fix output of integrity check on big endian platforms
[sqlcipher.git] / CHANGELOG.md
blobc64588ac208665669c399f372c1becaf603cfd81
1 # SQLCipher Change Log
2 All notable changes to this project will be documented in this file.
4 ## [4.2.0] - (May 2019 - [4.2.0 changes])
5 - Adds PRAGMA cipher_integrity_check to perform independent verification of page HMACs
6 - Updates baseline to upstream SQLite 3.28.0
7 - Improves PRAGMA cipher_migrate to handle keys containing non-terminating zero bytes
9 ## [4.1.0] - (March 2019 - [4.1.0 changes])
10 - Defer reading salt from header until key derivation is triggered
11 - Clarify usage of sqlite3_rekey for plaintext databases in header
12 - Normalize attach behavior when key is not yet derived
13 - Adds PRAGMA cipher_settings to query current database codec settings
14 - Adds PRAGMA cipher_default_settings to query current default SQLCipher options
15 - PRAGMA cipher_hmac_pgno is now deprecated
16 - PRAGMA cipher_hmac_salt_mask is now deprecated
17 - PRAGMA fast_kdf_iter is now deprecated
18 - Improve sqlcipher_export routine and restore all database flags
19 - Clear codec data buffers if a crypographic provider operation fails
20 - Disable backup API for encrypted databases (this was previously documented as not-working and non-supported, but will now explicitly error out on initialization)
21 - Updates baseline to upstream SQLite 3.27.2
23 ## [4.0.1] - (December 2018 - [4.0.1 changes])
24 - Based on upstream SQLite 3.26.0 (addresses SQLite “Magellan” issue)
25 - Adds PRAGMA cipher_compatibility and cipher_default_compatibility which take automatcially configure appropriate compatibility settings for the specified SQLCipher major version number
26 - Filters attach statements with KEY parameters from readline history
27 - Fixes crash in command line shell with empty input (i.e. ^D)
28 - Fixes warnings when compiled with strict-prototypes
30 ## [4.0.0] - (November 2018 - [4.0.0 changes])
31 ### Changed
32 - Default page size for databases increased to 4096 bytes (up from 1024) *
33 - Default PBKDF2 iterations increased to 256,000 (up from 64,000) *
34 - Default KDF algorithm is now PBKDF2-HMAC-SHA512 (from PBKDF2-HMAC-SHA1) *
35 - Default HMAC algorithm is now HMAC-SHA512 (from HMAC-SHA1) *
36 - PRAGMA cipher is now disabled and no longer supported (after multi-year deprecation) *
37 - PRAGMA rekey_cipher is now disabled and no longer supported *
38 - PRAGMA rekey_kdf_iter is now disabled and no longer supported *
39 - By default all memory allocated internally by SQLite before the memory is wiped before it is freed 
40 - PRAGMA cipher_memory_security: allows full memory wiping to be disabled for performance when the feature is not required
41 - PRAGMA cipher_kdf_algorithm, cipher_default_kdf_algorithm to control KDF algorithm selection between PBKDF2-HMAC-SHA1, PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-SHA512
42 - PRAGMA cipher_hmac_algorithm, cipher_default_hmac_algorithm to control HMAC algorithm selection between HMAC-SHA1, HMAC-SHA256 and PBKDF2-HMAC-SHA512
43 - Based on upstream SQLite 3.25.2
44 - When compiled with readline support, PRAGMA key and rekey lines will no longer be
45   saved to history
46 - Adds second optional parameter to sqlcipher_export to specify source database to
47   support bidirectional exports
48 - Fixes compatibility with LibreSSL 2.7.0+
49 - Fixes compatibility with OpenSSL 1.1.x
50 - Simplified and improved performance for PRAGMA cipher_migrate when migrating older database versions
51 - Refactoring of SQLCipher tests into separate files by test type
52 - PRAGMA cipher_plaintext_header_size and cipher_default_plaintext_header_size: allocates a portion of the database header which will not be encrypted to allow identification as a SQLite database
53 - PRAGMA cipher_salt: retrieve or set the salt value for the database
54 - Adds Podspec for using tagged versions of SQLCipher
55 - Define SQLCIPHER_PROFILE_USE_FOPEN for WinXP support
56 - Improved error handling for cryptographic providers
57 - Improved memory handling for PRAGMA commands that return values
58 - Improved version reporting to assist with identification of distribution
59 - Major rewrite and simplification of internal codec and pager extension
60 - Fixes compilation with --disable-amalgamation
61 - Removes sqlcipher.xcodeproj build support
63 ## [3.4.2] - (December 2017 - [3.4.2 changes])
64 ### Added
65 - Added support for building with LibreSSL
67 ### Changed
68 - Merge upstream SQLite 3.20.1
69 - Text strings for `SQLITE_ERROR` and `SQLITE_NOTADB` changed to match upstream SQLite
70 - Remove static modifier for codec password functions
71 - Page alignment for `mlock`
72 - Fix segfault in `sqlcipher_cipher_ctx_cmp` during rekey operation
73 - Fix `sqlcipher_export` and `cipher_migrate` when tracing API in use
74 - Validate codec page size when setting
75 - Guard OpenSSL initialization and cleanup routines
76 - Allow additional linker options to be passed via command line for Windows platforms
78 ## [3.4.1] - (December 2016 - [3.4.1 changes])
79 ### Added
80 - Added support for OpenSSL 1.1.0
82 ### Changed
83 - Merged upstream SQLite 3.15.2
85 ## [3.4.0] - (April 2016 - [3.4.0 changes])
86 ### Added
87 - Added `PRAGMA cipher_provider_version`
89 ### Changed
90 - Merged upstream SQLite 3.11.0
92 ### Deprecated
93 - Deprecated `PRAGMA cipher` command
95 ## [3.3.1] - (July 2015 - [3.3.1 changes])
96 ### Changed
97 - Merge upstream SQLite 3.8.10.2
98 - Fixed segfault when provided an invalid cipher name
99 - Check for codec context when performing `PRAGMA cipher_store_pass`
100 - Remove extraneous null check in `PRAGMA cipher_migrate`
102 ## [3.3.0] - (March 2015 - [3.3.0 changes])
103 ### Added
104 - Added FIPS API calls within the OpenSSL crypto provider
105 - `PRAGMA cipher_default_page_size` - support for attaching non-default page sizes
107 ### Changed
108 - Merged upstream SQLite 3.8.8.3
110 ## [3.2.0] - (September 2014 - [3.2.0 changes])
111 ### Added
112 - Added `PRAGMA cipher_store_pass`
114 ### Changed
115 - Merged upstream SQLite 3.8.6
116 - Renmed README to README.md
118 ## [3.1.0] - (April 2014 - [3.1.0 changes])
119 ### Added
120 - Added `PRAGMA cipher_profile`
122 ### Changed
123 - Merged upstream SQLite 3.8.4.3
125 ## [3.0.1] - (December 2013 - [3.0.1 changes])
126 ### Added
127 - Added `PRAGMA cipher_add_random` to source external entropy
129 ### Changed
130 - Fix `PRAGMA cipher_migrate` to handle passphrases longer than 64 characters & raw keys
131 - Improvements to the libtomcrypt provider
133 ## [3.0.0] - (November 2013 - [3.0.0 changes])
134 ### Added
135 - Added `PRAGMA cipher_migrate` to migrate older database file formats
137 ### Changed
138 - Merged upstream SQLite 3.8.0.2
139 - Remove usage of VirtualLock/Unlock on WinRT and Windows Phone
140 - Ignore HMAC read during Btree file copy
141 - Fix lib naming for pkg-config
142 - Use _v2 version of `sqlite3_key` and `sqlite3_rekey`
143 - Update xcodeproj file
145 ### Security
146 - Change KDF iteration length from 4,000 to 64,000
148 [unreleased]: https://github.com/sqlcipher/sqlcipher/compare/v4.2.0...prerelease
149 [4.2.0]: https://github.com/sqlcipher/sqlcipher/tree/v4.2.0
150 [4.2.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v4.1.0...v4.2.0
151 [4.1.0]: https://github.com/sqlcipher/sqlcipher/tree/v4.1.0
152 [4.1.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v4.0.1...v4.1.0
153 [4.0.1]: https://github.com/sqlcipher/sqlcipher/tree/v4.0.1
154 [4.0.1 changes]: https://github.com/sqlcipher/sqlcipher/compare/v4.0.0...v4.0.1
155 [4.0.0]: https://github.com/sqlcipher/sqlcipher/tree/v4.0.0
156 [4.0.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.4.2...v4.0.0
157 [3.4.2]: https://github.com/sqlcipher/sqlcipher/tree/v3.4.2
158 [3.4.2 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.4.1...v3.4.2
159 [3.4.1]: https://github.com/sqlcipher/sqlcipher/tree/v3.4.1
160 [3.4.1 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.4.0...v3.4.1
161 [3.4.0]: https://github.com/sqlcipher/sqlcipher/tree/v3.4.0
162 [3.4.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.3.1...v3.4.0
163 [3.3.1]: https://github.com/sqlcipher/sqlcipher/tree/v3.3.1
164 [3.3.1 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.3.0...v3.3.1
165 [3.3.0]: https://github.com/sqlcipher/sqlcipher/tree/v3.3.0
166 [3.3.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.2.0...v3.3.0
167 [3.2.0]: https://github.com/sqlcipher/sqlcipher/tree/v3.2.0
168 [3.2.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.1.0...v3.2.0
169 [3.1.0]: https://github.com/sqlcipher/sqlcipher/tree/v3.1.0
170 [3.1.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.0.1...v3.1.0
171 [3.0.1]: https://github.com/sqlcipher/sqlcipher/tree/v3.0.1
172 [3.0.1 changes]: https://github.com/sqlcipher/sqlcipher/compare/v3.0.0...v3.0.1
173 [3.0.0]: https://github.com/sqlcipher/sqlcipher/tree/v3.0.0
174 [3.0.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v2.2.0...v3.0.0
175 [2.2.0]: https://github.com/sqlcipher/sqlcipher/tree/v2.2.0
176 [2.2.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v2.1.1...v2.2.0
177 [2.1.1]: https://github.com/sqlcipher/sqlcipher/tree/v2.1.1
178 [2.1.1 changes]: https://github.com/sqlcipher/sqlcipher/compare/v2.1.0...v2.1.1
179 [2.1.0]: https://github.com/sqlcipher/sqlcipher/tree/v2.1.0
180 [2.1.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v2.0.6...v2.1.0
181 [2.0.6]: https://github.com/sqlcipher/sqlcipher/tree/v2.0.6
182 [2.0.6 changes]: https://github.com/sqlcipher/sqlcipher/compare/v2.0.5...v2.0.6
183 [2.0.5]: https://github.com/sqlcipher/sqlcipher/tree/v2.0.5
184 [2.0.5 changes]: https://github.com/sqlcipher/sqlcipher/compare/v2.0.3...v2.0.5
185 [2.0.3]: https://github.com/sqlcipher/sqlcipher/tree/v2.0.3
186 [2.0.3 changes]: https://github.com/sqlcipher/sqlcipher/compare/v2.0.0...v2.0.3
187 [2.0.0]: https://github.com/sqlcipher/sqlcipher/tree/v2.0.0
188 [2.0.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.10...v2.0.0
189 [1.1.10]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.10
190 [1.1.10 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.9...v1.1.10
191 [1.1.9]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.9
192 [1.1.9 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.8...v1.1.9
193 [1.1.8]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.8
194 [1.1.8 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.7...v1.1.8
195 [1.1.7]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.7
196 [1.1.7 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.6...v1.1.7
197 [1.1.6]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.6
198 [1.1.6 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.5...v1.1.6
199 [1.1.5]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.5
200 [1.1.5 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.4...v1.1.5
201 [1.1.4]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.4
202 [1.1.4 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.3...v1.1.4
203 [1.1.3]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.3
204 [1.1.3 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.2...v1.1.3
205 [1.1.2]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.2
206 [1.1.2 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.1...v1.1.1
207 [1.1.1]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.1
208 [1.1.1 changes]: https://github.com/sqlcipher/sqlcipher/compare/v1.1.0...v1.1.1
209 [1.1.0]: https://github.com/sqlcipher/sqlcipher/tree/v1.1.0
210 [1.1.0 changes]: https://github.com/sqlcipher/sqlcipher/compare/617ed01...v1.1.0