From 314a1397a26f290c7ada57813d33dcdff1e859e8 Mon Sep 17 00:00:00 2001
From: afrind <afrind@openmoq.org>
Date: Tue, 24 Feb 2026 20:13:43 -0500
Subject: [PATCH 1/2] Fix build with OpenSSL 3.5+ where ENGINE API is removed

OpenSSL removed the ENGINE API in version 3.5. The engine.h header
still exists but is empty, causing implicit function declaration errors
for ENGINE_by_id, ENGINE_free, etc.

Guard all ENGINE usage in the test with a PICOTLS_HAVE_ENGINE macro
that checks both OPENSSL_NO_ENGINE and OPENSSL_VERSION_MAJOR. The
affected code is only used for QAT hardware accelerator benchmarks
and loading built-in engines on pre-3.0 OpenSSL, so no test coverage
is lost on modern OpenSSL.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 t/openssl.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/t/openssl.c b/t/openssl.c
index 59ad2b6d..189d16f5 100644
--- a/t/openssl.c
+++ b/t/openssl.c
@@ -29,7 +29,10 @@
 #include <openssl/opensslv.h>
 #include <openssl/bio.h>
 #include <openssl/pem.h>
+#if !defined(OPENSSL_NO_ENGINE) && (!defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_MAJOR < 4)
 #include <openssl/engine.h>
+#define PICOTLS_HAVE_ENGINE 1
+#endif
 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
 #endif
@@ -385,6 +388,7 @@ static ptls_aead_context_t *create_ech_opener(ptls_ech_create_opener_t *self, pt
 
 #if ASYNC_TESTS
 
+#if defined(PICOTLS_HAVE_ENGINE)
 static ENGINE *load_engine(const char *name)
 {
     ENGINE *e;
@@ -398,6 +402,7 @@ static ENGINE *load_engine(const char *name)
 
     return e;
 }
+#endif
 
 static struct {
     struct {
@@ -545,7 +550,7 @@ int main(int argc, char **argv)
     /* Explicitly load the legacy provider in addition to default, as we test Blowfish in one of the tests. */
     OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
     OSSL_PROVIDER *dflt = OSSL_PROVIDER_load(NULL, "default");
-#elif !defined(OPENSSL_NO_ENGINE)
+#elif defined(PICOTLS_HAVE_ENGINE)
     /* Load all compiled-in ENGINEs */
     ENGINE_load_builtin_engines();
     ENGINE_register_all_ciphers();
@@ -639,6 +644,7 @@ int main(int argc, char **argv)
     subtest("many-handshakes-non-async", many_handshakes);
     openssl_sign_certificate.async = 0;
     subtest("many-handshakes-async", many_handshakes);
+#if defined(PICOTLS_HAVE_ENGINE)
     { /* qatengine should be tested at last, because we do not have the code to unload or un-default it */
         const char *engine_name = "qatengine";
         ENGINE *qatengine;
@@ -651,6 +657,7 @@ int main(int argc, char **argv)
             note("%s not found", engine_name);
         }
     }
+#endif
 #endif
 
     int ret = done_testing();

From 31d156adf7160fd05dcb7c389d10df1ffc6f98c1 Mon Sep 17 00:00:00 2001
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Fri, 27 Feb 2026 19:45:29 +0900
Subject: [PATCH 2/2] Using just OPENSSL_NO_ENGINE is fine.

Co-Authored-By: OpenCode with Qwen3.5-27B <kazuhooku+opencode@gmail.com>
---
 t/openssl.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/t/openssl.c b/t/openssl.c
index 189d16f5..13805486 100644
--- a/t/openssl.c
+++ b/t/openssl.c
@@ -29,9 +29,8 @@
 #include <openssl/opensslv.h>
 #include <openssl/bio.h>
 #include <openssl/pem.h>
-#if !defined(OPENSSL_NO_ENGINE) && (!defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_MAJOR < 4)
+#if !defined(OPENSSL_NO_ENGINE)
 #include <openssl/engine.h>
-#define PICOTLS_HAVE_ENGINE 1
 #endif
 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
@@ -388,7 +387,7 @@ static ptls_aead_context_t *create_ech_opener(ptls_ech_create_opener_t *self, pt
 
 #if ASYNC_TESTS
 
-#if defined(PICOTLS_HAVE_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE)
 static ENGINE *load_engine(const char *name)
 {
     ENGINE *e;
@@ -550,7 +549,7 @@ int main(int argc, char **argv)
     /* Explicitly load the legacy provider in addition to default, as we test Blowfish in one of the tests. */
     OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
     OSSL_PROVIDER *dflt = OSSL_PROVIDER_load(NULL, "default");
-#elif defined(PICOTLS_HAVE_ENGINE)
+#elif !defined(OPENSSL_NO_ENGINE)
     /* Load all compiled-in ENGINEs */
     ENGINE_load_builtin_engines();
     ENGINE_register_all_ciphers();
@@ -644,7 +643,7 @@ int main(int argc, char **argv)
     subtest("many-handshakes-non-async", many_handshakes);
     openssl_sign_certificate.async = 0;
     subtest("many-handshakes-async", many_handshakes);
-#if defined(PICOTLS_HAVE_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE)
     { /* qatengine should be tested at last, because we do not have the code to unload or un-default it */
         const char *engine_name = "qatengine";
         ENGINE *qatengine;