@@ -568,8 +568,22 @@ int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
568568 if (c_ctx -> pass_sz == ((c_ctx -> key_sz * 2 )+ 3 ) && sqlite3StrNICmp (c_ctx -> pass ,"x'" , 2 ) == 0 ) {
569569 int n = c_ctx -> pass_sz - 3 ; /* adjust for leading x' and tailing ' */
570570 const char * z = c_ctx -> pass + 2 ; /* adjust lead offset of x' */
571- CODEC_TRACE (("codec_key_derive: deriving key from hex\n" ));
571+ unsigned char * key_tmp ;
572+
573+ #ifndef OMIT_RAW_PBKDF2
574+ CODEC_TRACE (("codec_key_derive: deriving cipher key from raw key with fast PBKDF2 %d iterations\n" , c_ctx -> fast_kdf_iter ));
575+ key_tmp = sqlcipher_malloc (c_ctx -> key_sz );
576+ if (key_tmp == NULL ) return SQLITE_NOMEM ;
577+ cipher_hex2bin (z , n , key_tmp );
578+ PKCS5_PBKDF2_HMAC_SHA1 ( key_tmp , c_ctx -> key_sz ,
579+ ctx -> kdf_salt , ctx -> kdf_salt_sz ,
580+ c_ctx -> fast_kdf_iter , c_ctx -> key_sz , c_ctx -> key );
581+ sqlcipher_free (key_tmp , c_ctx -> key_sz );
582+ #else
583+ CODEC_TRACE (("codec_key_derive: using raw key from hex as cipher_key\n" ));
572584 cipher_hex2bin (z , n , c_ctx -> key );
585+ #endif
586+
573587 } else {
574588 CODEC_TRACE (("codec_key_derive: deriving key using full PBKDF2 with %d iterations\n" , c_ctx -> kdf_iter ));
575589 PKCS5_PBKDF2_HMAC_SHA1 ( c_ctx -> pass , c_ctx -> pass_sz ,
@@ -594,7 +608,7 @@ int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
594608 ctx -> hmac_kdf_salt [i ] ^= HMAC_SALT_MASK ;
595609 }
596610
597- CODEC_TRACE (("codec_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations\n" ,
611+ CODEC_TRACE (("codec_key_derive: deriving hmac key from encryption key using fast PBKDF2 with %d iterations\n" ,
598612 c_ctx -> fast_kdf_iter ));
599613 PKCS5_PBKDF2_HMAC_SHA1 ( (const char * )c_ctx -> key , c_ctx -> key_sz ,
600614 ctx -> hmac_kdf_salt , ctx -> kdf_salt_sz ,
0 commit comments