Hello,

Here's a proposed diff to build sqlcipher against OpenSSL 3.5 for
MAC_EVP API support. I was working through an update for
net/flare-messenger and a recent change there brings in a vendored
BoringSSL version. The vendored copy of sqlcipher in libsqlite3-sys
wants to compile against OpenSSL supporting MAC_EVP which conflicts with
BoringSSL when linking.

Following FreeBSD's approach, libsqlite3-sys/presage/rusqlite can use an
external version of sqlcipher which allows the flare update to build and
link as expected.

The column metadata and unlock notify extensions are also required for
the flare update.

Thoughts?

Thanks,
Lucas
diff refs/heads/master refs/heads/sqlcipher
commit - 659a7907c02ba41794f66c9916169435e1147ecd
commit + d9d0ee1f0761bd7bf721db8d01275bd9d10157d6
blob - dab6e29e7c9b8bf15c9979a3d470bdbc330051a4
blob + 3b4f746b03054cc8e2d4a8d76c1df46d11cb2c6c
--- databases/sqlcipher/Makefile
+++ databases/sqlcipher/Makefile
@@ -3,8 +3,9 @@ COMMENT=        encrypted SQLite database
 GH_ACCOUNT=    sqlcipher
 GH_PROJECT=    sqlcipher
 GH_TAGNAME=    v4.16.0
+REVISION =     0
 
-SHARED_LIBS +=  sqlcipher                 3.3
+SHARED_LIBS +=  sqlcipher                 4.0
 
 CATEGORIES=    databases
 
@@ -13,8 +14,14 @@ HOMEPAGE=    https://www.zetetic.net/sqlcipher/
 # PD and BSD
 PERMIT_PACKAGE=        Yes
 
-WANTLIB += c crypto curses m pthread readline z
+OPENSSL_VSN =  3.5
+EOPENSSL_VSN = eopenssl${OPENSSL_VSN:C/\.//}
+EOPENSSL_LIB = ${LOCALBASE}/lib/${EOPENSSL_VSN}
+EOPENSSL_INC = ${LOCALBASE}/include/${EOPENSSL_VSN}
 
+WANTLIB += c curses m pthread readline z 
+WANTLIB += lib/${EOPENSSL_VSN}/crypto
+
 DEBUG_PACKAGES=        ${BUILD_PACKAGES}
 
 MODULES=       lang/tcl
@@ -22,6 +29,8 @@ MODTCL_VERSION=       8.6
 
 BUILD_DEPENDS= ${MODTCL_BUILD_DEPENDS}
 
+LIB_DEPENDS =  security/openssl/${OPENSSL_VSN}
+
 CONFIGURE_STYLE= simple
 
 CONFIGURE_ARGS=        --soname=${LIBsqlcipher_VERSION} \
@@ -32,15 +41,19 @@ CONFIGURE_ARGS=     --soname=${LIBsqlcipher_VERSION} \
 
 CONFIGURE_ENV= CCACHE=None \
                CFLAGS='${CFLAGS}' \
-               LDFLAGS='${LDFLAGS}' \
+               LDFLAGS='${LDFLAGS} ${LIBS}' \
                autosetup_tclsh=${MODTCL_BIN}
 
 CFLAGS+=       -DOMIT_MEMLOCK \
                -DSQLITE_EXTRA_INIT=sqlcipher_extra_init \
                -DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown \
-               -DSQLITE_HAS_CODEC
+               -DSQLITE_HAS_CODEC \
+               -DSQLITE_ENABLE_COLUMN_METADATA \
+               -DSQLITE_ENABLE_UNLOCK_NOTIFY \
+               -I${EOPENSSL_INC}
 
-LDFLAGS+=      -lcrypto
+LDFLAGS+=      -L${EOPENSSL_LIB} -lcrypto
+LIBS+=         -Wl,-rpath -Wl,${EOPENSSL_LIB}
 
 post-install:
        mv ${PREFIX}/bin/{sqlite3,sqlcipher}
blob - 6745e2d1cf8d2b21696d41b19fb56e2f9d5b82fc (mode 644)
blob + /dev/null
--- databases/sqlcipher/patches/patch-src_crypto_openssl_c
+++ /dev/null
@@ -1,94 +0,0 @@
-LibreSSL does not support the OpenSSL 3 EVP_MAC API
-
-Partial revert of
-https://github.com/sqlcipher/sqlcipher/commit/801b81a8d0c42c13f66de89805c3bfa0d1d450aa
-
-Index: src/crypto_openssl.c
---- src/crypto_openssl.c.orig
-+++ src/crypto_openssl.c
-@@ -156,6 +156,76 @@ static int sqlcipher_openssl_hmac(
- ) {
-   int rc = 0;
- 
-+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x30000000L)
-+  unsigned int outlen;
-+  HMAC_CTX* hctx = NULL;
-+
-+  if(in == NULL) goto error;
-+
-+  hctx = HMAC_CTX_new();
-+  if(hctx == NULL) {
-+    sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, 
"sqlcipher_openssl_hmac: HMAC_CTX_new() failed");
-+    sqlcipher_openssl_log_errors();
-+    goto error;
-+  }
-+
-+  switch(algorithm) {
-+    case SQLCIPHER_HMAC_SHA1:
-+      if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL))) {
-+        sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, 
"sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha1() 
returned %d", key_sz, rc);
-+        sqlcipher_openssl_log_errors();
-+        goto error;
-+      }
-+      break;
-+    case SQLCIPHER_HMAC_SHA256:
-+      if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL))) {
-+        sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, 
"sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha256() 
returned %d", key_sz, rc);
-+        sqlcipher_openssl_log_errors();
-+        goto error;
-+      }
-+      break;
-+    case SQLCIPHER_HMAC_SHA512:
-+      if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL))) {
-+        sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, 
"sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha512() 
returned %d", key_sz, rc);
-+        sqlcipher_openssl_log_errors();
-+        goto error;
-+      }
-+      break;
-+    default:
-+      sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, 
"sqlcipher_openssl_hmac: invalid algorithm %d", algorithm);
-+      goto error;
-+  }
-+
-+  if(!(rc = HMAC_Update(hctx, in, in_sz))) {
-+    sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, 
"sqlcipher_openssl_hmac: HMAC_Update() on 1st input buffer of %d bytes using 
algorithm %d returned %d", in_sz, algorithm, rc);
-+    sqlcipher_openssl_log_errors();
-+    goto error;
-+  }
-+
-+  if(in2 != NULL) {
-+    if(!(rc = HMAC_Update(hctx, in2, in2_sz))) {
-+      sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, 
"sqlcipher_openssl_hmac: HMAC_Update() on 2nd input buffer of %d bytes using 
algorithm %d returned %d", in2_sz, algorithm, rc);
-+      sqlcipher_openssl_log_errors();
-+      goto error;
-+    }
-+  }
-+
-+  if(!(rc = HMAC_Final(hctx, out, &outlen))) {
-+    sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, 
"sqlcipher_openssl_hmac: HMAC_Final() using algorithm %d returned %d", 
algorithm, rc);
-+    sqlcipher_openssl_log_errors();
-+    goto error;
-+  }
-+
-+  rc = SQLITE_OK;
-+  goto cleanup;
-+
-+error:
-+  rc = SQLITE_ERROR;
-+
-+cleanup:
-+  if(hctx) HMAC_CTX_free(hctx);
-+
-+#else
-   size_t outlen;
-   EVP_MAC *mac = NULL;
-   EVP_MAC_CTX *hctx = NULL;
-@@ -241,6 +311,8 @@ error:
- cleanup:
-   if(hctx) EVP_MAC_CTX_free(hctx);
-   if(mac) EVP_MAC_free(mac);
-+
-+#endif
- 
-   return rc;
- }

Reply via email to