Support OpenSSL 3 which has changed behaviour for "Salted__" prefix #135
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…lag next to `enc`
…n Openssl
Change output checks in unit tests to work, although with less
precision, when tests are run against newer OpenSSL versions like
1.1 that output the following warning messages:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
…lag next to `enc`
…enSSL 3 Recognise when a file is encrypted with a version of OpenSSL or similar that does not include the "Salted__" prefix in the cipher text prior to Base64 encoding, and add that prefix. This makes Transcrypt compatible with OpenSSL version 3 which changed the behaviour of salting files and leaves off the "Salted__" prefix. This workaround requires another temporary file to store encrypted data, to check for the prefix before Base64 encoding the cipher text into Git's index.
|
Hi @Erotemic @elasticdog this fix for OpenSSL 3 compatibility is working, provably so in the The fix required yet another temporary file to hold the cipher text at encryption time, prior to base64 encoding so we can check for the presence of the Aside from the fix this PR includes a lot of test changes so they work despite the noise of the warnings generated by newer (non-ancient) versions of OpenSSL: |
… to a temporary file Avoid double-handling of encrypted files via a temporary file, but also ensure the "Salted__" + salt prefix required by Transcrypt is included, by: - manually prepend the required prefix in Transcrypt, so we know it is always present - strip this prefix if the OpenSSL encryption step also included it, so it isn't doubled for OpenSSL versions prior to 3
LANG=C tends to work for Linux but not on macOS, LC_ALL is a better option and the same approach used everywhere else in Transcrypt (I keep having to re-learn this...)
|
This fix seems to work – at least in some cases and no-one has said otherwise – so it's time to roll it out in a new version 2.2.0 |
jmurty
added a commit
to Erotemic/transcrypt
that referenced
this pull request
Jun 14, 2022
* main: Prepare for 2.2.0 release Fix when using OpenSSL 3 which no longer embeds salt in output (elasticdog#135) # Conflicts: # CHANGELOG.md # contrib/packaging/pacman/PKGBUILD # transcrypt
jmurty
added a commit
that referenced
this pull request
Oct 15, 2022
# By James Murty (18) and others # Via GitHub (1) and James Murty (1) * main: (26 commits) Centralise load and save of password into functions #141 Fix date of 2.2.0 release Ensure tests use "main" as default branch name #143 Use OpenSSL for B64 encoding not `base64` which differs between Linux and Mac #140 Use core attributesFile from worktree (#137) Document `xxd` requirement, and make optional with OpenSSL < 3 (#138) Prepare for 2.2.0 release Fix when using OpenSSL 3 which no longer embeds salt in output (#135) Consolidate all git operation scripts into a single transcrypt script Fix handling of small files and files with null in first 8 bytes (#116) Improve command hint to fix secret files not encrypted in index (#120) (#130) Remove Ubuntu 16.04 LTS from test matrix (#123) Configure default Git branch name for macOS tests in GitHub Handle rename of primary branch from "master" to "main" Ensure Git index is up-to-date before dirty repo check #37 (#109) Fix incorrect salt when partially staged files are commited (#119) Use shorthand for grep options for broader compatibility (#121) Let user set a custom path to openssl #108 Install entire transcrypt script into repository Change version to indicate development "pre-release" status ... # Conflicts: # README.md # tests/_test_helper.bash # tests/test_cleanup.bats # tests/test_crypt.bats # tests/test_init.bats # tests/test_not_inited.bats # transcrypt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Work in progress to fix #133