SQLCipher(v) compatibility with openssl(v)

Hello,

New to sqlcipher world , One of our Android app uses SQLCipher v3.3.1 with openssl v1.0.2j.

Problem:
v1.0.2j openssl has known vulnerabilities and required to update to new latest openssl v1.1.1g.

Queries:

  1. SQLCipher v3.3.1 can be ported to use openssl v1.1.1g(Latest Openssl)? Any changes needed at app side if done? Where to find the compatibility details document?

2)Or move our app to use SQLCipher v4.4.0 which uses openssl v1.1.1g(Latest Openssl)? and flow upgrade steps as below?

Please suggest the best approach and thoughts on this .

Thanks
Nithin

Hello @Nithin_SC

Our recommendation would be to upgrade to the latest version of SQLCipher, using the documentation linked above as your guide, that will provide you with the latest SQLCipher release including an updated OpenSSL integration.

1 Like

Thanks for the reply! " SQLCipher v3.3.1 can be ported to use openssl v1.1.1g(Latest Openssl)? Any changes needed at app side if done? Where to find the compatibility details document?" is this feasible?

Hi @Nithin_SC

We would still recommend upgrading to the latest SQLCipher for Android. If you have a need for a custom build of SQLCipher, please reach out at support@zetetic.net to discuss Enterprise Licensing.

error: undefined reference to ‘EVP_sha256’ undefined reference to ‘PKCS5_PBKDF2_HMAC’

We are getting above errors when used libsqlcipher.so(4.4.0). Please suggest.

Hi @Nithin_SC

Are you bundling the AAR as a Gradle reference? Are you able to reproduce this within the SQLCipher for Android test suite?

Hello! No, i am using prebuilt libsqlcipher.so(4.4.0) directly in my project and trying function PKCS5_PBKDF2_HMAC.

What do you mean by this? Can you post a sample of the code you are trying to execute? Can you post the stack trace you get?