sqlite: better compatibility fix for PKCS5_PBKDF2_HMAC for old OpenSSL.

2020-11-21 19:19:11 +03:00 · 2020-11-21 19:19:11 +03:00 · a5514d3570
commit a5514d3570
parent ff23f155a0
1 changed files with 6 additions and 5 deletions
--- a/sqlite/sqlite/sqlite3.c
+++ b/sqlite/sqlite/sqlite3.c
@ -24746,11 +24746,6 @@ int sqlcipher_nss_setup(sqlcipher_provider *p) {
 #include <openssl/err.h>

 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10000000L
-// the function was missed in the header before 777c47acbeecf9602cc465864c9f5f2c609c989d
-int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
-                      const unsigned char *salt, int saltlen, int iter,
-                      const EVP_MD *digest, int keylen, unsigned char *out);
-
 // HMAC_* functions returned void before 87d52468aa600e02326e13f01331e1f3b8602ed0
 #define HMAC_Init_ex_(...) (HMAC_Init_ex(__VA_ARGS__), 1)
 #define HMAC_Update_(...) (HMAC_Update(__VA_ARGS__), 1)
@ -24963,6 +24958,11 @@ cleanup:
 static int sqlcipher_openssl_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
  int rc = SQLITE_OK; 

+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10000000L
+// PKCS5_PBKDF2_HMAC was added in 856640b54f3d22a34d6565e9c78c441a15222577 and added to the header only in 777c47acbeecf9602cc465864c9f5f2c609c989d,
+// so use PKCS5_PBKDF2_HMAC_SHA1 unconditionally if OpenSSL < 1.0.0
+  if(!PKCS5_PBKDF2_HMAC_SHA1((const char *)pass, pass_sz, salt, salt_sz, workfactor, key_sz, key)) goto error;
+#else
  switch(algorithm) {
    case SQLCIPHER_HMAC_SHA1:
      if(!PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha1(), key_sz, key)) goto error;
@ -24976,6 +24976,7 @@ static int sqlcipher_openssl_kdf(void *ctx, int algorithm, const unsigned char *
    default:
      return SQLITE_ERROR;
  }
+#endif

  goto cleanup;
 error: