search

AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.11k stars 472 forks source link

git-crypt fails to build with openssl 3.0.0 #232

Open loqs opened 2 years ago

loqs commented 2 years ago

git-crypt 1c905faeb595f5a64d460c923ec3401cd37b5acc fails to build with openssl 3.0.0 as OPENSSL_API_COMPAT is not defined since 1. Same result with tag 0.6.0 546664f152ec0441dd46700eb06e63a0414ec877. This causes the 1.0 code to be used which relies on functions no longer present in 3.0.0.

Output from build: make ENABLE_MAN=yes PREFIX=/usr g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o git-crypt.o git-crypt.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o commands.o commands.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o crypto.o crypto.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o gpg.o gpg.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o key.o key.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o util.o util.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o parse_options.o parse_options.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o coprocess.o coprocess.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o fhstream.o fhstream.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o crypto-openssl-10.o crypto-openssl-10.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o crypto-openssl-11.o crypto-openssl-11.cpp xsltproc --param man.output.in.separate.dir 1 --stringparam man.output.base.dir man/ --param man.output.subdirs.enabled 1 --param man.authors.section.enabled 1 http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl man/git-crypt.xml crypto-openssl-10.cpp: In constructor ‘Aes_ecb_encryptor::Aes_ecb_encryptor(const unsigned char*)’: crypto-openssl-10.cpp:59:32: warning: ‘int AES_set_encrypt_key(const unsigned char*, int, AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 59 | if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) { | ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from crypto-openssl-10.cpp:38: /usr/include/openssl/aes.h:51:5: note: declared here 51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | ^~~~~~~~~~~~~~~~~~~ crypto-openssl-10.cpp: In member function ‘void Aes_ecb_encryptor::encrypt(const unsigned char*, unsigned char*)’: crypto-openssl-10.cpp:74:20: warning: ‘void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 74 | AES_encrypt(plain, cipher, &(impl->key)); | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from crypto-openssl-10.cpp:38: /usr/include/openssl/aes.h:57:6: note: declared here 57 | void AES_encrypt(const unsigned char *in, unsigned char *out, | ^~~~~~~~~~~ crypto-openssl-10.cpp: At global scope: crypto-openssl-10.cpp:78:18: error: field ‘ctx’ has incomplete type ‘HMAC_CTX’ {aka ‘hmac_ctx_st’} 78 | HMAC_CTX ctx; | ^~~ In file included from /usr/include/openssl/evp.h:26, from /usr/include/openssl/hmac.h:21, from crypto-openssl-10.cpp:40: /usr/include/openssl/types.h:132:16: note: forward declaration of ‘HMAC_CTX’ {aka ‘struct hmac_ctx_st’} 132 | typedef struct hmac_ctx_st HMAC_CTX; | ^~~~~~~~~~~ crypto-openssl-10.cpp: In destructor ‘Hmac_sha1_state::~Hmac_sha1_state()’: crypto-openssl-10.cpp:92:9: error: ‘HMAC_cleanup’ was not declared in this scope; did you mean ‘EVP_cleanup’? 92 | HMAC_cleanup(&(impl->ctx)); | ^~~~~~~~~~~~ | EVP_cleanup make: *** [<builtin>: crypto-openssl-10.o] Error 1 make: *** Waiting for unfinished jobs.... Note: Writing man/man1/git-crypt.1

Issue can be worked around by defining OPENSSL_API_COMPAT to any valid value e.g. OPENSSL_API_COMPAT=0x30000000L

git-crypt 1c905faeb595f5a64d460c923ec3401cd37b5acc git-crypt 0.6.0 546664f152ec0441dd46700eb06e63a0414ec877 openssl 3.0.0 https://github.com/openssl/openssl/commit/89cd17a031e022211684eb7eb41190cf1910f9fa

arrfab commented 2 years ago

Thanks for the report and also workaround : I gave it myself a tried and rebuilt it for CentOS Stream 9 with the different compile flag and seems to be working fine. For reference : https://bugzilla.redhat.com/show_bug.cgi?id=2022033

applejag commented 2 years ago

Setting CXXFLAGS environment variable helped, such as setting it only for the make command:

CXXFLAGS='-DOPENSSL_API_COMPAT=0x30000000L' make