Skip to content

Commit 5d8d595

Browse files
sjlombardosjlombardo
committed
remove debug logging of potentially sensitive information
1 parent 7dcf1fc commit 5d8d595

2 files changed

Lines changed: 29 additions & 32 deletions

File tree

src/crypto.c

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ static int codec_set_btree_to_codec_pagesize(sqlite3 *db, Db *pDb, codec_ctx *ct
7676

7777
static int codec_set_pass_key(sqlite3* db, int nDb, const void *zKey, int nKey, int for_ctx) {
7878
struct Db *pDb = &db->aDb[nDb];
79-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_set_pass_key: entered db=%p nDb=%d zKey=%p nKey=%d for_ctx=%d", db, nDb, zKey, nKey, for_ctx);
79+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_set_pass_key: db=%p nDb=%d for_ctx=%d", db, nDb, for_ctx);
8080
if(pDb->pBt) {
8181
codec_ctx *ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
8282

@@ -100,8 +100,10 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef
100100
ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
101101
}
102102

103-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_pragma: entered db=%p iDb=%d pParse=%p zLeft=%s zRight=%s ctx=%p", db, iDb, pParse, zLeft, zRight, ctx);
104-
103+
if(sqlite3_stricmp(zLeft, "key") !=0 && sqlite3_stricmp(zLeft, "rekey")) {
104+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_pragma: db=%p iDb=%d pParse=%p zLeft=%s zRight=%s ctx=%p", db, iDb, pParse, zLeft, zRight, ctx);
105+
}
106+
105107
#ifdef SQLCIPHER_EXT
106108
if( sqlite3_stricmp(zLeft, "cipher_license")==0 && zRight ){
107109
char *license_result = sqlite3_mprintf("%d", sqlcipher_license_key(zRight));
@@ -732,7 +734,7 @@ static void* sqlite3Codec(void *iCtx, void *data, Pgno pgno, int mode) {
732734
int plaintext_header_sz = sqlcipher_codec_ctx_get_plaintext_header_size(ctx);
733735
int cctx = CIPHER_READ_CTX;
734736

735-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3Codec: entered pgno=%d, mode=%d, page_sz=%d", pgno, mode, page_sz);
737+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3Codec: pgno=%d, mode=%d, page_sz=%d", pgno, mode, page_sz);
736738

737739
#ifdef SQLCIPHER_EXT
738740
if(sqlcipher_license_check(ctx) != SQLITE_OK) return NULL;
@@ -832,7 +834,7 @@ static void sqlite3FreeCodecArg(void *pCodecArg) {
832834
int sqlite3CodecAttach(sqlite3* db, int nDb, const void *zKey, int nKey) {
833835
struct Db *pDb = &db->aDb[nDb];
834836

835-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3CodecAttach: entered db=%p, nDb=%d zKey=%p, nKey=%d", db, nDb, zKey, nKey);
837+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3CodecAttach: db=%p, nDb=%d", db, nDb);
836838

837839
if(nKey && zKey && pDb->pBt) {
838840
int rc;
@@ -919,12 +921,12 @@ void sqlite3_activate_see(const char* in) {
919921
}
920922

921923
int sqlite3_key(sqlite3 *db, const void *pKey, int nKey) {
922-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_key entered: db=%p pKey=%p nKey=%d", db, pKey, nKey);
924+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_key: db=%p", db);
923925
return sqlite3_key_v2(db, "main", pKey, nKey);
924926
}
925927

926928
int sqlite3_key_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
927-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_key_v2: entered db=%p zDb=%s pKey=%p nKey=%d", db, zDb, pKey, nKey);
929+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_key_v2: db=%p zDb=%s", db, zDb);
928930
/* attach key if db and pKey are not null and nKey is > 0 */
929931
if(db && pKey && nKey) {
930932
int db_index = sqlcipher_find_db_index(db, zDb);
@@ -935,7 +937,7 @@ int sqlite3_key_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
935937
}
936938

937939
int sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey) {
938-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey entered: db=%p pKey=%p nKey=%d", db, pKey, nKey);
940+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey: db=%p", db);
939941
return sqlite3_rekey_v2(db, "main", pKey, nKey);
940942
}
941943

@@ -950,7 +952,7 @@ int sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey) {
950952
** 3. If there is a key present, re-encrypt the database with the new key
951953
*/
952954
int sqlite3_rekey_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
953-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey_v2: entered db=%p zDb=%s pKey=%p, nKey=%d", db, zDb, pKey, nKey);
955+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey_v2: db=%p zDb=%s", db);
954956
if(db && pKey && nKey) {
955957
int db_index = sqlcipher_find_db_index(db, zDb);
956958
struct Db *pDb = &db->aDb[db_index];
@@ -1022,7 +1024,7 @@ int sqlite3_rekey_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
10221024

10231025
void sqlite3CodecGetKey(sqlite3* db, int nDb, void **zKey, int *nKey) {
10241026
struct Db *pDb = &db->aDb[nDb];
1025-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3CodecGetKey: entered db=%p, nDb=%d", db, nDb);
1027+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3CodecGetKey:db=%p, nDb=%d", db, nDb);
10261028
if( pDb->pBt ) {
10271029
codec_ctx *ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
10281030

src/crypto_impl.c

Lines changed: 17 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -464,7 +464,7 @@ static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
464464
*/
465465
static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
466466
cipher_ctx *c_ctx = *iCtx;
467-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_free: entered iCtx=%p", iCtx);
467+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_free: iCtx=%p", iCtx);
468468
sqlcipher_free(c_ctx->key, ctx->key_sz);
469469
sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
470470
sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
@@ -509,18 +509,17 @@ static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
509509
c1->pass_sz)
510510
));
511511

512-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_cmp: entered \
513-
c1=%p c2=%p \
514-
sqlcipher_memcmp(c1->pass, c2_pass)=%d \
515-
are_equal=%d",
516-
c1, c2,
517-
(c1->pass == NULL || c2->pass == NULL)
518-
? -1 : sqlcipher_memcmp(
519-
(const unsigned char*)c1->pass,
520-
(const unsigned char*)c2->pass,
521-
c1->pass_sz),
522-
are_equal
523-
);
512+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_cmp: c1=%p c2=%p sqlcipher_memcmp(c1->pass, c2_pass)=%d are_equal=%d",
513+
c1, c2,
514+
(c1->pass == NULL || c2->pass == NULL) ?
515+
-1 :
516+
sqlcipher_memcmp(
517+
(const unsigned char*)c1->pass,
518+
(const unsigned char*)c2->pass,
519+
c1->pass_sz
520+
),
521+
are_equal
522+
);
524523

525524
return !are_equal; /* return 0 if they are the same, 1 otherwise */
526525
}
@@ -537,7 +536,7 @@ static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_
537536
void *key = target->key;
538537
void *hmac_key = target->hmac_key;
539538

540-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_copy: entered target=%p, source=%p", target, source);
539+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_copy: target=%p, source=%p", target, source);
541540
sqlcipher_free(target->pass, target->pass_sz);
542541
sqlcipher_free(target->keyspec, ctx->keyspec_sz);
543542
memcpy(target, source, sizeof(cipher_ctx));
@@ -1000,7 +999,7 @@ int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const voi
1000999
*/
10011000
void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
10021001
codec_ctx *ctx = *iCtx;
1003-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_ctx_free: entered iCtx=%p", iCtx);
1002+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_ctx_free: iCtx=%p", iCtx);
10041003
sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
10051004
sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
10061005
sqlcipher_free(ctx->buffer, ctx->page_sz);
@@ -1073,7 +1072,7 @@ int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int
10731072
hmac_out = out + size + ctx->iv_sz;
10741073
out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
10751074

1076-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_page_cipher: entered pgno=%d, mode=%d, size=%d", pgno, mode, size);
1075+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_page_cipher: pgno=%d, mode=%d, size=%d", pgno, mode, size);
10771076
CODEC_HEXDUMP("sqlcipher_page_cipher: input page data", in, page_sz);
10781077

10791078
/* the key size should never be zero. If it is, error out. */
@@ -1152,12 +1151,8 @@ int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int
11521151
*/
11531152
static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
11541153
int rc;
1155-
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: entered c_ctx->pass=%p, c_ctx->pass_sz=%d \
1156-
ctx->kdf_salt=%p ctx->kdf_salt_sz=%d ctx->kdf_iter=%d \
1157-
ctx->hmac_kdf_salt=%p, ctx->fast_kdf_iter=%d ctx->key_sz=%d",
1158-
c_ctx->pass, c_ctx->pass_sz, ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1159-
ctx->hmac_kdf_salt, ctx->fast_kdf_iter, ctx->key_sz);
1160-
1154+
sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_key_derive: ctx->kdf_salt_sz=%d ctx->kdf_iter=%d ctx->fast_kdf_iter=%d ctx->key_sz=%d",
1155+
ctx->kdf_salt_sz, ctx->kdf_iter, ctx->fast_kdf_iter, ctx->key_sz);
11611156

11621157
if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
11631158

0 commit comments

Comments
 (0)