Bug#828555: sqlcipher: FTBFS with openssl 1.1.0

Mon, 28 Nov 2016 10:04:31 -0800 

Package: sqlcipher
Version: 3.2.0-1.1+b2
Followup-For: Bug #828555

Sqlcipher 3.4.0 was released but still subject to openssl 1.1 incompatibility.

Besides the fact that some 3.2 debian patches don't apply to 3.4, I managed
to rebuild the latter with the attached patch.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.10 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages sqlcipher depends on:
ii  libc6          2.24-5
ii  libreadline7   7.0-1
ii  libsqlcipher0  3.2.0-1.1+b2
ii  libtinfo5      6.0+20160917-1

sqlcipher recommends no packages.

Versions of packages sqlcipher suggests:
pn  sqlite3-doc  <none>

-- no debconf information

--- a/src/crypto_openssl.c
+++ b/src/crypto_openssl.c
@@ -155,14 +155,24 @@
 }
 
 static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
-  HMAC_CTX hctx;
   unsigned int outlen;
+#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+  HMAC_CTX *hctx;
+  hctx = HMAC_CTX_new();
+  HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL);
+  HMAC_Update(hctx, in, in_sz);
+  HMAC_Update(hctx, in2, in2_sz);
+  HMAC_Final(hctx, out, &outlen);
+  HMAC_CTX_free(hctx);
+#else
+  HMAC_CTX hctx;
   HMAC_CTX_init(&hctx);
   HMAC_Init_ex(&hctx, hmac_key, key_sz, EVP_sha1(), NULL);
   HMAC_Update(&hctx, in, in_sz);
   HMAC_Update(&hctx, in2, in2_sz);
   HMAC_Final(&hctx, out, &outlen);
   HMAC_CTX_cleanup(&hctx);
+#endif
   return SQLITE_OK; 
 }
 
@@ -172,9 +182,23 @@
 }
 
 static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
-  EVP_CIPHER_CTX ectx;
   int tmp_csz, csz;
  
+#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+  EVP_CIPHER_CTX *ectx;
+  ectx = EVP_CIPHER_CTX_new();
+  EVP_CipherInit(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
+  EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding
+  EVP_CipherInit(ectx, NULL, key, iv, mode);
+  EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz);
+  csz = tmp_csz;  
+  out += tmp_csz;
+  EVP_CipherFinal(ectx, out, &tmp_csz);
+  csz += tmp_csz;
+  EVP_CIPHER_CTX_free(ectx);
+
+#else
+  EVP_CIPHER_CTX ectx;
   EVP_CipherInit(&ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
   EVP_CIPHER_CTX_set_padding(&ectx, 0); // no padding
   EVP_CipherInit(&ectx, NULL, key, iv, mode);
@@ -184,7 +208,9 @@
   EVP_CipherFinal(&ectx, out, &tmp_csz);
   csz += tmp_csz;
   EVP_CIPHER_CTX_cleanup(&ectx);
+#endif
   assert(in_sz == csz);
+  
   return SQLITE_OK; 
 }

Reply via email to