Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
React Native Support
Added React Native Themis with Typescript support (#902, #903, #905, #906).
react-native-themis
is now available on npm! 🎉
npm install react-native-themis
TL;DR:
libthemis-boringssl
.Breaking changes and deprecations:
ErrOverflow
is now deprecated.themis
now requires Rust 1.47 or newer.libthemis-src
is no longer supported.themis/themis-openssl
and themis/themis-boringssl
have been removed (read more)Code:
Core
Include embedded BoringSSL into Soter for convenience (#681, #702).
make deb
and make rpm
with ENGINE=boringssl
will now produce libthemis-boringssl
packages with embedded BoringSSL (#683, #686).
secure_session_create()
now allows only EC keys, returning an error for RSA (#693).
Cleaned up unused private API. Thanks to @luismerino for pointing this out (#714).
Cleaned up public header files and API of Themis and Soter (#759).
Private header files are no longer installed. Private APIs which have been unintentially exported are no longer available. This might be a breaking change for those who have used them. Please refrain from using private API and include only public API:
#include <themis/themis.h>
Users of official high-level wrappers are not affected. However, this might affect developers of third-party wrappers. Refer to the detailed description below for a list of removed headers.
The following Soter headers are no longer available:
<soter/soter_container.h>
<soter/soter_crc32.h>
<soter/soter_ec_key.h>
<soter/soter_portable_endian.h>
<soter/soter_rsa_key.h>
<soter/soter_sign_ecdsa.h>
<soter/soter_sign_rsa.h>
<soter/soter_t.h>
All APIs previously exported by them are no longer available as well.
The following Themis headers are no longer available:
<themis/secure_cell_alg.h>
<themis/secure_cell_seal_passphrase.h>
<themis/secure_comparator_t.h>
<themis/secure_message_wrapper.h>
<themis/secure_session_peer.h>
<themis/secure_session_t.h>
<themis/secure_session_utils.h>
<themis/sym_enc_message.h>
<themis/themis_portable_endian.h>
All APIs previously exported by them are no longer available as well.
In addition to that, the following private symbols and definitions previously exported by <themis/secure_session.h>
have been hidden:
THEMIS_SESSION_ID_TAG
THEMIS_SESSION_PROTO_TAG
SESSION_MASTER_KEY_LENGTH
SESSION_MESSAGE_KEY_LENGTH
struct secure_session_peer_type
typedef secure_session_peer_t
typedef secure_session_handler
secure_session_peer_init()
secure_session_peer_cleanup()
Fixed multiple buffer overflows in Secure Message (#763).
Fixed cross-compilation on macOS by setting ARCH
and SDK
variables (#849).
Updated embedded BoringSSL to the latest version (#812).
Builds with OpenSSL 3.0 will result in a compilation error for the time being (#872).
Hardened EC/RSA key generation and handling in Secure Message and Secure Session (#875, #876)
Android
docs/examples/android
(#813).C++
themispp::secure_message_t::sign()
output is a bit smaller now (#775).Go
Java / Kotlin
SecureMessage#sign()
output is a bit smaller now (#777).
JavaThemis for Android and desktop Java is now published in the Maven Central repository (#786, #788).
Add the Maven Central repository to your build.gradle
:
repositories {
mavenCentral()
}
For Android, use this dependency:
dependencies {
implementation 'com.cossacklabs.com:themis:0.14.0'
}
For desktop systems use this one:
dependencies {
implementation 'com.cossacklabs.com:java-themis:0.14.0'
}
Example project for desktop Java moved to the main repository – docs/examples/java
(#816).
Objective-C
TSSession
initializer now returns an error (nil
) when given incorrect key type (#710).themis/themis-openssl
and themis/themis-boringssl
(#884, #885).PHP
Node.js
Python
SSession
constructor now throws an exception when given incorrect key type (#710).Ruby
Ssession
constructor now throws an exception when given incorrect key type (#710).Rust
Swift
TSSession
initializer now returns an error (nil
) when given incorrect key type (#710).themis/themis-openssl
and themis/themis-boringssl
(#884, #885).WebAssembly
import {SecureCell, SecureMessage, SecureSession, SecureComparator} from 'wasm-themis';
initialize()
, allowing to specify custom URL for libthemis.wasm
(#792, #854, #857).make wasmthemis
now fails with unsupported Emscripten toolchains (#879).Infrastructure:
libthemis
thinner (#678).libthemis
DEB and RPM packages (#682, #686).make deb
and make rpm
with ENGINE=boringssl
will now produce libthemis-boringssl
packages with embedded BoringSSL (#683, #686).PATH
settings (#685).afl++
(#766).ARCH
and SDK
variables (#849).Deprecation Notice for CocoaPods users:
themis/themis-openssl
subspec based on GRKOpenSSLFramework is deprecated and will be removed in Themis version 0.14.themis/themis-boringssl
subspec based on BoringSSL is deprecated and will be removed in Themis version 0.14.Please, switch to the default option in your Podfile: pod 'themis'
Hotfix for Apple platforms:
themis
for CocoaPods now uses XCFrameworks, supports Apple Silicon, and OpenSSL 1.1.1k (#828).Code:
Objective-C / Swift
themis
for CocoaPods now uses XCFrameworks, supports Apple Silicon, and OpenSSL 1.1.1k (#828).themis
for Carthage switched to using XCFrameworks (#817). So, the minimum required Carthage version is now 0.38.0. You can continue using previous Themis version with previous Carthage versions.Code:
Objective-C / Swift
themis
for Carthage now pulls OpenSSL dependency as XCFramework, and Carthage builds themis
as XCFramework as well. Themis.xcodeproj
now uses openssl.xcframwork
and themis.xcframework
. Carthage dependencies should be built with --use-xcframeworks
flag (#817).--use-xcframeworks
flag (#817).OpenSSL 1.1.1k for iOS/macOS SPM
themis.xcframework
. (iOS and macOS).Code:
Objective-C / Swift
themis.xcframework
. It is openssl-apple
version 1.1.11101.This is a hotfix for Apple platforms: ObjCThemis and SwiftThemis, running on iOS and macOS, when installed via Carthage or CocoaPods.
themis
pod is now restored to use dynamic linkage again@rpath
when using CocoaPodsarm64e
architecture slice from Carthage builds for iOS which prevented CocoaPods from functioning correctlyCode: