From e2be59bf2dae2b0c0f0062beaf94b569eb8f1db9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 2 Feb 2026 07:41:40 +0000 Subject: [PATCH 1/5] Initial plan From de43e41700af45646e6d2da82f6f080006784e36 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 2 Feb 2026 07:45:41 +0000 Subject: [PATCH 2/5] Add OpenSSL 4.0 compatibility - guard ENGINE API usage Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com> --- test_ciphers.c | 13 +++++++++++++ test_digest.c | 12 ++++++++++++ 2 files changed, 25 insertions(+) diff --git a/test_ciphers.c b/test_ciphers.c index 60384988e..fedb9e8a7 100644 --- a/test_ciphers.c +++ b/test_ciphers.c @@ -10,7 +10,10 @@ # include # pragma warning(pop) #endif +#include +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 #include +#endif #include #include #include @@ -505,6 +508,7 @@ static int test_stream(const EVP_CIPHER *type, const char *name, return ret; } +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 int engine_is_available(const char *name) { ENGINE *e = ENGINE_get_first(); @@ -515,8 +519,15 @@ int engine_is_available(const char *name) e = ENGINE_get_next(e); } ENGINE_free(e); + return e != NULL; +} +#else +int engine_is_available(const char *name) +{ + (void)name; return 0; } +#endif void warn_if_untested(const EVP_CIPHER *ciph, void *provider) { @@ -535,6 +546,7 @@ void warn_if_untested(const EVP_CIPHER *ciph, void *provider) void warn_all_untested(void) { +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 if (engine_is_available("gost")) { ENGINE *eng; @@ -551,6 +563,7 @@ void warn_all_untested(void) ENGINE_finish(eng); ENGINE_free(eng); } +#endif if (OSSL_PROVIDER_available(NULL, "gostprov")) { OSSL_PROVIDER *prov; diff --git a/test_digest.c b/test_digest.c index 38cc2ebd6..5601b4036 100644 --- a/test_digest.c +++ b/test_digest.c @@ -13,7 +13,9 @@ # pragma warning(pop) #endif #include +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 #include +#endif #include #include #include @@ -944,6 +946,7 @@ static int do_synthetic_test(const struct hash_testvec *tv) return 0; } +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 int engine_is_available(const char *name) { ENGINE *e = ENGINE_get_first(); @@ -956,6 +959,13 @@ int engine_is_available(const char *name) ENGINE_free(e); return e != NULL; } +#else +int engine_is_available(const char *name) +{ + (void)name; + return 0; +} +#endif void warn_if_untested(const EVP_MD *dgst, void *provider) { @@ -974,6 +984,7 @@ void warn_if_untested(const EVP_MD *dgst, void *provider) void warn_all_untested(void) { +#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4 if (engine_is_available("gost")) { ENGINE *eng; @@ -990,6 +1001,7 @@ void warn_all_untested(void) ENGINE_finish(eng); ENGINE_free(eng); } +#endif if (OSSL_PROVIDER_available(NULL, "gostprov")) { OSSL_PROVIDER *prov; From 76918206380833fe0fc0d30f1ba64b5505d6937a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 2 Feb 2026 07:47:31 +0000 Subject: [PATCH 3/5] Add ENGINE availability check and skip test_keyexpimp for OpenSSL 4.0 Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com> --- CMakeLists.txt | 37 +++++++++++++++++++++++++++++++------ test_keyexpimp.c | 6 ++++++ 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 60552abf0..85551b63e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,6 +5,7 @@ include(GNUInstallDirs) include(CheckLibraryExists) include(CheckFunctionExists) include(CheckCSourceRuns) +include(CheckCSourceCompiles) enable_testing() @@ -97,6 +98,17 @@ if (NOT RELAXED_ALIGNMENT) add_definitions(-DSTRICT_ALIGNMENT) endif() +# Check if ENGINE API is available (removed in OpenSSL 4.0) +check_c_source_compiles(" + #include + int main(void) { + #if defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_MAJOR >= 4 + #error ENGINE not available + #endif + return 0; + } + " HAVE_ENGINE) + if(MSVC) set(BIN_DIRECTORY bin/$/) else() @@ -115,7 +127,13 @@ if ("${OPENSSL_ENGINES_DIR}" STREQUAL "") include(FindPkgConfig) pkg_get_variable(OPENSSL_ENGINES_DIR libcrypto enginesdir) if ("${OPENSSL_ENGINES_DIR}" STREQUAL "") - message( FATAL_ERROR "Unable to discover the OpenSSL engines directory. Provide the path using -DOPENSSL_ENGINES_DIR" ) + if(HAVE_ENGINE) + message( FATAL_ERROR "Unable to discover the OpenSSL engines directory. Provide the path using -DOPENSSL_ENGINES_DIR" ) + else() + # ENGINE not available in this OpenSSL version, use a default path + set(OPENSSL_ENGINES_DIR "${CMAKE_INSTALL_FULL_LIBDIR}/engines") + message( STATUS "ENGINE not available in this OpenSSL version, using default engines directory: ${OPENSSL_ENGINES_DIR}" ) + endif() endif() endif() @@ -306,10 +324,15 @@ set_tests_properties(context-with-provider PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}") # test_keyexpimp is an internals testing program, it doesn't need a test env -add_executable(test_keyexpimp test_keyexpimp.c) -#target_compile_definitions(test_keyexpimp PUBLIC -DOPENSSL_LOAD_CONF) -target_link_libraries(test_keyexpimp gost_core gost_err) -add_test(NAME keyexpimp COMMAND test_keyexpimp) +# It requires ENGINE support, so only build when ENGINE is available +if(HAVE_ENGINE) + add_executable(test_keyexpimp test_keyexpimp.c) + #target_compile_definitions(test_keyexpimp PUBLIC -DOPENSSL_LOAD_CONF) + target_link_libraries(test_keyexpimp gost_core gost_err) + add_test(NAME keyexpimp COMMAND test_keyexpimp) +else() + message(STATUS "Skipping test_keyexpimp (requires ENGINE support)") +endif() # test_gost89 is an internals testing program, it doesn't need a test env add_executable(test_gost89 test_gost89.c) @@ -365,10 +388,12 @@ set(BINARY_TESTS_TARGETS test_derive test_sign test_context - test_keyexpimp test_gost89 test_tls ) +if(HAVE_ENGINE) + list(APPEND BINARY_TESTS_TARGETS test_keyexpimp) +endif() set_property(TARGET ${BINARY_TESTS_TARGETS} APPEND PROPERTY COMPILE_DEFINITIONS ENGINE_DIR="${OUTPUT_DIRECTORY}") add_library(gost_core STATIC ${GOST_LIB_SOURCE_FILES}) diff --git a/test_keyexpimp.c b/test_keyexpimp.c index 0d201b314..279ea358b 100644 --- a/test_keyexpimp.c +++ b/test_keyexpimp.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -24,6 +25,11 @@ #include "e_gost_err.h" #include "gost_grasshopper_cipher.h" +/* ENGINE API was removed in OpenSSL 4.0 */ +#if defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_MAJOR >= 4 +# error "test_keyexpimp requires ENGINE support (OpenSSL < 4.0)" +#endif + #define T(e) \ if (!(e)) { \ ERR_print_errors_fp(stderr); \ From 6c59970e5969064d1d4687c54b762ad0bc25d05d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 2 Feb 2026 07:49:29 +0000 Subject: [PATCH 4/5] Fix code review issues: remove duplicate include, fix engine_is_available logic Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com> --- test_ciphers.c | 7 +++++-- test_digest.c | 7 +++++-- test_keyexpimp.c | 1 - 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/test_ciphers.c b/test_ciphers.c index fedb9e8a7..940e4302e 100644 --- a/test_ciphers.c +++ b/test_ciphers.c @@ -512,14 +512,17 @@ static int test_stream(const EVP_CIPHER *type, const char *name, int engine_is_available(const char *name) { ENGINE *e = ENGINE_get_first(); + int found = 0; while (e != NULL) { - if (strcmp(ENGINE_get_id(e), name) == 0) + if (strcmp(ENGINE_get_id(e), name) == 0) { + found = 1; break; + } e = ENGINE_get_next(e); } ENGINE_free(e); - return e != NULL; + return found; } #else int engine_is_available(const char *name) diff --git a/test_digest.c b/test_digest.c index 5601b4036..57da13c8a 100644 --- a/test_digest.c +++ b/test_digest.c @@ -950,14 +950,17 @@ static int do_synthetic_test(const struct hash_testvec *tv) int engine_is_available(const char *name) { ENGINE *e = ENGINE_get_first(); + int found = 0; while (e != NULL) { - if (strcmp(ENGINE_get_id(e), name) == 0) + if (strcmp(ENGINE_get_id(e), name) == 0) { + found = 1; break; + } e = ENGINE_get_next(e); } ENGINE_free(e); - return e != NULL; + return found; } #else int engine_is_available(const char *name) diff --git a/test_keyexpimp.c b/test_keyexpimp.c index 279ea358b..d2012c3ec 100644 --- a/test_keyexpimp.c +++ b/test_keyexpimp.c @@ -15,7 +15,6 @@ #endif #include #include -#include #include #include #include From b8b5921e2fc9757246cd152cb5b17882ef9993f6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 2 Feb 2026 07:50:27 +0000 Subject: [PATCH 5/5] Final verification - OpenSSL 4.0 compatibility complete Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com> --- _codeql_detected_source_root | 1 + 1 file changed, 1 insertion(+) create mode 120000 _codeql_detected_source_root diff --git a/_codeql_detected_source_root b/_codeql_detected_source_root new file mode 120000 index 000000000..945c9b46d --- /dev/null +++ b/_codeql_detected_source_root @@ -0,0 +1 @@ +. \ No newline at end of file