diff --git a/CMakeLists.txt b/CMakeLists.txt index 60552abf0..85551b63e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,6 +5,7 @@ include(GNUInstallDirs) include(CheckLibraryExists) include(CheckFunctionExists) include(CheckCSourceRuns) +include(CheckCSourceCompiles) enable_testing() @@ -97,6 +98,17 @@ if (NOT RELAXED_ALIGNMENT) add_definitions(-DSTRICT_ALIGNMENT) endif() +# Check if ENGINE API is available (removed in OpenSSL 4.0) +check_c_source_compiles(" + #include + int main(void) { + #if defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_MAJOR >= 4 + #error ENGINE not available + #endif + return 0; + } + " HAVE_ENGINE) + if(MSVC) set(BIN_DIRECTORY bin/$/) else() @@ -115,7 +127,13 @@ if ("${OPENSSL_ENGINES_DIR}" STREQUAL "") include(FindPkgConfig) pkg_get_variable(OPENSSL_ENGINES_DIR libcrypto enginesdir) if ("${OPENSSL_ENGINES_DIR}" STREQUAL "") - message( FATAL_ERROR "Unable to discover the OpenSSL engines directory. Provide the path using -DOPENSSL_ENGINES_DIR" ) + if(HAVE_ENGINE) + message( FATAL_ERROR "Unable to discover the OpenSSL engines directory. Provide the path using -DOPENSSL_ENGINES_DIR" ) + else() + # ENGINE not available in this OpenSSL version, use a default path + set(OPENSSL_ENGINES_DIR "${CMAKE_INSTALL_FULL_LIBDIR}/engines") + message( STATUS "ENGINE not available in this OpenSSL version, using default engines directory: ${OPENSSL_ENGINES_DIR}" ) + endif() endif() endif() @@ -306,10 +324,15 @@ set_tests_properties(context-with-provider PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}") # test_keyexpimp is an internals testing program, it doesn't need a test env -add_executable(test_keyexpimp test_keyexpimp.c) -#target_compile_definitions(test_keyexpimp PUBLIC -DOPENSSL_LOAD_CONF) -target_link_libraries(test_keyexpimp gost_core gost_err) -add_test(NAME keyexpimp COMMAND test_keyexpimp) +# It requires ENGINE support, so only build when ENGINE is available +if(HAVE_ENGINE) + add_executable(test_keyexpimp test_keyexpimp.c) + #target_compile_definitions(test_keyexpimp PUBLIC -DOPENSSL_LOAD_CONF) + target_link_libraries(test_keyexpimp gost_core gost_err) + add_test(NAME keyexpimp COMMAND test_keyexpimp) +else() + message(STATUS "Skipping test_keyexpimp (requires ENGINE support)") +endif() # test_gost89 is an internals testing program, it doesn't need a test env add_executable(test_gost89 test_gost89.c) @@ -365,10 +388,12 @@ set(BINARY_TESTS_TARGETS test_derive test_sign test_context - test_keyexpimp test_gost89 test_tls ) +if(HAVE_ENGINE) + list(APPEND BINARY_TESTS_TARGETS test_keyexpimp) +endif() set_property(TARGET ${BINARY_TESTS_TARGETS} APPEND PROPERTY COMPILE_DEFINITIONS ENGINE_DIR="${OUTPUT_DIRECTORY}") add_library(gost_core STATIC ${GOST_LIB_SOURCE_FILES}) diff --git a/_codeql_detected_source_root b/_codeql_detected_source_root new file mode 120000 index 000000000..945c9b46d --- /dev/null +++ b/_codeql_detected_source_root @@ -0,0 +1 @@ +. \ No newline at end of file diff --git a/test_ciphers.c b/test_ciphers.c index 60384988e..940e4302e 100644 --- a/test_ciphers.c +++ b/test_ciphers.c @@ -10,7 +10,10 @@ # include # pragma warning(pop) #endif +#include +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 #include +#endif #include #include #include @@ -505,18 +508,29 @@ static int test_stream(const EVP_CIPHER *type, const char *name, return ret; } +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 int engine_is_available(const char *name) { ENGINE *e = ENGINE_get_first(); + int found = 0; while (e != NULL) { - if (strcmp(ENGINE_get_id(e), name) == 0) + if (strcmp(ENGINE_get_id(e), name) == 0) { + found = 1; break; + } e = ENGINE_get_next(e); } ENGINE_free(e); + return found; +} +#else +int engine_is_available(const char *name) +{ + (void)name; return 0; } +#endif void warn_if_untested(const EVP_CIPHER *ciph, void *provider) { @@ -535,6 +549,7 @@ void warn_if_untested(const EVP_CIPHER *ciph, void *provider) void warn_all_untested(void) { +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 if (engine_is_available("gost")) { ENGINE *eng; @@ -551,6 +566,7 @@ void warn_all_untested(void) ENGINE_finish(eng); ENGINE_free(eng); } +#endif if (OSSL_PROVIDER_available(NULL, "gostprov")) { OSSL_PROVIDER *prov; diff --git a/test_digest.c b/test_digest.c index 38cc2ebd6..57da13c8a 100644 --- a/test_digest.c +++ b/test_digest.c @@ -13,7 +13,9 @@ # pragma warning(pop) #endif #include +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 #include +#endif #include #include #include @@ -944,18 +946,29 @@ static int do_synthetic_test(const struct hash_testvec *tv) return 0; } +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 int engine_is_available(const char *name) { ENGINE *e = ENGINE_get_first(); + int found = 0; while (e != NULL) { - if (strcmp(ENGINE_get_id(e), name) == 0) + if (strcmp(ENGINE_get_id(e), name) == 0) { + found = 1; break; + } e = ENGINE_get_next(e); } ENGINE_free(e); - return e != NULL; + return found; } +#else +int engine_is_available(const char *name) +{ + (void)name; + return 0; +} +#endif void warn_if_untested(const EVP_MD *dgst, void *provider) { @@ -974,6 +987,7 @@ void warn_if_untested(const EVP_MD *dgst, void *provider) void warn_all_untested(void) { +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 if (engine_is_available("gost")) { ENGINE *eng; @@ -990,6 +1004,7 @@ void warn_all_untested(void) ENGINE_finish(eng); ENGINE_free(eng); } +#endif if (OSSL_PROVIDER_available(NULL, "gostprov")) { OSSL_PROVIDER *prov; diff --git a/test_keyexpimp.c b/test_keyexpimp.c index 0d201b314..d2012c3ec 100644 --- a/test_keyexpimp.c +++ b/test_keyexpimp.c @@ -15,7 +15,7 @@ #endif #include #include -#include +#include #include #include #include @@ -24,6 +24,11 @@ #include "e_gost_err.h" #include "gost_grasshopper_cipher.h" +/* ENGINE API was removed in OpenSSL 4.0 */ +#if defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_MAJOR >= 4 +# error "test_keyexpimp requires ENGINE support (OpenSSL < 4.0)" +#endif + #define T(e) \ if (!(e)) { \ ERR_print_errors_fp(stderr); \