("OQS_ENCODING_P256_DILITHIUM2"); 
+   if (getenv("OQS_ENCODING_P256_DILITHIUM2")) oqs_alg_encoding_list[2] = getenv("OQS_ENCODING_P256_DILITHIUM2");
    if (getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[3] = getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME");
-   if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2")) oqs_alg_encoding_list[4] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2"); 
+   if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2")) oqs_alg_encoding_list[4] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2");
    if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[5] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME");
-   if (getenv("OQS_ENCODING_DILITHIUM3")) oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM3"); 
+   if (getenv("OQS_ENCODING_DILITHIUM3")) oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM3");
    if (getenv("OQS_ENCODING_DILITHIUM3_ALGNAME")) oqs_alg_encoding_list[7] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME");
-   if (getenv("OQS_ENCODING_P384_DILITHIUM3")) oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_P384_DILITHIUM3"); 
+   if (getenv("OQS_ENCODING_P384_DILITHIUM3")) oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_P384_DILITHIUM3");
    if (getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME")) oqs_alg_encoding_list[9] = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME");
-   if (getenv("OQS_ENCODING_DILITHIUM5")) oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM5"); 
+   if (getenv("OQS_ENCODING_DILITHIUM5")) oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM5");
    if (getenv("OQS_ENCODING_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[11] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME");
-   if (getenv("OQS_ENCODING_P521_DILITHIUM5")) oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_P521_DILITHIUM5"); 
+   if (getenv("OQS_ENCODING_P521_DILITHIUM5")) oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_P521_DILITHIUM5");
    if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[13] = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME");
-   if (getenv("OQS_ENCODING_FALCON512")) oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_FALCON512"); 
+   if (getenv("OQS_ENCODING_FALCON512")) oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_FALCON512");
    if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_FALCON512_ALGNAME");
-   if (getenv("OQS_ENCODING_P256_FALCON512")) oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_FALCON512"); 
+   if (getenv("OQS_ENCODING_P256_FALCON512")) oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_FALCON512");
    if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME");
-   if (getenv("OQS_ENCODING_RSA3072_FALCON512")) oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_FALCON512"); 
+   if (getenv("OQS_ENCODING_RSA3072_FALCON512")) oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_FALCON512");
    if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) oqs_alg_encoding_list[19] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME");
-   if (getenv("OQS_ENCODING_FALCON1024")) oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_FALCON1024"); 
+   if (getenv("OQS_ENCODING_FALCON1024")) oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_FALCON1024");
    if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) oqs_alg_encoding_list[21] = getenv("OQS_ENCODING_FALCON1024_ALGNAME");
-   if (getenv("OQS_ENCODING_P521_FALCON1024")) oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_P521_FALCON1024"); 
+   if (getenv("OQS_ENCODING_P521_FALCON1024")) oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_P521_FALCON1024");
    if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) oqs_alg_encoding_list[23] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME");
-   if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); 
+   if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE");
    if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[25] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); 
+   if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE");
    if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[27] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); 
+   if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE");
    if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[29] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); 
+   if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE");
    if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); 
+   if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE");
    if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); 
+   if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE");
    if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[35] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); 
+   if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE");
    if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) oqs_alg_encoding_list[37] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); 
+   if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE");
    if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) oqs_alg_encoding_list[39] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); 
+   if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE");
    if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); 
+   if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE");
    if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[43] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME");
-   if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); 
+   if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE");
    if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[45] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME");
 ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END
     return 1;
@@ -530,7 +530,13 @@ static const OSSL_DISPATCH oqsprovider_dispatch_table[] = {
     { 0, NULL }
 };
 
-int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
+#ifdef OQS_PROVIDER_STATIC
+#define OQS_PROVIDER_ENTRYPOINT_NAME oqs_provider_init
+#else
+#define OQS_PROVIDER_ENTRYPOINT_NAME OSSL_provider_init
+#endif // ifdef OQS_PROVIDER_STATIC
+
+int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
                        const OSSL_DISPATCH *in,
                        const OSSL_DISPATCH **out,
                        void **provctx)
@@ -609,13 +615,13 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
             fprintf(stderr, "OQS PROV: Impossible error: NID unregistered for %s.\n", oqs_oid_alg_list[i+1]);
             return 0;
         }
-            
+
     }
 
     // if libctx not yet existing, create a new one
     if ( ((corebiometh = oqs_bio_prov_init_bio_method()) == NULL) ||
          ((libctx = OSSL_LIB_CTX_new_child(handle, orig_in)) == NULL) ||
-         ((*provctx = oqsx_newprovctx(libctx, handle, corebiometh)) == NULL ) ) { 
+         ((*provctx = oqsx_newprovctx(libctx, handle, corebiometh)) == NULL ) ) {
         OQS_PROV_PRINTF("OQS PROV: error creating new provider context\n");
         ERR_raise(ERR_LIB_USER, OQSPROV_R_LIB_CREATE_ERR);
         goto end_init;