Prepare 0.7.0 release

Closes: #227

.github/workflows/release-linux.yml

@@ -0,0 +1,46 @@
+on:
+  release:
+    types: [published]
+name: Build Release Binary (Linux)
+jobs:
+  build:
+    name: Build Release Binary
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install dependencies
+        run: sudo apt install libssl-dev
+      - name: Build binary
+        run: make
+      - name: Upload release artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: git-crypt-artifacts
+          path: git-crypt
+  upload:
+    name: Upload Release Binary
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Download release artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: git-crypt-artifacts
+      - name: Upload release asset
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require("fs").promises;
+            const { repo: { owner, repo }, sha } = context;
+            await github.repos.uploadReleaseAsset({
+              owner, repo,
+              release_id: ${{ github.event.release.id }},
+              name: 'git-crypt-${{ github.event.release.name }}-linux-x86_64',
+              data: await fs.readFile('git-crypt'),
+            });

.github/workflows/release-windows.yml

@@ -0,0 +1,56 @@
+on:
+  release:
+    types: [published]
+name: Build Release Binary (Windows)
+jobs:
+  build:
+    name: Build Release Binary
+    runs-on: windows-2022
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Setup msys2
+        uses: msys2/setup-msys2@v2
+        with:
+          msystem: MINGW64
+          update: true
+          install: >-
+            base-devel
+            msys2-devel
+            mingw-w64-x86_64-toolchain
+            mingw-w64-x86_64-openssl
+            openssl-devel
+      - name: Build binary
+        shell: msys2 {0}
+        run: make LDFLAGS="-static-libstdc++ -static -lcrypto -lws2_32"
+      - name: Upload release artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: git-crypt-artifacts
+          path: git-crypt.exe
+  upload:
+    name: Upload Release Binary
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Download release artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: git-crypt-artifacts
+      - name: Upload release asset
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require("fs").promises;
+            const { repo: { owner, repo }, sha } = context;
+            await github.repos.uploadReleaseAsset({
+              owner, repo,
+              release_id: ${{ github.event.release.id }},
+              name: 'git-crypt-${{ github.event.release.name }}-x86_64.exe',
+              data: await fs.readFile('git-crypt.exe'),
+            });

CONTRIBUTING.md

@@ -4,8 +4,7 @@ documentation, bug reports, or anything else that improves git-crypt.
 
 When contributing code, please consider the following guidelines:
 
- * You are encouraged to open an issue on GitHub or send mail to
+ * You are encouraged to open an issue on GitHub to discuss any non-trivial
-   git-crypt-discuss@lists.cloudmutt.com to discuss any non-trivial
    changes before you start coding.
 
  * Please mimic the existing code style as much as possible.  In
@@ -15,8 +14,7 @@ When contributing code, please consider the following guidelines:
  * To minimize merge commits, please rebase your changes before opening
    a pull request.
 
- * To submit your patch, open a pull request on GitHub or send a
+ * To submit your patch, open a pull request on GitHub.
-   properly-formatted patch to git-crypt-discuss@lists.cloudmutt.com.
 
 Finally, be aware that since git-crypt is security-sensitive software,
 the bar for contributions is higher than average.  Please don't be

INSTALL

@@ -2,19 +2,19 @@ DEPENDENCIES
 
 To build git-crypt, you need:
 
-                                Debian/Ubuntu package   RHEL/CentOS package
+                                    Debian/Ubuntu package   RHEL/CentOS package
   -----------------------------------------------------------------------------
-  Make                          make                    make
+  Make                              make                    make
-  A C++ compiler (e.g. gcc)     g++                     gcc-c++
+  A C++11 compiler (e.g. gcc 4.9+)  g++                     gcc-c++
-  OpenSSL development files     libssl-dev              openssl-devel
+  OpenSSL development files         libssl-dev              openssl-devel
 
 
 To use git-crypt, you need:
 
-                                Debian/Ubuntu package   RHEL/CentOS package
+                                    Debian/Ubuntu package   RHEL/CentOS package
   -----------------------------------------------------------------------------
-  Git 1.7.2 or newer            git                     git
+  Git 1.7.2 or newer                git                     git
-  OpenSSL                       openssl                 openssl
+  OpenSSL                           openssl                 openssl
 
 Note: Git 1.8.5 or newer is recommended for best performance.
 

INSTALL.md

@@ -2,19 +2,19 @@
 
 To build git-crypt, you need:
 
-                           | Debian/Ubuntu package | RHEL/CentOS package
+| Software                        | Debian/Ubuntu package | RHEL/CentOS package|
----------------------------|-----------------------|------------------------
+|---------------------------------|-----------------------|--------------------|
-Make                       | make                  | make
+|Make                             | make                  | make               |
-A C++ compiler (e.g. gcc)  | g++                   | gcc-c++
+|A C++11 compiler (e.g. gcc 4.9+) | g++                   | gcc-c++            |
-OpenSSL development files  | libssl-dev            | openssl-devel
+|OpenSSL development files        | libssl-dev            | openssl-devel      |
 
 
 To use git-crypt, you need:
 
-                           | Debian/Ubuntu package | RHEL/CentOS package
+| Software                        | Debian/Ubuntu package | RHEL/CentOS package|
----------------------------|-----------------------|------------------------
+|---------------------------------|-----------------------|--------------------|
-Git 1.7.2 or newer         | git                   | git
+|Git 1.7.2 or newer               | git                   | git                |
-OpenSSL                    | openssl               | openssl
+|OpenSSL                          | openssl               | openssl            |
 
 Note: Git 1.8.5 or newer is recommended for best performance.
 

Makefile

@@ -5,6 +5,7 @@
 #
 
 CXXFLAGS ?= -Wall -pedantic -Wno-long-long -O2
+CXXFLAGS += -std=c++11
 PREFIX ?= /usr/local
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
@@ -23,7 +24,7 @@ OBJFILES = \
     coprocess.o \
     fhstream.o
 
-OBJFILES += crypto-openssl.o
+OBJFILES += crypto-openssl-10.o crypto-openssl-11.o
 LDFLAGS += -lcrypto
 
 XSLTPROC ?= xsltproc
@@ -54,7 +55,7 @@ coprocess.o: coprocess.cpp coprocess-unix.cpp coprocess-win32.cpp
 build-man: man/man1/git-crypt.1
 
 man/man1/git-crypt.1: man/git-crypt.xml
-	$(XSLTPROC) $(DOCBOOK_FLAGS) $(DOCBOOK_XSL) $<
+	$(XSLTPROC) $(DOCBOOK_FLAGS) $(DOCBOOK_XSL) man/git-crypt.xml
 
 #
 # Clean

NEWS

@@ -1,3 +1,21 @@
+v0.7.0 (2022-04-21)
+  * Avoid "argument list too long" errors on macOS.
+  * Fix handling of "-" arguments.
+  * Minor documentation improvements.
+
+v0.6.0 (2017-11-26)
+  * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0).
+  * Switch to C++11 (gcc 4.9 or higher now required to build).
+  * Allow GPG to fail on some keys (makes unlock work better if there are
+    multiple keys that can unlock the repo but only some are available).
+  * Allow the repo state directory to be configured with the
+    git-crypt.repoStateDir git config option.
+  * Respect the gpg.program git config option.
+  * Don't hard code path to git-crypt in .git/config on Linux (ensures
+    repo continues to work if git-crypt is moved).
+  * Ensure git-crypt's gpg files won't be treated as text by Git.
+  * Minor improvements to build system, documentation.
+
 v0.5.0 (2015-05-30)
   * Drastically speed up lock/unlock when used with Git 1.8.5 or newer.
   * Add git-crypt(1) man page (pass ENABLE_MAN=yes to make to build).

NEWS.md

@@ -1,6 +1,24 @@
 News
 ====
 
+######v0.7.0 (2022-04-21)
+* Avoid "argument list too long" errors on macOS.
+* Fix handling of "-" arguments.
+* Minor documentation improvements.
+
+######v0.6.0 (2017-11-26)
+* Add support for OpenSSL 1.1 (still works with OpenSSL 1.0).
+* Switch to C++11 (gcc 4.9 or higher now required to build).
+* Allow GPG to fail on some keys (makes unlock work better if there are
+  multiple keys that can unlock the repo but only some are available).
+* Allow the repo state directory to be configured with the
+  git-crypt.repoStateDir git config option.
+* Respect the gpg.program git config option.
+* Don't hard code path to git-crypt in .git/config on Linux (ensures
+  repo continues to work if git-crypt is moved).
+* Ensure git-crypt's gpg files won't be treated as text by Git.
+* Minor improvements to build system, documentation.
+
 ######v0.5.0 (2015-05-30)
 * Drastically speed up lock/unlock when used with Git 1.8.5 or newer.
 * Add git-crypt(1) man page (pass `ENABLE_MAN=yes` to make to build).

README

@@ -30,6 +30,7 @@ Specify files to encrypt by creating a .gitattributes file:
 
 	secretfile filter=git-crypt diff=git-crypt
 	*.key filter=git-crypt diff=git-crypt
+	secretdir/** filter=git-crypt diff=git-crypt
 
 Like a .gitignore file, it can match wildcards and should be checked into
 the repository.  See below for more information about .gitattributes.
@@ -54,7 +55,7 @@ are added to your repository):
 
 	$ git-crypt export-key /path/to/key
 
-After cloning a repository with encrypted files, unlock with with GPG:
+After cloning a repository with encrypted files, unlock with GPG:
 
 	$ git-crypt unlock
 
@@ -69,7 +70,7 @@ encryption and decryption happen transparently.
 
 CURRENT STATUS
 
-The latest version of git-crypt is 0.5.0, released on 2015-05-30.
+The latest version of git-crypt is 0.7.0, released on 2022-04-21.
 git-crypt aims to be bug-free and reliable, meaning it shouldn't
 crash, malfunction, or expose your confidential data.  However,
 it has not yet reached maturity, meaning it is not as documented,
@@ -79,7 +80,7 @@ backwards-incompatible changes introduced before version 1.0.
 
 SECURITY
 
-git-crypt is more secure that other transparent git encryption systems.
+git-crypt is more secure than other transparent git encryption systems.
 git-crypt encrypts files using AES-256 in CTR mode with a synthetic IV
 derived from the SHA-1 HMAC of the file.  This mode of operation is
 provably semantically secure under deterministic chosen-plaintext attack.
@@ -98,7 +99,7 @@ all of the files in a repository. Where git-crypt really shines is where
 most of your repository is public, but you have a few files (perhaps
 private keys named *.key, or a file with API credentials) which you
 need to encrypt.  For encrypting an entire repository, consider using a
-system like git-remote-gcrypt <https://github.com/joeyh/git-remote-gcrypt>
+system like git-remote-gcrypt <https://spwhitton.name/tech/code/git-remote-gcrypt/>
 instead.  (Note: no endorsement is made of git-remote-gcrypt's security.)
 
 git-crypt does not encrypt file names, commit messages, symlink targets,
@@ -108,6 +109,16 @@ git-crypt does not hide when a file does or doesn't change, the length
 of a file, or the fact that two files are identical (see "Security"
 section above).
 
+git-crypt does not support revoking access to an encrypted repository
+which was previously granted. This applies to both multi-user GPG
+mode (there's no del-gpg-user command to complement add-gpg-user)
+and also symmetric key mode (there's no support for rotating the key).
+This is because it is an inherently complex problem in the context
+of historical data. For example, even if a key was rotated at one
+point in history, a user having the previous key can still access
+previous repository history. This problem is discussed in more detail in
+<https://github.com/AGWA/git-crypt/issues/47>.
+
 Files encrypted with git-crypt are not compressible.  Even the smallest
 change to an encrypted file requires git to store the entire changed file,
 instead of just a delta.
@@ -138,20 +149,12 @@ specifying merely a directory (e.g. `/dir/`) is NOT sufficient to
 encrypt all files beneath it.
 
 Also note that the pattern `dir/*` does not match files under
-sub-directories of dir/.  To encrypt an entire sub-tree dir/, place the
+sub-directories of dir/.  To encrypt an entire sub-tree dir/, use `dir/**`:
-following in dir/.gitattributes:
+
+	dir/** filter=git-crypt diff=git-crypt
+
+The .gitattributes file must not be encrypted, so make sure wildcards don't
+match it accidentally.  If necessary, you can exclude .gitattributes from
+encryption like this:
 
-	* filter=git-crypt diff=git-crypt
 	.gitattributes !filter !diff
-
-The second pattern is essential for ensuring that .gitattributes itself
-is not encrypted.
-
-
-MAILING LISTS
-
-To stay abreast of, and provide input to, git-crypt development, consider
-subscribing to one or both of our mailing lists:
-
-Announcements: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce
-Discussion:    https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss

README.md

@@ -31,6 +31,7 @@ Specify files to encrypt by creating a .gitattributes file:
 
     secretfile filter=git-crypt diff=git-crypt
     *.key filter=git-crypt diff=git-crypt
+    secretdir/** filter=git-crypt diff=git-crypt
 
 Like a .gitignore file, it can match wildcards and should be checked into
 the repository.  See below for more information about .gitattributes.
@@ -55,7 +56,7 @@ are added to your repository):
 
     git-crypt export-key /path/to/key
 
-After cloning a repository with encrypted files, unlock with with GPG:
+After cloning a repository with encrypted files, unlock with GPG:
 
     git-crypt unlock
 
@@ -70,8 +71,8 @@ encryption and decryption happen transparently.
 Current Status
 --------------
 
-The latest version of git-crypt is [0.5.0](NEWS.md), released on
+The latest version of git-crypt is [0.7.0](NEWS.md), released on
-2015-05-30.  git-crypt aims to be bug-free and reliable, meaning it
+2022-04-21.  git-crypt aims to be bug-free and reliable, meaning it
 shouldn't crash, malfunction, or expose your confidential data.
 However, it has not yet reached maturity, meaning it is not as
 documented, featureful, or easy-to-use as it should be.  Additionally,
@@ -81,7 +82,7 @@ there may be backwards-incompatible changes introduced before version
 Security
 --------
 
-git-crypt is more secure that other transparent git encryption systems.
+git-crypt is more secure than other transparent git encryption systems.
 git-crypt encrypts files using AES-256 in CTR mode with a synthetic IV
 derived from the SHA-1 HMAC of the file.  This mode of operation is
 provably semantically secure under deterministic chosen-plaintext attack.
@@ -100,7 +101,7 @@ all of the files in a repository. Where git-crypt really shines is where
 most of your repository is public, but you have a few files (perhaps
 private keys named *.key, or a file with API credentials) which you
 need to encrypt.  For encrypting an entire repository, consider using a
-system like [git-remote-gcrypt](https://github.com/joeyh/git-remote-gcrypt)
+system like [git-remote-gcrypt](https://spwhitton.name/tech/code/git-remote-gcrypt/)
 instead.  (Note: no endorsement is made of git-remote-gcrypt's security.)
 
 git-crypt does not encrypt file names, commit messages, symlink targets,
@@ -110,6 +111,16 @@ git-crypt does not hide when a file does or doesn't change, the length
 of a file, or the fact that two files are identical (see "Security"
 section above).
 
+git-crypt does not support revoking access to an encrypted repository
+which was previously granted. This applies to both multi-user GPG
+mode (there's no del-gpg-user command to complement add-gpg-user)
+and also symmetric key mode (there's no support for rotating the key).
+This is because it is an inherently complex problem in the context
+of historical data. For example, even if a key was rotated at one
+point in history, a user having the previous key can still access
+previous repository history. This problem is discussed in more detail in
+<https://github.com/AGWA/git-crypt/issues/47>.
+
 Files encrypted with git-crypt are not compressible.  Even the smallest
 change to an encrypted file requires git to store the entire changed file,
 instead of just a delta.
@@ -140,20 +151,12 @@ specifying merely a directory (e.g. `/dir/`) is *not* sufficient to
 encrypt all files beneath it.
 
 Also note that the pattern `dir/*` does not match files under
-sub-directories of dir/.  To encrypt an entire sub-tree dir/, place the
+sub-directories of dir/.  To encrypt an entire sub-tree dir/, use `dir/**`:
-following in dir/.gitattributes:
+
+    dir/** filter=git-crypt diff=git-crypt
+
+The .gitattributes file must not be encrypted, so make sure wildcards don't
+match it accidentally.  If necessary, you can exclude .gitattributes from
+encryption like this:
 
-    * filter=git-crypt diff=git-crypt
     .gitattributes !filter !diff
-
-The second pattern is essential for ensuring that .gitattributes itself
-is not encrypted.
-
-Mailing Lists
--------------
-
-To stay abreast of, and provide input to, git-crypt development,
-consider subscribing to one or both of our mailing lists:
-
-* [Announcements](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce)
-* [Discussion](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss)

THANKS.md

@@ -12,6 +12,10 @@ For their contributions to git-crypt, I thank:
    * Linus G Thiel
    * Michael Schout
    * Simon Kotlinski
+   * Kevin Menard
+   * Wael M. Nasreddine
+   * Kevin Borgolte
+   * Adrian Cohea
 
  * And everyone who has tested git-crypt, provided feedback, reported
    bugs, and participated in discussions about new features.

commands.cpp

@@ -48,8 +48,15 @@
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
+#include <exception>
 #include <vector>
 
+enum {
+	// # of arguments per git checkout call; must be large enough to be efficient but small
+	// enough to avoid operating system limits on argument length
+	GIT_CHECKOUT_BATCH_SIZE = 100
+};
+
 static std::string attribute_name (const char* key_name)
 {
 	if (key_name) {
@@ -182,15 +189,19 @@ static void deconfigure_git_filters (const char* key_name)
 	}
 }
 
-static bool git_checkout (const std::vector<std::string>& paths)
+static bool git_checkout_batch (std::vector<std::string>::const_iterator paths_begin, std::vector<std::string>::const_iterator paths_end)
 {
+	if (paths_begin == paths_end) {
+		return true;
+	}
+
 	std::vector<std::string>	command;
 
 	command.push_back("git");
 	command.push_back("checkout");
 	command.push_back("--");
 
-	for (std::vector<std::string>::const_iterator path(paths.begin()); path != paths.end(); ++path) {
+	for (auto path(paths_begin); path != paths_end; ++path) {
 		command.push_back(*path);
 	}
 
@@ -201,6 +212,18 @@ static bool git_checkout (const std::vector<std::string>& paths)
 	return true;
 }
 
+static bool git_checkout (const std::vector<std::string>& paths)
+{
+	auto paths_begin(paths.begin());
+	while (paths.end() - paths_begin >= GIT_CHECKOUT_BATCH_SIZE) {
+		if (!git_checkout_batch(paths_begin, paths_begin + GIT_CHECKOUT_BATCH_SIZE)) {
+			return false;
+		}
+		paths_begin += GIT_CHECKOUT_BATCH_SIZE;
+	}
+	return git_checkout_batch(paths_begin, paths.end());
+}
+
 static bool same_key_name (const char* a, const char* b)
 {
 	return (!a && !b) || (a && b && std::strcmp(a, b) == 0);
@@ -254,6 +277,27 @@ static std::string get_internal_key_path (const char* key_name)
 	return path;
 }
 
+std::string get_git_config (const std::string& name)
+{
+	// git config --get
+	std::vector<std::string>	command;
+	command.push_back("git");
+	command.push_back("config");
+	command.push_back("--get");
+	command.push_back(name);
+
+	std::stringstream	output;
+
+	if (!successful_exit(exec_command(command, output))) {
+		throw Error("'git config' missing value for key '" + name +"'");
+	}
+
+	std::string		value;
+	std::getline(output, value);
+
+	return value;
+}
+
 static std::string get_repo_state_path ()
 {
 	// git rev-parse --show-toplevel
@@ -276,7 +320,18 @@ static std::string get_repo_state_path ()
 		throw Error("Could not determine Git working tree - is this a non-bare repo?");
 	}
 
-	path += "/.git-crypt";
+	// Check if the repo state dir has been explicitly configured. If so, use that in path construction.
+	if (git_has_config("git-crypt.repoStateDir")) {
+		std::string		repoStateDir = get_git_config("git-crypt.repoStateDir");
+
+		// The repoStateDir value must always be relative to git work tree to ensure the repoStateDir can be committed
+		// along with the remainder of the repository.
+		path += '/' + repoStateDir;
+	} else {
+		// There is no explicitly configured repo state dir configured, so use the default.
+		path += "/.git-crypt";
+	}
+
 	return path;
 }
 
@@ -455,7 +510,7 @@ static bool check_if_file_is_encrypted (const std::string& filename)
 
 static bool is_git_file_mode (const std::string& mode)
 {
-	return (std::strtoul(mode.c_str(), NULL, 8) & 0170000) == 0100000;
+	return (std::strtoul(mode.c_str(), nullptr, 8) & 0170000) == 0100000;
 }
 
 static void get_encrypted_files (std::vector<std::string>& files, const char* key_name)
@@ -476,8 +531,8 @@ static void get_encrypted_files (std::vector<std::string>& files, const char* ke
 	ls_files.spawn(ls_files_command);
 
 	Coprocess			check_attr;
-	std::ostream*			check_attr_stdin = NULL;
+	std::ostream*			check_attr_stdin = nullptr;
-	std::istream*			check_attr_stdout = NULL;
+	std::istream*			check_attr_stdout = nullptr;
 	if (git_version() >= make_version(1, 8, 5)) {
 		// In Git 1.8.5 (released 27 Nov 2013) and higher, we use a single `git check-attr` process
 		// to get the attributes of all files at once.  In prior versions, we have to fork and exec
@@ -557,13 +612,20 @@ static void load_key (Key_file& key_file, const char* key_name, const char* key_
 
 static bool decrypt_repo_key (Key_file& key_file, const char* key_name, uint32_t key_version, const std::vector<std::string>& secret_keys, const std::string& keys_path)
 {
+	std::exception_ptr gpg_error;
+
 	for (std::vector<std::string>::const_iterator seckey(secret_keys.begin()); seckey != secret_keys.end(); ++seckey) {
 		std::ostringstream		path_builder;
 		path_builder << keys_path << '/' << (key_name ? key_name : "default") << '/' << key_version << '/' << *seckey << ".gpg";
 		std::string			path(path_builder.str());
 		if (access(path.c_str(), F_OK) == 0) {
 			std::stringstream	decrypted_contents;
-			gpg_decrypt_from_file(path, decrypted_contents);
+			try {
+				gpg_decrypt_from_file(path, decrypted_contents);
+			} catch (const Gpg_error&) {
+				gpg_error = std::current_exception();
+				continue;
+			}
 			Key_file		this_version_key_file;
 			this_version_key_file.load(decrypted_contents);
 			const Key_file::Entry*	this_version_entry = this_version_key_file.get(key_version);
@@ -578,6 +640,11 @@ static bool decrypt_repo_key (Key_file& key_file, const char* key_name, uint32_t
 			return true;
 		}
 	}
+
+	if (gpg_error) {
+		std::rethrow_exception(gpg_error);
+	}
+
 	return false;
 }
 
@@ -1126,7 +1193,7 @@ int lock (int argc, const char** argv)
 	}
 	if (!git_checkout(encrypted_files)) {
 		std::clog << "Error: 'git checkout' failed" << std::endl;
-		std::clog << "git-crypt has been locked but up but existing decrypted files have not been encrypted" << std::endl;
+		std::clog << "git-crypt has been locked up but existing decrypted files have not been encrypted" << std::endl;
 		return 1;
 	}
 
@@ -1202,6 +1269,7 @@ int add_gpg_user (int argc, const char** argv)
 		state_gitattributes_file << "# Do not edit this file.  To specify the files to encrypt, create your own\n";
 		state_gitattributes_file << "# .gitattributes file in the directory where your files are.\n";
 		state_gitattributes_file << "* !filter !diff\n";
+		state_gitattributes_file << "*.gpg binary\n";
 		state_gitattributes_file.close();
 		if (!state_gitattributes_file) {
 			std::clog << "Error: unable to write " << state_gitattributes_path << std::endl;

commands.hpp

@@ -70,4 +70,7 @@ void help_migrate_key (std::ostream&);
 void help_refresh (std::ostream&);
 void help_status (std::ostream&);
 
+// other
+std::string get_git_config (const std::string& name);
+
 #endif

coprocess-unix.cpp

@@ -41,7 +41,7 @@ static int execvp (const std::string& file, const std::vector<std::string>& args
 	for (std::vector<std::string>::const_iterator arg(args.begin()); arg != args.end(); ++arg) {
 		args_c_str.push_back(arg->c_str());
 	}
-	args_c_str.push_back(NULL);
+	args_c_str.push_back(nullptr);
 	return execvp(file.c_str(), const_cast<char**>(&args_c_str[0]));
 }
 
@@ -50,10 +50,10 @@ Coprocess::Coprocess ()
 	pid = -1;
 	stdin_pipe_reader = -1;
 	stdin_pipe_writer = -1;
-	stdin_pipe_ostream = NULL;
+	stdin_pipe_ostream = nullptr;
 	stdout_pipe_reader = -1;
 	stdout_pipe_writer = -1;
-	stdout_pipe_istream = NULL;
+	stdout_pipe_istream = nullptr;
 }
 
 Coprocess::~Coprocess ()
@@ -79,7 +79,7 @@ std::ostream*	Coprocess::stdin_pipe ()
 void		Coprocess::close_stdin ()
 {
 	delete stdin_pipe_ostream;
-	stdin_pipe_ostream = NULL;
+	stdin_pipe_ostream = nullptr;
 	if (stdin_pipe_writer != -1) {
 		close(stdin_pipe_writer);
 		stdin_pipe_writer = -1;
@@ -107,7 +107,7 @@ std::istream*	Coprocess::stdout_pipe ()
 void		Coprocess::close_stdout ()
 {
 	delete stdout_pipe_istream;
-	stdout_pipe_istream = NULL;
+	stdout_pipe_istream = nullptr;
 	if (stdout_pipe_writer != -1) {
 		close(stdout_pipe_writer);
 		stdout_pipe_writer = -1;

coprocess-win32.cpp

@@ -96,14 +96,14 @@ static HANDLE spawn_command (const std::vector<std::string>& command, HANDLE std
 
 	std::string		cmdline(format_cmdline(command));
 
-	if (!CreateProcessA(NULL,		// application name (NULL to use command line)
+	if (!CreateProcessA(nullptr,		// application name (nullptr to use command line)
 				const_cast<char*>(cmdline.c_str()),
-				NULL,		// process security attributes
+				nullptr,	// process security attributes
-				NULL,		// primary thread security attributes
+				nullptr,	// primary thread security attributes
 				TRUE,		// handles are inherited
 				0,		// creation flags
-				NULL,		// use parent's environment
+				nullptr,	// use parent's environment
-				NULL,		// use parent's current directory
+				nullptr,	// use parent's current directory
 				&start_info,
 				&proc_info)) {
 		throw System_error("CreateProcess", cmdline, GetLastError());
@@ -117,13 +117,13 @@ static HANDLE spawn_command (const std::vector<std::string>& command, HANDLE std
 
 Coprocess::Coprocess ()
 {
-	proc_handle = NULL;
+	proc_handle = nullptr;
-	stdin_pipe_reader = NULL;
+	stdin_pipe_reader = nullptr;
-	stdin_pipe_writer = NULL;
+	stdin_pipe_writer = nullptr;
-	stdin_pipe_ostream = NULL;
+	stdin_pipe_ostream = nullptr;
-	stdout_pipe_reader = NULL;
+	stdout_pipe_reader = nullptr;
-	stdout_pipe_writer = NULL;
+	stdout_pipe_writer = nullptr;
-	stdout_pipe_istream = NULL;
+	stdout_pipe_istream = nullptr;
 }
 
 Coprocess::~Coprocess ()
@@ -143,7 +143,7 @@ std::ostream*	Coprocess::stdin_pipe ()
 		// Set the bInheritHandle flag so pipe handles are inherited.
 		sec_attr.nLength = sizeof(SECURITY_ATTRIBUTES);
 		sec_attr.bInheritHandle = TRUE;
-		sec_attr.lpSecurityDescriptor = NULL;
+		sec_attr.lpSecurityDescriptor = nullptr;
 
 		// Create a pipe for the child process's STDIN.
 		if (!CreatePipe(&stdin_pipe_reader, &stdin_pipe_writer, &sec_attr, 0)) {
@@ -163,14 +163,14 @@ std::ostream*	Coprocess::stdin_pipe ()
 void		Coprocess::close_stdin ()
 {
 	delete stdin_pipe_ostream;
-	stdin_pipe_ostream = NULL;
+	stdin_pipe_ostream = nullptr;
 	if (stdin_pipe_writer) {
 		CloseHandle(stdin_pipe_writer);
-		stdin_pipe_writer = NULL;
+		stdin_pipe_writer = nullptr;
 	}
 	if (stdin_pipe_reader) {
 		CloseHandle(stdin_pipe_reader);
-		stdin_pipe_reader = NULL;
+		stdin_pipe_reader = nullptr;
 	}
 }
 
@@ -182,7 +182,7 @@ std::istream*	Coprocess::stdout_pipe ()
 		// Set the bInheritHandle flag so pipe handles are inherited.
 		sec_attr.nLength = sizeof(SECURITY_ATTRIBUTES);
 		sec_attr.bInheritHandle = TRUE;
-		sec_attr.lpSecurityDescriptor = NULL;
+		sec_attr.lpSecurityDescriptor = nullptr;
 
 		// Create a pipe for the child process's STDOUT.
 		if (!CreatePipe(&stdout_pipe_reader, &stdout_pipe_writer, &sec_attr, 0)) {
@@ -202,27 +202,27 @@ std::istream*	Coprocess::stdout_pipe ()
 void		Coprocess::close_stdout ()
 {
 	delete stdout_pipe_istream;
-	stdout_pipe_istream = NULL;
+	stdout_pipe_istream = nullptr;
 	if (stdout_pipe_writer) {
 		CloseHandle(stdout_pipe_writer);
-		stdout_pipe_writer = NULL;
+		stdout_pipe_writer = nullptr;
 	}
 	if (stdout_pipe_reader) {
 		CloseHandle(stdout_pipe_reader);
-		stdout_pipe_reader = NULL;
+		stdout_pipe_reader = nullptr;
 	}
 }
 
 void		Coprocess::spawn (const std::vector<std::string>& args)
 {
-	proc_handle = spawn_command(args, stdin_pipe_reader, stdout_pipe_writer, NULL);
+	proc_handle = spawn_command(args, stdin_pipe_reader, stdout_pipe_writer, nullptr);
 	if (stdin_pipe_reader) {
 		CloseHandle(stdin_pipe_reader);
-		stdin_pipe_reader = NULL;
+		stdin_pipe_reader = nullptr;
 	}
 	if (stdout_pipe_writer) {
 		CloseHandle(stdout_pipe_writer);
-		stdout_pipe_writer = NULL;
+		stdout_pipe_writer = nullptr;
 	}
 }
 
@@ -243,7 +243,7 @@ int		Coprocess::wait ()
 size_t		Coprocess::write_stdin (void* handle, const void* buf, size_t count)
 {
 	DWORD		bytes_written;
-	if (!WriteFile(static_cast<Coprocess*>(handle)->stdin_pipe_writer, buf, count, &bytes_written, NULL)) {
+	if (!WriteFile(static_cast<Coprocess*>(handle)->stdin_pipe_writer, buf, count, &bytes_written, nullptr)) {
 		throw System_error("WriteFile", "", GetLastError());
 	}
 	return bytes_written;
@@ -257,7 +257,7 @@ size_t		Coprocess::read_stdout (void* handle, void* buf, size_t count)
 	// fails with ERROR_BROKEN_PIPE.
 	DWORD bytes_read;
 	do {
-		if (!ReadFile(static_cast<Coprocess*>(handle)->stdout_pipe_reader, buf, count, &bytes_read, NULL)) {
+		if (!ReadFile(static_cast<Coprocess*>(handle)->stdout_pipe_reader, buf, count, &bytes_read, nullptr)) {
 			const DWORD	read_error = GetLastError();
 			if (read_error != ERROR_BROKEN_PIPE) {
 				throw System_error("ReadFile", "", read_error);

crypto-openssl-10.cpp

@@ -28,6 +28,10 @@
  * as that of the covered work.
  */
 
+#include <openssl/opensslconf.h>
+
+#if !defined(OPENSSL_API_COMPAT)
+
 #include "crypto.hpp"
 #include "key.hpp"
 #include "util.hpp"
@@ -59,8 +63,8 @@ Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key)
 
 Aes_ecb_encryptor::~Aes_ecb_encryptor ()
 {
-	// Note: Explicit destructor necessary because class contains an auto_ptr
+	// Note: Explicit destructor necessary because class contains an unique_ptr
-	// which contains an incomplete type when the auto_ptr is declared.
+	// which contains an incomplete type when the unique_ptr is declared.
 
 	explicit_memset(&impl->key, '\0', sizeof(impl->key));
 }
@@ -82,8 +86,8 @@ Hmac_sha1_state::Hmac_sha1_state (const unsigned char* key, size_t key_len)
 
 Hmac_sha1_state::~Hmac_sha1_state ()
 {
-	// Note: Explicit destructor necessary because class contains an auto_ptr
+	// Note: Explicit destructor necessary because class contains an unique_ptr
-	// which contains an incomplete type when the auto_ptr is declared.
+	// which contains an incomplete type when the unique_ptr is declared.
 
 	HMAC_cleanup(&(impl->ctx));
 }
@@ -113,3 +117,4 @@ void random_bytes (unsigned char* buffer, size_t len)
 	}
 }
 
+#endif

crypto-openssl-11.cpp

@@ -0,0 +1,119 @@
+/*
+ * Copyright 2012, 2014 Andrew Ayer
+ *
+ * This file is part of git-crypt.
+ *
+ * git-crypt is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * git-crypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with git-crypt.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Additional permission under GNU GPL version 3 section 7:
+ *
+ * If you modify the Program, or any covered work, by linking or
+ * combining it with the OpenSSL project's OpenSSL library (or a
+ * modified version of that library), containing parts covered by the
+ * terms of the OpenSSL or SSLeay licenses, the licensors of the Program
+ * grant you additional permission to convey the resulting work.
+ * Corresponding Source for a non-source form of such a combination
+ * shall include the source code for the parts of OpenSSL used as well
+ * as that of the covered work.
+ */
+
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_API_COMPAT)
+
+#include "crypto.hpp"
+#include "key.hpp"
+#include "util.hpp"
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <sstream>
+#include <cstring>
+
+void init_crypto ()
+{
+	ERR_load_crypto_strings();
+}
+
+struct Aes_ecb_encryptor::Aes_impl {
+	AES_KEY key;
+};
+
+Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key)
+: impl(new Aes_impl)
+{
+	if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
+		throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "AES_set_encrypt_key failed");
+	}
+}
+
+Aes_ecb_encryptor::~Aes_ecb_encryptor ()
+{
+	// Note: Explicit destructor necessary because class contains an unique_ptr
+	// which contains an incomplete type when the unique_ptr is declared.
+
+	explicit_memset(&impl->key, '\0', sizeof(impl->key));
+}
+
+void Aes_ecb_encryptor::encrypt(const unsigned char* plain, unsigned char* cipher)
+{
+	AES_encrypt(plain, cipher, &(impl->key));
+}
+
+struct Hmac_sha1_state::Hmac_impl {
+	HMAC_CTX *ctx;
+};
+
+Hmac_sha1_state::Hmac_sha1_state (const unsigned char* key, size_t key_len)
+: impl(new Hmac_impl)
+{
+
+	impl->ctx = HMAC_CTX_new();
+	HMAC_Init_ex(impl->ctx, key, key_len, EVP_sha1(), nullptr);
+}
+
+Hmac_sha1_state::~Hmac_sha1_state ()
+{
+	HMAC_CTX_free(impl->ctx);
+}
+
+void Hmac_sha1_state::add (const unsigned char* buffer, size_t buffer_len)
+{
+	HMAC_Update(impl->ctx, buffer, buffer_len);
+}
+
+void Hmac_sha1_state::get (unsigned char* digest)
+{
+	unsigned int len;
+	HMAC_Final(impl->ctx, digest, &len);
+}
+
+
+void random_bytes (unsigned char* buffer, size_t len)
+{
+	if (RAND_bytes(buffer, len) != 1) {
+		std::ostringstream	message;
+		while (unsigned long code = ERR_get_error()) {
+			char		error_string[120];
+			ERR_error_string_n(code, error_string, sizeof(error_string));
+			message << "OpenSSL Error: " << error_string << "; ";
+		}
+		throw Crypto_error("random_bytes", message.str());
+	}
+}
+
+#endif

crypto.hpp

@@ -57,7 +57,7 @@ public:
 private:
 	struct Aes_impl;
 
-	std::auto_ptr<Aes_impl>	impl;
+	std::unique_ptr<Aes_impl>	impl;
 
 public:
 	Aes_ecb_encryptor (const unsigned char* key);
@@ -102,7 +102,7 @@ public:
 private:
 	struct Hmac_impl;
 
-	std::auto_ptr<Hmac_impl>	impl;
+	std::unique_ptr<Hmac_impl>	impl;
 
 public:
 	Hmac_sha1_state (const unsigned char* key, size_t key_len);

git-crypt.hpp

@@ -31,7 +31,7 @@
 #ifndef GIT_CRYPT_GIT_CRYPT_HPP
 #define GIT_CRYPT_GIT_CRYPT_HPP
 
-#define VERSION "0.5.0"
+#define VERSION "0.7.0"
 
 extern const char*	argv0;	// initialized in main() to argv[0]
 

gpg.cpp

@@ -30,8 +30,18 @@
 
 #include "gpg.hpp"
 #include "util.hpp"
+#include "commands.hpp"
 #include <sstream>
 
+static std::string gpg_get_executable()
+{
+	std::string gpgbin = "gpg";
+	try {
+		gpgbin = get_git_config("gpg.program");
+	} catch (...) {
+	}
+	return gpgbin;
+}
 static std::string gpg_nth_column (const std::string& line, unsigned int col)
 {
 	std::string::size_type	pos = 0;
@@ -62,7 +72,7 @@ std::string gpg_get_uid (const std::string& fingerprint)
 {
 	// gpg --batch --with-colons --fixed-list-mode --list-keys 0x7A399B2DB06D039020CD1CE1D0F3702D61489532
 	std::vector<std::string>	command;
-	command.push_back("gpg");
+	command.push_back(gpg_get_executable());
 	command.push_back("--batch");
 	command.push_back("--with-colons");
 	command.push_back("--fixed-list-mode");
@@ -94,7 +104,7 @@ std::vector<std::string> gpg_lookup_key (const std::string& query)
 
 	// gpg --batch --with-colons --fingerprint --list-keys jsmith@example.com
 	std::vector<std::string>	command;
-	command.push_back("gpg");
+	command.push_back(gpg_get_executable());
 	command.push_back("--batch");
 	command.push_back("--with-colons");
 	command.push_back("--fingerprint");
@@ -125,7 +135,7 @@ std::vector<std::string> gpg_list_secret_keys ()
 {
 	// gpg --batch --with-colons --list-secret-keys --fingerprint
 	std::vector<std::string>	command;
-	command.push_back("gpg");
+	command.push_back(gpg_get_executable());
 	command.push_back("--batch");
 	command.push_back("--with-colons");
 	command.push_back("--list-secret-keys");
@@ -154,7 +164,7 @@ void gpg_encrypt_to_file (const std::string& filename, const std::string& recipi
 {
 	// gpg --batch -o FILENAME -r RECIPIENT -e
 	std::vector<std::string>	command;
-	command.push_back("gpg");
+	command.push_back(gpg_get_executable());
 	command.push_back("--batch");
 	if (key_is_trusted) {
 		command.push_back("--trust-model");
@@ -174,7 +184,7 @@ void gpg_decrypt_from_file (const std::string& filename, std::ostream& output)
 {
 	// gpg -q -d FILENAME
 	std::vector<std::string>	command;
-	command.push_back("gpg");
+	command.push_back(gpg_get_executable());
 	command.push_back("-q");
 	command.push_back("-d");
 	command.push_back(filename);

man/git-crypt.xml

@@ -7,8 +7,8 @@
 	-->
 	<refentryinfo>
 		<title>git-crypt</title>
-		<date>2015-05-30</date>
+		<date>2022-04-21</date>
-		<productname>git-crypt 0.5.0</productname>
+		<productname>git-crypt 0.7.0</productname>
 
 		<author>
 			<othername>Andrew Ayer</othername>

parse_options.cpp

@@ -43,7 +43,7 @@ int parse_options (const Options_list& options, int argc, const char** argv)
 {
 	int	argi = 0;
 
-	while (argi < argc && argv[argi][0] == '-') {
+	while (argi < argc && argv[argi][0] == '-' && argv[argi][1] != '\0') {
 		if (std::strcmp(argv[argi], "--") == 0) {
 			++argi;
 			break;

util-unix.cpp

@@ -125,40 +125,20 @@ void	mkdir_parent (const std::string& path)
 	}
 }
 
-static std::string readlink (const char* pathname)
-{
-	std::vector<char>	buffer(64);
-	ssize_t			len;
-
-	while ((len = ::readlink(pathname, &buffer[0], buffer.size())) == static_cast<ssize_t>(buffer.size())) {
-		// buffer may have been truncated - grow and try again
-		buffer.resize(buffer.size() * 2);
-	}
-	if (len == -1) {
-		throw System_error("readlink", pathname, errno);
-	}
-
-	return std::string(buffer.begin(), buffer.begin() + len);
-}
-
 std::string our_exe_path ()
 {
-	try {
+	if (argv0[0] == '/') {
-		return readlink("/proc/self/exe");
+		// argv[0] starts with / => it's an absolute path
-	} catch (const System_error&) {
+		return argv0;
-		if (argv0[0] == '/') {
+	} else if (std::strchr(argv0, '/')) {
-			// argv[0] starts with / => it's an absolute path
+		// argv[0] contains / => it a relative path that should be resolved
-			return argv0;
+		char*		resolved_path_p = realpath(argv0, nullptr);
-		} else if (std::strchr(argv0, '/')) {
+		std::string	resolved_path(resolved_path_p);
-			// argv[0] contains / => it a relative path that should be resolved
+		free(resolved_path_p);
-			char*		resolved_path_p = realpath(argv0, NULL);
+		return resolved_path;
-			std::string	resolved_path(resolved_path_p);
+	} else {
-			free(resolved_path_p);
+		// argv[0] is just a bare filename => not much we can do
-			return resolved_path;
+		return argv0;
-		} else {
-			// argv[0] is just a bare filename => not much we can do
-			return argv0;
-		}
 	}
 }
 
@@ -169,7 +149,7 @@ int	exit_status (int wait_status)
 
 void	touch_file (const std::string& filename)
 {
-	if (utimes(filename.c_str(), NULL) == -1 && errno != ENOENT) {
+	if (utimes(filename.c_str(), nullptr) == -1 && errno != ENOENT) {
 		throw System_error("utimes", filename, errno);
 	}
 }
@@ -199,19 +179,6 @@ int util_rename (const char* from, const char* to)
 	return rename(from, to);
 }
 
-static size_t sizeof_dirent_for (DIR* p)
-{
-	long name_max = fpathconf(dirfd(p), _PC_NAME_MAX);
-	if (name_max == -1) {
-		#ifdef NAME_MAX
-		name_max = NAME_MAX;
-		#else
-		name_max = 255;
-		#endif
-	}
-	return offsetof(struct dirent, d_name) + name_max + 1; // final +1 is for d_name's null terminator
-}
-
 std::vector<std::string> get_directory_contents (const char* path)
 {
 	std::vector<std::string>		contents;
@@ -221,19 +188,23 @@ std::vector<std::string> get_directory_contents (const char* path)
 		throw System_error("opendir", path, errno);
 	}
 	try {
-		std::vector<unsigned char>	buffer(sizeof_dirent_for(dir));
+		errno = 0;
-		struct dirent*			dirent_buffer = reinterpret_cast<struct dirent*>(&buffer[0]);
+		// Note: readdir is reentrant in new implementations. In old implementations,
-		struct dirent*			ent = NULL;
+		// it might not be, but git-crypt isn't multi-threaded so that's OK.
-		int				err = 0;
+		// We don't use readdir_r because it's buggy and deprecated:
-		while ((err = readdir_r(dir, dirent_buffer, &ent)) == 0 && ent != NULL) {
+		//  https://womble.decadent.org.uk/readdir_r-advisory.html
-			if (std::strcmp(ent->d_name, ".") == 0 || std::strcmp(ent->d_name, "..") == 0) {
+		//  http://austingroupbugs.net/view.php?id=696
-				continue;
+		//  http://man7.org/linux/man-pages/man3/readdir_r.3.html
+		while (struct dirent* ent = readdir(dir)) {
+			if (!(std::strcmp(ent->d_name, ".") == 0 || std::strcmp(ent->d_name, "..") == 0)) {
+				contents.push_back(ent->d_name);
 			}
-			contents.push_back(ent->d_name);
 		}
-		if (err != 0) {
+
-			throw System_error("readdir_r", path, errno);
+		if (errno) {
+			throw System_error("readdir", path, errno);
 		}
+
 	} catch (...) {
 		closedir(dir);
 		throw;

util-win32.cpp

@@ -46,12 +46,12 @@ std::string System_error::message () const
 		LPTSTR	error_message;
 		FormatMessageA(
 			FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
-			NULL,
+			nullptr,
 			error,
 			MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
 			reinterpret_cast<LPTSTR>(&error_message),
 			0,
-			NULL);
+			nullptr);
 		mesg += error_message;
 		LocalFree(error_message);
 	}
@@ -100,7 +100,7 @@ void	mkdir_parent (const std::string& path)
 		std::string		prefix(path.substr(0, slash));
 		if (GetFileAttributes(prefix.c_str()) == INVALID_FILE_ATTRIBUTES) {
 			// prefix does not exist, so try to create it
-			if (!CreateDirectory(prefix.c_str(), NULL)) {
+			if (!CreateDirectory(prefix.c_str(), nullptr)) {
 				throw System_error("CreateDirectory", prefix, GetLastError());
 			}
 		}
@@ -114,7 +114,7 @@ std::string our_exe_path ()
 	std::vector<char>	buffer(128);
 	size_t			len;
 
-	while ((len = GetModuleFileNameA(NULL, &buffer[0], buffer.size())) == buffer.size()) {
+	while ((len = GetModuleFileNameA(nullptr, &buffer[0], buffer.size())) == buffer.size()) {
 		// buffer may have been truncated - grow and try again
 		buffer.resize(buffer.size() * 2);
 	}
@@ -132,7 +132,7 @@ int exit_status (int status)
 
 void	touch_file (const std::string& filename)
 {
-	HANDLE	fh = CreateFileA(filename.c_str(), FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
+	HANDLE	fh = CreateFileA(filename.c_str(), FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ, nullptr, OPEN_EXISTING, 0, nullptr);
 	if (fh == INVALID_HANDLE_VALUE) {
 		DWORD	error = GetLastError();
 		if (error == ERROR_FILE_NOT_FOUND) {
@@ -146,7 +146,7 @@ void	touch_file (const std::string& filename)
 	FILETIME	file_time;
 	SystemTimeToFileTime(&system_time, &file_time);
 
-	if (!SetFileTime(fh, NULL, NULL, &file_time)) {
+	if (!SetFileTime(fh, nullptr, nullptr, &file_time)) {
 		DWORD	error = GetLastError();
 		CloseHandle(fh);
 		throw System_error("SetFileTime", filename, error);