From 4dd5c202434afac2525fb556179eac6d5c58bd9e Mon Sep 17 00:00:00 2001
From: Andrew Ayer <agwa@andrewayer.name>
Date: Tue, 23 Sep 2025 20:37:48 -0400
Subject: [PATCH] Drop support for OpenSSL 1.0; fix compilation with OpenSSL 3

---
 Makefile              |   2 +-
 crypto-openssl-10.cpp | 120 ------------------------------------------
 crypto-openssl-11.cpp |   4 --
 3 files changed, 1 insertion(+), 125 deletions(-)
 delete mode 100644 crypto-openssl-10.cpp

diff --git a/Makefile b/Makefile
index 68eb9db..8e4360d 100644
--- a/Makefile
+++ b/Makefile
@@ -24,7 +24,7 @@ OBJFILES = \
     coprocess.o \
     fhstream.o
 
-OBJFILES += crypto-openssl-10.o crypto-openssl-11.o
+OBJFILES += crypto-openssl-11.o
 LDFLAGS += -lcrypto
 
 XSLTPROC ?= xsltproc
diff --git a/crypto-openssl-10.cpp b/crypto-openssl-10.cpp
deleted file mode 100644
index f0f2c53..0000000
--- a/crypto-openssl-10.cpp
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright 2012, 2014 Andrew Ayer
- *
- * This file is part of git-crypt.
- *
- * git-crypt is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * git-crypt is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with git-crypt.  If not, see <http://www.gnu.org/licenses/>.
- *
- * Additional permission under GNU GPL version 3 section 7:
- *
- * If you modify the Program, or any covered work, by linking or
- * combining it with the OpenSSL project's OpenSSL library (or a
- * modified version of that library), containing parts covered by the
- * terms of the OpenSSL or SSLeay licenses, the licensors of the Program
- * grant you additional permission to convey the resulting work.
- * Corresponding Source for a non-source form of such a combination
- * shall include the source code for the parts of OpenSSL used as well
- * as that of the covered work.
- */
-
-#include <openssl/opensslconf.h>
-
-#if !defined(OPENSSL_API_COMPAT)
-
-#include "crypto.hpp"
-#include "key.hpp"
-#include "util.hpp"
-#include <openssl/aes.h>
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <sstream>
-#include <cstring>
-
-void init_crypto ()
-{
-	ERR_load_crypto_strings();
-}
-
-struct Aes_ecb_encryptor::Aes_impl {
-	AES_KEY key;
-};
-
-Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key)
-: impl(new Aes_impl)
-{
-	if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
-		throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "AES_set_encrypt_key failed");
-	}
-}
-
-Aes_ecb_encryptor::~Aes_ecb_encryptor ()
-{
-	// Note: Explicit destructor necessary because class contains an unique_ptr
-	// which contains an incomplete type when the unique_ptr is declared.
-
-	explicit_memset(&impl->key, '\0', sizeof(impl->key));
-}
-
-void Aes_ecb_encryptor::encrypt(const unsigned char* plain, unsigned char* cipher)
-{
-	AES_encrypt(plain, cipher, &(impl->key));
-}
-
-struct Hmac_sha1_state::Hmac_impl {
-	HMAC_CTX ctx;
-};
-
-Hmac_sha1_state::Hmac_sha1_state (const unsigned char* key, size_t key_len)
-: impl(new Hmac_impl)
-{
-	HMAC_Init(&(impl->ctx), key, key_len, EVP_sha1());
-}
-
-Hmac_sha1_state::~Hmac_sha1_state ()
-{
-	// Note: Explicit destructor necessary because class contains an unique_ptr
-	// which contains an incomplete type when the unique_ptr is declared.
-
-	HMAC_cleanup(&(impl->ctx));
-}
-
-void Hmac_sha1_state::add (const unsigned char* buffer, size_t buffer_len)
-{
-	HMAC_Update(&(impl->ctx), buffer, buffer_len);
-}
-
-void Hmac_sha1_state::get (unsigned char* digest)
-{
-	unsigned int len;
-	HMAC_Final(&(impl->ctx), digest, &len);
-}
-
-
-void random_bytes (unsigned char* buffer, size_t len)
-{
-	if (RAND_bytes(buffer, len) != 1) {
-		std::ostringstream	message;
-		while (unsigned long code = ERR_get_error()) {
-			char		error_string[120];
-			ERR_error_string_n(code, error_string, sizeof(error_string));
-			message << "OpenSSL Error: " << error_string << "; ";
-		}
-		throw Crypto_error("random_bytes", message.str());
-	}
-}
-
-#endif
diff --git a/crypto-openssl-11.cpp b/crypto-openssl-11.cpp
index adf03bb..ad4b119 100644
--- a/crypto-openssl-11.cpp
+++ b/crypto-openssl-11.cpp
@@ -30,8 +30,6 @@
 
 #include <openssl/opensslconf.h>
 
-#if defined(OPENSSL_API_COMPAT)
-
 #include "crypto.hpp"
 #include "key.hpp"
 #include "util.hpp"
@@ -115,5 +113,3 @@ void random_bytes (unsigned char* buffer, size_t len)
 		throw Crypto_error("random_bytes", message.str());
 	}
 }
-
-#endif