search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "resolve upstream merge conflict in distclean"
[sqlcipher.git] / src / crypto_openssl.c
blob0ac53dfb05472852e7eb29de82cfd25de41bea74
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33 #ifdef SQLCIPHER_CRYPTO_OPENSSL
34 #include "sqliteInt.h"
35 #include "crypto.h"
36 #include "sqlcipher.h"
37 #include <openssl/crypto.h>
38 #include <openssl/rand.h>
39 #include <openssl/evp.h>
40 #include <openssl/objects.h>
41 #include <openssl/hmac.h>
42 #include <openssl/err.h>
43
44 static unsigned int openssl_init_count = 0;
45
46 static void sqlcipher_openssl_log_errors() {
47 unsigned long err = 0;
48 while((err = ERR_get_error()) != 0) {
49 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_log_errors: ERR_get_error() returned %lx: %s", err, ERR_error_string(err, NULL));
50 }
51 }
52
53 #if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
54 static HMAC_CTX *HMAC_CTX_new(void)
55 {
56 HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
57 if (ctx != NULL) {
58 HMAC_CTX_init(ctx);
59 }
60 return ctx;
61 }
62
63 /* Per 1.1.0 (https://wiki.openssl.org/index.php/1.1_API_Changes)
64 HMAC_CTX_free should call HMAC_CTX_cleanup, then EVP_MD_CTX_Cleanup.
65 HMAC_CTX_cleanup internally calls EVP_MD_CTX_cleanup so these
66 calls are not needed. */
67 static void HMAC_CTX_free(HMAC_CTX *ctx)
68 {
69 if (ctx != NULL) {
70 HMAC_CTX_cleanup(ctx);
71 OPENSSL_free(ctx);
72 }
73 }
74 #endif
75
76 static int sqlcipher_openssl_add_random(void *ctx, void *buffer, int length) {
77 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
78 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_add_random: entering SQLCIPHER_MUTEX_PROVIDER_RAND");
79 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
80 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_add_random: entered SQLCIPHER_MUTEX_PROVIDER_RAND");
81 #endif
82 RAND_add(buffer, length, 0);
83 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
84 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_add_random: leaving SQLCIPHER_MUTEX_PROVIDER_RAND");
85 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
86 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_add_random: left SQLCIPHER_MUTEX_PROVIDER_RAND");
87 #endif
88 return SQLITE_OK;
89 }
90
91 #define OPENSSL_CIPHER EVP_aes_256_cbc()
92
93 /* activate and initialize sqlcipher. Most importantly, this will automatically
94 intialize OpenSSL's EVP system if it hasn't already be externally. Note that
95 this function may be called multiple times as new codecs are intiialized.
96 Thus it performs some basic counting to ensure that only the last and final
97 sqlcipher_openssl_deactivate() will free the EVP structures.
98 */
99 static int sqlcipher_openssl_activate(void *ctx) {
100 /* initialize openssl and increment the internal init counter
101 but only if it hasn't been initalized outside of SQLCipher by this program
102 e.g. on startup */
103 int rc = 0;
104
105 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
106 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
107 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
108
109 #if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L)
110 ERR_load_crypto_strings();
111 #endif
112
113 #ifdef SQLCIPHER_FIPS
114 if(!FIPS_mode()){
115 if(!(rc = FIPS_mode_set(1))){
116 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_activate: FIPS_mode_set() returned %d", rc);
117 sqlcipher_openssl_log_errors();
118 }
119 }
120 #endif
121
122 openssl_init_count++;
123 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
124 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
125 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
126 return SQLITE_OK;
127 }
128
129 /* deactivate SQLCipher, most imporantly decremeting the activation count and
130 freeing the EVP structures on the final deactivation to ensure that
131 OpenSSL memory is cleaned up */
132 static int sqlcipher_openssl_deactivate(void *ctx) {
133 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_deactivate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
134 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
135 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_deactivate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
136
137 openssl_init_count--;
138
139 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
140 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
141 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_deactivate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
142 return SQLITE_OK;
143 }
144
145 static const char* sqlcipher_openssl_get_provider_name(void *ctx) {
146 return "openssl";
147 }
148
149 static const char* sqlcipher_openssl_get_provider_version(void *ctx) {
150 return OPENSSL_VERSION_TEXT;
151 }
152
153 /* generate a defined number of random bytes */
154 static int sqlcipher_openssl_random (void *ctx, void *buffer, int length) {
155 int rc = 0;
156 /* concurrent calls to RAND_bytes can cause a crash under some openssl versions when a
157 naive application doesn't use CRYPTO_set_locking_callback and
158 CRYPTO_THREADID_set_callback to ensure openssl thread safety.
159 This is simple workaround to prevent this common crash
160 but a more proper solution is that applications setup platform-appropriate
161 thread saftey in openssl externally */
162 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
163 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_random: entering SQLCIPHER_MUTEX_PROVIDER_RAND");
164 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
165 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_random: entered SQLCIPHER_MUTEX_PROVIDER_RAND");
166 #endif
167 rc = RAND_bytes((unsigned char *)buffer, length);
168 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
169 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_random: leaving SQLCIPHER_MUTEX_PROVIDER_RAND");
170 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
171 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_openssl_random: left SQLCIPHER_MUTEX_PROVIDER_RAND");
172 #endif
173 if(!rc) {
174 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_random: RAND_bytes() returned %d", rc);
175 sqlcipher_openssl_log_errors();
176 return SQLITE_ERROR;
177 }
178 return SQLITE_OK;
179 }
180
181 static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
182 int rc = 0;
183
184 #if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x30000000L)
185 unsigned int outlen;
186 HMAC_CTX* hctx = NULL;
187
188 if(in == NULL) goto error;
189
190 hctx = HMAC_CTX_new();
191 if(hctx == NULL) {
192 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: HMAC_CTX_new() failed");
193 sqlcipher_openssl_log_errors();
194 goto error;
195 }
196
197 switch(algorithm) {
198 case SQLCIPHER_HMAC_SHA1:
199 if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL))) {
200 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha1() returned %d", key_sz, rc);
201 sqlcipher_openssl_log_errors();
202 goto error;
203 }
204 break;
205 case SQLCIPHER_HMAC_SHA256:
206 if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL))) {
207 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha256() returned %d", key_sz, rc);
208 sqlcipher_openssl_log_errors();
209 goto error;
210 }
211 break;
212 case SQLCIPHER_HMAC_SHA512:
213 if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL))) {
214 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha512() returned %d", key_sz, rc);
215 sqlcipher_openssl_log_errors();
216 goto error;
217 }
218 break;
219 default:
220 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: invalid algorithm %d", algorithm);
221 goto error;
222 }
223
224 if(!(rc = HMAC_Update(hctx, in, in_sz))) {
225 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: HMAC_Update() on 1st input buffer of %d bytes using algorithm %d returned %d", in_sz, algorithm, rc);
226 sqlcipher_openssl_log_errors();
227 goto error;
228 }
229
230 if(in2 != NULL) {
231 if(!(rc = HMAC_Update(hctx, in2, in2_sz))) {
232 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: HMAC_Update() on 2nd input buffer of %d bytes using algorithm %d returned %d", in2_sz, algorithm, rc);
233 sqlcipher_openssl_log_errors();
234 goto error;
235 }
236 }
237
238 if(!(rc = HMAC_Final(hctx, out, &outlen))) {
239 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: HMAC_Final() using algorithm %d returned %d", algorithm, rc);
240 sqlcipher_openssl_log_errors();
241 goto error;
242 }
243
244 rc = SQLITE_OK;
245 goto cleanup;
246
247 error:
248 rc = SQLITE_ERROR;
249
250 cleanup:
251 if(hctx) HMAC_CTX_free(hctx);
252
253 #else
254 size_t outlen;
255 EVP_MAC *mac = NULL;
256 EVP_MAC_CTX *hctx = NULL;
257 OSSL_PARAM sha1[] = { { "digest", OSSL_PARAM_UTF8_STRING, "sha1", 4, 0 }, OSSL_PARAM_END };
258 OSSL_PARAM sha256[] = { { "digest", OSSL_PARAM_UTF8_STRING, "sha256", 6, 0 }, OSSL_PARAM_END };
259 OSSL_PARAM sha512[] = { { "digest", OSSL_PARAM_UTF8_STRING, "sha512", 6, 0 }, OSSL_PARAM_END };
260
261 if(in == NULL) goto error;
262
263 mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
264 if(mac == NULL) {
265 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: EVP_MAC_fetch for HMAC failed");
266 sqlcipher_openssl_log_errors();
267 goto error;
268 }
269
270 hctx = EVP_MAC_CTX_new(mac);
271 if(hctx == NULL) {
272 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: EVP_MAC_CTX_new() failed");
273 sqlcipher_openssl_log_errors();
274 goto error;
275 }
276
277 switch(algorithm) {
278 case SQLCIPHER_HMAC_SHA1:
279 if(!(rc = EVP_MAC_init(hctx, hmac_key, key_sz, sha1))) {
280 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: EVP_MAC_init() with key size %d and sha1 returned %d", key_sz, rc);
281 sqlcipher_openssl_log_errors();
282 goto error;
283 }
284 break;
285 case SQLCIPHER_HMAC_SHA256:
286 if(!(rc = EVP_MAC_init(hctx, hmac_key, key_sz, sha256))) {
287 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: EVP_MAC_init() with key size %d and sha256 returned %d", key_sz, rc);
288 sqlcipher_openssl_log_errors();
289 goto error;
290 }
291 break;
292 case SQLCIPHER_HMAC_SHA512:
293 if(!(rc = EVP_MAC_init(hctx, hmac_key, key_sz, sha512))) {
294 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: EVP_MAC_init() with key size %d and sha512 returned %d", key_sz, rc);
295 sqlcipher_openssl_log_errors();
296 goto error;
297 }
298 break;
299 default:
300 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: invalid algorithm %d", algorithm);
301 goto error;
302 }
303
304 if(!(rc = EVP_MAC_update(hctx, in, in_sz))) {
305 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: EVP_MAC_update() on 1st input buffer of %d bytes using algorithm %d returned %d", in_sz, algorithm, rc);
306 sqlcipher_openssl_log_errors();
307 goto error;
308 }
309
310 if(in2 != NULL) {
311 if(!(rc = EVP_MAC_update(hctx, in2, in2_sz))) {
312 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: EVP_MAC_update() on 2nd input buffer of %d bytes using algorithm %d returned %d", in_sz, algorithm, rc);
313 sqlcipher_openssl_log_errors();
314 goto error;
315 }
316 }
317
318 if(!(rc = EVP_MAC_final(hctx, NULL, &outlen, 0))) {
319 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: 1st EVP_MAC_final() for output length calculation using algorithm %d returned %d", algorithm, rc);
320 sqlcipher_openssl_log_errors();
321 goto error;
322 }
323
324 if(!(rc = EVP_MAC_final(hctx, out, &outlen, outlen))) {
325 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_hmac: 2nd EVP_MAC_final() using algorithm %d returned %d", algorithm, rc);
326 sqlcipher_openssl_log_errors();
327 goto error;
328 }
329
330 rc = SQLITE_OK;
331 goto cleanup;
332
333 error:
334 rc = SQLITE_ERROR;
335
336 cleanup:
337 if(hctx) EVP_MAC_CTX_free(hctx);
338 if(mac) EVP_MAC_free(mac);
339
340 #endif
341
342 return rc;
343 }
344
345 static int sqlcipher_openssl_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
346 int rc = 0;
347
348 switch(algorithm) {
349 case SQLCIPHER_HMAC_SHA1:
350 if(!(rc = PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha1(), key_sz, key))) {
351 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_kdf: PKCS5_PBKDF2_HMAC() for EVP_sha1() workfactor %d and key size %d returned %d", workfactor, key_sz, rc);
352 sqlcipher_openssl_log_errors();
353 goto error;
354 }
355 break;
356 case SQLCIPHER_HMAC_SHA256:
357 if(!(rc = PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha256(), key_sz, key))) {
358 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_kdf: PKCS5_PBKDF2_HMAC() for EVP_sha256() workfactor %d and key size %d returned %d", workfactor, key_sz, rc);
359 sqlcipher_openssl_log_errors();
360 goto error;
361 }
362 break;
363 case SQLCIPHER_HMAC_SHA512:
364 if(!(rc = PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha512(), key_sz, key))) {
365 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_kdf: PKCS5_PBKDF2_HMAC() for EVP_sha512() workfactor %d and key size %d returned %d", workfactor, key_sz, rc);
366 sqlcipher_openssl_log_errors();
367 goto error;
368 }
369 break;
370 default:
371 return SQLITE_ERROR;
372 }
373
374 rc = SQLITE_OK;
375 goto cleanup;
376 error:
377 rc = SQLITE_ERROR;
378 cleanup:
379 return rc;
380 }
381
382 static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
383 int tmp_csz, csz, rc = 0;
384 EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new();
385 if(ectx == NULL) {
386 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_cipher: EVP_CIPHER_CTX_new failed");
387 sqlcipher_openssl_log_errors();
388 goto error;
389 }
390
391 if(!(rc = EVP_CipherInit_ex(ectx, OPENSSL_CIPHER, NULL, NULL, NULL, mode))) {
392 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_cipher: EVP_CipherInit_ex for mode %d returned %d", mode, rc);
393 sqlcipher_openssl_log_errors();
394 goto error;
395 }
396
397 if(!(rc = EVP_CIPHER_CTX_set_padding(ectx, 0))) { /* no padding */
398 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_cipher: EVP_CIPHER_CTX_set_padding 0 returned %d", rc);
399 sqlcipher_openssl_log_errors();
400 goto error;
401 }
402
403 if(!(rc = EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode))) {
404 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_cipher: EVP_CipherInit_ex for mode %d returned %d", mode, rc);
405 sqlcipher_openssl_log_errors();
406 goto error;
407 }
408
409 if(!(rc = EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz))) {
410 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_cipher: EVP_CipherUpdate returned %d", rc);
411 sqlcipher_openssl_log_errors();
412 goto error;
413 }
414
415 csz = tmp_csz;
416 out += tmp_csz;
417 if(!(rc = EVP_CipherFinal_ex(ectx, out, &tmp_csz))) {
418 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_openssl_cipher: EVP_CipherFinal_ex returned %d", rc);
419 sqlcipher_openssl_log_errors();
420 goto error;
421 }
422
423 csz += tmp_csz;
424 assert(in_sz == csz);
425
426 rc = SQLITE_OK;
427 goto cleanup;
428 error:
429 rc = SQLITE_ERROR;
430 cleanup:
431 if(ectx) EVP_CIPHER_CTX_free(ectx);
432 return rc;
433 }
434
435 static const char* sqlcipher_openssl_get_cipher(void *ctx) {
436 return OBJ_nid2sn(EVP_CIPHER_nid(OPENSSL_CIPHER));
437 }
438
439 static int sqlcipher_openssl_get_key_sz(void *ctx) {
440 return EVP_CIPHER_key_length(OPENSSL_CIPHER);
441 }
442
443 static int sqlcipher_openssl_get_iv_sz(void *ctx) {
444 return EVP_CIPHER_iv_length(OPENSSL_CIPHER);
445 }
446
447 static int sqlcipher_openssl_get_block_sz(void *ctx) {
448 return EVP_CIPHER_block_size(OPENSSL_CIPHER);
449 }
450
451 static int sqlcipher_openssl_get_hmac_sz(void *ctx, int algorithm) {
452 switch(algorithm) {
453 case SQLCIPHER_HMAC_SHA1:
454 return EVP_MD_size(EVP_sha1());
455 break;
456 case SQLCIPHER_HMAC_SHA256:
457 return EVP_MD_size(EVP_sha256());
458 break;
459 case SQLCIPHER_HMAC_SHA512:
460 return EVP_MD_size(EVP_sha512());
461 break;
462 default:
463 return 0;
464 }
465 }
466
467 static int sqlcipher_openssl_ctx_init(void **ctx) {
468 return sqlcipher_openssl_activate(*ctx);
469 }
470
471 static int sqlcipher_openssl_ctx_free(void **ctx) {
472 return sqlcipher_openssl_deactivate(NULL);
473 }
474
475 static int sqlcipher_openssl_fips_status(void *ctx) {
476 #ifdef SQLCIPHER_FIPS
477 return FIPS_mode();
478 #else
479 return 0;
480 #endif
481 }
482
483 int sqlcipher_openssl_setup(sqlcipher_provider *p) {
484 p->activate = sqlcipher_openssl_activate;
485 p->deactivate = sqlcipher_openssl_deactivate;
486 p->get_provider_name = sqlcipher_openssl_get_provider_name;
487 p->random = sqlcipher_openssl_random;
488 p->hmac = sqlcipher_openssl_hmac;
489 p->kdf = sqlcipher_openssl_kdf;
490 p->cipher = sqlcipher_openssl_cipher;
491 p->get_cipher = sqlcipher_openssl_get_cipher;
492 p->get_key_sz = sqlcipher_openssl_get_key_sz;
493 p->get_iv_sz = sqlcipher_openssl_get_iv_sz;
494 p->get_block_sz = sqlcipher_openssl_get_block_sz;
495 p->get_hmac_sz = sqlcipher_openssl_get_hmac_sz;
496 p->ctx_init = sqlcipher_openssl_ctx_init;
497 p->ctx_free = sqlcipher_openssl_ctx_free;
498 p->add_random = sqlcipher_openssl_add_random;
499 p->fips_status = sqlcipher_openssl_fips_status;
500 p->get_provider_version = sqlcipher_openssl_get_provider_version;
501 return SQLITE_OK;
502 }
503
504 #endif
505 #endif
506 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.