A strange bug with rekey.

[johnfound]

I am using PRAGMA to call the rekey function.

After decrypting the database with pragma rekey='';, the following pragma rekey='somenewkey'; almost always fails.

In order to encrypt the database again, I must reopen the database, or to execute pragma rekey=''; several times. After one of these, the following pragma rekey='somenewkey' successfully encrypts the database.

On encrypted database pragma rekey='' always successfully decrypts the database.

On all these commands there is no error returned by sqlite3_step(). The only difference is that the successful rekey (with nonempty key) returns SQLITE_ROW and the unsuccessful returns SQLITE_DONE.

On the other hand, rekey with empty key (decrypt database) always return SQLITE_DONE, but still decrypts the database.

Also the bug is related on the decrypt operation (rekey with empty string value). When calling rekey for re-encrypting the database with new key, it always success.

[johnfound]

Almost the same happens when trying to use direct API calls to sqlite3_rekey();

With the following differences:

1. The returned error is SQLITE_NOMEM
2. Sometimes the program crashes with segmentation fault exception.
3. After success I must run sqlite3_wal_checkpoint() function in order to really have database updated.

Minor complaint: sqlite3_rekey(DB, 0, 0) fails with SQLITE_ERROR. IMO, when nKey==0 the zKey should be ignored. ( it seems this condition is wrong: sqleet.c line: 562)

[resilar]

Unfortunately I am unable to reproduce the issue with the latest version of sqleet.

The described issue looks suspiciously similar to "Cannot set key again if having removed key" #26 fixed two weeks ago. Can you confirm that you are running the latest master of sqleet? The #26 fix should also be included in the updated v0.29.0 release package if downloaded no longer than a fortnight ago (sorry about the ambiguous v0.29.0 version number, the process of publishing sqleet bugfix releases needs some thought).

If this turns out to be another bug, my prime suspects are failing sqlite3RekeyVacuum() call on sqleet.c:575 due to size_hook() and improperly initialized Codec structure. If possible, please provide a sample database file for triggering the bug. It helps a lot in investigating and fixing the bug.

Minor complaint: sqlite3_rekey(DB, 0, 0) fails with SQLITE_ERROR. IMO, when nKey==0 the zKey should be ignored.

I fully agree. The oversight is the result of the official SQLite3 shell never calling rekey with zKey == NULL (even if rekeying with an empty string). This has now been fixed in master. Thanks again for improving sqleet.

[johnfound]

The #26 fix should also be included in the updated v0.29.0 release package if downloaded no longer than a fortnight ago (sorry about the ambiguous v0.29.0 version number, the process of publishing sqleet bugfix releases needs some thought).

Yes, that was exactly the case! I have downloaded v0.29.0, but unfortunately the non-fixed version. Later didn't download again, because it was the same version 0.29.0;

After downloading the latest changes from the master and compiling all bugs disappeared. Thanks.