All notable changes to this project will be documented in this file.
unreleased - (? 2024 - unreleased changes)
4.6.0 - (May 2024 - 4.6.0 changes)
- Sets default log level to WARN
- Sends default log output to: logcat for Android; Console for iOS and macOS; and stderr for all other platforms
- General improvements to log level assignments, output, and sanitization
- Fixes Apple Privacy Manifest by removing empty NSPrivacyCollectedDataType from PrivacyInfo.xcprivacy
- Moves Swift support defines for podspec user_target_xcconfig so they only apply to the consuming project
4.5.7 - (April 2024 - 4.5.7 changes)
- Updates baseline to upstream SQLite 3.45.3
- Adds "device" logging and profile target using os_log for Apple (and logcat on Android)
- Fixes issues compiling with SQLITE_OMIT_LOG
- fixes malformed man page caused by old merge conflict
- Updates podspec for current Xcode versions, improved Swift support, and Privacy Manifest
4.5.6 - (January 2024 - 4.5.6 changes)
- Updates baseline to upstream SQLite 3.44.2
- Improve PRAGMA cipher_integrity check to report expected page size if invalid
- Implement PRAGMA page_size compatibility with PRAGMA cipher_page_size so both will operate properly on encrypted databases
- Updates LICENSE.md with SQLCipher license to avoid ambiguity and remove redundance
4.5.5 - (August 2023 - 4.5.5 changes)
- Updates baseline to upstream SQLite 3.42.0
- Do not allow key to be changed on a connection after it has been successfully used for an encryption or decryption operation to prevent accidental database corruption
- Raise an error if a rekey operation is attempted on an unencrypted database
- Raise an error when a key or rekey operation is passed an empty key
- Minor improvements to constant time functions
- Miscellaneous code and comment cleanup
4.5.4 - (April 2023 - 4.5.4 changes)
- Updates baseline to upstream SQLite 3.41.2
- Updates minimum Apple SDK versions in podspec for new Xcode compatibility
- Return runtime OpenSSL version from PRAGMA cipher_provider_version (instead of hardcoded value)
- Adds guard against zero block size and crash if cryptographic provider initialization fails
- When an ATTACH occurs creating a new encrypted database as the first operation after keying the main database, the new database will have the same salt value.
4.5.3 - (December 2022 - 4.5.3 changes)
- Updates baseline to upstream SQLite 3.39.4
4.5.2 - (August 2022 - 4.5.2 changes)
- Updates source code baseline to upstream SQLite 3.39.2
- Simplifies OpenSSL version conditional code
- Fixes issue where PRAGMA cipher_memory_security could report OFF when it was actually ON
- Fixes fix unfreed OpenSSL allocation when compiled against version 3
- Fixes support for building against recent versions of BoringSSL
4.5.1 - (March 2022 - 4.5.1 changes)
- Updates source code baseline to upstream SQLite 3.37.2
- Adds PRAGMA cipher_log and cipher_log_level features to allow logging of TRACE, DEBUG, INFO, WARN, and ERROR messages to stdout, stderr, file, or logcat
- Modifies PRAGMA cipher_profile to use sqlite3_trace_v2 and adds logcat target for Android
- Updates OpenSSL provider to use EVP_MAC API with version 3+
- Adds new PRAGMA cipher_test_on, cipher_test_off, and cipher_test_rand (available when compiled with -DSQLCIPHER_TEST) to facilitate simulation of error conditions
- Fixes PRAGMA cipher_integrity_check to work properly with databases larger that 2GB
- Fixes missing munlock before free for context internal buffer (thanks to Fedor Indutny)
4.5.0 - (October 2021 - 4.5.0 changes)
- Updates baseline to upstream SQLite 3.36.0
- Changes the enhanced memory security feature to be DISABLED by default; once enabled by PRAGMA cipher_memory_security = ON, it can't be turned off for the lifetime of the process
- Changes PRAGMA cipher_migrate to permanently enter an error state if a migration fails
- Fixes memory locking/unlocking issue with realloc implementation on hardened runtimes when memory security is enabled
- Fixes cipher_migrate to cleanup the temporary database if a migration fails
- Removes logging of non-string pointers when compiling with trace level logging
4.4.3 - (February 2021 - 4.4.3 changes)
- Updates baseline to ustream SQLite 3.34.1
- Fixes sqlcipher_export handling of NULL parameters
- Removes randomization of rekey-delete tests to avoid false test failures
- Changes internal usage of sqlite_master to sqlite_schema
- Omits unusued profiling function under certain defines to avoid compiler warnings
4.4.2 - (November 2020 - 4.4.2 changes)
- Improve error handling to resolve potential corruption if an encryption operation failed while operating in WAL mode
- Changes to OpenSSL library cryptographic provider to reduce initialization complexity
- Adjust cipher_integrity_check to skip locking page to avoid a spurious error report for very large databases
- Miscellaneous code and comment cleanup
4.4.1 - (October 2020 - 4.4.1 changes)
- Updates baseline to upstream SQLite 3.33.0
- Fixes double-free bug in cipher_default_plaintext_header_size
- Changes SQLCipher tests to use suite runner
- Improvement to cipher_integrity_check tests to minimize false negatives
- Deprecates PRAGMA cipher_store_pass
4.4.0 - (May 2020 - 4.4.0 changes)
- Updates baseline to upstream SQLite 3.31.0
- Adjusts shell to report SQLCipher version alongside SQLite version
- Fixes various build warnings under several compilers
- Removes unused id and status functions from provider interface
4.3.0 - (November 2019 - 4.3.0 changes)
- Updates baseline to upstream SQLite 3.30.1
- PRAGMA key now returns text result value "ok" after execution
- Adjusts backup API so that encrypted to encrypted backups are permitted
- Adds NSS crypto provider implementation
- Fixes OpenSSL provider compatibility with BoringSSL
- Separates memory related traces to reduce verbosity of logging
- Fixes output of PRAGMA cipher_integrity_check on big endian platforms
- Cryptograpic provider interface cleanup
- Rework of mutex allocation and management
- Resolves miscellaneous build warnings
- Force error state at database pager level if SQLCipher initialization fails
4.2.0 - (May 2019 - 4.2.0 changes)
- Adds PRAGMA cipher_integrity_check to perform independent verification of page HMACs
- Updates baseline to upstream SQLite 3.28.0
- Improves PRAGMA cipher_migrate to handle keys containing non-terminating zero bytes
4.1.0 - (March 2019 - 4.1.0 changes)
- Defer reading salt from header until key derivation is triggered
- Clarify usage of sqlite3_rekey for plaintext databases in header
- Normalize attach behavior when key is not yet derived
- Adds PRAGMA cipher_settings to query current database codec settings
- Adds PRAGMA cipher_default_settings to query current default SQLCipher options
- PRAGMA cipher_hmac_pgno is now deprecated
- PRAGMA cipher_hmac_salt_mask is now deprecated
- PRAGMA fast_kdf_iter is now deprecated
- Improve sqlcipher_export routine and restore all database flags
- Clear codec data buffers if a crypographic provider operation fails
- Disable backup API for encrypted databases (this was previously documented as not-working and non-supported, but will now explicitly error out on initialization)
- Updates baseline to upstream SQLite 3.27.2
4.0.1 - (December 2018 - 4.0.1 changes)
- Based on upstream SQLite 3.26.0 (addresses SQLite “Magellan” issue)
- Adds PRAGMA cipher_compatibility and cipher_default_compatibility which take automatcially configure appropriate compatibility settings for the specified SQLCipher major version number
- Filters attach statements with KEY parameters from readline history
- Fixes crash in command line shell with empty input (i.e. ^D)
- Fixes warnings when compiled with strict-prototypes
4.0.0 - (November 2018 - 4.0.0 changes)
- Default page size for databases increased to 4096 bytes (up from 1024) *
- Default PBKDF2 iterations increased to 256,000 (up from 64,000) *
- Default KDF algorithm is now PBKDF2-HMAC-SHA512 (from PBKDF2-HMAC-SHA1) *
- Default HMAC algorithm is now HMAC-SHA512 (from HMAC-SHA1) *
- PRAGMA cipher is now disabled and no longer supported (after multi-year deprecation) *
- PRAGMA rekey_cipher is now disabled and no longer supported *
- PRAGMA rekey_kdf_iter is now disabled and no longer supported *
- By default all memory allocated internally by SQLite before the memory is wiped before it is freed
- PRAGMA cipher_memory_security: allows full memory wiping to be disabled for performance when the feature is not required
- PRAGMA cipher_kdf_algorithm, cipher_default_kdf_algorithm to control KDF algorithm selection between PBKDF2-HMAC-SHA1, PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-SHA512
- PRAGMA cipher_hmac_algorithm, cipher_default_hmac_algorithm to control HMAC algorithm selection between HMAC-SHA1, HMAC-SHA256 and PBKDF2-HMAC-SHA512
- Based on upstream SQLite 3.25.2
- When compiled with readline support, PRAGMA key and rekey lines will no longer be saved to history
- Adds second optional parameter to sqlcipher_export to specify source database to support bidirectional exports
- Fixes compatibility with LibreSSL 2.7.0+
- Fixes compatibility with OpenSSL 1.1.x
- Simplified and improved performance for PRAGMA cipher_migrate when migrating older database versions
- Refactoring of SQLCipher tests into separate files by test type
- PRAGMA cipher_plaintext_header_size and cipher_default_plaintext_header_size: allocates a portion of the database header which will not be encrypted to allow identification as a SQLite database
- PRAGMA cipher_salt: retrieve or set the salt value for the database
- Adds Podspec for using tagged versions of SQLCipher
- Define SQLCIPHER_PROFILE_USE_FOPEN for WinXP support
- Improved error handling for cryptographic providers
- Improved memory handling for PRAGMA commands that return values
- Improved version reporting to assist with identification of distribution
- Major rewrite and simplification of internal codec and pager extension
- Fixes compilation with --disable-amalgamation
- Removes sqlcipher.xcodeproj build support
3.4.2 - (December 2017 - 3.4.2 changes)
- Added support for building with LibreSSL
- Merge upstream SQLite 3.20.1
- Text strings for
SQLITE_ERRORandSQLITE_NOTADBchanged to match upstream SQLite - Remove static modifier for codec password functions
- Page alignment for
mlock - Fix segfault in
sqlcipher_cipher_ctx_cmpduring rekey operation - Fix
sqlcipher_exportandcipher_migratewhen tracing API in use - Validate codec page size when setting
- Guard OpenSSL initialization and cleanup routines
- Allow additional linker options to be passed via command line for Windows platforms
3.4.1 - (December 2016 - 3.4.1 changes)
- Added support for OpenSSL 1.1.0
- Merged upstream SQLite 3.15.2
3.4.0 - (April 2016 - 3.4.0 changes)
- Added
PRAGMA cipher_provider_version
- Merged upstream SQLite 3.11.0
- Deprecated
PRAGMA ciphercommand
3.3.1 - (July 2015 - 3.3.1 changes)
- Merge upstream SQLite 3.8.10.2
- Fixed segfault when provided an invalid cipher name
- Check for codec context when performing
PRAGMA cipher_store_pass - Remove extraneous null check in
PRAGMA cipher_migrate
3.3.0 - (March 2015 - 3.3.0 changes)
- Added FIPS API calls within the OpenSSL crypto provider
PRAGMA cipher_default_page_size- support for attaching non-default page sizes
- Merged upstream SQLite 3.8.8.3
3.2.0 - (September 2014 - 3.2.0 changes)
- Added
PRAGMA cipher_store_pass
- Merged upstream SQLite 3.8.6
- Renmed README to README.md
3.1.0 - (April 2014 - 3.1.0 changes)
- Added
PRAGMA cipher_profile
- Merged upstream SQLite 3.8.4.3
3.0.1 - (December 2013 - 3.0.1 changes)
- Added
PRAGMA cipher_add_randomto source external entropy
- Fix
PRAGMA cipher_migrateto handle passphrases longer than 64 characters & raw keys - Improvements to the libtomcrypt provider
3.0.0 - (November 2013 - 3.0.0 changes)
- Added
PRAGMA cipher_migrateto migrate older database file formats
- Merged upstream SQLite 3.8.0.2
- Remove usage of VirtualLock/Unlock on WinRT and Windows Phone
- Ignore HMAC read during Btree file copy
- Fix lib naming for pkg-config
- Use _v2 version of
sqlite3_keyandsqlite3_rekey - Update xcodeproj file
- Change KDF iteration length from 4,000 to 64,000