Skip to content

Fix #2057 and some OpenSSL 3.x compatibility related issues #2206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

Fix #2057 and some OpenSSL 3.x compatibility related issues #2206

wants to merge 20 commits into from
+518 −454

Conversation

erendemirel
Copy link

@erendemirel erendemirel commented Jul 17, 2025
edited
Loading

This PR is to resolve the issue #2057 alongside with some related issues I came across.

Issues Fixed:

  1. Issue opensslconf.h not used #2057 - Missing opensslconf.h Include

  2. OpenSSL 3.x Naming Conflicts- OpenSSL 3.x defines OSSL_FUNC as a type, conflicting with liboqs's macro definition:

Renamed OSSL_FUNC to OQS_OSSL_FUNC across the codebase.

  1. UOV Algorithm OpenSSL Integration- UOV signature algorithms were calling OpenSSL functions directly instead of using liboqs abstraction, causing undefined symbols (EVP_MD_CTX_free, EVP_MD_CTX_new) in CI builds:

Updated all UOV config.h files to change fallback from #define UTILS_OPENSSL to #define UTILS_OQS, ensuring UOV algorithms use liboqs hash abstraction.
Fixed conditional compilation logic in all UOV utils_hash.c files to explicitly prevent OpensSL usage when UTILS_OQS is defined:

  // Changed from:
  #if defined(_UTILS_OPENSSL_)||defined(_UTILS_SUPERCOP_)
  // To:
  #if (defined(_UTILS_OPENSSL_)||defined(_UTILS_SUPERCOP_)) && !defined(_UTILS_OQS_)

Note: Also wrapped any remaining direct OpenSSL calls with OQS_OSSL_FUNC() to ensure complete symbol isolation.

  1. Deprecated OpenSSL Function Calls- UOV algorithms used deprecated OpenSSL functions removed in OpenSSL 3.x
    Updated function calls to resolves CI symbol visibility check failures:
EVP_MD_CTX_create() -> EVP_MD_CTX_new()
EVP_MD_CTX_destroy() -> EVP_MD_CTX_free()

Non-OpenSSL builds compile successfully.
Functional tests pass.
I expect no breaking changes to public API.

Note: This is my first contribution to the repo, so a thorough review might be needed.

No additional tests needed, this PR fixes existing functionality rather than adding new features.

  • Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
    No
  • Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., oqs-provider will also need to be ready for review and merge by the time this is merged.)
    No

erendemirel added 20 commits July 16, 2025 21:49
@erendemirel
fix open-quantum-safe#2057 - opensslconf.h not used
9743368
@erendemirel
Merge branch 'main' of https://github.com/erendemirel/liboqs into main
5fbdb2e
@erendemirel
fix OpenSSL integration issues - add missing function declarations an…
88682b1 
…d fix typos
@erendemirel
fix conditional compilation guards for OpenSSL function declarations …
e79b966 
…- scope SHA/AES functions to their specific component flags
@erendemirel
\fix function pointer return type: ERR_print_errors_fp should return …
785b3a8 
…void not int\
@erendemirel
fix rename OOSL_FUNc issue
712f2e3
@erendemirel
fix missing import
0e52910
@erendemirel
fix macro definition order: move function pointer declaration after O…
7f5b5c0 
…QS_OSSL_FUNC macro definition
@erendemirel
fix function pointer return type: ERR_print_errors_fp should return v…
5e72aba 
…oid not int
@erendemirel
fix macro def
866bdf6
@erendemirel
fix function pointer declaration: only declare when dynamic loading e…
9182319 
…nabled
@erendemirel
fix conditional compilation: use OQS_USE_AES_OPENSSL for AES function…
1074611 
…s in rand_nist.c
@erendemirel
fix test errors
b4fa70b
@erendemirel
fix missing function declarations for C dynamic loading mode
3687e26
@erendemirel
fix function declartaion issue
9e5336e
@erendemirel
fix OpenSSL 3.x compatibility: replace deprecated EVP_MD_CTX function…
ed92e97 
…s in UOV algorithms
@erendemirel
fix UOV OpenSSL integration: change config.h fallback from _UTILS_OPE…
1bbfae6 
…NSSL_ to _UTILS_OQS_
@erendemirel
fix UOV conditional compilation: prevent OpenSSL usage when _UTILS_OQ…
68a7ae3 
…S_ is defined
@erendemirel
Fix OpenSSL symbol exposure in UOV/SHA2 with OQS_OSSL_FUNC wrappers
ffe0bbc
@erendemirel
Fix remaining EVP_MD_CTX_free direct call in SHA2 finalize
ae44aa5
@erendemirel erendemirel mentioned this pull request Jul 17, 2025
Open
@erendemirel
Copy link
Author

There is a formatting issue, I will have a look later

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dstebila dstebila Awaiting requested review from dstebila dstebila is a code owner

@baentsch baentsch Awaiting requested review from baentsch baentsch is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@erendemirel