1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
LibreSSL does not support the OpenSSL 3 EVP_MAC API
Partial revert of
https://github.com/sqlcipher/sqlcipher/commit/801b81a8d0c42c13f66de89805c3bfa0d1d450aa
Index: src/crypto_openssl.c
--- src/crypto_openssl.c.orig
+++ src/crypto_openssl.c
@@ -156,6 +156,76 @@ static int sqlcipher_openssl_hmac(
) {
int rc = 0;
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x30000000L)
+ unsigned int outlen;
+ HMAC_CTX* hctx = NULL;
+
+ if(in == NULL) goto error;
+
+ hctx = HMAC_CTX_new();
+ if(hctx == NULL) {
+ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_CTX_new() failed");
+ sqlcipher_openssl_log_errors();
+ goto error;
+ }
+
+ switch(algorithm) {
+ case SQLCIPHER_HMAC_SHA1:
+ if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL))) {
+ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha1() returned %d", key_sz, rc);
+ sqlcipher_openssl_log_errors();
+ goto error;
+ }
+ break;
+ case SQLCIPHER_HMAC_SHA256:
+ if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL))) {
+ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha256() returned %d", key_sz, rc);
+ sqlcipher_openssl_log_errors();
+ goto error;
+ }
+ break;
+ case SQLCIPHER_HMAC_SHA512:
+ if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL))) {
+ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha512() returned %d", key_sz, rc);
+ sqlcipher_openssl_log_errors();
+ goto error;
+ }
+ break;
+ default:
+ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: invalid algorithm %d", algorithm);
+ goto error;
+ }
+
+ if(!(rc = HMAC_Update(hctx, in, in_sz))) {
+ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Update() on 1st input buffer of %d bytes using algorithm %d returned %d", in_sz, algorithm, rc);
+ sqlcipher_openssl_log_errors();
+ goto error;
+ }
+
+ if(in2 != NULL) {
+ if(!(rc = HMAC_Update(hctx, in2, in2_sz))) {
+ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Update() on 2nd input buffer of %d bytes using algorithm %d returned %d", in2_sz, algorithm, rc);
+ sqlcipher_openssl_log_errors();
+ goto error;
+ }
+ }
+
+ if(!(rc = HMAC_Final(hctx, out, &outlen))) {
+ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Final() using algorithm %d returned %d", algorithm, rc);
+ sqlcipher_openssl_log_errors();
+ goto error;
+ }
+
+ rc = SQLITE_OK;
+ goto cleanup;
+
+error:
+ rc = SQLITE_ERROR;
+
+cleanup:
+ if(hctx) HMAC_CTX_free(hctx);
+
+#else
size_t outlen;
EVP_MAC *mac = NULL;
EVP_MAC_CTX *hctx = NULL;
@@ -241,6 +311,8 @@ error:
cleanup:
if(hctx) EVP_MAC_CTX_free(hctx);
if(mac) EVP_MAC_free(mac);
+
+#endif
return rc;
}
|
