Update tests to use OpenSSL legacy provider if OpenSSL 3.0 used

.github/workflows/ci.yml

@@ -8,21 +8,35 @@ on:
   pull_request:
 
 jobs:
-  linux:
-    name: Linux (${{ matrix.backend }})
+  linux_botan:
+    name: Linux with Botan
     runs-on: ubuntu-24.04
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - backend: openssl
-          - backend: botan
     steps:
       - uses: actions/checkout@v4
       - name: Prepare
         run: |
-          sudo apt update -qq
-          sudo apt install libcppunit-dev libbotan-2-dev p11-kit
+          sudo apt-get update -qq
+          sudo apt-get install -y libcppunit-dev libbotan-2-dev p11-kit
+      - name: Build
+        env:
+          CXXFLAGS: -Werror -DBOTAN_NO_DEPRECATED_WARNINGS
+        run: |
+          ./autogen.sh
+          ./configure --with-crypto-backend=botan
+          make
+      - name: Test
+        run: |
+          make check || (find . -name test-suite.log -exec cat {} \; && false)
+
+  linux_ossl_1:
+    name: Linux with OpenSSL 1.1.1
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Prepare
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -y libcppunit-dev p11-kit
           # Replace installed OpenSSL with the supported version 1.1.1
           curl -O http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.24_amd64.deb
           curl -O http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.1.1f-1ubuntu2.24_amd64.deb
@@ -32,10 +46,31 @@ jobs:
                                        libssl-dev_1.1.1f-1ubuntu2.24_amd64.deb
       - name: Build
         env:
-          CXXFLAGS: -Werror -DBOTAN_NO_DEPRECATED_WARNINGS
+          CXXFLAGS: -Werror
+        run: |
+          ./autogen.sh
+          ./configure --with-crypto-backend=openssl
+          make
+      - name: Test
+        run: |
+          make check || (find . -name test-suite.log -exec cat {} \; && false)
+
+  linux_ossl_30:
+    name: Linux with OpenSSL 3.0
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Prepare
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -y libcppunit-dev libssl-dev p11-kit
+      - name: Build
+        # Once all OpenSSL deprecations fixed, uncomment this
+        # env:
+        #   CXXFLAGS: -Werror
         run: |
           ./autogen.sh
-          ./configure --with-crypto-backend=${{ matrix.backend }}
+          ./configure --with-crypto-backend=openssl
           make
       - name: Test
         run: |

src/lib/crypto/test/cryptotest.cpp

@@ -44,8 +44,11 @@
 #include "MutexFactory.h"
 #include "SecureMemoryRegistry.h"
 
-#if defined(WITH_OPENSSL)
+#ifdef WITH_OPENSSL
 #include "OSSLCryptoFactory.h"
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
 #else
 #include "BotanCryptoFactory.h"
 #endif
@@ -75,6 +78,11 @@ std::auto_ptr<BotanCryptoFactory> BotanCryptoFactory::instance(NULL);
 
 int main(int /*argc*/, char** /*argv*/)
 {
+#if defined(WITH_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+	OSSL_PROVIDER_load(NULL, "legacy");
+	OSSL_PROVIDER_load(NULL, "default");
+#endif
+
 	CppUnit::TestResult controller;
 	CppUnit::TestResultCollector result;
 	CppUnit::TextUi::TestRunner runner;

src/lib/test/Makefile.am

@@ -3,7 +3,8 @@ MAINTAINERCLEANFILES = 		$(srcdir)/Makefile.in
 AM_CPPFLAGS = 			-I$(srcdir)/.. \
 				-I$(srcdir)/../common \
 				-I$(srcdir)/../pkcs11 \
-				@CPPUNIT_CFLAGS@
+				@CPPUNIT_CFLAGS@ \
+				@CRYPTO_INCLUDES@
 
 check_PROGRAMS =		p11test
 

src/lib/test/p11test.cpp

@@ -45,9 +45,16 @@
 #include <fstream>
 #include <stdlib.h>
 #include <iostream>
+#include "config.h"
 #ifdef _WIN32
 #include "setenv.h"
 #endif
+#ifdef WITH_OPENSSL
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
+#endif
 
 class MyListener : public CPPUNIT_NS::TestListener {
 	virtual void startTest( CPPUNIT_NS::Test* pTest ) {
@@ -71,6 +78,11 @@ int main(int /*argc*/, char**const /*argv*/)
 #endif
 #endif
 
+#if defined(WITH_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+	OSSL_PROVIDER_load(NULL, "legacy");
+	OSSL_PROVIDER_load(NULL, "default");
+#endif
+
 	CPPUNIT_NS::TestFactoryRegistry &registry( CPPUNIT_NS::TestFactoryRegistry::getRegistry() );
 
 	CPPUNIT_NS::TextTestRunner runner;