Merge pull request #215 from bigbrett/sqlcipher

SQLCipher: Fix FIPS 140-3 errors

sqlcipher/README.md

@@ -72,6 +72,10 @@ make testfixture
 
 ```sh
 ./testfixture test/sqlcipher.test
+
+# Or if you are building against wolfSSL FIPS, run the FIPS subset of the tests
+# as the standard tests will fail due to violations of FIPS requirements
+./testfixture test/sqlcipher-wolfssl-fips.test
 ```
 
 Note that SQLCipher also supports linking against static libraries for its crypto implementations. See the SQLCipher documentation for more details.
@@ -81,5 +85,7 @@ Note that SQLCipher also supports linking against static libraries for its crypt
 1. Compiler errors like `fatal error: tcl.h: No such file or directory` indicate that SQLite cannot find the `tcl` development headers on your system. You can install the development headers using the steps in the [Prerequisites](##prerequisites) section. Please refer to the SQLite and SQLCipher documentation for more info.
 
 
-2. If using a FIPS build of wolfSSL, the sqlcipher tests will all fail as they use a password/key shorter than the minimum FIPS mandated length (14 bytes). There are some tests that are easy to change to accomodate that (`sqlcipher-backup.test`, for example). For these you can run `sed -i 's/testkey/testkey012345678/g'`. Other tests will take too long to fix as they use random keys ("foo", "0123", etc) and others like `sqlcipher-compatibility.test` operate on databases already encrypted with short keys, and so should be skipped.
+2. If using a FIPS build, the normal sqlcipher tests will all fail as they use a password/key shorter than the minimum FIPS mandated length (14 bytes). wolfSSL has provided a modified suite of tests that can ve ran against a FIPS build. These tests use longer FIPS-compliant keys, and remove tests that operate on pre-encrypted databases with these keys. You can run the SQLCipher wolfSSL FIPS tests with `./testsuite sqlcipher-wolfssl-fips.test`. Non-FIPS wolfSSL builds can use the normal sqlcipher tests.
+
+