Initial FIPS integration
This commit is contained in:
Nick Parker
parent
ea0d002545
commit
29b00cb2fc
|
|
@ -664,6 +664,13 @@ LIBRESOBJS =
|
|||
# All of the source code files.
|
||||
#
|
||||
SRC = \
|
||||
$(TOP)\src\crypto.c \
|
||||
$(TOP)\src\crypto_cc.c \
|
||||
$(TOP)\src\crypto_impl.c \
|
||||
$(TOP)\src\crypto_libtomcrypt.c \
|
||||
$(TOP)\src\crypto_openssl.c \
|
||||
$(TOP)\src\crypto.h \
|
||||
$(TOP)\src\sqlcipher.h \
|
||||
$(TOP)\src\alter.c \
|
||||
$(TOP)\src\analyze.c \
|
||||
$(TOP)\src\attach.c \
|
||||
|
|
|
|||
|
|
@ -89,6 +89,13 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef
|
|||
|
||||
CODEC_TRACE(("sqlcipher_codec_pragma: entered db=%p iDb=%d pParse=%p zLeft=%s zRight=%s ctx=%p\n", db, iDb, pParse, zLeft, zRight, ctx));
|
||||
|
||||
if( sqlite3StrICmp(zLeft, "cipher_fips_status")== 0 && !zRight ){
|
||||
if(ctx) {
|
||||
char *fips_mode_status = sqlite3_mprintf("%d", sqlcipher_codec_fips_status(ctx));
|
||||
codec_vdbe_return_static_string(pParse, "cipher_fips_status", fips_mode_status);
|
||||
sqlite3_free(fips_mode_status);
|
||||
}
|
||||
} else
|
||||
if( sqlite3StrICmp(zLeft, "cipher_store_pass")==0 && zRight ) {
|
||||
sqlcipher_codec_set_store_pass(ctx, sqlite3GetBoolean(zRight, 1));
|
||||
} else
|
||||
|
|
|
|||
11
src/crypto.h
11
src/crypto.h
|
|
@ -44,8 +44,12 @@
|
|||
#define FILE_HEADER_SZ 16
|
||||
|
||||
#ifndef CIPHER_VERSION
|
||||
#ifdef SQLCIPHER_FIPS
|
||||
#define CIPHER_VERSION "3.2.0 FIPS"
|
||||
#else
|
||||
#define CIPHER_VERSION "3.2.0"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef CIPHER
|
||||
#define CIPHER "aes-256-cbc"
|
||||
|
|
@ -219,9 +223,10 @@ int sqlcipher_codec_ctx_migrate(codec_ctx *ctx);
|
|||
int sqlcipher_codec_add_random(codec_ctx *ctx, const char *data, int random_sz);
|
||||
int sqlcipher_cipher_profile(sqlite3 *db, const char *destination);
|
||||
static void sqlcipher_profile_callback(void *file, const char *sql, sqlite3_uint64 run_time);
|
||||
int sqlcipher_codec_get_store_pass(codec_ctx *ctx);
|
||||
void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey);
|
||||
void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value);
|
||||
static int sqlcipher_codec_get_store_pass(codec_ctx *ctx);
|
||||
static void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey);
|
||||
static void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value);
|
||||
int sqlcipher_codec_fips_status(codec_ctx *ctx);
|
||||
|
||||
#endif
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -120,6 +120,10 @@ static int sqlcipher_cc_ctx_free(void **ctx) {
|
|||
return SQLITE_OK;
|
||||
}
|
||||
|
||||
static int sqlcipher_cc_fips_status(void *ctx) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int sqlcipher_cc_setup(sqlcipher_provider *p) {
|
||||
p->random = sqlcipher_cc_random;
|
||||
p->get_provider_name = sqlcipher_cc_get_provider_name;
|
||||
|
|
@ -137,6 +141,7 @@ int sqlcipher_cc_setup(sqlcipher_provider *p) {
|
|||
p->ctx_init = sqlcipher_cc_ctx_init;
|
||||
p->ctx_free = sqlcipher_cc_ctx_free;
|
||||
p->add_random = sqlcipher_cc_add_random;
|
||||
p->fips_status = sqlcipher_cc_fips_status;
|
||||
return SQLITE_OK;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1227,6 +1227,9 @@ static void sqlcipher_profile_callback(void *file, const char *sql, sqlite3_uint
|
|||
if( f ) fprintf(f, "Elapsed time:%.3f ms - %s\n", elapsed, sql);
|
||||
}
|
||||
|
||||
int sqlcipher_codec_fips_status(codec_ctx *ctx) {
|
||||
return ctx->read_ctx->provider->fips_status(ctx->read_ctx);
|
||||
}
|
||||
|
||||
#endif
|
||||
/* END SQLCIPHER */
|
||||
|
|
|
|||
|
|
@ -227,6 +227,10 @@ static int sqlcipher_ltc_ctx_free(void **ctx) {
|
|||
return SQLITE_OK;
|
||||
}
|
||||
|
||||
static int sqlcipher_ltc_fips_status(void *ctx) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int sqlcipher_ltc_setup(sqlcipher_provider *p) {
|
||||
p->activate = sqlcipher_ltc_activate;
|
||||
p->deactivate = sqlcipher_ltc_deactivate;
|
||||
|
|
@ -246,6 +250,7 @@ int sqlcipher_ltc_setup(sqlcipher_provider *p) {
|
|||
p->ctx_init = sqlcipher_ltc_ctx_init;
|
||||
p->ctx_free = sqlcipher_ltc_ctx_free;
|
||||
p->add_random = sqlcipher_ltc_add_random;
|
||||
p->fips_status = sqlcipher_ltc_fips_status;
|
||||
return SQLITE_OK;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ typedef struct {
|
|||
EVP_CIPHER *evp_cipher;
|
||||
} openssl_ctx;
|
||||
|
||||
|
||||
static int openssl_fips_status = 0;
|
||||
static unsigned int openssl_external_init = 0;
|
||||
static unsigned int openssl_init_count = 0;
|
||||
static sqlite3_mutex* openssl_rand_mutex = NULL;
|
||||
|
|
@ -78,6 +78,13 @@ static int sqlcipher_openssl_activate(void *ctx) {
|
|||
}
|
||||
|
||||
if(openssl_init_count == 0 && openssl_external_init == 0) {
|
||||
#ifdef SQLCIPHER_FIPS
|
||||
openssl_fips_status = FIPS_mode_set(1);
|
||||
if(!openssl_fips_status){
|
||||
ERR_load_crypto_strings();
|
||||
ERR_print_errors_fp(stdout);
|
||||
}
|
||||
#endif
|
||||
/* if the library was not externally initialized, then should be now */
|
||||
OpenSSL_add_all_algorithms();
|
||||
}
|
||||
|
|
@ -224,6 +231,10 @@ static int sqlcipher_openssl_ctx_free(void **ctx) {
|
|||
return SQLITE_OK;
|
||||
}
|
||||
|
||||
static int sqlcipher_openssl_fips_status(void *ctx) {
|
||||
return openssl_fips_status;
|
||||
}
|
||||
|
||||
int sqlcipher_openssl_setup(sqlcipher_provider *p) {
|
||||
p->activate = sqlcipher_openssl_activate;
|
||||
p->deactivate = sqlcipher_openssl_deactivate;
|
||||
|
|
@ -243,6 +254,7 @@ int sqlcipher_openssl_setup(sqlcipher_provider *p) {
|
|||
p->ctx_init = sqlcipher_openssl_ctx_init;
|
||||
p->ctx_free = sqlcipher_openssl_ctx_free;
|
||||
p->add_random = sqlcipher_openssl_add_random;
|
||||
p->fips_status = sqlcipher_openssl_fips_status;
|
||||
return SQLITE_OK;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ typedef struct {
|
|||
int (*ctx_cmp)(void *c1, void *c2);
|
||||
int (*ctx_init)(void **ctx);
|
||||
int (*ctx_free)(void **ctx);
|
||||
int (*fips_status)(void *ctx);
|
||||
} sqlcipher_provider;
|
||||
|
||||
/* utility functions */
|
||||
|
|
|
|||
Loading…
Reference in New Issue