Merge branch 'zetetic-prerelease' into zetetic-master

CHANGELOG.md

@@ -1,6 +1,18 @@
 # SQLCipher Change Log
 All notable changes to this project will be documented in this file.
 
+## [4.3.0] - (November 2019 - [4.3.0 changes])
+- Updates baseline to upstream SQLite 3.30.1
+- PRAGMA key now returns text result value "ok" after execution
+- Adjusts backup API so that encrypted to encrypted backups are permitted
+- Adds NSS crypto provider implementation
+- Fixes OpenSSL provider compatibility with BoringSSL
+- Separates memory related traces to reduce verbosity of logging
+- Fixes output of PRAGMA cipher_integrity_check on big endian platforms
+- Cryptograpic provider interface cleanup
+- Rework of mutex allocation and management
+- Resolves miscellaneous build warnings
+
 ## [4.2.0] - (May 2019 - [4.2.0 changes])
 - Adds PRAGMA cipher_integrity_check to perform independent verification of page HMACs
 - Updates baseline to upstream SQLite 3.28.0
@@ -145,7 +157,9 @@ All notable changes to this project will be documented in this file.
 ### Security
 - Change KDF iteration length from 4,000 to 64,000
 
-[unreleased]: https://github.com/sqlcipher/sqlcipher/compare/v4.2.0...prerelease
+[unreleased]: https://github.com/sqlcipher/sqlcipher/compare/v4.3.0...prerelease
+[4.3.0]: https://github.com/sqlcipher/sqlcipher/tree/v4.3.0
+[4.3.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v4.2.0...v4.3.0
 [4.2.0]: https://github.com/sqlcipher/sqlcipher/tree/v4.2.0
 [4.2.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v4.1.0...v4.2.0
 [4.1.0]: https://github.com/sqlcipher/sqlcipher/tree/v4.1.0

Makefile.in

@@ -148,14 +148,16 @@ CRYPTOLIBOBJ = \
   crypto_impl.lo \
   crypto_openssl.lo \
   crypto_libtomcrypt.lo \
+  crypto_nss.lo \
   crypto_cc.lo
-  
+
 CRYPTOSRC = \
   $(TOP)/src/crypto.h \
   $(TOP)/src/sqlcipher.h \
   $(TOP)/src/crypto.c \
   $(TOP)/src/crypto_impl.c \
 	$(TOP)/src/crypto_libtomcrypt.c \
+	$(TOP)/src/crypto_nss.c \
 	$(TOP)/src/crypto_openssl.c \
 	$(TOP)/src/crypto_cc.c
 
@@ -629,7 +631,6 @@ SHELL_OPT += -DSQLITE_ENABLE_DBPAGE_VTAB
 SHELL_OPT += -DSQLITE_ENABLE_DBSTAT_VTAB
 SHELL_OPT += -DSQLITE_ENABLE_OFFSET_SQL_FUNC
 SHELL_OPT += -DSQLITE_ENABLE_DESERIALIZE
-SHELL_OPT += -DSQLITE_INTROSPECTION_PRAGMAS
 FUZZERSHELL_OPT = -DSQLITE_ENABLE_JSON1
 FUZZCHECK_OPT = -DSQLITE_ENABLE_JSON1 -DSQLITE_ENABLE_MEMSYS5 -DSQLITE_OSS_FUZZ
 FUZZCHECK_OPT += -DSQLITE_MAX_MEMORY=50000000
@@ -820,6 +821,8 @@ crypto_impl.lo:	$(TOP)/src/crypto_impl.c $(HDR)
 	$(LTCOMPILE) -c $(TOP)/src/crypto_impl.c
 crypto_openssl.lo:	$(TOP)/src/crypto_openssl.c $(HDR)
 	$(LTCOMPILE) -c $(TOP)/src/crypto_openssl.c
+crypto_nss.lo:	$(TOP)/src/crypto_nss.c $(HDR)
+	$(LTCOMPILE) -c $(TOP)/src/crypto_nss.c
 crypto_libtomcrypt.lo:	$(TOP)/src/crypto_libtomcrypt.c $(HDR)
 	$(LTCOMPILE) -c $(TOP)/src/crypto_libtomcrypt.c
 crypto_cc.lo:	$(TOP)/src/crypto_cc.c $(HDR)

Makefile.linux-gcc

@@ -19,7 +19,7 @@ TOP = ../sqlite
 #### C Compiler and options for use in building executables that
 #    will run on the platform that is doing the build.
 #
-BCC = gcc -g -O2
+BCC = gcc -g -O0
 #BCC = /opt/ancic/bin/c89 -0
 
 #### If the target operating system supports the "usleep()" system
@@ -38,8 +38,8 @@ THREADSAFE = -DTHREADSAFE=0
 #### Specify any extra linker options needed to make the library
 #    thread safe
 #
-#THREADLIB = -lpthread
-THREADLIB = 
+THREADLIB = -lpthread -lm -ldl
+#THREADLIB = 
 
 #### Specify any extra libraries needed to access required functions.
 #
@@ -54,11 +54,9 @@ TLIBS =
 #    You can make the library go almost twice as fast if you compile
 #    with -DNDEBUG=1
 #
-#OPTS = -DSQLITE_DEBUG=2
-#OPTS = -DSQLITE_DEBUG=1
-#OPTS = 
-OPTS = -DNDEBUG=1
-OPTS += -DHAVE_FDATASYNC=1
+OPTS += -DSQLITE_DEBUG=1
+OPTS += -DSQLITE_ENABLE_WHERETRACE
+OPTS += -DSQLITE_ENABLE_SELECTTRACE
 
 #### The suffix to add to executable files.  ".exe" for windows.
 #    Nothing for unix.
@@ -70,7 +68,7 @@ EXE =
 #    will run on the target platform.  This is usually the same
 #    as BCC, unless you are cross-compiling.
 #
-TCC = gcc -O6
+TCC = gcc -O0
 #TCC = gcc -g -O0 -Wall
 #TCC = gcc -g -O0 -Wall -fprofile-arcs -ftest-coverage
 #TCC = /opt/mingw/bin/i386-mingw32-gcc -O6
@@ -91,18 +89,12 @@ SHPREFIX = lib
 
 #### Extra compiler options needed for programs that use the TCL library.
 #
-#TCL_FLAGS =
-#TCL_FLAGS = -DSTATIC_BUILD=1
-TCL_FLAGS = -I/home/drh/tcltk/8.5linux
-#TCL_FLAGS = -I/home/drh/tcltk/8.5win -DSTATIC_BUILD=1
-#TCL_FLAGS = -I/home/drh/tcltk/8.3hpux
+TCL_FLAGS = -I/home/drh/tcl/include/tcl8.6
 
 #### Linker options needed to link against the TCL library.
 #
 #LIBTCL = -ltcl -lm -ldl
-LIBTCL = /home/drh/tcltk/8.5linux/libtcl8.5g.a -lm -ldl
-#LIBTCL = /home/drh/tcltk/8.5win/libtcl85s.a -lmsvcrt
-#LIBTCL = /home/drh/tcltk/8.3hpux/libtcl8.3.a -ldld -lm -lc
+LIBTCL = /home/drh/tcl/lib/libtcl8.6.a -lm -lpthread -ldl -lz
 
 #### Additional objects for SQLite library when TCL support is enabled.
 #TCLOBJ =

Makefile.msc

@@ -73,7 +73,7 @@ API_ARMOR = 0
 !IFNDEF NO_WARN
 !IF $(USE_FULLWARN)!=0
 NO_WARN = -wd4054 -wd4055 -wd4100 -wd4127 -wd4130 -wd4152 -wd4189 -wd4206
-NO_WARN = $(NO_WARN) -wd4210 -wd4232 -wd4305 -wd4306 -wd4702 -wd4706
+NO_WARN = $(NO_WARN) -wd4210 -wd4232 -wd4244 -wd4305 -wd4306 -wd4702 -wd4706
 !ENDIF
 !ENDIF
 
@@ -351,7 +351,6 @@ OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_JSON1=1
 OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_STMTVTAB=1
 OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_DBPAGE_VTAB=1
 OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_DBSTAT_VTAB=1
-OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_INTROSPECTION_PRAGMAS=1
 OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_DESERIALIZE=1
 !ENDIF
 OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_COLUMN_METADATA=1
@@ -1270,6 +1269,7 @@ SRC00 = \
 	$(TOP)\src\crypto_cc.c \
 	$(TOP)\src\crypto_impl.c \
 	$(TOP)\src\crypto_libtomcrypt.c \
+	$(TOP)\src\crypto_nss.c \
 	$(TOP)\src\crypto_openssl.c \
 	$(TOP)\src\crypto.h \
 	$(TOP)\src\sqlcipher.h \

README.md

@@ -437,30 +437,13 @@ describes its purpose and role within the larger system.
 <a name="vauth"></a>
 ## Verifying Code Authenticity
 
-If you obtained an SQLite source tree from a secondary source, such as a
-GitHub mirror, and you want to verify that it has not been altered, there
-are a couple of ways to do that.
-
-If you have a release version of SQLite, and you are using the
-`sqlite3.c` amalgamation, then SHA3-256 hashes for the amalgamation are
-available in the [change log](https://www.sqlite.org/changes.html) on
-the official website.  After building the `sqlite3.c` file, you can check
-that it is authentic by comparing the hash.  This does not ensure that the
-test scripts are unaltered, but it does validate the deliverable part of
-the code and the verification process only involves computing and
-comparing a single hash.
-
-For versions other than an official release, or if you are building the
-`sqlite3.c` amalgamation using non-standard build options, the verification
-process is a little more involved.  The `manifest` file at the root directory
-of the source tree
+The `manifest` file at the root directory of the source tree
 contains either a SHA3-256 hash (for newer files) or a SHA1 hash (for 
-older files) for every source file in the repository.  You can write a script
-to extracts hashes from `manifest` and verifies the hashes against the 
-corresponding files in the source tree.  The SHA3-256 hash of the `manifest`
+older files) for every source file in the repository.
+The SHA3-256 hash of the `manifest`
 file itself is the official name of the version of the source tree that you
-have.  The `manifest.uuid` file should contain the SHA3-256 hash of the
-`manifest` file.  If all of the above hash comparisons are correct, then
+have. The `manifest.uuid` file should contain the SHA3-256 hash of the
+`manifest` file. If all of the above hash comparisons are correct, then
 you can be confident that your source tree is authentic and unadulterated.
 
 The format of the `manifest` file should be mostly self-explanatory, but

SQLCipher.podspec.json

@@ -15,10 +15,10 @@
   "requires_arc": false,
   "source": {
     "git": "https://github.com/sqlcipher/sqlcipher.git",
-    "tag": "v4.2.0"
+    "tag": "v4.3.0"
   },
   "summary": "Full Database Encryption for SQLite.",
-  "version": "4.2.0",
+  "version": "4.3.0",
   "subspecs": [
     {
       "compiler_flags": [

VERSION

@@ -1 +1 @@
-3.28.0
+3.30.1

autoconf/Makefile.msc

@@ -73,7 +73,7 @@ API_ARMOR = 0
 !IFNDEF NO_WARN
 !IF $(USE_FULLWARN)!=0
 NO_WARN = -wd4054 -wd4055 -wd4100 -wd4127 -wd4130 -wd4152 -wd4189 -wd4206
-NO_WARN = $(NO_WARN) -wd4210 -wd4232 -wd4305 -wd4306 -wd4702 -wd4706
+NO_WARN = $(NO_WARN) -wd4210 -wd4232 -wd4244 -wd4305 -wd4306 -wd4702 -wd4706
 !ENDIF
 !ENDIF