Allow compiling with GPL-compatible crypto libraries.

common/block-tx-utils.c

@@ -1,4 +1,7 @@
 #include "common.h"
+
+#ifndef USE_GPL_CRYPTO
+
 #define DEBUG_FLAG SEAFILE_DEBUG_TRANSFER
 #include "log.h"
 
@@ -294,3 +297,5 @@ handle_frame_fragments (struct evbuffer *buf, FrameParser *parser)
         return handle_frame_fragment_content (buf, parser);
     }
 }
+
+#endif

common/cdc/Makefile.am

@@ -8,5 +8,5 @@ noinst_HEADERS = cdc.h rabin-checksum.h
 libcdc_la_SOURCES = cdc.c rabin-checksum.c
 
 libcdc_la_LDFLAGS = -Wl,-z -Wl,defs
-libcdc_la_LIBADD = @SSL_LIBS@ @GLIB2_LIBS@ \
+libcdc_la_LIBADD = @GLIB2_LIBS@ \
 	$(top_builddir)/lib/libseafile_common.la

common/cdc/cdc.h

@@ -15,16 +15,7 @@
 
 #define BREAK_VALUE     0x0013    ///0x0513
 
-
-#ifdef HAVE_MD5
-#include "md5.h"
-#define get_checksum md5
-#define CHECKSUM_LENGTH 16
-#else
-#include <openssl/sha.h>
-#define get_checksum sha1
 #define CHECKSUM_LENGTH 20
-#endif
 
 #ifndef O_BINARY
 #define O_BINARY 0

common/commit-mgr.c

@@ -5,7 +5,6 @@
 #include "log.h"
 
 #include <jansson.h>
-#include <openssl/sha.h>
 
 #include "utils.h"
 #include "db.h"

common/curl-init.c

@@ -1,5 +1,9 @@
 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 
+#include "common.h"
+
+#ifndef USE_GPL_CRYPTO
+
 #include <curl/curl.h>
 #include <openssl/crypto.h>
 #include <pthread.h>
@@ -47,3 +51,5 @@ void seafile_curl_deinit()
     }
     free (curl_locks);
 }
+
+#endif

common/fs-mgr.c

@@ -12,7 +12,6 @@
     #include <arpa/inet.h>
 #endif
 
-#include <openssl/sha.h>
 #include <searpc-utils.h>
 
 #include "seafile-session.h"

common/index/Makefile.am

@@ -9,5 +9,5 @@ libindex_la_SOURCES = index.c cache-tree.c
 
 libindex_la_CFLAGS = @GLIB2_CFLAGS@
 libindex_la_LDFLAGS = -Wl,-z -Wl,defs
-libindex_la_LIBADD = @SSL_LIBS@ @GLIB2_LIBS@ \
+libindex_la_LIBADD = @GLIB2_LIBS@ \
 	$(top_builddir)/lib/libseafile_common.la

common/index/index.c

@@ -22,7 +22,6 @@
 
 #include <glib.h>
 #include <glib/gstdio.h>
-#include <openssl/sha.h>
 
 #ifdef WIN32
 

common/seafile-crypt.c

@@ -1,9 +1,20 @@
 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 
+#include "common.h"
+
 #include <string.h>
 #include <glib.h>
 #include "seafile-crypt.h"
+
+#ifdef USE_GPL_CRYPTO
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <nettle/pbkdf2.h>
+#else
+#include <openssl/aes.h>
+#include <openssl/evp.h>
 #include <openssl/rand.h>
+#endif
 
 #include "utils.h"
 #include "log.h"
@@ -39,6 +50,18 @@ int
 seafile_derive_key (const char *data_in, int in_len, int version,
                     unsigned char *key, unsigned char *iv)
 {
+#ifdef USE_GPL_CRYPTO
+    if (version != 2) {
+        seaf_warning ("Encrypted library version %d is not supported.\n", version);
+        return -1;
+    }
+
+    pbkdf2_hmac_sha256 (in_len, (const guchar *)data_in, KEYGEN_ITERATION2,
+                        sizeof(salt), salt, 32, key);
+    pbkdf2_hmac_sha256 (32, (const guchar *)key, 10, sizeof(salt), salt, 16, iv);
+
+    return 0;
+#else
     if (version == 2) {
         PKCS5_PBKDF2_HMAC (data_in, in_len,
                            salt, sizeof(salt),
@@ -51,8 +74,8 @@ seafile_derive_key (const char *data_in, int in_len, int version,
                            EVP_sha256(),
                            16, iv);
         return 0;
-    } else if (version == 1)
+    } else if (version == 1) {
-        return EVP_BytesToKey (EVP_aes_128_cbc(), /* cipher mode */
+        EVP_BytesToKey (EVP_aes_128_cbc(), /* cipher mode */
                         EVP_sha1(),        /* message digest */
                         salt,              /* salt */
                         (unsigned char*)data_in,
@@ -60,8 +83,9 @@ seafile_derive_key (const char *data_in, int in_len, int version,
                         KEYGEN_ITERATION,   /* iteration times */
                         key, /* the derived key */
                         iv); /* IV, initial vector */
-    else
+        return 0;
-        return EVP_BytesToKey (EVP_aes_128_ecb(), /* cipher mode */
+    } else {
+        EVP_BytesToKey (EVP_aes_128_ecb(), /* cipher mode */
                         EVP_sha1(),        /* message digest */
                         NULL,              /* salt */
                         (unsigned char*)data_in,
@@ -69,9 +93,12 @@ seafile_derive_key (const char *data_in, int in_len, int version,
                         3,   /* iteration times */
                         key, /* the derived key */
                         iv); /* IV, initial vector */
+        return 0;
+    }
+#endif
 }
 
-void
+int
 seafile_generate_random_key (const char *passwd, char *random_key)
 {
     SeafileCrypt *crypt;
@@ -79,11 +106,18 @@ seafile_generate_random_key (const char *passwd, char *random_key)
     int outlen;
     unsigned char key[32], iv[16];
 
+#ifdef USE_GPL_CRYPTO
+    if (gnutls_rnd (GNUTLS_RND_RANDOM, secret_key, sizeof(secret_key)) < 0) {
+        seaf_warning ("Failed to generate secret key for repo encryption.\n");
+        return -1;
+    }
+#else
     if (RAND_bytes (secret_key, sizeof(secret_key)) != 1) {
         seaf_warning ("Failed to generate secret key for repo encryption "
                       "with RAND_bytes(), use RAND_pseudo_bytes().\n");
         RAND_pseudo_bytes (secret_key, sizeof(secret_key));
     }
+#endif
 
     seafile_derive_key (passwd, strlen(passwd), 2, key, iv);
 
@@ -96,6 +130,8 @@ seafile_generate_random_key (const char *passwd, char *random_key)
 
     g_free (crypt);
     g_free (rand_key);
+
+    return 0;
 }
 
 void
@@ -237,6 +273,121 @@ seafile_update_random_key (const char *old_passwd, const char *old_random_key,
     return 0;
 }
 
+#ifdef USE_GPL_CRYPTO
+
+int
+seafile_encrypt (char **data_out,
+                 int *out_len,
+                 const char *data_in,
+                 const int in_len,
+                 SeafileCrypt *crypt)
+{
+    char *buf = NULL, *enc_buf = NULL;
+    int buf_size, remain;
+    guint8 padding;
+    gnutls_cipher_hd_t handle;
+    gnutls_datum_t key, iv;
+    int rc, ret = 0;
+
+    buf_size = BLK_SIZE * ((in_len / BLK_SIZE) + 1);
+    remain = buf_size - in_len;
+    buf = g_new (char, buf_size);
+
+    memcpy (buf, data_in, in_len);
+    padding = (guint8)remain;
+    memset (buf + in_len, padding, remain);
+
+    key.data = crypt->key;
+    key.size = sizeof(crypt->key);
+    iv.data = crypt->iv;
+    iv.size = sizeof(crypt->iv);
+    rc = gnutls_cipher_init (&handle, GNUTLS_CIPHER_AES_256_CBC, &key, &iv);
+    if (rc < 0) {
+        seaf_warning ("Failed to init cipher: %s\n", gnutls_strerror(rc));
+        ret = -1;
+        goto out;
+    }
+
+    enc_buf = g_new (char, buf_size);
+    rc = gnutls_cipher_encrypt2 (handle, buf, buf_size, enc_buf, buf_size);
+    if (rc < 0) {
+        seaf_warning ("Failed to encrypt: %s\n", gnutls_strerror(rc));
+        ret = -1;
+        gnutls_cipher_deinit (handle);
+        goto out;
+    }
+
+    gnutls_cipher_deinit (handle);
+
+out:
+    g_free (buf);
+    if (ret < 0) {
+        g_free (enc_buf);
+        *data_out = NULL;
+        *out_len = -1;
+    } else {
+        *data_out = enc_buf;
+        *out_len = buf_size;
+    }
+    return ret;
+}
+
+int
+seafile_decrypt (char **data_out,
+                 int *out_len,
+                 const char *data_in,
+                 const int in_len,
+                 SeafileCrypt *crypt)
+{
+    char *dec_buf = NULL;
+    gnutls_cipher_hd_t handle;
+    gnutls_datum_t key, iv;
+    int rc, ret = 0;
+    guint8 padding;
+    int remain;
+
+    if (in_len <= 0 || in_len % BLK_SIZE != 0) {
+        seaf_warning ("Invalid encrypted buffer size.\n");
+        return -1;
+    }
+
+    key.data = crypt->key;
+    key.size = sizeof(crypt->key);
+    iv.data = crypt->iv;
+    iv.size = sizeof(crypt->iv);
+    rc = gnutls_cipher_init (&handle, GNUTLS_CIPHER_AES_256_CBC, &key, &iv);
+    if (rc < 0) {
+        seaf_warning ("Failed to init cipher: %s\n", gnutls_strerror(rc));
+        ret = -1;
+        goto out;
+    }
+
+    dec_buf = g_new (char, in_len);
+    rc = gnutls_cipher_decrypt2 (handle, data_in, in_len, dec_buf, in_len);
+    if (rc < 0) {
+        seaf_warning ("Failed to decrypt data: %s\n", gnutls_strerror(rc));
+        ret = -1;
+        gnutls_cipher_deinit (handle);
+        goto out;
+    }
+
+    padding = dec_buf[in_len - 1];
+    remain = padding;
+    *out_len = (in_len - remain);
+    *data_out = dec_buf;
+
+    gnutls_cipher_deinit (handle);
+out:
+    if (ret < 0) {
+        g_free (dec_buf);
+        *data_out = NULL;
+        *out_len = -1;
+    }
+    return ret;
+}
+
+#else
+
 int
 seafile_encrypt (char **data_out,
                  int *out_len,
@@ -342,9 +493,6 @@ enc_error:
     
 }
                                
-
-    
-
 int
 seafile_decrypt (char **data_out,
                  int *out_len,
@@ -443,38 +591,4 @@ dec_error:
     
 }
 
-int
+#endif  /* USE_GPL_CRYPTO */
-seafile_decrypt_init (EVP_CIPHER_CTX *ctx,
-                      int version,
-                      const unsigned char *key,
-                      const unsigned char *iv)
-{
-    int ret;
-
-    /* Prepare CTX for decryption. */
-    EVP_CIPHER_CTX_init (ctx);
-
-    if (version == 2)
-        ret = EVP_DecryptInit_ex (ctx,
-                                  EVP_aes_256_cbc(), /* cipher mode */
-                                  NULL, /* engine, NULL for default */
-                                  key,  /* derived key */
-                                  iv);  /* initial vector */
-    else if (version == 1)
-        ret = EVP_DecryptInit_ex (ctx,
-                                  EVP_aes_128_cbc(), /* cipher mode */
-                                  NULL, /* engine, NULL for default */
-                                  key,  /* derived key */
-                                  iv);  /* initial vector */
-    else
-        ret = EVP_DecryptInit_ex (ctx,
-                                  EVP_aes_128_ecb(), /* cipher mode */
-                                  NULL, /* engine, NULL for default */
-                                  key,  /* derived key */
-                                  iv);  /* initial vector */
-
-    if (ret == DEC_FAILURE)
-        return -1;
-
-    return 0;
-}

common/seafile-crypt.h

@@ -1,20 +1,8 @@
 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 
-/*
-  Description:
-  
-  The function pair "seafile_encrypt/seafile_decrypt" are used to
-  encrypt/decrypt data in the seafile system, using AES 128 bit ecb
-  algorithm provided by openssl.
-*/  
-
 #ifndef _SEAFILE_CRYPT_H
 #define _SEAFILE_CRYPT_H
 
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-
-
 /* Block size, in bytes. For AES it can only be 16 bytes. */
 #define BLK_SIZE 16
 #define ENCRYPT_BLK_SIZE BLK_SIZE
@@ -60,7 +48,7 @@ seafile_derive_key (const char *data_in, int in_len, int version,
  * Generate the real key used to encrypt data.
  * The key 32 bytes long and encrpted with @passwd.
  */
-void
+int
 seafile_generate_random_key (const char *passwd, char *random_key);
 
 void
@@ -97,10 +85,4 @@ seafile_decrypt (char **data_out,
                  const int in_len,
                  SeafileCrypt *crypt);
 
-int
-seafile_decrypt_init (EVP_CIPHER_CTX *ctx,
-                      int version,
-                      const unsigned char *key,
-                      const unsigned char *iv);
-
 #endif  /* _SEAFILE_CRYPT_H */

configure.ac

@@ -77,7 +77,6 @@ fi
 
 AC_CHECK_LIB(pthread, pthread_create, [echo "found library pthread"], AC_MSG_ERROR([*** Unable to find pthread library]), )
 AC_CHECK_LIB(sqlite3, sqlite3_open,[echo "found library sqlite3"] , AC_MSG_ERROR([*** Unable to find sqlite3 library]), )
-AC_CHECK_LIB(crypto, SHA1_Init, [echo "found library crypto"], AC_MSG_ERROR([*** Unable to find openssl crypto library]), )
 
 dnl Do we need to use AX_LIB_SQLITE3 to check sqlite?
 dnl AX_LIB_SQLITE3
@@ -157,10 +156,7 @@ SEARPC_REQUIRED=1.0
 JANSSON_REQUIRED=2.2.1
 CURL_REQUIRED=7.17
 ZLIB_REQUIRED=1.2.0
-
+GNUTLS_REQUIRED=3.3.0
-PKG_CHECK_MODULES(SSL, [openssl])
-AC_SUBST(SSL_CFLAGS)
-AC_SUBST(SSL_LIBS)
 
 PKG_CHECK_MODULES(GLIB2, [glib-2.0 >= $GLIB_REQUIRED])
 AC_SUBST(GLIB2_CFLAGS)
@@ -218,6 +214,29 @@ if test "${compile_breakpad}" = "yes"; then
    AC_SUBST(BPWRAPPER_LIBS)
 fi
 
+AC_ARG_WITH([gpl-crypto],
+            AS_HELP_STRING([--with-gpl-crypto=[yes|no]],
+                [Use GPL compatible crypto libraries. Default no.]),
+            [ gpl_crypto=$with_gpl_crypto ],
+            [ gpl_crypto="no"])
+if test "xyes" = "x$gpl_crypto"; then
+   PKG_CHECK_MODULES(GNUTLS, [gnutls >= $GNUTLS_REQUIRED])
+   AC_SUBST(GNUTLS_CFLAGS)
+   AC_SUBST(GNUTLS_LIBS)
+
+   PKG_CHECK_MODULES(NETTLE, [nettle])
+   AC_SUBST(NETTLE_CFLAGS)
+   AC_SUBST(NETTLE_LIBS)
+
+   AC_DEFINE(USE_GPL_CRYPTO, 1, [Use GPL-compatible crypto libraries])
+   AM_CONDITIONAL([USE_GPL_CRYPTO], [test "x$gpl_crypto" = "xyes"])
+else
+   AC_CHECK_LIB(crypto, SHA1_Init, [echo "found library crypto"], AC_MSG_ERROR([*** Unable to find openssl crypto library]), )
+
+   PKG_CHECK_MODULES(SSL, [openssl])
+   AC_SUBST(SSL_CFLAGS)
+   AC_SUBST(SSL_LIBS)
+fi
 
 ac_configure_args="$ac_configure_args -q"
 

daemon/Makefile.am

@@ -12,6 +12,7 @@ AM_CFLAGS = -DPKGDATADIR=\"$(pkgdatadir)\" \
 	@MSVC_CFLAGS@ \
 	@CURL_CFLAGS@ \
 	@BPWRAPPER_CFLAGS@ \
+	@GNUTLS_CFLAGS@ \
 	-Wall
 
 bin_PROGRAMS = seaf-daemon
@@ -119,7 +120,8 @@ common_src = \
 seaf_daemon_SOURCES = seaf-daemon.c $(common_src)
 
 seaf_daemon_LDADD = $(top_builddir)/lib/libseafile_common.la \
-	@GLIB2_LIBS@  @GOBJECT_LIBS@ @SSL_LIBS@ @LIB_RT@ @LIB_UUID@ -lsqlite3 @LIBEVENT_LIBS@ \
+	@GLIB2_LIBS@  @GOBJECT_LIBS@ @SSL_LIBS@ @GNUTLS_LIBS@ @NETTLE_LIBS@ \
+	@LIB_RT@ @LIB_UUID@ -lsqlite3 @LIBEVENT_LIBS@ \
 	$(top_builddir)/common/cdc/libcdc.la \
 	$(top_builddir)/common/index/libindex.la @LIB_WS32@ @LIB_CRYPT32@ \
 	@SEARPC_LIBS@ @CCNET_LIBS@ @JANSSON_LIBS@ @LIB_MAC@ @ZLIB_LIBS@ @CURL_LIBS@ @BPWRAPPER_LIBS@

daemon/block-tx-client.c

@@ -1029,6 +1029,8 @@ block_tx_client_thread_done (void *vdata)
     g_free (client);
 }
 
+#ifndef USE_GPL_CRYPTO
+
 int
 block_tx_client_start (BlockTxInfo *info, BlockTxClientDoneCB cb)
 {
@@ -1055,3 +1057,19 @@ block_tx_client_run_command (BlockTxInfo *info, int command)
 {
     pipewrite (info->cmd_pipe[1], (char*)&command, sizeof(int));
 }
+
+#else
+
+int
+block_tx_client_start (BlockTxInfo *info, BlockTxClientDoneCB cb)
+{
+    return 0;
+}
+
+void
+block_tx_client_run_command (BlockTxInfo *info, int command)
+{
+    return;
+}
+
+#endif

daemon/clone-mgr.c

@@ -1416,6 +1416,15 @@ seaf_clone_manager_add_task (SeafCloneManager *mgr,
         return NULL;
     }
 
+#ifdef USE_GPL_CRYPTO
+    if (repo_version == 0 || (passwd && enc_version < 2)) {
+        seaf_warning ("Don't support syncing old version libraries.\n");
+        g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
+                     "Don't support syncing old version libraries");
+        return NULL;
+    }
+#endif
+
     if (passwd &&
         !check_encryption_args (magic, enc_version, random_key, error))
         return NULL;
@@ -1534,6 +1543,15 @@ seaf_clone_manager_add_download_task (SeafCloneManager *mgr,
         return NULL;
     }
 
+#ifdef USE_GPL_CRYPTO
+    if (repo_version == 0 || (passwd && enc_version < 2)) {
+        seaf_warning ("Don't support syncing old version libraries.\n");
+        g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
+                     "Don't support syncing old version libraries");
+        return NULL;
+    }
+#endif
+
     if (passwd &&
         !check_encryption_args (magic, enc_version, random_key, error))
         return NULL;

daemon/http-tx-mgr.c

@@ -14,10 +14,12 @@
 #include <wincrypt.h>
 #endif
 
+#ifndef USE_GPL_CRYPTO
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/bio.h>
 #include <openssl/ssl.h>
+#endif
 
 #include <ccnet/ccnet-client.h>
 
@@ -326,6 +328,8 @@ http_tx_manager_start (HttpTxManager *mgr)
 
 /* Common Utility Functions. */
 
+#ifndef USE_GPL_CRYPTO
+
 #ifdef WIN32
 
 static void
@@ -559,6 +563,8 @@ ssl_callback (CURL *curl, void *ssl_ctx, void *userptr)
     return CURLE_OK;
 }
 
+#endif  /* USE_GPL_CRYPTO */
+
 static void
 set_proxy (CURL *curl, gboolean is_https)
 {
@@ -715,14 +721,18 @@ http_get (CURL *curl, const char *url, const char *token,
 
     curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
 
+#ifndef USE_GPL_CRYPTO
 #if defined WIN32 || defined __APPLE__
     load_ca_bundle (curl);
 #endif
+#endif
 
+#ifndef USE_GPL_CRYPTO
     if (!seaf->disable_verify_certificate) {
         curl_easy_setopt (curl, CURLOPT_SSL_CTX_FUNCTION, ssl_callback);
         curl_easy_setopt (curl, CURLOPT_SSL_CTX_DATA, url);
     }
+#endif
 
 #ifdef WIN32
     curl_easy_setopt (curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
@@ -852,14 +862,18 @@ http_put (CURL *curl, const char *url, const char *token,
 
     curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
 
+#ifndef USE_GPL_CRYPTO
 #if defined WIN32 || defined __APPLE__
     load_ca_bundle (curl);
 #endif
+#endif
 
+#ifndef USE_GPL_CRYPTO
     if (!seaf->disable_verify_certificate) {
         curl_easy_setopt (curl, CURLOPT_SSL_CTX_FUNCTION, ssl_callback);
         curl_easy_setopt (curl, CURLOPT_SSL_CTX_DATA, url);
     }
+#endif
 
 #ifdef WIN32
     curl_easy_setopt (curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
@@ -952,14 +966,18 @@ http_post (CURL *curl, const char *url, const char *token,
         curl_easy_setopt(curl, CURLOPT_WRITEDATA, &rsp);
     }
 
+#ifndef USE_GPL_CRYPTO
 #if defined WIN32 || defined __APPLE__
     load_ca_bundle (curl);
 #endif
+#endif
 
+#ifndef USE_GPL_CRYPTO
     if (!seaf->disable_verify_certificate) {
         curl_easy_setopt (curl, CURLOPT_SSL_CTX_FUNCTION, ssl_callback);
         curl_easy_setopt (curl, CURLOPT_SSL_CTX_DATA, url);
     }
+#endif
 
     gboolean is_https = (strncasecmp(url, "https", strlen("https")) == 0);
     set_proxy (curl, is_https);

daemon/processors/check-tx-v3-proc.c

@@ -2,6 +2,8 @@
 
 #include "common.h"
 
+#ifndef USE_GPL_CRYPTO
+
 #include <string.h>
 #include <ccnet.h>
 #include <openssl/aes.h>
@@ -329,3 +331,5 @@ handle_response (CcnetProcessor *processor,
         ccnet_processor_done (processor, FALSE);
     }
 }
+
+#endif

daemon/seaf-daemon.c

@@ -32,7 +32,9 @@
 #include "utils.h"
 #include "vc-utils.h"
 #include "seafile-config.h"
+#ifndef USE_GPL_CRYPTO
 #include "curl-init.h"
+#endif
 
 #include "cdc/cdc.h"
 
@@ -561,13 +563,17 @@ main (int argc, char **argv)
 
     set_signal_handlers (seaf);
 
+#ifndef USE_GPL_CRYPTO
     seafile_curl_init();
+#endif
     seafile_session_prepare (seaf);
     seafile_session_start (seaf);
 
     seafile_session_config_set_string (seaf, "wktree", seaf->worktree_dir);
     ccnet_main (client);
+#ifndef USE_GPL_CRYPTO
     seafile_curl_deinit();
+#endif
 
     return 0;
 }

daemon/sync-mgr.c

@@ -477,6 +477,15 @@ seaf_sync_manager_add_sync_task (SeafSyncManager *mgr,
         return -1;
     }
 
+#ifdef USE_GPL_CRYPTO
+    if (repo->version == 0 || (repo->encrypted && repo->enc_version < 2)) {
+        seaf_warning ("Don't support syncing old version libraries.\n");
+        g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
+                     "Don't support syncing old version libraries");
+        return -1;
+    }
+#endif
+
     SyncInfo *info = get_sync_info (mgr, repo->id);
 
     if (info->in_sync)
@@ -2777,6 +2786,12 @@ auto_sync_pulse (void *vmanager)
 
         repo->worktree_invalid = FALSE;
 
+#ifdef USE_GPL_CRYPTO
+        if (repo->version == 0 || (repo->encrypted && repo->enc_version < 2)) {
+            continue;
+        }
+#endif
+
         if (!repo->token) {
             /* If the user has logged out of the account, the repo token would
              * be null */

daemon/transfer-mgr.c

@@ -13,7 +13,9 @@
 #include "utils.h"
 #include "db.h"
 
+#ifndef USE_GPL_CRYPTO
 #include <openssl/rand.h>
+#endif
 
 #include "seafile-session.h"
 #include "transfer-mgr.h"
@@ -29,7 +31,9 @@
 #include "mq-mgr.h"
 #include "seafile-config.h"
 
+#ifndef USE_GPL_CRYPTO
 #include "processors/check-tx-v3-proc.h"
+#endif
 #include "processors/sendfs-proc.h"
 #include "processors/getfs-proc.h"
 #include "processors/getcs-proc.h"
@@ -444,9 +448,11 @@ seaf_transfer_manager_new (struct _SeafileSession *seaf)
 
 static void register_processors (CcnetClient *client)
 {
+#ifndef USE_GPL_CRYPTO
     ccnet_proc_factory_register_processor (client->proc_factory,
                                            "seafile-check-tx-v3",
                                            SEAFILE_TYPE_CHECK_TX_V3_PROC);
+#endif
 
     ccnet_proc_factory_register_processor (client->proc_factory,
                                            "seafile-sendfs",
@@ -1220,11 +1226,13 @@ generate_session_key (BlockTxInfo *info, const char *peer_id)
     char *sk_base64, *sk_enc_base64;
     gsize enc_key_len;
 
+#ifndef USE_GPL_CRYPTO
     if (RAND_bytes (info->session_key, sizeof(info->session_key)) != 1) {
         seaf_warning ("Failed to generate random session key with RAND_bytes(), "
                       "switch to RAND_pseudo_bytes().\n");
         RAND_pseudo_bytes (info->session_key, sizeof(info->session_key));
     }
+#endif
 
     sk_base64 = g_base64_encode (info->session_key, sizeof(info->session_key));
     sk_enc_base64 = ccnet_pubkey_encrypt (seaf->ccnetrpc_client,
@@ -1731,6 +1739,7 @@ start_download (TransferTask *task)
     if (!ccnet_peer_is_ready (seaf->ccnetrpc_client, dest_id))
         return -1;
 
+#ifndef USE_GPL_CRYPTO
     processor = ccnet_proc_factory_create_remote_master_processor (
         seaf->session->proc_factory, "seafile-check-tx-v3", dest_id);
     if (!processor) {
@@ -1746,6 +1755,7 @@ start_download (TransferTask *task)
         seaf_warning ("failed to start check-tx proc for download.\n");
         return -1;
     }
+#endif
 
     transition_state (task, task->state, TASK_RT_STATE_CHECK);
     return 0;
@@ -2200,6 +2210,7 @@ start_upload (TransferTask *task)
     memcpy (task->head, branch->commit_id, 41);
     seaf_branch_unref (branch);
 
+#ifndef USE_GPL_CRYPTO
     processor = ccnet_proc_factory_create_remote_master_processor (
         seaf->session->proc_factory, "seafile-check-tx-v3", dest_id);
     if (!processor) {
@@ -2216,6 +2227,7 @@ start_upload (TransferTask *task)
         seaf_warning ("failed to start check-tx-v3 proc for upload.\n");
         return -1;
     }
+#endif
 
     transition_state (task, task->state, TASK_RT_STATE_CHECK);
     return 0;

lib/Makefile.am

@@ -51,7 +51,7 @@ noinst_LTLIBRARIES = libseafile_common.la
 
 libseafile_common_la_SOURCES = ${seafile_object_gen} ${utils_srcs}
 libseafile_common_la_LDFLAGS = -no-undefined
-libseafile_common_la_LIBADD = @GLIB2_LIBS@  @GOBJECT_LIBS@ @SSL_LIBS@ -lcrypto @LIB_GDI32@ \
+libseafile_common_la_LIBADD = @GLIB2_LIBS@  @GOBJECT_LIBS@ @LIB_GDI32@ \
 				     @LIB_UUID@ @LIB_WS32@ @LIB_PSAPI@ -lsqlite3 \
 					 @LIBEVENT_LIBS@ @SEARPC_LIBS@ @LIB_SHELL32@ \
 	@ZLIB_LIBS@