From 787cbae31a70b04f82f4bf7c74a0abfc81d68922 Mon Sep 17 00:00:00 2001 From: Stephen Lombardo Date: Wed, 17 Oct 2018 20:31:23 -0400 Subject: [PATCH 1/5] adjustments to version reporting --- src/crypto.c | 12 +++++++----- src/crypto.h | 11 +++++++++-- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 51255e8b..13d7eb8c 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -39,10 +39,6 @@ #include "sqlcipher-license.h" #endif -static const char* codec_get_cipher_version() { - return CIPHER_VERSION; -} - /* Generate code to return a string value */ static void codec_vdbe_return_static_string(Parse *pParse, const char *zLabel, const char *value){ Vdbe *v = sqlite3GetVdbe(pParse); @@ -166,7 +162,13 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef } } else if( sqlite3StrICmp(zLeft, "cipher_version")==0 && !zRight ){ - codec_vdbe_return_static_string(pParse, "cipher_version", codec_get_cipher_version()); +#ifdef CIPHER_VERSION_QUALIFIER + char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD)); +#else + char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD)); +#endif + codec_vdbe_return_static_string(pParse, "cipher_version", version); + sqlite3_free(version); }else if( sqlite3StrICmp(zLeft, "cipher")==0 ){ if(ctx) { diff --git a/src/crypto.h b/src/crypto.h index 05cb64c5..7f91c4d2 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -54,8 +54,15 @@ void sqlite3pager_reset(Pager *pPager); #define FILE_HEADER_SZ 16 -#ifndef CIPHER_VERSION -#define CIPHER_VERSION "4.0.0 community" +#define CIPHER_XSTR(s) CIPHER_STR(s) +#define CIPHER_STR(s) #s + +#ifndef CIPHER_VERSION_NUMBER +#define CIPHER_VERSION_NUMBER 4.0.0 +#endif + +#ifndef CIPHER_VERSION_BUILD +#define CIPHER_VERSION_BUILD community #endif #define CIPHER_DECRYPT 0 From 537dcf75e5318e66bead6a931f49186646440250 Mon Sep 17 00:00:00 2001 From: Stephen Lombardo Date: Thu, 18 Oct 2018 13:01:15 -0400 Subject: [PATCH 2/5] improve memory handling for values returned from pragmas --- src/crypto.c | 110 +++++++++++++++++++++------------------------------ 1 file changed, 45 insertions(+), 65 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 13d7eb8c..15e9afe3 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -40,11 +40,11 @@ #endif /* Generate code to return a string value */ -static void codec_vdbe_return_static_string(Parse *pParse, const char *zLabel, const char *value){ +static void codec_vdbe_return_string(Parse *pParse, const char *zLabel, const char *value, int value_type){ Vdbe *v = sqlite3GetVdbe(pParse); sqlite3VdbeSetNumCols(v, 1); sqlite3VdbeSetColName(v, 0, COLNAME_NAME, zLabel, SQLITE_STATIC); - sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, value, 0); + sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, value, value_type); sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1); } @@ -100,24 +100,21 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef #ifdef SQLCIPHER_LICENSE if( sqlite3StrICmp(zLeft, "cipher_license")==0 && zRight ){ char *license_result = sqlite3_mprintf("%d", sqlcipher_license_key(zRight)); - codec_vdbe_return_static_string(pParse, "cipher_license", license_result); - sqlite3_free(license_result); + codec_vdbe_return_string(pParse, "cipher_license", license_result, P4_DYNAMIC); } else if( sqlite3StrICmp(zLeft, "cipher_license")==0 && !zRight ){ if(ctx) { char *license_result = sqlite3_mprintf("%d", ctx ? sqlcipher_license_key_status(ctx) : SQLITE_ERROR); - codec_vdbe_return_static_string(pParse, "cipher_license", license_result); - sqlite3_free(license_result); + codec_vdbe_return_string(pParse, "cipher_license", license_result, P4_DYNAMIC); } } else #endif if( sqlite3StrICmp(zLeft, "cipher_fips_status")== 0 && !zRight ){ if(ctx) { char *fips_mode_status = sqlite3_mprintf("%d", sqlcipher_codec_fips_status(ctx)); - codec_vdbe_return_static_string(pParse, "cipher_fips_status", fips_mode_status); - sqlite3_free(fips_mode_status); + codec_vdbe_return_string(pParse, "cipher_fips_status", fips_mode_status, P4_DYNAMIC); } } else if( sqlite3StrICmp(zLeft, "cipher_store_pass")==0 && zRight ) { @@ -128,37 +125,33 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef if( sqlite3StrICmp(zLeft, "cipher_store_pass")==0 && !zRight ) { if(ctx){ char *store_pass_value = sqlite3_mprintf("%d", sqlcipher_codec_get_store_pass(ctx)); - codec_vdbe_return_static_string(pParse, "cipher_store_pass", store_pass_value); - sqlite3_free(store_pass_value); + codec_vdbe_return_string(pParse, "cipher_store_pass", store_pass_value, P4_DYNAMIC); } } if( sqlite3StrICmp(zLeft, "cipher_profile")== 0 && zRight ){ char *profile_status = sqlite3_mprintf("%d", sqlcipher_cipher_profile(db, zRight)); - codec_vdbe_return_static_string(pParse, "cipher_profile", profile_status); - sqlite3_free(profile_status); + codec_vdbe_return_string(pParse, "cipher_profile", profile_status, P4_DYNAMIC); } else if( sqlite3StrICmp(zLeft, "cipher_add_random")==0 && zRight ){ if(ctx) { char *add_random_status = sqlite3_mprintf("%d", sqlcipher_codec_add_random(ctx, zRight, sqlite3Strlen30(zRight))); - codec_vdbe_return_static_string(pParse, "cipher_add_random", add_random_status); - sqlite3_free(add_random_status); + codec_vdbe_return_string(pParse, "cipher_add_random", add_random_status, P4_DYNAMIC); } } else if( sqlite3StrICmp(zLeft, "cipher_migrate")==0 && !zRight ){ if(ctx){ char *migrate_status = sqlite3_mprintf("%d", sqlcipher_codec_ctx_migrate(ctx)); - codec_vdbe_return_static_string(pParse, "cipher_migrate", migrate_status); - sqlite3_free(migrate_status); + codec_vdbe_return_string(pParse, "cipher_migrate", migrate_status, P4_DYNAMIC); } } else if( sqlite3StrICmp(zLeft, "cipher_provider")==0 && !zRight ){ - if(ctx) { codec_vdbe_return_static_string(pParse, "cipher_provider", - sqlcipher_codec_get_cipher_provider(ctx)); + if(ctx) { codec_vdbe_return_string(pParse, "cipher_provider", + sqlcipher_codec_get_cipher_provider(ctx), P4_TRANSIENT); } } else if( sqlite3StrICmp(zLeft, "cipher_provider_version")==0 && !zRight){ - if(ctx) { codec_vdbe_return_static_string(pParse, "cipher_provider_version", - sqlcipher_codec_get_provider_version(ctx)); + if(ctx) { codec_vdbe_return_string(pParse, "cipher_provider_version", + sqlcipher_codec_get_provider_version(ctx), P4_TRANSIENT); } } else if( sqlite3StrICmp(zLeft, "cipher_version")==0 && !zRight ){ @@ -167,24 +160,22 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef #else char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD)); #endif - codec_vdbe_return_static_string(pParse, "cipher_version", version); - sqlite3_free(version); + codec_vdbe_return_string(pParse, "cipher_version", version, P4_DYNAMIC); }else if( sqlite3StrICmp(zLeft, "cipher")==0 ){ if(ctx) { if( zRight ) { const char* message = "PRAGMA cipher is no longer supported."; - codec_vdbe_return_static_string(pParse, "cipher", message); + codec_vdbe_return_string(pParse, "cipher", message, P4_TRANSIENT); sqlite3_log(SQLITE_WARNING, message); }else { - codec_vdbe_return_static_string(pParse, "cipher", - sqlcipher_codec_ctx_get_cipher(ctx)); + codec_vdbe_return_string(pParse, "cipher", sqlcipher_codec_ctx_get_cipher(ctx), P4_TRANSIENT); } } }else if( sqlite3StrICmp(zLeft, "rekey_cipher")==0 && zRight ){ const char* message = "PRAGMA rekey_cipher is no longer supported."; - codec_vdbe_return_static_string(pParse, "rekey_cipher", message); + codec_vdbe_return_string(pParse, "rekey_cipher", message, P4_TRANSIENT); sqlite3_log(SQLITE_WARNING, message); }else if( sqlite3StrICmp(zLeft,"cipher_default_kdf_iter")==0 ){ @@ -192,8 +183,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_set_default_kdf_iter(atoi(zRight)); // change default KDF iterations } else { char *kdf_iter = sqlite3_mprintf("%d", sqlcipher_get_default_kdf_iter()); - codec_vdbe_return_static_string(pParse, "cipher_default_kdf_iter", kdf_iter); - sqlite3_free(kdf_iter); + codec_vdbe_return_string(pParse, "cipher_default_kdf_iter", kdf_iter, P4_DYNAMIC); } }else if( sqlite3StrICmp(zLeft, "kdf_iter")==0 ){ @@ -202,8 +192,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_codec_ctx_set_kdf_iter(ctx, atoi(zRight)); // change of RW PBKDF2 iteration } else { char *kdf_iter = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_kdf_iter(ctx)); - codec_vdbe_return_static_string(pParse, "kdf_iter", kdf_iter); - sqlite3_free(kdf_iter); + codec_vdbe_return_string(pParse, "kdf_iter", kdf_iter, P4_DYNAMIC); } } }else @@ -213,14 +202,13 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, atoi(zRight)); // change of RW PBKDF2 iteration } else { char *fast_kdf_iter = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_fast_kdf_iter(ctx)); - codec_vdbe_return_static_string(pParse, "fast_kdf_iter", fast_kdf_iter); - sqlite3_free(fast_kdf_iter); + codec_vdbe_return_string(pParse, "fast_kdf_iter", fast_kdf_iter, P4_DYNAMIC); } } }else if( sqlite3StrICmp(zLeft, "rekey_kdf_iter")==0 && zRight ){ const char* message = "PRAGMA rekey_kdf_iter is no longer supported."; - codec_vdbe_return_static_string(pParse, "rekey_kdf_iter", message); + codec_vdbe_return_string(pParse, "rekey_kdf_iter", message, P4_TRANSIENT); sqlite3_log(SQLITE_WARNING, message); }else if( sqlite3StrICmp(zLeft,"cipher_page_size")==0 ){ @@ -233,8 +221,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc); } else { char * page_size = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_pagesize(ctx)); - codec_vdbe_return_static_string(pParse, "cipher_page_size", page_size); - sqlite3_free(page_size); + codec_vdbe_return_string(pParse, "cipher_page_size", page_size, P4_DYNAMIC); } } }else @@ -243,8 +230,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_set_default_pagesize(atoi(zRight)); } else { char *default_page_size = sqlite3_mprintf("%d", sqlcipher_get_default_pagesize()); - codec_vdbe_return_static_string(pParse, "cipher_default_page_size", default_page_size); - sqlite3_free(default_page_size); + codec_vdbe_return_string(pParse, "cipher_default_page_size", default_page_size, P4_DYNAMIC); } }else if( sqlite3StrICmp(zLeft,"cipher_default_use_hmac")==0 ){ @@ -252,8 +238,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_set_default_use_hmac(sqlite3GetBoolean(zRight,1)); } else { char *default_use_hmac = sqlite3_mprintf("%d", sqlcipher_get_default_use_hmac()); - codec_vdbe_return_static_string(pParse, "cipher_default_use_hmac", default_use_hmac); - sqlite3_free(default_use_hmac); + codec_vdbe_return_string(pParse, "cipher_default_use_hmac", default_use_hmac, P4_DYNAMIC); } }else if( sqlite3StrICmp(zLeft,"cipher_use_hmac")==0 ){ @@ -266,8 +251,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc); } else { char *hmac_flag = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_use_hmac(ctx)); - codec_vdbe_return_static_string(pParse, "cipher_use_hmac", hmac_flag); - sqlite3_free(hmac_flag); + codec_vdbe_return_string(pParse, "cipher_use_hmac", hmac_flag, P4_DYNAMIC); } } }else @@ -287,11 +271,11 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef } } else { if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_LE_PGNO)) { - codec_vdbe_return_static_string(pParse, "cipher_hmac_pgno", "le"); + codec_vdbe_return_string(pParse, "cipher_hmac_pgno", "le", P4_TRANSIENT); } else if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_BE_PGNO)) { - codec_vdbe_return_static_string(pParse, "cipher_hmac_pgno", "be"); + codec_vdbe_return_string(pParse, "cipher_hmac_pgno", "be", P4_TRANSIENT); } else { - codec_vdbe_return_static_string(pParse, "cipher_hmac_pgno", "native"); + codec_vdbe_return_string(pParse, "cipher_hmac_pgno", "native", P4_TRANSIENT); } } } @@ -307,8 +291,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef } } else { char *hmac_salt_mask = sqlite3_mprintf("%02x", sqlcipher_get_hmac_salt_mask()); - codec_vdbe_return_static_string(pParse, "cipher_hmac_salt_mask", hmac_salt_mask); - sqlite3_free(hmac_salt_mask); + codec_vdbe_return_string(pParse, "cipher_hmac_salt_mask", hmac_salt_mask, P4_DYNAMIC); } } }else @@ -320,8 +303,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR); } else { char *size = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_plaintext_header_size(ctx)); - codec_vdbe_return_static_string(pParse, "cipher_plaintext_header_size", size); - sqlite3_free(size); + codec_vdbe_return_string(pParse, "cipher_plaintext_header_size", size, P4_DYNAMIC); } } }else @@ -330,7 +312,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_set_default_plaintext_header_size(atoi(zRight)); } else { char *size = sqlite3_mprintf("%d", sqlcipher_get_default_plaintext_header_size()); - codec_vdbe_return_static_string(pParse, "cipher_default_plaintext_header_size", size); + codec_vdbe_return_string(pParse, "cipher_default_plaintext_header_size", size, P4_DYNAMIC); sqlite3_free(size); } }else @@ -347,8 +329,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef } else { char *salt = (char*) sqlite3_malloc((FILE_HEADER_SZ*2)+1); cipher_bin2hex(sqlcipher_codec_ctx_get_kdf_salt(ctx), FILE_HEADER_SZ, salt); - codec_vdbe_return_static_string(pParse, "cipher_salt", salt); - sqlite3_free(salt); + codec_vdbe_return_string(pParse, "cipher_salt", salt, P4_DYNAMIC); } } }else @@ -369,11 +350,11 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef } else { int algorithm = sqlcipher_codec_ctx_get_hmac_algorithm(ctx); if(algorithm == SQLCIPHER_HMAC_SHA1) { - codec_vdbe_return_static_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL); + codec_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL, P4_TRANSIENT); } else if(algorithm == SQLCIPHER_HMAC_SHA256) { - codec_vdbe_return_static_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL); + codec_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL, P4_TRANSIENT); } else if(algorithm == SQLCIPHER_HMAC_SHA512) { - codec_vdbe_return_static_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL); + codec_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL, P4_TRANSIENT); } } } @@ -392,11 +373,11 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef } else { int algorithm = sqlcipher_get_default_hmac_algorithm(); if(algorithm == SQLCIPHER_HMAC_SHA1) { - codec_vdbe_return_static_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL); + codec_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL, P4_TRANSIENT); } else if(algorithm == SQLCIPHER_HMAC_SHA256) { - codec_vdbe_return_static_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL); + codec_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL, P4_TRANSIENT); } else if(algorithm == SQLCIPHER_HMAC_SHA512) { - codec_vdbe_return_static_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL); + codec_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL, P4_TRANSIENT); } } }else @@ -415,11 +396,11 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef } else { int algorithm = sqlcipher_codec_ctx_get_kdf_algorithm(ctx); if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) { - codec_vdbe_return_static_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL); + codec_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL, P4_TRANSIENT); } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) { - codec_vdbe_return_static_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL); + codec_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL, P4_TRANSIENT); } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) { - codec_vdbe_return_static_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL); + codec_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL, P4_TRANSIENT); } } } @@ -438,11 +419,11 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef } else { int algorithm = sqlcipher_get_default_kdf_algorithm(); if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) { - codec_vdbe_return_static_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL); + codec_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL, P4_TRANSIENT); } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) { - codec_vdbe_return_static_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL); + codec_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL, P4_TRANSIENT); } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) { - codec_vdbe_return_static_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL); + codec_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL, P4_TRANSIENT); } } }else @@ -451,8 +432,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_set_mem_security(sqlite3GetBoolean(zRight,1)); } else { char *on = sqlite3_mprintf("%d", sqlcipher_get_mem_security()); - codec_vdbe_return_static_string(pParse, "cipher_memory_security", on); - sqlite3_free(on); + codec_vdbe_return_string(pParse, "cipher_memory_security", on, P4_DYNAMIC); } }else { return 0; From 9249f54531664424b03ac55e6120451c478d481c Mon Sep 17 00:00:00 2001 From: Stephen Lombardo Date: Tue, 23 Oct 2018 09:08:30 -0400 Subject: [PATCH 3/5] correct warnings for UAP builds --- src/crypto.c | 8 ++++---- src/crypto_impl.c | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 15e9afe3..5f89be7b 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -336,7 +336,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef if( sqlite3StrICmp(zLeft,"cipher_hmac_algorithm")==0 ){ if(ctx) { if(zRight) { - int rc = SQLITE_ERROR; + rc = SQLITE_ERROR; if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA1_LABEL) == 0) { rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1); } else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA256_LABEL) == 0) { @@ -361,7 +361,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef }else if( sqlite3StrICmp(zLeft,"cipher_default_hmac_algorithm")==0 ){ if(zRight) { - int rc = SQLITE_ERROR; + rc = SQLITE_ERROR; if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA1_LABEL) == 0) { rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1); } else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA256_LABEL) == 0) { @@ -384,7 +384,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef if( sqlite3StrICmp(zLeft,"cipher_kdf_algorithm")==0 ){ if(ctx) { if(zRight) { - int rc = SQLITE_ERROR; + rc = SQLITE_ERROR; if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL) == 0) { rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1); } else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL) == 0) { @@ -407,7 +407,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef }else if( sqlite3StrICmp(zLeft,"cipher_default_kdf_algorithm")==0 ){ if(zRight) { - int rc = SQLITE_ERROR; + rc = SQLITE_ERROR; if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL) == 0) { rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1); } else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL) == 0) { diff --git a/src/crypto_impl.c b/src/crypto_impl.c index 3b8475c7..8b80cd8e 100644 --- a/src/crypto_impl.c +++ b/src/crypto_impl.c @@ -301,8 +301,8 @@ int sqlcipher_memcmp(const void *v0, const void *v1, int len) { void sqlcipher_mlock(void *ptr, int sz) { #ifndef OMIT_MEMLOCK - int rc; #if defined(__unix__) || defined(__APPLE__) + int rc; unsigned long pagesize = sysconf(_SC_PAGESIZE); unsigned long offset = (unsigned long) ptr % pagesize; @@ -315,6 +315,7 @@ void sqlcipher_mlock(void *ptr, int sz) { } #elif defined(_WIN32) #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP)) + int rc; CODEC_TRACE("sqlcipher_mem_lock: calling VirtualLock(%p,%d)\n", ptr, sz); rc = VirtualLock(ptr, sz); if(rc==0) { @@ -327,8 +328,8 @@ void sqlcipher_mlock(void *ptr, int sz) { void sqlcipher_munlock(void *ptr, int sz) { #ifndef OMIT_MEMLOCK - int rc; #if defined(__unix__) || defined(__APPLE__) + int rc; unsigned long pagesize = sysconf(_SC_PAGESIZE); unsigned long offset = (unsigned long) ptr % pagesize; @@ -341,6 +342,7 @@ void sqlcipher_munlock(void *ptr, int sz) { } #elif defined(_WIN32) #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP)) + int rc; CODEC_TRACE("sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)\n", ptr, sz); rc = VirtualUnlock(ptr, sz); if(!rc) { From 81ed3a54a26048c105eeb77416ca8d3b4bd4c01b Mon Sep 17 00:00:00 2001 From: Stephen Lombardo Date: Tue, 23 Oct 2018 13:04:03 -0400 Subject: [PATCH 4/5] cipher_migrate will use MoveFileExW on windows platforms --- src/crypto_impl.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/crypto_impl.c b/src/crypto_impl.c index 8b80cd8e..83c698f1 100644 --- a/src/crypto_impl.c +++ b/src/crypto_impl.c @@ -1241,7 +1241,10 @@ int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) { Btree *pDest = NULL, *pSrc = NULL; const char* commands[5]; sqlite3_file *srcfile, *destfile; - +#if defined(_WIN32) || defined(SQLITE_OS_WINRT) + LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL; + int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0; +#endif pass_sz = keyspec_sz = rc = user_version = upgrade_from = 0; if(!db_filename || sqlite3Strlen30(db_filename) < 1) @@ -1351,7 +1354,16 @@ migrate: #if defined(_WIN32) || defined(SQLITE_OS_WINRT) CODEC_TRACE("performing windows MoveFileExA\n"); - if(!MoveFileExA(migrated_db_filename, db_filename, MOVEFILE_REPLACE_EXISTING)) { + + w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0); + w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t)); + w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz); + + w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0); + w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t)); + w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz); + + if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) { CODEC_TRACE("move error"); rc = SQLITE_ERROR; CODEC_TRACE("error occurred while renaming %d\n", rc); @@ -1406,6 +1418,10 @@ cleanup: if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version)); if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode)); if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode)); +#if defined(_WIN32) || defined(SQLITE_OS_WINRT) + if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz); + if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz); +#endif return rc; } From 94c88989f7c511a5b519d14786c6f259bbad19f1 Mon Sep 17 00:00:00 2001 From: Stephen Lombardo Date: Mon, 29 Oct 2018 17:58:34 -0400 Subject: [PATCH 5/5] defer memory hook until after xInit --- src/crypto_impl.c | 9 +++++++-- src/malloc.c | 22 +++++++++++----------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/src/crypto_impl.c b/src/crypto_impl.c index 83c698f1..efcb93a8 100644 --- a/src/crypto_impl.c +++ b/src/crypto_impl.c @@ -52,6 +52,7 @@ static volatile int default_plaintext_header_sz = 0; static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512; static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512; static volatile int mem_security_on = 1; +static volatile int mem_security_initialized = 0; static volatile int mem_security_activated = 0; static volatile unsigned int sqlcipher_activate_count = 0; static volatile sqlite3_mem_methods default_mem_methods; @@ -147,8 +148,12 @@ static sqlite3_mem_methods sqlcipher_mem_methods = { }; void sqlcipher_init_memmethods() { - sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods); - sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods); + if(mem_security_initialized) return; + if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK || + sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) { + mem_security_on = mem_security_activated = 0; + } + mem_security_initialized = 1; } int sqlcipher_register_provider(sqlcipher_provider *p) { diff --git a/src/malloc.c b/src/malloc.c index 93635dd3..0c8e6190 100644 --- a/src/malloc.c +++ b/src/malloc.c @@ -111,7 +111,17 @@ int sqlite3MallocInit(void){ int rc; if( sqlite3GlobalConfig.m.xMalloc==0 ){ sqlite3MemSetDefault(); -/* BEGIN SQLCIPHER */ + + memset(&mem0, 0, sizeof(mem0)); + mem0.mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MEM); + if( sqlite3GlobalConfig.pPage==0 || sqlite3GlobalConfig.szPage<512 + || sqlite3GlobalConfig.nPage<=0 ){ + sqlite3GlobalConfig.pPage = 0; + sqlite3GlobalConfig.szPage = 0; + } + rc = sqlite3GlobalConfig.m.xInit(sqlite3GlobalConfig.m.pAppData); + if( rc!=SQLITE_OK ) memset(&mem0, 0, sizeof(mem0)); + /* BEGIN SQLCIPHER */ #ifdef SQLITE_HAS_CODEC /* install wrapping functions for memory management that will wipe all memory allocated by SQLite @@ -123,16 +133,6 @@ int sqlite3MallocInit(void){ #endif /* END SQLCIPHER */ } - - memset(&mem0, 0, sizeof(mem0)); - mem0.mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MEM); - if( sqlite3GlobalConfig.pPage==0 || sqlite3GlobalConfig.szPage<512 - || sqlite3GlobalConfig.nPage<=0 ){ - sqlite3GlobalConfig.pPage = 0; - sqlite3GlobalConfig.szPage = 0; - } - rc = sqlite3GlobalConfig.m.xInit(sqlite3GlobalConfig.m.pAppData); - if( rc!=SQLITE_OK ) memset(&mem0, 0, sizeof(mem0)); return rc; }