OpenSsl 3.0 usage

FWIW - I’m trying out the newest android NDK (r23) for building SqlCipher 4.4.3. Quickly discovered an open issue with openssl in the 1.1.1 stuff that prevents usage of Android NDK r22 or r23 without some messing around. There is a fix someone has done, and it is merged, but it was merged a couple months after 1.1.1k. Anyway to work around that I decided to try 3.0.0 beta2 with SqlCipher which does have the fix. Openssl builds fine with new NDK, but during the SqlCipher 4.4.3 build it got deprecation warnings (HMAC usage) that I thought I should pass along in case anyone is interested. Should know in a day or two whether openssl 3.0.0 and SqlCipher 4.4.3 work ok together, I’m expecting they will :slight_smile: . Got SqlCipher build working today, but I haven’t used them in Android yet.

SqlCipher/Sqlite is using deprecated openssl stuff now warning with openssl 3.0. From a 4.4.3 amalgamation:

sqlite3.c:25263:10: warning: ‘HMAC_CTX_new’ is deprecated [-Wdeprecated-declarations]
hctx = HMAC_CTX_new();
sqlite3.c:25268:11: warning: ‘HMAC_Init_ex’ is deprecated [-Wdeprecated-declarations]
if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL)) goto error;
sqlite3.c:25271:11: warning: ‘HMAC_Init_ex’ is deprecated [-Wdeprecated-declarations]
if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL)) goto error;
sqlite3.c:25274:11: warning: ‘HMAC_Init_ex’ is deprecated [-Wdeprecated-declarations]
if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL)) goto error;
sqlite3.c:25280:7: warning: ‘HMAC_Update’ is deprecated [-Wdeprecated-declarations]
if(!HMAC_Update(hctx, in, in_sz)) goto error;
sqlite3.c:25282:9: warning: ‘HMAC_Update’ is deprecated [-Wdeprecated-declarations]
if(!HMAC_Update(hctx, in2, in2_sz)) goto error;
sqlite3.c:25284:7: warning: ‘HMAC_Final’ is deprecated [-Wdeprecated-declarations]
if(!HMAC_Final(hctx, out, &outlen)) goto error;
sqlite3.c:25290:12: warning: ‘HMAC_CTX_free’ is deprecated [-Wdeprecated-declarations]
if(hctx) HMAC_CTX_free(hctx);

HMAC related APIs have evidently been deprecated for a while, but the 3.0 build is the first time I’ve seen them explicitly warned during the build. Are there plans for SqlCipher to use the EVP_MAC_xxx APIs that are the intended replacements anytime soon?

If any of my build artifacts are useful to anyone in recreating this, let me know and I’ll provide them.

FWIW 2 - 4.4.3 built with openssl 3.0.0-beta2 and android NDK r23 seems to work fine…

Hi @skolson5903

Thanks for sharing your update on using SQLCipher for Android with an OpenSSL 3 beta!