better-sqlite3-multiple-ciphers 8.7.0 → 8.7.1-beta.0

package/README.md

@@ -23,10 +23,10 @@ The fastest and simplest library for SQLite3 in Node.js. This particular fork su
   - **SQLite3 Multiple Ciphers** - [`1.6.5`](https://github.com/utelle/SQLite3MultipleCiphers/releases/tag/v1.6.5)
 
 - ### Beta
-  - **better-sqlite3-multiple-ciphers** - [`v8.6.1-beta.0`](https://github.com/m4heshd/better-sqlite3-multiple-ciphers/releases/tag/v8.6.1-beta.0)
-  - **better-sqlite3** - [`8.6.0`](https://github.com/JoshuaWise/better-sqlite3/releases/tag/v8.6.0)
+  - **better-sqlite3-multiple-ciphers** - [`v8.7.1-beta.0`](https://github.com/m4heshd/better-sqlite3-multiple-ciphers/releases/tag/v8.7.1-beta.0)
+  - **better-sqlite3** - [`8.7.0`](https://github.com/JoshuaWise/better-sqlite3/releases/tag/v8.7.0)
   - **SQLite** - [`3.43.1`](https://www.sqlite.org/releaselog/3_43_1.html)
-  - **SQLite3 Multiple Ciphers** - [`1.6.5`](https://github.com/utelle/SQLite3MultipleCiphers/releases/tag/v1.6.5)
+  - **SQLite3 Multiple Ciphers** - [`1.7.0`](https://github.com/utelle/SQLite3MultipleCiphers/releases/tag/v1.7.0)
 
 ## Help this project stay strong! 💪
 

package/binding.gyp

@@ -12,6 +12,7 @@
       'cflags_cc': ['-std=c++17'],
       'xcode_settings': {
         'OTHER_CPLUSPLUSFLAGS': ['-std=c++17', '-stdlib=libc++'],
+        'OTHER_LDFLAGS': ['-framework Security', '-framework Foundation'],
       },
       'msvs_settings': {
         'VCCLCompilerTool': {

package/deps/setup.ps1

@@ -2,7 +2,7 @@
 $ErrorActionPreference = "Stop"
 
 # SQLite Info
-$SQLITEMC_VER = "v1.6.5"
+$SQLITEMC_VER = "v1.7.0"
 $API_URL = "https://api.github.com/repos/utelle/SQLite3MultipleCiphers/releases/tags/" + $SQLITEMC_VER
 
 # Paths

package/deps/sqlite3/sqlite3.c

@@ -11084,6 +11084,9 @@ SQLITE_PRIVATE int sqlite3mcHandleAttachKey(sqlite3*, const char*, const char*,
 SQLITE_PRIVATE int sqlite3mcHandleMainKey(sqlite3*, const char*);
 typedef struct PgHdr PgHdrMC;
 SQLITE_PRIVATE void* sqlite3mcPagerCodec(PgHdrMC* pPg);
+typedef struct Pager PagerMC;
+SQLITE_PRIVATE int sqlite3mcPagerHasCodec(PagerMC* pPager);
+SQLITE_PRIVATE void sqlite3mcInitMemoryMethods();
 
 /******** Begin file sqlite3rtree.h *********/
 /*
@@ -29807,6 +29810,12 @@ SQLITE_PRIVATE int sqlite3MallocInit(void){
   }
   rc = sqlite3GlobalConfig.m.xInit(sqlite3GlobalConfig.m.pAppData);
   if( rc!=SQLITE_OK ) memset(&mem0, 0, sizeof(mem0));
+
+  /* Initialize wrapper for memory management.*/
+  if( rc==SQLITE_OK ) {
+    sqlite3mcInitMemoryMethods();
+  }
+
   return rc;
 }
 
@@ -57156,6 +57165,7 @@ static const unsigned char aJournalMagic[] = {
 SQLITE_PRIVATE int sqlite3PagerDirectReadOk(Pager *pPager, Pgno pgno){
   if( pPager->fd->pMethods==0 ) return 0;
   if( sqlite3PCacheIsDirty(pPager->pPCache) ) return 0;
+  if( sqlite3mcPagerHasCodec(pPager) != 0 ) return 0;
 #ifndef SQLITE_OMIT_WAL
   if( pPager->pWal ){
     u32 iRead = 0;
@@ -57389,7 +57399,7 @@ static void setGetterMethod(Pager *pPager){
   if( pPager->errCode ){
     pPager->xGet = getPageError;
 #if SQLITE_MAX_MMAP_SIZE>0
-  }else if( USEFETCH(pPager) ){
+  }else if( USEFETCH(pPager) && sqlite3mcPagerHasCodec(pPager) == 0 ){
     pPager->xGet = getPageMMap;
 #endif /* SQLITE_MAX_MMAP_SIZE>0 */
   }else{
@@ -251128,10 +251138,10 @@ SQLITE_API const char *sqlite3_sourceid(void){ return SQLITE_SOURCE_ID; }
 #define SQLITE3MC_VERSION_H_
 
 #define SQLITE3MC_VERSION_MAJOR      1
-#define SQLITE3MC_VERSION_MINOR      6
-#define SQLITE3MC_VERSION_RELEASE    5
+#define SQLITE3MC_VERSION_MINOR      7
+#define SQLITE3MC_VERSION_RELEASE    0
 #define SQLITE3MC_VERSION_SUBRELEASE 0
-#define SQLITE3MC_VERSION_STRING     "SQLite3 Multiple Ciphers 1.6.5"
+#define SQLITE3MC_VERSION_STRING     "SQLite3 Multiple Ciphers 1.7.0"
 
 #endif /* SQLITE3MC_VERSION_H_ */
 /*** End of #include "sqlite3mc_version.h" ***/
@@ -264601,6 +264611,31 @@ sqlite3mcVersion(sqlite3_context* context, int argc, sqlite3_value** argv)
   sqlite3_result_text(context, sqlite3mc_version(), -1, 0);
 }
 
+#ifndef SQLITE3MC_SECURE_MEMORY
+#define SQLITE3MC_SECURE_MEMORY 0
+#endif
+
+#if SQLITE3MC_SECURE_MEMORY
+
+#define SECURE_MEMORY_NONE 0
+#define SECURE_MEMORY_FILL 1
+#define SECURE_MEMORY_LOCK 2
+
+SQLITE_PRIVATE void sqlite3mcSetMemorySecurity(int value);
+SQLITE_PRIVATE int sqlite3mcGetMemorySecurity();
+
+#ifndef SQLITE3MC_USE_RANDOM_FILL_MEMORY
+#define SQLITE3MC_USE_RANDOM_FILL_MEMORY 0
+#endif
+
+/* Memory locking is currently not supported */
+#ifdef SQLITE3MC_ENABLE_MEMLOCK
+#undef SQLITE3MC_ENABLE_MEMLOCK
+#endif
+#define SQLITE3MC_ENABLE_MEMLOCK 0
+
+#endif
+
 /*
 ** Crypto algorithms
 */
@@ -267348,14 +267383,14 @@ fail:
   return 0;
 }
 
-#if defined(__APPLE__) && defined(__MAC_10_12) && !defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
-#include <sys/random.h>
+#if defined(__APPLE__)
+#include <Security/SecRandom.h>
 #endif
 
 static size_t entropy(void* buf, size_t n)
 {
-#if defined(__APPLE__) && defined(__MAC_10_12) && __MAC_OS_X_VERSION_MAX_ALLOWED >= __MAC_10_12
-  if (getentropy(buf, n) == 0)
+#if defined(__APPLE__)
+  if (SecRandomCopyBytes(kSecRandomDefault, n, (uint8_t*) buf) == 0)
     return n;
 #elif defined(__linux__) && defined(SYS_getrandom)
   if (syscall(SYS_getrandom, buf, n, 0) == n)
@@ -274343,6 +274378,54 @@ sqlite3mcFileControlPragma(sqlite3* db, const char* zDbName, int op, void* pArg)
         ((char**)pArg)[0] = sqlite3_mprintf("Malformed hex string");
       }
     }
+#if SQLITE3MC_SECURE_MEMORY
+    else if (sqlite3StrICmp(pragmaName, "memory_security") == 0)
+    {
+      if (pragmaValue)
+      {
+        int intValue = -1;
+        if (0 == sqlite3StrICmp(pragmaValue, "none"))
+        {
+          intValue = SECURE_MEMORY_NONE;
+        }
+        else if (0 == sqlite3StrICmp(pragmaValue, "fill") )
+        {
+          intValue = SECURE_MEMORY_FILL;
+        }
+#if SQLITE3MC_ENABLE_MEMLOCK
+        else if (0 == sqlite3StrICmp(pragmaValue, "lock") )
+        {
+          intValue = SECURE_MEMORY_LOCK;
+        }
+#endif
+        else
+        {
+          intValue = sqlite3Atoi(pragmaValue);
+#if SQLITE3MC_ENABLE_MEMLOCK
+          intValue = (intValue >=0 && intValue <= 2) ? intValue : -1;
+#else
+          intValue = (intValue >=0 && intValue <= 1) ? intValue : -1;
+#endif
+        }
+        if (intValue >= 0)
+        {
+          sqlite3mcSetMemorySecurity(intValue);
+          rc = SQLITE_OK;
+          ((char**)pArg)[0] = sqlite3_mprintf("%d", intValue);
+        }
+        else
+        {
+          rc = SQLITE_ERROR;
+          ((char**) pArg)[0] = sqlite3_mprintf("Secure memory option '%s' invalid.", pragmaValue);
+        }
+      }
+      else
+      {
+        rc = SQLITE_OK;
+        ((char**)pArg)[0] = sqlite3_mprintf("%d", sqlite3mcGetMemorySecurity());
+      }
+    }
+#endif /* SQLITE3MC_SECURE_MEMORY */
     else
     {
       int j;
@@ -275418,6 +275501,212 @@ sqlite3_rekey(sqlite3 *db, const void *zKey, int nKey)
 /*** End of #include "codecext.c" ***/
 
 
+/*
+** Functions for securing allocated memory
+*/
+/* #include "memory_secure.c" */
+/*** Begin of #include "memory_secure.c" ***/
+/*
+** Name:        mem_secure.c
+** Purpose:     Memory manager for SQLite3 Multiple Ciphers
+** Author:      Ulrich Telle
+** Created:     2023-09-17
+** Copyright:   (c) 2023 Ulrich Telle
+** License:     MIT
+*/
+
+#if SQLITE3MC_SECURE_MEMORY
+
+/* Flag indicating whether securing memory allocations is initialized */
+static volatile int mcSecureMemoryInitialized = 0;
+/* Flag indicating whether memory allocations will be secured */
+static volatile int mcSecureMemoryFlag = 0;
+
+/* Map of default memory allocation methods */
+static volatile sqlite3_mem_methods mcDefaultMemoryMethods;
+
+#if SQLITE3MC_ENABLE_RANDOM_FILL_MEMORY
+
+/*
+** Fill a buffer with pseudo-random bytes.  This is used to preset
+** the content of a new memory allocation to unpredictable values and
+** to clear the content of a freed allocation to unpredictable values.
+*/
+static void mcRandomFill(char* pBuf, int nByte)
+{
+  unsigned int x, y, r;
+  x = SQLITE_PTR_TO_INT(pBuf);
+  y = nByte | 1;
+  while( nByte >= 4 )
+  {
+    x = (x>>1) ^ (-(int)(x&1) & 0xd0000001);
+    y = y*1103515245 + 12345;
+    r = x ^ y;
+    *(int*)pBuf = r;
+    pBuf += 4;
+    nByte -= 4;
+  }
+  while( nByte-- > 0 )
+  {
+    x = (x>>1) ^ (-(int)(x&1) & 0xd0000001);
+    y = y*1103515245 + 12345;
+    r = x ^ y;
+    *(pBuf++) = r & 0xff;
+  }
+}
+
+#endif
+
+/*
+** Return the size of an allocation
+*/
+static int mcMemorySize(void* pBuf)
+{
+  return mcDefaultMemoryMethods.xSize(pBuf);
+}
+
+/*
+** Memory allocation function
+*/
+static void* mcMemoryAlloc(int nByte)
+{
+  return mcDefaultMemoryMethods.xMalloc(nByte);
+}
+
+/*
+** Free a prior allocation
+*/
+static void mcMemoryFree(void* pPrior)
+{
+  if (mcSecureMemoryFlag)
+  {
+#if SQLITE3MC_USE_RANDOM_FILL_MEMORY
+    int nSize = mcMemorySize(pPrior);
+    mcRandomFill((char*) pPrior, nSize)
+#else
+    int nSize = mcMemorySize(pPrior);
+    memset(pPrior, 0, nSize);
+#endif
+  }
+  mcDefaultMemoryMethods.xFree(pPrior);
+}
+
+/*
+** Resize an allocation
+*/
+static void* mcMemoryRealloc(void* pPrior, int nByte)
+{
+  void* pNew = NULL;
+  if (mcSecureMemoryFlag)
+  {
+    int nPriorSize = mcMemorySize(pPrior);
+    if (nByte == 0)
+    {
+      /* New size = 0, just free prior memory */
+      mcMemoryFree(pPrior);
+      return NULL;
+    }
+    else if (!pPrior)
+    {
+      /* Prior size = 0, just allocate new memory */
+      return mcMemoryAlloc(nByte);
+    }
+    else if(nByte <= nPriorSize)
+    {
+      /* New size less or equal prior size, do nothing - we do not shrink allocations */
+      return pPrior;
+    }
+    else
+    {
+      /* New size greater than prior size, reallocate memory */
+      pNew = mcMemoryAlloc(nByte);
+      if (pNew)
+      {
+        memcpy(pNew, pPrior, nPriorSize);
+        mcMemoryFree(pPrior);
+      }
+      return pNew;
+    }
+  }
+  else
+  {
+    return mcDefaultMemoryMethods.xRealloc(pPrior, nByte);
+  }
+}
+
+/*
+** Round up request size to allocation size
+*/
+static int mcMemoryRoundup(int nByte)
+{
+  return mcDefaultMemoryMethods.xRoundup(nByte);
+}
+
+/*
+** Initialize the memory allocator
+*/
+static int mcMemoryInit(void* pAppData)
+{
+  return mcDefaultMemoryMethods.xInit(pAppData);
+}
+
+/*
+** Deinitialize the memory allocator
+*/
+static void mcMemoryShutdown(void* pAppData)
+{
+  mcDefaultMemoryMethods.xShutdown(pAppData);
+}
+
+static sqlite3_mem_methods mcSecureMemoryMethods =
+{
+  mcMemoryAlloc,
+  mcMemoryFree,
+  mcMemoryRealloc,
+  mcMemorySize,
+  mcMemoryRoundup,
+  mcMemoryInit,
+  mcMemoryShutdown,
+  0
+};
+
+SQLITE_PRIVATE void sqlite3mcSetMemorySecurity(int value)
+{
+  /* memory security can be changed only, if locking is not enabled */
+  if (mcSecureMemoryFlag < 2)
+  {
+    mcSecureMemoryFlag = (value >= 0 && value <= 2) ? value : 0;
+  }
+}
+
+SQLITE_PRIVATE int sqlite3mcGetMemorySecurity()
+{
+  return mcSecureMemoryFlag;
+}
+
+#endif /* SQLITE3MC_SECURE_MEMORY */
+
+SQLITE_PRIVATE void sqlite3mcInitMemoryMethods()
+{
+#if SQLITE3MC_SECURE_MEMORY
+  if (!mcSecureMemoryInitialized)
+  {
+    if (sqlite3_config(SQLITE_CONFIG_GETMALLOC, &mcDefaultMemoryMethods) != SQLITE_OK ||
+      sqlite3_config(SQLITE_CONFIG_MALLOC, &mcSecureMemoryMethods) != SQLITE_OK)
+    {
+      mcSecureMemoryFlag = mcSecureMemoryInitialized = 0;
+    }
+    else
+    {
+      mcSecureMemoryInitialized = 1;
+    }
+  }
+#endif /* SQLITE3MC_SECURE_MEMORY */
+}
+
+/*** End of #include "memory_secure.c" ***/
+
+
 /*
 ** Extension functions
 */
@@ -298610,6 +298899,37 @@ sqlite3mcCheckVfs(const char* zVfs)
   return rc;
 }
 
+SQLITE_PRIVATE int
+sqlite3mcPagerHasCodec(PagerMC* pPager)
+{
+  int hasCodec = 0;
+  sqlite3mc_vfs* pVfsMC = NULL;
+  sqlite3_vfs* pVfs = pPager->pVfs;
+
+  /* Check whether the VFS stack of the pager contains a Multiple Ciphers VFS */
+  for (; pVfs; pVfs = pVfs->pNext)
+  {
+    if (pVfs && pVfs->xOpen == mcVfsOpen)
+    {
+      /* Multiple Ciphers VFS found */
+      pVfsMC = (sqlite3mc_vfs*)(pVfs);
+      break;
+    }
+  }
+
+  /* Check whether codec is enabled for associated database file */
+  if (pVfsMC)
+  {
+    sqlite3mc_file* mcFile = mcFindDbMainFileName(pVfsMC, pPager->zFilename);
+    if (mcFile)
+    {
+      Codec* codec = mcFile->codec;
+      hasCodec = (codec != 0 && sqlite3mcIsEncrypted(codec));
+    }
+  }
+  return hasCodec;
+}
+
 /*
 ** SQLite3 Multiple Ciphers external API functions
 */

package/deps/sqlite3/sqlite3.h

@@ -30,10 +30,10 @@
 #define SQLITE3MC_VERSION_H_
 
 #define SQLITE3MC_VERSION_MAJOR      1
-#define SQLITE3MC_VERSION_MINOR      6
-#define SQLITE3MC_VERSION_RELEASE    5
+#define SQLITE3MC_VERSION_MINOR      7
+#define SQLITE3MC_VERSION_RELEASE    0
 #define SQLITE3MC_VERSION_SUBRELEASE 0
-#define SQLITE3MC_VERSION_STRING     "SQLite3 Multiple Ciphers 1.6.5"
+#define SQLITE3MC_VERSION_STRING     "SQLite3 Multiple Ciphers 1.7.0"
 
 #endif /* SQLITE3MC_VERSION_H_ */
 /*** End of #include "sqlite3mc_version.h" ***/

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-sqlite3-multiple-ciphers",
-  "version": "8.7.0",
+  "version": "8.7.1-beta.0",
   "description": "better-sqlite3 with multiple-cipher encryption support",
   "homepage": "https://github.com/m4heshd/better-sqlite3-multiple-ciphers",
   "author": "Mahesh Bandara Wijerathna (m4heshd) <m4heshd@gmail.com>",