AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.32k stars 479 forks source link

crypto: fix for compatibility with openssl 1.1 #128

Closed kalbasit closed 7 years ago

kalbasit commented 7 years ago

closes #111

awitherow commented 7 years ago

What is blocking you from merging this @kalbasit ???

kalbasit commented 7 years ago

@awitherow I don't have write permission to do so :(

awitherow commented 7 years ago

I will try and poke the maintainer.

awitherow commented 7 years ago

@AGWA are you there? Ping ping.

AGWA commented 7 years ago

I'm curious if there are any platforms currently shipping only OpenSSL 1.1 and not also OpenSSL 1.0. There are definitely platforms that still only have OpenSSL 1.0, and git-crypt needs to continue supporting them. So I'm afraid it's not as simple as just merging this PR.

kalbasit commented 7 years ago

@AGWA do you know if there's a way to split the build? perhaps with a #ifdef or maybe we can do so in the Makefile?

AGWA commented 7 years ago

Yeah, #ifdef would work. Does OpenSSL define any constants in its header files that we could match on?

kalbasit commented 7 years ago

@AGWA openssl 1.1 defines OPENSSL_API_COMPAT but openssl 1.0 does not. See https://github.com/openssl/openssl/blob/c4604e9b97a4f6c4fd532dbab0fc4b1fdad81276/include/openssl/opensslconf.h.in#L93

feel free to push on my PR if you have a system with openssl 1.0 handy you can test with.

$ grep OPENSSL_API_COMPAT /usr/include/openssl-1.0/openssl/*.h
$ grep OPENSSL_API_COMPAT /usr/include/openssl/*.h
/usr/include/openssl/asn1.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/bio.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/bn.h:# if OPENSSL_API_COMPAT < 0x00908000L
/usr/include/openssl/bn.h:# if OPENSSL_API_COMPAT >= 0x00908000L
/usr/include/openssl/bn.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/comp.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/conf.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/conf.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/crypto.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/crypto.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/crypto.h:# endif /* OPENSSL_API_COMPAT */
/usr/include/openssl/crypto.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/crypto.h:#  if OPENSSL_API_COMPAT < 0x10000000L
/usr/include/openssl/crypto.h:#  endif /* OPENSSL_API_COMPAT < 0x10000000L */
/usr/include/openssl/crypto.h:# endif /* OPENSSL_API_COMPAT < 0x10100000L */
/usr/include/openssl/crypto.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/dh.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/dh.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/dsa.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/dsa.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/ec.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/engine.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/engine.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/engine.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/err.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/evp.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/evp.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/evp.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/idea.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/lhash.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/objects.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/opensslconf.h: * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
/usr/include/openssl/opensslconf.h:#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
/usr/include/openssl/opensslconf.h:# undef OPENSSL_API_COMPAT
/usr/include/openssl/opensslconf.h:# define OPENSSL_API_COMPAT OPENSSL_MIN_API
/usr/include/openssl/opensslconf.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/opensslconf.h:#if OPENSSL_API_COMPAT < 0x10000000L
/usr/include/openssl/opensslconf.h:#if OPENSSL_API_COMPAT < 0x00908000L
/usr/include/openssl/pkcs12.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/rand.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/rsa.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/rsa.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/rsa.h:# if OPENSSL_API_COMPAT < 0x00908000L
/usr/include/openssl/ssl.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/ssl.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/ssl.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/ssl.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/ssl.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/ssl.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/ssl.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/stack.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/tls1.h:#  if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/ui.h:#  if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/x509.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/x509.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/x509.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/x509v3.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/x509_vfy.h:#if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/x509_vfy.h:# if OPENSSL_API_COMPAT < 0x10100000L
/usr/include/openssl/x509_vfy.h:#if OPENSSL_API_COMPAT < 0x10100000L
kalbasit commented 7 years ago

@AGWA I updated the PR, split the crypto into two files. We could merge into one with multiple ifs, but this might be cleaner in the long run. @AGWA let me know if this is acceptable to you and I'll squash the commits before you merge (or you can squash merge).

AGWA commented 7 years ago

@kalbasit Thanks for updating the PR. Doesn't the Makefile also need to be updated so the new file you added will be compiled?

kalbasit commented 7 years ago

@AGWA You're right. I just pushed a build fix. Is there a test suite we can run?