Skip to content

Add OpenSSL 4.0 compatibility - handle ENGINE API removal #513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

Add OpenSSL 4.0 compatibility - handle ENGINE API removal #513

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e2be59b
Initial plan
Copilot Feb 2, 2026
de43e41
Add OpenSSL 4.0 compatibility - guard ENGINE API usage
Copilot Feb 2, 2026
7691820
Add ENGINE availability check and skip test_keyexpimp for OpenSSL 4.0
Copilot Feb 2, 2026
6c59970
Fix code review issues: remove duplicate include, fix engine_is_avail…
Copilot Feb 2, 2026
b8b5921
Final verification - OpenSSL 4.0 compatibility complete
Copilot Feb 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 31 additions & 6 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ include(GNUInstallDirs)
include(CheckLibraryExists)
include(CheckFunctionExists)
include(CheckCSourceRuns)
include(CheckCSourceCompiles)

enable_testing()

Expand Down Expand Up @@ -97,6 +98,17 @@ if (NOT RELAXED_ALIGNMENT)
add_definitions(-DSTRICT_ALIGNMENT)
endif()

# Check if ENGINE API is available (removed in OpenSSL 4.0)
check_c_source_compiles("
#include <openssl/opensslv.h>
int main(void) {
#if defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_MAJOR >= 4
#error ENGINE not available
#endif
return 0;
}
" HAVE_ENGINE)

if(MSVC)
set(BIN_DIRECTORY bin/$<CONFIG>/)
else()
Expand All @@ -115,7 +127,13 @@ if ("${OPENSSL_ENGINES_DIR}" STREQUAL "")
include(FindPkgConfig)
pkg_get_variable(OPENSSL_ENGINES_DIR libcrypto enginesdir)
if ("${OPENSSL_ENGINES_DIR}" STREQUAL "")
message( FATAL_ERROR "Unable to discover the OpenSSL engines directory. Provide the path using -DOPENSSL_ENGINES_DIR" )
if(HAVE_ENGINE)
message( FATAL_ERROR "Unable to discover the OpenSSL engines directory. Provide the path using -DOPENSSL_ENGINES_DIR" )
else()
# ENGINE not available in this OpenSSL version, use a default path
set(OPENSSL_ENGINES_DIR "${CMAKE_INSTALL_FULL_LIBDIR}/engines")
message( STATUS "ENGINE not available in this OpenSSL version, using default engines directory: ${OPENSSL_ENGINES_DIR}" )
endif()
endif()
endif()

Expand Down Expand Up @@ -306,10 +324,15 @@ set_tests_properties(context-with-provider
PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}")

# test_keyexpimp is an internals testing program, it doesn't need a test env
add_executable(test_keyexpimp test_keyexpimp.c)
#target_compile_definitions(test_keyexpimp PUBLIC -DOPENSSL_LOAD_CONF)
target_link_libraries(test_keyexpimp gost_core gost_err)
add_test(NAME keyexpimp COMMAND test_keyexpimp)
# It requires ENGINE support, so only build when ENGINE is available
if(HAVE_ENGINE)
add_executable(test_keyexpimp test_keyexpimp.c)
#target_compile_definitions(test_keyexpimp PUBLIC -DOPENSSL_LOAD_CONF)
target_link_libraries(test_keyexpimp gost_core gost_err)
add_test(NAME keyexpimp COMMAND test_keyexpimp)
else()
message(STATUS "Skipping test_keyexpimp (requires ENGINE support)")
endif()

# test_gost89 is an internals testing program, it doesn't need a test env
add_executable(test_gost89 test_gost89.c)
Expand Down Expand Up @@ -365,10 +388,12 @@ set(BINARY_TESTS_TARGETS
test_derive
test_sign
test_context
test_keyexpimp
test_gost89
test_tls
)
if(HAVE_ENGINE)
list(APPEND BINARY_TESTS_TARGETS test_keyexpimp)
endif()
set_property(TARGET ${BINARY_TESTS_TARGETS} APPEND PROPERTY COMPILE_DEFINITIONS ENGINE_DIR="${OUTPUT_DIRECTORY}")

add_library(gost_core STATIC ${GOST_LIB_SOURCE_FILES})
Expand Down
1 change: 1 addition & 0 deletions _codeql_detected_source_root
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
.
18 changes: 17 additions & 1 deletion test_ciphers.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@
# include <openssl/applink.c>
# pragma warning(pop)
#endif
#include <openssl/opensslv.h>
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4
#include <openssl/engine.h>
#endif
#include <openssl/provider.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
Expand Down Expand Up @@ -505,18 +508,29 @@ static int test_stream(const EVP_CIPHER *type, const char *name,
return ret;
}

#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4
int engine_is_available(const char *name)
{
ENGINE *e = ENGINE_get_first();
int found = 0;

while (e != NULL) {
if (strcmp(ENGINE_get_id(e), name) == 0)
if (strcmp(ENGINE_get_id(e), name) == 0) {
found = 1;
break;
}
e = ENGINE_get_next(e);
}
ENGINE_free(e);
return found;
}
#else
int engine_is_available(const char *name)
{
(void)name;
return 0;
}
#endif

void warn_if_untested(const EVP_CIPHER *ciph, void *provider)
{
Expand All @@ -535,6 +549,7 @@ void warn_if_untested(const EVP_CIPHER *ciph, void *provider)

void warn_all_untested(void)
{
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4
if (engine_is_available("gost")) {
ENGINE *eng;

Expand All @@ -551,6 +566,7 @@ void warn_all_untested(void)
ENGINE_finish(eng);
ENGINE_free(eng);
}
#endif
if (OSSL_PROVIDER_available(NULL, "gostprov")) {
OSSL_PROVIDER *prov;

Expand Down
19 changes: 17 additions & 2 deletions test_digest.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@
# pragma warning(pop)
#endif
#include <openssl/opensslv.h>
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4
#include <openssl/engine.h>
#endif
#include <openssl/provider.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
Expand Down Expand Up @@ -944,18 +946,29 @@ static int do_synthetic_test(const struct hash_testvec *tv)
return 0;
}

#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4
int engine_is_available(const char *name)
{
ENGINE *e = ENGINE_get_first();
int found = 0;

while (e != NULL) {
if (strcmp(ENGINE_get_id(e), name) == 0)
if (strcmp(ENGINE_get_id(e), name) == 0) {
found = 1;
break;
}
e = ENGINE_get_next(e);
}
ENGINE_free(e);
return e != NULL;
return found;
}
#else
int engine_is_available(const char *name)
{
(void)name;
return 0;
}
#endif

void warn_if_untested(const EVP_MD *dgst, void *provider)
{
Expand All @@ -974,6 +987,7 @@ void warn_if_untested(const EVP_MD *dgst, void *provider)

void warn_all_untested(void)
{
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_MAJOR < 4
if (engine_is_available("gost")) {
ENGINE *eng;

Expand All @@ -990,6 +1004,7 @@ void warn_all_untested(void)
ENGINE_finish(eng);
ENGINE_free(eng);
}
#endif
if (OSSL_PROVIDER_available(NULL, "gostprov")) {
OSSL_PROVIDER *prov;

Expand Down
7 changes: 6 additions & 1 deletion test_keyexpimp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
#endif
#include <string.h>
#include <stdio.h>
#include <string.h>
#include <openssl/opensslv.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/obj_mac.h>
Expand All @@ -24,6 +24,11 @@
#include "e_gost_err.h"
#include "gost_grasshopper_cipher.h"

/* ENGINE API was removed in OpenSSL 4.0 */
#if defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_MAJOR >= 4
# error "test_keyexpimp requires ENGINE support (OpenSSL < 4.0)"
#endif

#define T(e) \
if (!(e)) { \
ERR_print_errors_fp(stderr); \
Expand Down
Loading