feat: add Android CMake configuration patch

.github/workflows/ci.yml

@@ -18,6 +18,13 @@ jobs:
         update-liboqs:
           - true
           - false
+        include:
+          # iOS cross-compilation testing
+          - os: macos-latest
+            rust: stable
+            target: aarch64-apple-ios
+            update-liboqs: false
+            features: no_openssl,kems,sigs
     env:
       # 20 MiB stack
       RUST_MIN_STACK: 20971520
@@ -64,36 +71,60 @@ jobs:
           echo RUST_BACKTRACE=1 >> $GITHUB_ENV
         shell: bash
 
+      - name: Install iOS targets
+        if: matrix.target == 'aarch64-apple-ios' || matrix.target == 'x86_64-apple-ios'
+        run: |
+          rustup target add ${{ matrix.target }}
+
       - uses: Swatinem/rust-cache@v2
 
-      - name: Cargo build
+      - name: Cargo build (iOS)
+        if: matrix.target == 'aarch64-apple-ios' || matrix.target == 'x86_64-apple-ios'
+        run: |
+          # Build the high-level oqs crate without openssl (this will also build oqs-sys)
+          cargo build --target ${{ matrix.target }} --no-default-features --features kems,sigs,std,no_openssl --manifest-path oqs/Cargo.toml
+
+      - name: Cargo build (regular)
+        if: matrix.target == null || matrix.target == ''
         run: cargo build
 
       - name: Cargo test
+        if: matrix.target == null || matrix.target == ''
         run: cargo test
 
       - name: Cargo test --no-default-features
+        if: matrix.target == null || matrix.target == ''
         run: cargo test --no-default-features
 
       - name: Cargo test --no-default-features --features serde,kems,sigs,std
+        if: matrix.target == null || matrix.target == ''
         run: cargo test --no-default-features --features serde,kems,sigs,std --manifest-path oqs/Cargo.toml
 
       - name: Cargo test --no-default-features --features serde,kems,sigs
+        if: matrix.target == null || matrix.target == ''
         run: cargo test --no-default-features --features serde,kems,sigs --manifest-path oqs/Cargo.toml
 
       - name: Cargo test --no-default-features --features non_portable,kems,sigs,std
+        if: matrix.target == null || matrix.target == ''
         run: cargo test --no-default-features --features non_portable,kems,sigs,std --manifest-path oqs/Cargo.toml
 
       # skip windows, because the default image doesn't include several of the
       # system dependencies (e.g. Perl) required for the openssl-sys/vendored
       - name: Cargo test --features vendored_openssl
-        if: matrix.os != 'windows-latest'
+        if: (matrix.target == null || matrix.target == '') && matrix.os != 'windows-latest'
         run: cargo test --features vendored_openssl --manifest-path oqs/Cargo.toml
 
+      # Test the no_openssl feature on all platforms
+      - name: Cargo test oqs-sys --features no_openssl
+        if: matrix.target == null || matrix.target == ''
+        run: cargo test --features no_openssl --manifest-path oqs-sys/Cargo.toml
+
       - name: Cargo fmt
+        if: matrix.target == null || matrix.target == ''
         run: cargo fmt --all -- --check
 
       - name: Cargo clippy
+        if: matrix.target == null || matrix.target == ''
         run: cargo clippy
 
 #  vim: set ft=yaml ts=2 sw=2 tw=0 et :

README.md

@@ -79,6 +79,46 @@ features = ["sigs", "kems"]
 
 You will probably want to change the random-number generator through the [`OQS_RAND` API][] offered by `oqs-sys`.
 
+## OpenSSL Support
+
+By default, `liboqs` is built with OpenSSL support for symmetric cryptography operations. This can be controlled through features:
+
+- Default behavior: OpenSSL enabled (requires system OpenSSL or vendored OpenSSL)
+- `vendored_openssl`: Use bundled OpenSSL instead of system OpenSSL
+- `no_openssl`: Force disable OpenSSL on all platforms
+
+### Platform-specific behavior
+
+- **iOS**: OpenSSL is automatically disabled to avoid build issues. The crate uses iOS Security.framework instead.
+- **Other platforms**: OpenSSL enabled by default but can be overridden.
+
+### Environment variable control
+
+You can override OpenSSL configuration using the `OQS_USE_OPENSSL` environment variable:
+
+```bash
+# Force disable OpenSSL
+OQS_USE_OPENSSL=OFF cargo build
+
+# Force enable OpenSSL  
+OQS_USE_OPENSSL=ON cargo build
+```
+
+### Examples
+
+```toml
+# iOS-compatible build without OpenSSL
+[dependencies.oqs]
+version = "*"
+default-features = false
+features = ["no_openssl", "sigs", "kems"]
+
+# Use vendored OpenSSL (recommended for Windows)
+[dependencies.oqs]
+version = "*"
+features = ["vendored_openssl"]
+```
+
 [`OQS_RAND` API]: https://open-quantum-safe.github.io/liboqs-rust/oqs_sys/rand/index.html
 
 ## `non_portable` feature

oqs-sys/Cargo.toml

@@ -28,6 +28,7 @@ build-deps = "0.1"
 default = ["openssl", "kems", "sigs"]
 openssl = []
 vendored_openssl = ["openssl", "vendored", "dep:openssl-sys"]
+no_openssl = []  # Force disable OpenSSL on all platforms
 docs = []
 non_portable = []
 vendored = []

oqs-sys/README.md

@@ -9,6 +9,8 @@ This crate provides the unsafe `ffi` bindings to [liboqs][].
 
 * `vendored` (default): Compile the included version of liboqs instead of linking to the system version.
 * `openssl` (default): Compile with OpenSSL features (mostly symmetric cryptography)
+* `vendored_openssl`: Use vendored OpenSSL (includes `openssl` feature)
+* `no_openssl`: Force disable OpenSSL on all platforms
 * `non_portable`: Don't build a portable library.
 * `kems` (default): Compile with all KEMs enabled
     * `bike`  (only on non-Windows)
@@ -27,5 +29,50 @@ This crate provides the unsafe `ffi` bindings to [liboqs][].
     * `sphincs`: SPHINCS+
     * `uov`
 
+## Platform-Specific Behavior
+
+### iOS Support
+iOS builds automatically disable OpenSSL by default to avoid compilation issues. The crate will:
+- Automatically set `OQS_USE_OPENSSL=OFF` when building for iOS targets
+- Link against iOS system frameworks (`Security.framework`) for cryptographic functions
+- Use system random number generation instead of OpenSSL
+
+### Other Platforms
+- **macOS/Linux**: OpenSSL enabled by default (can be overridden)
+- **Windows**: OpenSSL enabled by default (vendored OpenSSL recommended)
+- **Android**: Follows same behavior as Linux
+
+## Environment Variables
+
+You can override the OpenSSL configuration using environment variables:
+
+- `OQS_USE_OPENSSL=OFF` or `OQS_USE_OPENSSL=NO`: Force disable OpenSSL
+- `OQS_USE_OPENSSL=ON` or `OQS_USE_OPENSSL=YES`: Force enable OpenSSL
+
+These environment variables take precedence over feature flags and platform defaults.
+
+## Examples
+
+### Building for iOS without OpenSSL
+```bash
+# iOS builds automatically disable OpenSSL
+cargo build --target aarch64-apple-ios
+
+# Or explicitly disable OpenSSL
+cargo build --target aarch64-apple-ios --features no_openssl
+```
+
+### Building without OpenSSL on any platform
+```bash
+cargo build --features no_openssl
+# or
+OQS_USE_OPENSSL=OFF cargo build
+```
+
+### Building with vendored OpenSSL
+```bash
+cargo build --features vendored_openssl
+```
+
 [oqs]: https://openquantumsafe.org
 [liboqs]: https://github.com/Open-Quantum-Safe/liboqs