From 7f798a4a525fcd4cc03360ad8867a856961b8556 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 16 Apr 2025 10:43:23 +0200
Subject: [PATCH 1/2] TRAVIS: Make sure to produce output for long taking steps

Avoid errors like "No output has been received in the last 10m0s, this
potentially indicates a stalled build or something wrong with the build
itself."

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
 .travis.yml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 42fc99f..a7d6e53 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,7 +5,7 @@ language: c
 
 before_install:
     - sudo apt-get -qq update
-    - sudo apt-get install -y libica3 libica-dev
+    - sudo apt-get install -y libica3 libica-dev pv
 
 jobs:
     include:
@@ -19,26 +19,26 @@ before_script:
     - git clone https://github.com/openssl/openssl.git
     - pushd openssl
     - git checkout master
-    - ./config -w
-    - make -j 5 -s
+    - ./config -w 2> >(tee)
+    - make -j 5 -s | pv -t -i 1 -f 2> >(tee)
     - export OPENSSL_DIR=$PWD
     - export PATH=$OPENSSL_DIR/apps/:$PATH
     - export LD_LIBRARY_PATH=$OPENSSL_DIR/:$LD_LIBRARY_PATH
     - popd
-    - openssl version
+    - openssl version 2> >(tee)
     - git clone https://github.com/opencryptoki/libica.git
     - pushd libica
-    - ./bootstrap.sh
-    - ./configure CFLAGS="-I$OPENSSL_DIR/include -L$OPENSSL_DIR"
-    - make -j 5 V=0
+    - ./bootstrap.sh 2> >(tee)
+    - ./configure CFLAGS="-I$OPENSSL_DIR/include -L$OPENSSL_DIR" 2> >(tee)
+    - make -j 5 V=0 2> >(tee)
     - export LIBICA_DIR=$PWD
     - export LD_LIBRARY_PATH=$LIBICA_DIR/src/.libs:$LD_LIBRARY_PATH
     - popd
-    - $LIBICA_DIR/src/icainfo
+    - $LIBICA_DIR/src/icainfo 2> >(tee)
 
 script:
-    - ./bootstrap.sh
-    - ./configure CFLAGS="-I$OPENSSL_DIR/include -L$OPENSSL_DIR -I$LIBICA_DIR/include -L$LIBICA_DIR/src/.libs" $CONFIG_OPTS
-    - make -j 5 V=0
-    - make check V=0
+    - ./bootstrap.sh 2> >(tee)
+    - ./configure CFLAGS="-I$OPENSSL_DIR/include -L$OPENSSL_DIR -I$LIBICA_DIR/include -L$LIBICA_DIR/src/.libs" $CONFIG_OPTS 2> >(tee)
+    - make -j 5 V=0 2> >(tee)
+    - make check V=0 | pv -t -i 1 -f 2> >(tee)
 
-- 
2.52.0


From 5c569950da3a592ba77974bb0cd1ffe7ad03372e Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 14 May 2025 15:22:11 +0200
Subject: [PATCH 2/2] configure: Check for openssl/engine.h and disable engine
 if not available

Newer distributions do not install the include file openssl/engine.h anymore
to actively hinder one from building and using engines.

Check if openssl/engine.h exists, and only enable the engine build if so.
If the engine is explicitly enabled via '--enable-engine' then the configure
step fails with an error message. Otherwise the engine is silently disabled.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
 configure.ac | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index c1b16f8..f8a435c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -31,13 +31,13 @@ AC_ARG_ENABLE([sanitizer],
 		[enable_sanitizer=no])
 
 AC_ARG_ENABLE([engine],
-		[AS_HELP_STRING([--enable-engine], [build IBMCA engine (OpenSSL 1.1.1, default is yes)])],
+		[AS_HELP_STRING([--enable-engine], [build IBMCA engine (OpenSSL >= 1.1.1, default is yes, if openssl/engine.h is available, else the default is false)])],
 		[if test "x$enableval" = "xyes" ; then
 			enable_engine="yes"
 		 else
 		 	enable_engine="no"
 		 fi],
-		[enable_engine="yes"])
+		[enable_engine="check"])
 
 AC_ARG_ENABLE([provider],
 		[AS_HELP_STRING([--enable-provider], [build IBMCA provider (OpenSSL >= 3.0, default is yes if built against OpenSSL 3.0 or later, else the default is false)])],
@@ -75,6 +75,7 @@ AC_CHECK_LIB([crypto], [OSSL_LIB_CTX_new], [openssl_3_0="yes"], [openssl_3_0="no
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stddef.h stdlib.h \
                  string.h strings.h sys/ioctl.h sys/param.h sys/socket.h sys/time.h unistd.h])
 AC_CHECK_HEADER([ica_api.h], [], AC_MSG_ERROR([*** libica-devel >= 3.6.0 is required ***]))
+AC_CHECK_HEADER([openssl/engine.h], [has_engine_h="yes"], [has_engine_h="no"])
 
 
 # Checks for typedefs, structures, and compiler characteristics.
@@ -137,6 +138,18 @@ else
 	enable_provider=no
 fi
 
+# If <openssl/engine.h> is not available, do not build the engine
+if test "x$has_engine_h" = xyes; then
+	if test "x$enable_engine" != xno; then
+		enable_engine=yes
+	fi
+else
+	if test "x$enable_engine" = xyes; then
+		AC_MSG_ERROR([*** openssl/engine.h is required to build the IBMCA engine ***]);
+	fi
+	enable_engine=no
+fi
+
 AM_CONDITIONAL([IBMCA_ENGINE], [test "x$enable_engine" == xyes])
 AM_CONDITIONAL([IBMCA_PROVIDER], [test "x$enable_provider" == xyes])
 
-- 
2.52.0