Skip to content

0.14.0
Compare
Choose a tag to compare
@vixentael vixentael released this 23 Dec 11:23
· 57 commits to master since this release
0.14.0
This tag was signed with the committer’s verified signature.
ilammy Oleksii Lozovskyi
GPG key ID: 5F338CB3B7203B42
Learn about vigilant mode.
5d21527
This commit was signed with the committer’s verified signature.
ilammy Oleksii Lozovskyi
GPG key ID: 5F338CB3B7203B42
Learn about vigilant mode.

0.14.0, December 24th 2021

TL;DR:

  • JavaThemis for Android has moved to Maven Central (read more).
  • JavaThemis for Java is available on Maven Central (read more).
  • Themis is now available via Swift Package Manager (read more)
  • Themis for iOS and macOS is also available as XCFramework, attached to the release.
  • TypeScript definitions and ES6 module are now available for WasmThemis (read more).
  • Node.js v16 is now supported.
  • Overhaul of documentation once again.
  • New Themis Core packages with BoringSSL – libthemis-boringssl.
  • OpenSSL 3.0 support is work-in-progress, but not ready yet (read more).
  • And as usual: more security hardening, fewer known bugs.

Breaking changes and deprecations:

  • Themis Core: private C header files are no longer installed.
  • GoThemis: ErrOverflow is now deprecated.
  • Rust: themis now requires Rust 1.47 or newer.
  • Rust: libthemis-src is no longer supported.
  • Installing Themis via Carthage now requires Carthage 0.38 or newer (read more).
  • Deprecated CocoaPods subspecs themis/themis-openssl and themis/themis-boringssl have been removed (read more)
  • Themis Server (Themis Interactive Simulator) is no longer supported (read more.

Code:

  • Core

    • Include embedded BoringSSL into Soter for convenience (#681, #702).

    • make deb and make rpm with ENGINE=boringssl will now produce libthemis-boringssl packages with embedded BoringSSL (#683, #686).

    • secure_session_create() now allows only EC keys, returning an error for RSA (#693).

    • Cleaned up unused private API. Thanks to @luismerino for pointing this out (#714).

    • Cleaned up public header files and API of Themis and Soter (#759).

      Private header files are no longer installed. Private APIs which have been unintentially exported are no longer available. This might be a breaking change for those who have used them. Please refrain from using private API and include only public API:

      #include <themis/themis.h>

      Users of official high-level wrappers are not affected. However, this might affect developers of third-party wrappers. Refer to the detailed description below for a list of removed headers.

      The following Soter headers are no longer available:

      • <soter/soter_container.h>
      • <soter/soter_crc32.h>
      • <soter/soter_ec_key.h>
      • <soter/soter_portable_endian.h>
      • <soter/soter_rsa_key.h>
      • <soter/soter_sign_ecdsa.h>
      • <soter/soter_sign_rsa.h>
      • <soter/soter_t.h>

      All APIs previously exported by them are no longer available as well.

      The following Themis headers are no longer available:

      • <themis/secure_cell_alg.h>
      • <themis/secure_cell_seal_passphrase.h>
      • <themis/secure_comparator_t.h>
      • <themis/secure_message_wrapper.h>
      • <themis/secure_session_peer.h>
      • <themis/secure_session_t.h>
      • <themis/secure_session_utils.h>
      • <themis/sym_enc_message.h>
      • <themis/themis_portable_endian.h>

      All APIs previously exported by them are no longer available as well.

      In addition to that, the following private symbols and definitions previously exported by <themis/secure_session.h> have been hidden:

      • THEMIS_SESSION_ID_TAG
      • THEMIS_SESSION_PROTO_TAG
      • SESSION_MASTER_KEY_LENGTH
      • SESSION_MESSAGE_KEY_LENGTH
      • struct secure_session_peer_type
      • typedef secure_session_peer_t
      • typedef secure_session_handler
      • secure_session_peer_init()
      • secure_session_peer_cleanup()

    • Fixed multiple buffer overflows in Secure Message (#763).

    • Fixed cross-compilation on macOS by setting ARCH and SDK variables (#849).

    • Updated embedded BoringSSL to the latest version (#812).

    • Builds with OpenSSL 3.0 will result in a compilation error for the time being (#872).

    • Hardened EC/RSA key generation and handling in Secure Message and Secure Session (#875, #876)

  • Android

    • Example project moved to the main repository – docs/examples/android (#813).
    • Example project is now written in Kotlin (#813).
    • Updated embedded BoringSSL to the latest version (#812).

  • C++

    • themispp::secure_message_t::sign() output is a bit smaller now (#775).

  • Go

    • Error ErrOverflow is now deprecated in favor of ErrOutOfMemory, new error types were added (#711).
    • SecureMessage.Sign() output is a bit smaller now (#775).

  • Java / Kotlin

  • Objective-C

    • Updated Objective-C examples (iOS and macOS, Carthage and CocoaPods) to showcase usage of the newest Secure Cell API: generating symmetric keys and using Secure Cell with Passphrase (#688) and to use latest Themis 0.13.4 (#701, #703, #706, #723, #724, #726, #740).
    • TSSession initializer now returns an error (nil) when given incorrect key type (#710).
    • Improved compatibility with Xcode 12 (#742).
    • Updated CocoaPods examples to the latest Themis version 0.13.10 (#834).
    • Removed deprecated CocoaPods subspecs: themis/themis-openssl and themis/themis-boringssl (#884, #885).

  • PHP

    • libphpthemis packages for Debian/Ubuntu now have accurate dependencies (#683).
    • PHP Composer 2.0 is now supported by PHPThemis unit tests (#730).

  • Node.js

    • SecureSession constructor now throws an exception when given incorrect key type (#698).
    • Node.js v16 is now supported (#801).

  • Python

    • SSession constructor now throws an exception when given incorrect key type (#710).

  • Ruby

    • Ssession constructor now throws an exception when given incorrect key type (#710).

  • Rust

    • Dropped libthemis-src crate support and removed the vendored feature. RustThemis wrapper now requires Themis Core to be installed in the system (#691).
    • Updated zeroize depedency to 1.x version. Rust 1.47 or newer is now required (#799).

  • Swift

    • Updated Swift examples (iOS and macOS, Carthage and CocoaPods) to showcase usage of the newest Secure Cell API: generating symmetric keys and using Secure Cell with Passphrase (#688) and to use latest Themis 0.13.4 (#701, #703, #706, #740).
    • TSSession initializer now returns an error (nil) when given incorrect key type (#710).
    • Improved compatibility with Xcode 12 (#742).
    • Updated CocoaPods examples to the latest Themis version 0.13.10 (#834).
    • Removed deprecated CocoaPods subspecs: themis/themis-openssl and themis/themis-boringssl (#884, #885).

  • WebAssembly

Infrastructure:

  • Improved package split making libthemis thinner (#678).
  • Optimized dependencies of libthemis DEB and RPM packages (#682, #686).
  • make deb and make rpm with ENGINE=boringssl will now produce libthemis-boringssl packages with embedded BoringSSL (#683, #686).
  • Build system and tests now respect the PATH settings (#685).
  • Rename embedded BoringSSL symbols by default to avoid conflicts with system OpenSSL (#702).
  • Started phasing out CircleCI in favour of GitHub Actions (#709, #755).
  • Themis is now fuzzed with afl++ (#766).
  • Secure Message is now covered with fuzz testing (#762).
  • JavaThemis for Android and desktop Java is now published in the Maven Central repository (#786, #788).
  • MSYS2 builds for Windows are now checked by CI (#791).
  • Added automated tests for Android example project (#813).
  • Added automated tests for desktop Java example project (#816).
  • Embedded BoringSSL now builds faster if Ninja is available (#837).
  • Embedded BoringSSL can now be cross-compiled on macOS by setting ARCH and SDK variables (#849).
  • Builds on macOS use OpenSSL 1.1 from Homebrew by default (#871).
  • Builds with OpenSSL 3.0 are currently not supported (#872).
Assets 3