diff --git a/cfg/openssl.cfg b/cfg/openssl.cfg
new file mode 100644
index 000000000..d6dd39bdf
--- /dev/null
+++ b/cfg/openssl.cfg
@@ -0,0 +1,174 @@
+
+
+
+
+
+
+
+
+ EVP_CIPHER_CTX_new
+ EVP_CIPHER_CTX_free
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ 0:
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ 0:
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ 0:
+
+
+
diff --git a/test/cfg/openssl.c b/test/cfg/openssl.c
new file mode 100644
index 000000000..c24041322
--- /dev/null
+++ b/test/cfg/openssl.c
@@ -0,0 +1,67 @@
+
+// Test library configuration for openssl.cfg
+//
+// Usage:
+// $ cppcheck --check-library --library=openssl --enable=information --error-exitcode=1 --inline-suppr --suppress=missingIncludeSystem test/cfg/openssl.c
+// =>
+// No warnings about bad library configuration, unmatched suppressions, etc. exitcode=0
+//
+
+#include
+#include
+#include
+
+void valid_code(BIO * bio)
+{
+ BIO_printf(bio, "%d\n", 1);
+}
+
+// Example for encrypting a string using IDEA (from https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_new.html)
+int valid_code_do_crypt(char *outfile)
+{
+ unsigned char outbuf[1024];
+ int outlen, tmplen;
+ unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+ unsigned char iv[] = {1,2,3,4,5,6,7,8};
+ char intext[] = "Some Crypto Text";
+ EVP_CIPHER_CTX *ctx;
+ FILE *out;
+
+ ctx = EVP_CIPHER_CTX_new();
+ EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
+
+ if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) {
+ /* Error */
+ EVP_CIPHER_CTX_free(ctx);
+ return 0;
+ }
+ if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
+ /* Error */
+ EVP_CIPHER_CTX_free(ctx);
+ return 0;
+ }
+ outlen += tmplen;
+ EVP_CIPHER_CTX_free(ctx);
+
+ out = fopen(outfile, "wb");
+ if (out == NULL) {
+ /* Error */
+ return 0;
+ }
+ fwrite(outbuf, 1, outlen, out);
+ fclose(out);
+ return 1;
+}
+
+void invalidPrintfArgType_test(BIO * bio)
+{
+ // cppcheck-suppress invalidPrintfArgType_sint
+ BIO_printf(bio, "%d\n", 5U);
+}
+
+void EVP_CIPHER_CTX_new_test()
+{
+ EVP_CIPHER_CTX * ctx = EVP_CIPHER_CTX_new();
+ printf("%p", ctx);
+ // cppcheck-suppress resourceLeak
+}
diff --git a/test/cfg/runtests.sh b/test/cfg/runtests.sh
index 95d593bdc..ba252b802 100755
--- a/test/cfg/runtests.sh
+++ b/test/cfg/runtests.sh
@@ -338,6 +338,33 @@ else
fi
${CPPCHECK} ${CPPCHECK_OPT} --library=libsigc++ ${DIR}libsigc++.cpp
+# openssl.c
+set +e
+pkg-config --version
+PKGCONFIG_RETURNCODE=$?
+set -e
+if [ $PKGCONFIG_RETURNCODE -ne 0 ]; then
+ echo "pkg-config needed to retrieve OpenSSL configuration is not available, skipping syntax check."
+else
+ set +e
+ OPENSSLCONFIG=$(pkg-config --cflags libssl)
+ OPENSSLCONFIG_RETURNCODE=$?
+ set -e
+ if [ $OPENSSLCONFIG_RETURNCODE -eq 0 ]; then
+ set +e
+ echo -e "#include " | ${CC} ${CC_OPT} ${OPENSSLCONFIG} -x c -
+ OPENSSLCONFIG_RETURNCODE=$?
+ set -e
+ if [ $OPENSSLCONFIG_RETURNCODE -ne 0 ]; then
+ echo "OpenSSL not completely present or not working, skipping syntax check with ${CC}."
+ else
+ echo "OpenSSL found and working, checking syntax with ${CC} now."
+ ${CC} ${CC_OPT} ${OPENSSLCONFIG} ${DIR}openssl.c
+ fi
+ fi
+fi
+${CPPCHECK} ${CPPCHECK_OPT} --library=openssl ${DIR}openssl.c
+
# Check the syntax of the defines in the configuration files
set +e
xmlstarlet --version
diff --git a/tools/donate_cpu_lib.py b/tools/donate_cpu_lib.py
index 34b130005..ae2a5357c 100644
--- a/tools/donate_cpu_lib.py
+++ b/tools/donate_cpu_lib.py
@@ -453,6 +453,7 @@ def get_libraries():
'nspr': ['', '"prtypes.h"'],
'opengl': ['', '', ''],
'openmp': [''],
+ # 'openssl': ['', '"Python.h"'],
'qt': ['', '', '', '', '', '', '', '', '', '