git-crypt 0.7.0 does not build with openssl 3.1.0

[vzabawski]

I was trying to build git-crypt with OpenSSL 3.1.0 on Alpine 3.18.

Steps to reproduce:

1. Create Dockerfile:

FROM alpine:3.18

ARG VERSION=0.7.0

RUN apk --no-cache add \
   bash \
   curl \
   git \
   g++ \
   make \
   openssh \
   openssl \
   openssl-dev

RUN curl -L https://github.com/AGWA/git-crypt/archive/${VERSION}.tar.gz | tar zxv -C /tmp
RUN cd /tmp/git-crypt-${VERSION} && make && make install

CMD ["/bin/git-crypt"]

2. Run docker build - < Dockerfile

Result:

/tmp/git-crypt-0.7.0 # make
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o git-crypt.o git-crypt.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o commands.o commands.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o crypto.o crypto.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o gpg.o gpg.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o key.o key.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o util.o util.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o parse_options.o parse_options.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o coprocess.o coprocess.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o fhstream.o fhstream.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11   -c -o crypto-openssl-10.o crypto-openssl-10.cpp
crypto-openssl-10.cpp: In constructor 'Aes_ecb_encryptor::Aes_ecb_encryptor(const unsigned char*)':
crypto-openssl-10.cpp:59:32: warning: 'int AES_set_encrypt_key(const unsigned char*, int, AES_KEY*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declaration]
   59 |         if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
      |             ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from crypto-openssl-10.cpp:38:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
crypto-openssl-10.cpp: In member function 'void Aes_ecb_encryptor::encrypt(const unsigned char*, unsigned char*)':
crypto-openssl-10.cpp:74:20: warning: 'void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   74 |         AES_encrypt(plain, cipher, &(impl->key));
      |         ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/aes.h:57:6: note: declared here
   57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
crypto-openssl-10.cpp: At global scope:
crypto-openssl-10.cpp:78:18: error: field 'ctx' has incomplete type 'HMAC_CTX' {aka 'hmac_ctx_st'}
   78 |         HMAC_CTX ctx;
      |                  ^~~
In file included from /usr/include/openssl/evp.h:26,
                 from /usr/include/openssl/hmac.h:21,
                 from crypto-openssl-10.cpp:40:
/usr/include/openssl/types.h:135:16: note: forward declaration of 'HMAC_CTX' {aka 'struct hmac_ctx_st'}
  135 | typedef struct hmac_ctx_st HMAC_CTX;
      |                ^~~~~~~~~~~
crypto-openssl-10.cpp: In destructor 'Hmac_sha1_state::~Hmac_sha1_state()':
crypto-openssl-10.cpp:92:9: error: 'HMAC_cleanup' was not declared in this scope; did you mean 'RAND_cleanup'?
   92 |         HMAC_cleanup(&(impl->ctx));
      |         ^~~~~~~~~~~~
      |         RAND_cleanup
make: *** [<builtin>: crypto-openssl-10.o] Error 1

Build works with Alpine 3.16, but starting with Alpine 3.17 it doesn't work.
That happens because Alpine 3.16 is shipped with OpenSSL 1.1.1t 7 Feb 2023 and Alpine 3.17 uses OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023). Just in case, Alpine 3.18 uses OpenSSL 3.1.0 14 Mar 2023 (Library: OpenSSL 3.1.0 14 Mar 2023).

[vzabawski]

After applying patch from the PR #249, it works.

cd "/tmp/git-crypt-${VERSION}" && \
curl -L https://patch-diff.githubusercontent.com/raw/AGWA/git-crypt/pull/249.patch | git apply -v

[vzabawski]

Btw, there are still some deprecation warnings left after applying the patch, but they do not break the build.

crypto-openssl-11.cpp: In constructor 'Aes_ecb_encryptor::Aes_ecb_encryptor(const unsigned char*)':
crypto-openssl-11.cpp:58:32: warning: 'int AES_set_encrypt_key(const unsigned char*, int, AES_KEY*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   58 |         if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
      |             ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from crypto-openssl-11.cpp:38:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
crypto-openssl-11.cpp: In member function 'void Aes_ecb_encryptor::encrypt(const unsigned char*, unsigned char*)':
crypto-openssl-11.cpp:73:20: warning: 'void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   73 |         AES_encrypt(plain, cipher, &(impl->key));
      |         ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/aes.h:57:6: note: declared here
   57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
crypto-openssl-11.cpp: In constructor 'Hmac_sha1_state::Hmac_sha1_state(const unsigned char*, size_t)':
crypto-openssl-11.cpp:84:33: warning: 'HMAC_CTX* HMAC_CTX_new()' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   84 |         impl->ctx = HMAC_CTX_new();
      |                     ~~~~~~~~~~~~^~
In file included from crypto-openssl-11.cpp:31:
/usr/include/openssl/hmac.h:33:33: note: declared here
   33 | OSSL_DEPRECATEDIN_3_0 HMAC_CTX *HMAC_CTX_new(void);
      |                                 ^~~~~~~~~~~~
crypto-openssl-11.cpp:85:21: warning: 'int HMAC_Init_ex(HMAC_CTX*, const void*, int, const EVP_MD*, ENGINE*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   85 |         HMAC_Init_ex(impl->ctx, key, key_len, EVP_sha1(), nullptr);
      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/hmac.h:43:27: note: declared here
   43 | OSSL_DEPRECATEDIN_3_0 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
      |                           ^~~~~~~~~~~~
crypto-openssl-11.cpp: In destructor 'Hmac_sha1_state::~Hmac_sha1_state()':
crypto-openssl-11.cpp:90:22: warning: 'void HMAC_CTX_free(HMAC_CTX*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   90 |         HMAC_CTX_free(impl->ctx);
      |         ~~~~~~~~~~~~~^~~~~~~~~~~
/usr/include/openssl/hmac.h:35:28: note: declared here
   35 | OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_free(HMAC_CTX *ctx);
      |                            ^~~~~~~~~~~~~
crypto-openssl-11.cpp: In member function 'void Hmac_sha1_state::add(const unsigned char*, size_t)':
crypto-openssl-11.cpp:95:20: warning: 'int HMAC_Update(HMAC_CTX*, const unsigned char*, size_t)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   95 |         HMAC_Update(impl->ctx, buffer, buffer_len);
      |         ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/hmac.h:45:27: note: declared here
   45 | OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
      |                           ^~~~~~~~~~~
crypto-openssl-11.cpp: In member function 'void Hmac_sha1_state::get(unsigned char*)':
crypto-openssl-11.cpp:101:19: warning: 'int HMAC_Final(HMAC_CTX*, unsigned char*, unsigned int*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  101 |         HMAC_Final(impl->ctx, digest, &len);
      |         ~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/hmac.h:47:27: note: declared here
   47 | OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
      |                           ^~~~~~~~~~
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -o git-crypt git-crypt.o commands.o crypto.o gpg.o key.o util.o parse_options.o coprocess.o fhstream.o crypto-openssl-10.o crypto-openssl-11.o -lcrypto