Commit 4acf09644c for strongswan.org
commit 4acf09644c499243c2667b5ddacdb39a63480601
Author: Tobias Brunner <tobias@strongswan.org>
Date: Mon May 4 15:12:05 2026 +0200
github: Add build against OpenSSL 4.0.0
diff --git a/.github/active-transforms/openssl-4 b/.github/active-transforms/openssl-4
new file mode 100644
index 0000000000..485847af0f
--- /dev/null
+++ b/.github/active-transforms/openssl-4
@@ -0,0 +1,111 @@
+AES_ECB[openssl]
+AES_ECB[openssl]
+AES_ECB[openssl]
+AES_CBC[openssl]
+AES_CBC[openssl]
+AES_CBC[openssl]
+AES_CTR[openssl]
+AES_CTR[openssl]
+AES_CTR[openssl]
+AES_CFB[openssl]
+AES_CFB[openssl]
+AES_CFB[openssl]
+CAMELLIA_CBC[openssl]
+CAMELLIA_CBC[openssl]
+CAMELLIA_CBC[openssl]
+CAMELLIA_CTR[openssl]
+CAMELLIA_CTR[openssl]
+CAMELLIA_CTR[openssl]
+CAST_CBC[openssl]
+BLOWFISH_CBC[openssl]
+3DES_CBC[openssl]
+DES_CBC[openssl]
+DES_ECB[openssl]
+NULL[openssl]
+AES_GCM_16[openssl]
+AES_GCM_16[openssl]
+AES_GCM_16[openssl]
+AES_GCM_12[openssl]
+AES_GCM_12[openssl]
+AES_GCM_12[openssl]
+AES_GCM_8[openssl]
+AES_GCM_8[openssl]
+AES_GCM_8[openssl]
+AES_CCM_16[openssl]
+AES_CCM_16[openssl]
+AES_CCM_16[openssl]
+AES_CCM_12[openssl]
+AES_CCM_12[openssl]
+AES_CCM_12[openssl]
+AES_CCM_8[openssl]
+AES_CCM_8[openssl]
+AES_CCM_8[openssl]
+CHACHA20_POLY1305[openssl]
+HMAC_MD5_96[openssl]
+HMAC_MD5_128[openssl]
+HMAC_SHA1_96[openssl]
+HMAC_SHA1_128[openssl]
+HMAC_SHA1_160[openssl]
+HMAC_SHA2_256_128[openssl]
+HMAC_SHA2_256_256[openssl]
+HMAC_SHA2_384_192[openssl]
+HMAC_SHA2_384_384[openssl]
+HMAC_SHA2_512_256[openssl]
+HMAC_SHA2_512_512[openssl]
+HASH_MD4[openssl]
+HASH_MD5[openssl]
+HASH_SHA1[openssl]
+HASH_SHA2_224[openssl]
+HASH_SHA2_256[openssl]
+HASH_SHA2_384[openssl]
+HASH_SHA2_512[openssl]
+HASH_SHA3_224[openssl]
+HASH_SHA3_256[openssl]
+HASH_SHA3_384[openssl]
+HASH_SHA3_512[openssl]
+HASH_IDENTITY[openssl]
+PRF_KEYED_SHA1[openssl]
+PRF_HMAC_MD5[openssl]
+PRF_HMAC_SHA1[openssl]
+PRF_HMAC_SHA2_256[openssl]
+PRF_HMAC_SHA2_384[openssl]
+PRF_HMAC_SHA2_512[openssl]
+XOF_SHAKE128[openssl]
+XOF_SHAKE256[openssl]
+KDF_PRF[openssl]
+KDF_PRF_PLUS[openssl]
+DRBG_CTR_AES256[drbg]
+DRBG_CTR_AES128[drbg]
+DRBG_CTR_AES192[drbg]
+DRBG_HMAC_SHA1[drbg]
+DRBG_HMAC_SHA256[drbg]
+DRBG_HMAC_SHA384[drbg]
+DRBG_HMAC_SHA512[drbg]
+RNG_WEAK[openssl]
+RNG_STRONG[openssl]
+MODP_3072[openssl]
+MODP_4096[openssl]
+MODP_6144[openssl]
+MODP_8192[openssl]
+MODP_2048[openssl]
+MODP_2048_224[openssl]
+MODP_2048_256[openssl]
+MODP_1536[openssl]
+MODP_1024[openssl]
+MODP_1024_160[openssl]
+MODP_768[openssl]
+MODP_CUSTOM[openssl]
+ML_KEM_512[openssl]
+ML_KEM_768[openssl]
+ML_KEM_1024[openssl]
+ECP_256[openssl]
+ECP_384[openssl]
+ECP_521[openssl]
+ECP_224[openssl]
+ECP_192[openssl]
+ECP_256_BP[openssl]
+ECP_384_BP[openssl]
+ECP_512_BP[openssl]
+ECP_224_BP[openssl]
+CURVE_25519[openssl]
+CURVE_448[openssl]
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index e2f64b46df..803f6e0181 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -104,7 +104,7 @@ jobs:
continue-on-error: ${{ startsWith(matrix.test, 'openssl') }}
strategy:
matrix:
- test: [ botan, wolfssl, openssl, openssl-3, openssl-awslc, gcrypt ]
+ test: [ botan, wolfssl, openssl, openssl-3, openssl-4, openssl-awslc, gcrypt ]
os: [ ubuntu-latest, ubuntu-22.04 ]
leak-detective: [ no, yes ]
exclude:
@@ -115,6 +115,8 @@ jobs:
test: wolfssl
- os: ubuntu-22.04
test: openssl-3
+ - os: ubuntu-22.04
+ test: openssl-4
- os: ubuntu-22.04
test: openssl-awslc
env:
diff --git a/scripts/test.sh b/scripts/test.sh
index 33c3afc790..3c30decdf1 100755
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -94,7 +94,7 @@ build_tss2()
build_openssl()
{
- SSL_REV=openssl-3.6.1
+ : ${SSL_REV=openssl-3.6.1}
SSL_DIR=$DEPS_BUILD_DIR/openssl
SSL_INS=$DEPS_PREFIX/ssl
SSL_OPT="-d shared no-dtls no-ssl3 no-zlib no-idea no-psk
@@ -236,6 +236,10 @@ openssl*)
if test "$TEST" = "openssl-3"; then
DEPS=""
use_custom_openssl $1
+ elif test "$TEST" = "openssl-4"; then
+ DEPS=""
+ SSL_REV=openssl-4.0.0
+ use_custom_openssl $1
elif test "$TEST" = "openssl-awslc"; then
DEPS="cmake ninja-build golang"
use_custom_openssl $1