(released on 14.12.2017)

Latest News

Unsurprisingly, 0.9.5 came out eventually. Today.2017-09-14 20:25:28

Themis 0.9.4 is out now!2016-11-22 18:09:17

Themis 0.9.3 is released!2016-05-24 16:59:33

Releases

0.9.62017-12-14 11:13:51

TL;DR: OpenSSL 1.1 support.

Docs:

Infrastructure:

  • Removed support for Ubuntu Precise.
  • Fixed .rpm package versioning (#240).
  • Added a handy command for preparing and running of all the tests make test (#243).
  • Added small changes and updates into Makefile to make it even better and fixed the installing dependencies (#236, #239, #250).

Code:

  • Core:
  • added OpenSSL 1.1 support (#208).
  • Android wrapper:
  • fixed Secure Cell in token protect mode (#251);
  • fixed casting warnings in JNI code (#246).
  • iOS wrapper:
  • updated wrapper to be compatible with Swift4 (#230);
  • added nullability support (#255);
  • made the NSError autoreleasing (#257, #259) from @valeriyvan;
  • fixed warnings that appeared due to renaming error.h files (#247);
  • updated and refactored tests (#231, #232).
  • GoThemis:
  • added compatibility with old Go (1.2) (#253);
  • fixed tests (#261).
  • JSThemis:
  • fixed installation path for macOS (#237, #238).
  • PyThemis:
  • fixed compatibility with version 0.9.5 (#241), pushed as a separate package 0.9.5.1.
↺ Read more...

0.9.52017-09-13 12:03:34

Changelog:

Mostly usability fixes for wrappers.

Infrastructure:

  • You can now download pre-built Themis packages from our package server.
  • Enhanced building process for MacOS (working now!) (https://github.com/cossacklabs/themis/issues/215).
  • Enhanced building process for Debian 9.x (working even better now!).
  • Updated documentation and examples to make it easier to understand.
  • Now we use Bitrise as a separate CI for iOS wrapper.
  • Test and code coverage are automagically measured now!

Code:

↺ Read more...

0.9.42016-11-22 18:31:44

This is tiny intermediary release to lock ongoing changes in stable form for all languages:
- BoringSSL support on Android and Linux
- Fixed some leaks and code styling problems (thanks to @bryongloden)
- Memory management updates for stability in languages, which rely on sloppy GC
- Fix Themis build errors under certain conditions
- Secure Comparator examples for many languages
- Swift3 support + numerous enhancements from @valeriyvan, thanks a lot!
- GoThemis: fixed rare behavior in Secure Session wrapper
- GoThemis examples
- JsThemis syntax corrections and style fixes
- JsThemis Nan usage to enhance compatibility
- More and better Themis Server examples
- Enhanced error messages (now with proper spelling!)
- Corrections for RD_Themis

↺ Read more...

0.9.3.12016-08-24 15:31:54

Updating podspec to be compatible with CocoaPods 1.0

↺ Read more...

Recent builds

Rust API Guidelines compliance (#383)

2019-02-15 17:06:10

Success463f105bec866bd0cee6ceed4f3cdcb2320bcc27
See more builds

Commits

463f105bec866bd0...2019-02-15 16:46:23 ilammy

Rust API Guidelines compliance (#383) * Use impl Trait for Secure Comparator * Drop outdated TODOs We already handle errors in Secure Cell in acceptable way, there is no need to panic. Similarly, Secure Comparator has good enough usage pattern with "is_complete()" so we don't have to handle completion differently. * Use impl Trait for key types * Fix typos in API docs * Reorder Secure Comparator methods for better API docs * Add Debug implementation for all public types * Remove Clone implementation from Secure Message types They do not really need to be copyable (like Secure Cells). If you need to have use Secure Messages with the same keys then construct it twice. However, this should not be necessary in the first place. * Rename getter for remote peer ID Rust generally does not use "get" prefixes for getters. Furthermore, at some distant point we may want to add a getter for our own ID so give this method a better name. While we're here, I have noticed that the documentation comment lies. This method should properly handle the case where peer ID is not known. Peer IDs can't be empty so an empty result from underlying function secure_session_get_remote_id() means that there is no peer ID stored (i.e., the connection has not been negotiated yet). * Rename getter for comparison result Similarly, rename the getter without a "get" prefix because Rust APIs prefer such naming. * Unsafe impl Send for pointer types Rust cannot automatically infer thread-safety traits for types which use raw pointers. Secure Session and Secure Comparator are actually movable across threads, but not safe for concurrent usage. Reflect this by implementing Send but not Sync. * Use ? operator instead of unwrap in API examples Code snippets from documentation tend to be copy-pasted verbatim so take care to avoid unexpected panics.

9b4725f6f8ad209e...2019-02-15 16:41:01 ilammy

Catch and handle panics in SecureSessionTransport (#382) We must not let Rust panic escape into C's call stack from Secure Session callbacks as it is undefined behavior. Catch panics and handle them using yet another special error code. Add tests to verify that panics are not leaked.

8fd326419cc47291...2019-02-15 16:40:01 ilammy

Secure Session example code (#381) Here is an example of using Secure Session to implement a minimal networking application. Don't do anything fancy: a simple echo server with fixed keys and basic error handling should be enough. We need to illustrate the following points: - how to initiate connections and exchange data - how to use both APIs of SecureSession - how to implement SecureSessionTransport correctly There are also some specific comments on the session termination which has to be handled on the application layer.

27d9402be0e245ef...2019-02-15 11:10:34 ilammy

Improve and extend Secure Session API docs (#380) * Improve and extend Secure Session API docs Write module-level docs based on description on Wiki. Describe API flavors of Secure Session and update the method descriptions as well. * Rename constructor of Secure Session Rename the constructor to just "new()" to avoid misleading name. * Reorder Secure Session methods for clarity Group callback API and buffer-oriented API together in rustdoc output. This makes navigation a bit easier. * Rename Secure Session methods for consistency Use the same naming as other language wrappers do: - connect_request, wrap, unwrap for buffer-oriented API - connect, send, receive for callback API Other wrappers do not have a separate method for negotiation so we have to invent something here. Keep the naming consistent. * Use impl Trait in Secure Session methods Replace explicit templates with impl Trait which makes code a bit easier to read. * Check for empty client ID in Secure Session Secure Session is not able to negotiate connection if the client ID is empty so do an early check and return an error to the user if the provided client ID is invalid. Using expect_err() with Result revealed tha SecureSession does not have a Debug impl. All public types should have one so invent something. * Update changelog

e8c9ee34dfdf4b3b...2019-02-14 11:51:57 ilammy

Smart pointer constructors for Secure Session (#378) * Smart pointer constructors for Secure Session Using legacy C++03 interface of Secure Session may be a bit hard with modern practices introduced by C++11. Let's provide a more idiomatic interface where Secure Session assumes ownership over the provided instance of "secure_session_callback_interface_t" via smart pointers. We do so using the shared_ptr instance. This allows both shared and unique ownership over the provided callback interface. For example, if the users need only get_public_key_for_id() interface then they can share an instance of secure_session_callback_interface_t between all Secure Sessions. However, if they need to use the transport interface (send_data/receive_data) then they are likely to provide a unique instance for each Secure Session. We keep the old non-owning constructor for backwards compatibility. However, we mark is deprecated to incite the users to move on to a more safe and idiomatic interface with smart pointers. We still need to test the old interface so silence the relevant warning in this file.

Pull requests

#377 Enable more compiler warnings 2019-02-13 01:05:35ilammyEnable more compiler warnings