github-starred/ultimatepp
2
0
Fork 0
mirror of https://github.com/ultimatepp/ultimatepp.git synced 2026-05-15 14:16:07 -06:00
Code Issues 33 Projects Packages Wiki Activity Actions

[PR #294] [CLOSED] Fix openssl compatibility #294

New issue
Closed
opened 2026-05-05 03:44:58 -06:00 by gitea-mirror · 0 comments
gitea-mirror commented 2026-05-05 03:44:58 -06:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/ultimatepp/ultimatepp/pull/294
Author: @killerdevildog
Created: 7/27/2025
Status: Closed

Base: masterHead: fix-openssl-compatibility

📝 Commits (3)

  • b22baeb Fix OpenSSL compatibility: Support both OpenSSL 1.1.1+ and 3.0+
  • 3876fb7 Add OpenSSL compatibility test suite
  • 1936624 Enhance OpenSSL compatibility test with system information

📊 Changes

6 files changed (+479 additions, -9 deletions)

View changed files

Makefile.test (+38 -0)
test_aes_compatibility.cpp (+95 -0)
test_openssl_compatibility (+0 -0)
test_openssl_compatibility.cpp (+313 -0)
📝 uppsrc/Core/SSL/AES.cpp (+28 -5)
📝 uppsrc/Core/SSL/SSL.h (+5 -4)

📄 Description

Fix OpenSSL Compatability for AES-256-GCM Encryption

Problem
The current Ultimate++ AES setup just won't compile on older Linux distros like Rocky Linux 8 or CentOS 8, since they're stuck on OpenSSL 1.1.1 instead of the newer 3.0+. The code was relying on those fancy OpenSSL 3.0-only APIs that aren't around in the old versions, leading to straight-up build failures.

Solution
I threw in some backwards-compatible support for OpenSSL by using conditional compilation tied to OPENSSL_VERSION_NUMBER. This way, everything runs smooth on both old and new versions without messing with the public API at all.

Changes Made

Reverted That Temporary Hack
Pulled out those #ifdef EVP_PKEY_KEYMGMT wrappers from AES.cpp and SSL.h.
That hack was basically turning off AES stuff completely on older OpenSSL, which wasn't ideal.

Added OpenSSL Version Detection
Stuck in the right includes: <openssl/opensslv.h> and a conditional <openssl/kdf.h>.
Using #if OPENSSL_VERSION_NUMBER >= 0x30000000L to spot if it's OpenSSL 3.0 or higher.

Implemented API Compatability Layer
Cipher Access:

// OpenSSL 3.0+: Use fetch/free pattern
cipher = EVP_CIPHER_fetch(nullptr, "AES-256-GCM", nullptr);
EVP_CIPHER_free(cipher);

// OpenSSL 1.1.1: Use static cipher pointer
cipher = EVP_aes_256_gcm();
// No free needed - static pointer

Initialization Functions:

// OpenSSL 3.0+
EVP_EncryptInit_ex2(ctx, cipher, key, iv, nullptr);

// OpenSSL 1.1.1
EVP_EncryptInit_ex(ctx, cipher, nullptr, key, iv);

GCM Tag Handling:

// OpenSSL 3.0+: Use OSSL_PARAM
OSSL_PARAM params[] = {
OSSL_PARAM_construct_octet_string("tag", tag, 16),
OSSL_PARAM_construct_end()
};
EVP_CIPHER_CTX_get_params(ctx, params);

// OpenSSL 1.1.1: Use EVP_CTRL
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);

Added Comprehensive Test Suite
Whipped up test_openssl_compatibility.cpp to make sure the fix holds up.
It checks both OpenSSL 3.0+ and 1.1.1 paths.
Includes some system detection (OS, kernel, distro type).
Full AES-256-GCM round-trip testing with authentication.

Backward Compatability
The public API stays exactly the same: All those AES256Encrypt/AES256Decrypt functions behave just like before.
Cross-version encryption works fine: Stuff encrypted on OpenSSL 3.0 decrypts on 1.1.1, and the other way around.
No hit to performance either: It picks the best APIs for whatever OpenSSL version you're on.

Testing
I tested this out on:

Ubuntu 24.04 with OpenSSL 3.0.13 (hits the new APIs).
Test ready for Rocky Linux 8 with OpenSSL 1.1.1 (will use the legacy APIs).

Files Modified

AES.cpp - Added those version-specific API calls.
SSL.h - Added conditional includes and ditched the hack.
test_openssl_compatibility.cpp - Brand new comprehensive test suite.

This fix sorts out the OpenSSL compatability headache from commit 500ccc1, keeping full backwards compatability and making sure AES encryption plays nice across all supported OpenSSL versions.

The output of the tests on each system are as follows

=== System Information ===
OS: Linux
Kernel: 6.14.0-24-generic #24~24.04.3-Ubuntu SMP PREEMPT_DYNAMIC Mon Jul 7 16:39:17 UTC 2
Architecture: x86_64
Hostname: shadowbane-base
Distribution: Ubuntu (Debian-based)
OpenSSL compile-time version: OpenSSL 3.0.13 30 Jan 2024
OpenSSL version number: 0x300000d0
OpenSSL library location: /usr/lib/x86_64-linux-gnu/libssl.so

Testing OpenSSL AES-256-GCM compatibility...
OpenSSL version: OpenSSL 3.0.13 30 Jan 2024
OpenSSL version number: 0x300000d0

Test 1: Cipher access...
Using OpenSSL 3.0+ API (EVP_CIPHER_fetch)
✓ EVP_CIPHER_fetch succeeded

Test 2: PBKDF2 key derivation...
✓ PKCS5_PBKDF2_HMAC succeeded
Key: 5b10a2be73de8f2cfa9eff3eab7fa7e3...

Test 3: Complete AES-256-GCM encryption/decryption...
Original: Hello, OpenSSL compatibility test! This is a longer message to test chunked encryption.
Using EVP_EncryptInit_ex2...
✓ Encryption initialization succeeded
✓ Encryption completed, ciphertext length: 87
Tag: 6d3a3eefd60a19bd5ec90ecf632c3083
Starting decryption...
✓ Decryption completed, length: 87
Decrypted: Hello, OpenSSL compatibility test! This is a longer message to test chunked encryption.
✓ Round-trip verification successful!

All OpenSSL AES-256-GCM compatibility tests passed!
The Ultimate++ AES compatibility fix should work correctly on this system.

=== System Information ===
OS: Linux
Kernel: 4.18.0-553.el8_10.x86_64 #1 SMP Fri May 24 13:05:10 UTC 2024
Architecture: x86_64
Hostname: localhost.localdomain
Distribution: Rocky Linux (RPM-based)
OpenSSL compile-time version: OpenSSL 1.1.1k FIPS 25 Mar 2021
OpenSSL version number: 0x101010bf
OpenSSL library location: /usr/lib64/libssl.so

Testing OpenSSL AES-256-GCM compatibility...
OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021
OpenSSL version number: 0x101010bf

Test 1: Cipher access...
Using OpenSSL 1.1.1 API (EVP_aes_256_gcm)
✓ EVP_aes_256_gcm succeeded

Test 2: PBKDF2 key derivation...
✓ PKCS5_PBKDF2_HMAC succeeded
Key: 5b10a2be73de8f2cfa9eff3eab7fa7e3...

Test 3: Complete AES-256-GCM encryption/decryption...
Original: Hello, OpenSSL compatibility test! This is a longer message to test chunked encryption.
Using EVP_EncryptInit_ex...
✓ Encryption initialization succeeded
✓ Encryption completed, ciphertext length: 87
Tag: 6d3a3eefd60a19bd5ec90ecf632c3083
Starting decryption...
✓ Decryption completed, length: 87
Decrypted: Hello, OpenSSL compatibility test! This is a longer message to test chunked encryption.
✓ Round-trip verification successful!

All OpenSSL AES-256-GCM compatibility tests passed!
The Ultimate++ AES compatibility fix should work correctly on this system.

the test files can be deleted, befoer merge just there for you to test.

Fixes #292

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/ultimatepp/ultimatepp/pull/294 **Author:** [@killerdevildog](https://github.com/killerdevildog) **Created:** 7/27/2025 **Status:** ❌ Closed **Base:** `master` ← **Head:** `fix-openssl-compatibility` --- ### 📝 Commits (3) - [`b22baeb`](https://github.com/ultimatepp/ultimatepp/commit/b22baeb459875522c523047d6f1e9303289d9cc3) Fix OpenSSL compatibility: Support both OpenSSL 1.1.1+ and 3.0+ - [`3876fb7`](https://github.com/ultimatepp/ultimatepp/commit/3876fb78e8d4c7b95b2562750f8c5861e1d50897) Add OpenSSL compatibility test suite - [`1936624`](https://github.com/ultimatepp/ultimatepp/commit/19366245ed05f307477b6be109a6fd1834660755) Enhance OpenSSL compatibility test with system information ### 📊 Changes **6 files changed** (+479 additions, -9 deletions) <details> <summary>View changed files</summary> ➕ `Makefile.test` (+38 -0) ➕ `test_aes_compatibility.cpp` (+95 -0) ➕ `test_openssl_compatibility` (+0 -0) ➕ `test_openssl_compatibility.cpp` (+313 -0) 📝 `uppsrc/Core/SSL/AES.cpp` (+28 -5) 📝 `uppsrc/Core/SSL/SSL.h` (+5 -4) </details> ### 📄 Description Fix OpenSSL Compatability for AES-256-GCM Encryption Problem The current Ultimate++ AES setup just won't compile on older Linux distros like Rocky Linux 8 or CentOS 8, since they're stuck on OpenSSL 1.1.1 instead of the newer 3.0+. The code was relying on those fancy OpenSSL 3.0-only APIs that aren't around in the old versions, leading to straight-up build failures. Solution I threw in some backwards-compatible support for OpenSSL by using conditional compilation tied to OPENSSL_VERSION_NUMBER. This way, everything runs smooth on both old and new versions without messing with the public API at all. Changes Made Reverted That Temporary Hack Pulled out those #ifdef EVP_PKEY_KEYMGMT wrappers from AES.cpp and SSL.h. That hack was basically turning off AES stuff completely on older OpenSSL, which wasn't ideal. Added OpenSSL Version Detection Stuck in the right includes: <openssl/opensslv.h> and a conditional <openssl/kdf.h>. Using #if OPENSSL_VERSION_NUMBER >= 0x30000000L to spot if it's OpenSSL 3.0 or higher. Implemented API Compatability Layer Cipher Access: // OpenSSL 3.0+: Use fetch/free pattern cipher = EVP_CIPHER_fetch(nullptr, "AES-256-GCM", nullptr); EVP_CIPHER_free(cipher); // OpenSSL 1.1.1: Use static cipher pointer cipher = EVP_aes_256_gcm(); // No free needed - static pointer Initialization Functions: // OpenSSL 3.0+ EVP_EncryptInit_ex2(ctx, cipher, key, iv, nullptr); // OpenSSL 1.1.1 EVP_EncryptInit_ex(ctx, cipher, nullptr, key, iv); GCM Tag Handling: // OpenSSL 3.0+: Use OSSL_PARAM OSSL_PARAM params[] = { OSSL_PARAM_construct_octet_string("tag", tag, 16), OSSL_PARAM_construct_end() }; EVP_CIPHER_CTX_get_params(ctx, params); // OpenSSL 1.1.1: Use EVP_CTRL EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag); Added Comprehensive Test Suite Whipped up test_openssl_compatibility.cpp to make sure the fix holds up. It checks both OpenSSL 3.0+ and 1.1.1 paths. Includes some system detection (OS, kernel, distro type). Full AES-256-GCM round-trip testing with authentication. Backward Compatability The public API stays exactly the same: All those AES256Encrypt/AES256Decrypt functions behave just like before. Cross-version encryption works fine: Stuff encrypted on OpenSSL 3.0 decrypts on 1.1.1, and the other way around. No hit to performance either: It picks the best APIs for whatever OpenSSL version you're on. Testing I tested this out on: Ubuntu 24.04 with OpenSSL 3.0.13 (hits the new APIs). Test ready for Rocky Linux 8 with OpenSSL 1.1.1 (will use the legacy APIs). Files Modified AES.cpp - Added those version-specific API calls. SSL.h - Added conditional includes and ditched the hack. test_openssl_compatibility.cpp - Brand new comprehensive test suite. This fix sorts out the OpenSSL compatability headache from commit 500ccc1, keeping full backwards compatability and making sure AES encryption plays nice across all supported OpenSSL versions. The output of the tests on each system are as follows === System Information === OS: Linux Kernel: 6.14.0-24-generic #24~24.04.3-Ubuntu SMP PREEMPT_DYNAMIC Mon Jul 7 16:39:17 UTC 2 Architecture: x86_64 Hostname: shadowbane-base Distribution: Ubuntu (Debian-based) OpenSSL compile-time version: OpenSSL 3.0.13 30 Jan 2024 OpenSSL version number: 0x300000d0 OpenSSL library location: /usr/lib/x86_64-linux-gnu/libssl.so ============================= Testing OpenSSL AES-256-GCM compatibility... OpenSSL version: OpenSSL 3.0.13 30 Jan 2024 OpenSSL version number: 0x300000d0 Test 1: Cipher access... Using OpenSSL 3.0+ API (EVP_CIPHER_fetch) ✓ EVP_CIPHER_fetch succeeded Test 2: PBKDF2 key derivation... ✓ PKCS5_PBKDF2_HMAC succeeded Key: 5b10a2be73de8f2cfa9eff3eab7fa7e3... Test 3: Complete AES-256-GCM encryption/decryption... Original: Hello, OpenSSL compatibility test! This is a longer message to test chunked encryption. Using EVP_EncryptInit_ex2... ✓ Encryption initialization succeeded ✓ Encryption completed, ciphertext length: 87 Tag: 6d3a3eefd60a19bd5ec90ecf632c3083 Starting decryption... ✓ Decryption completed, length: 87 Decrypted: Hello, OpenSSL compatibility test! This is a longer message to test chunked encryption. ✓ Round-trip verification successful! All OpenSSL AES-256-GCM compatibility tests passed! The Ultimate++ AES compatibility fix should work correctly on this system. === System Information === OS: Linux Kernel: 4.18.0-553.el8_10.x86_64 #1 SMP Fri May 24 13:05:10 UTC 2024 Architecture: x86_64 Hostname: localhost.localdomain Distribution: Rocky Linux (RPM-based) OpenSSL compile-time version: OpenSSL 1.1.1k FIPS 25 Mar 2021 OpenSSL version number: 0x101010bf OpenSSL library location: /usr/lib64/libssl.so ============================= Testing OpenSSL AES-256-GCM compatibility... OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 OpenSSL version number: 0x101010bf Test 1: Cipher access... Using OpenSSL 1.1.1 API (EVP_aes_256_gcm) ✓ EVP_aes_256_gcm succeeded Test 2: PBKDF2 key derivation... ✓ PKCS5_PBKDF2_HMAC succeeded Key: 5b10a2be73de8f2cfa9eff3eab7fa7e3... Test 3: Complete AES-256-GCM encryption/decryption... Original: Hello, OpenSSL compatibility test! This is a longer message to test chunked encryption. Using EVP_EncryptInit_ex... ✓ Encryption initialization succeeded ✓ Encryption completed, ciphertext length: 87 Tag: 6d3a3eefd60a19bd5ec90ecf632c3083 Starting decryption... ✓ Decryption completed, length: 87 Decrypted: Hello, OpenSSL compatibility test! This is a longer message to test chunked encryption. ✓ Round-trip verification successful! All OpenSSL AES-256-GCM compatibility tests passed! The Ultimate++ AES compatibility fix should work correctly on this system. the test files can be deleted, befoer merge just there for you to test. Fixes #292 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
gitea-mirror 2026-05-05 03:44:58 -06:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
virtual_popups
QHD
klugier/view-draw-grid-ctrl-removal
custome_titlebar_refactor
klugier/help-icon-after-line-display
X11S
klugier/umk-check-git-command-statuses
diagram_dev
stable
klugier/lambda-captuer-warnings-gui-01
custom_titlebar
next2025_1
DarkModeContent
release_2024_1
pixelmode
blocksel
skin
bad_alloc
logs
TopSetRect
klugier/gdk-get-workarea-fixed-wayland
doc2024
Core2024
upp_14
animations
_t
layzoom
v2026.1
v2021.1
v2022.1
v2022.2
v2022.3
v2023.1
v2023.2
v2024.1
v2024.1.1
v2025.1
v2025.1.1
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/ultimatepp#294
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?