From b7f01641a133f7ebae3d3a52e14718fb51cfb184 Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Thu, 15 Jun 2023 20:32:49 +0300 Subject: [PATCH 1/8] Fix rust issues (pin log, run bindgen) (#1005) * rust: Pin log version to =0.4.18 The 0.4.19 requires rustc 1.60, but currently we support 1.58. Pinning it is not a big deal since it's development dependecy for tests and examples. * rust: Regenerate and update lib.rs bindgen was updated again and changed something which resulted in new output (seems like some internal constants are removed). --- src/wrappers/themis/rust/Cargo.toml | 3 ++- src/wrappers/themis/rust/libthemis-sys/src/lib.rs | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/wrappers/themis/rust/Cargo.toml b/src/wrappers/themis/rust/Cargo.toml index 9d782ef33..2ab5a682b 100644 --- a/src/wrappers/themis/rust/Cargo.toml +++ b/src/wrappers/themis/rust/Cargo.toml @@ -33,5 +33,6 @@ base64 = "0.10.0" byteorder = "1.2.7" clap = "2.32" lazy_static = "1.2.0" -log = "0.4.6" +# it can be unpinned when we update the minimum supported version of rustc +log = "=0.4.18" env_logger = "0.6.0" diff --git a/src/wrappers/themis/rust/libthemis-sys/src/lib.rs b/src/wrappers/themis/rust/libthemis-sys/src/lib.rs index 1ddd49ddb..06871d0e3 100644 --- a/src/wrappers/themis/rust/libthemis-sys/src/lib.rs +++ b/src/wrappers/themis/rust/libthemis-sys/src/lib.rs @@ -44,9 +44,6 @@ pub const THEMIS_SCOMPARE_SEND_OUTPUT_TO_PEER: u32 = 1; pub const THEMIS_SCOMPARE_MATCH: u32 = 21; pub const THEMIS_SCOMPARE_NO_MATCH: u32 = 22; pub const THEMIS_SCOMPARE_NOT_READY: u32 = 0; -pub const STATE_IDLE: u32 = 0; -pub const STATE_NEGOTIATING: u32 = 1; -pub const STATE_ESTABLISHED: u32 = 2; pub type themis_status_t = i32; extern "C" { pub fn themis_secure_cell_encrypt_seal( @@ -289,6 +286,9 @@ extern "C" { message_length: *mut usize, ) -> themis_status_t; } +pub const STATE_IDLE: u32 = 0; +pub const STATE_NEGOTIATING: u32 = 1; +pub const STATE_ESTABLISHED: u32 = 2; pub type send_protocol_data_callback = ::std::option::Option< unsafe extern "C" fn( data: *const u8, From 9107a311c5e449eaa036f91aa09f6c6392320dc7 Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Mon, 19 Jun 2023 11:26:34 +0300 Subject: [PATCH 2/8] Pythemis: introduce `pyproject.toml` (#1006) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * pythemis: Add pyproject.toml Since setup.py is deprecated, let's try moving to the pyproject.toml and configuring it with the same data as in setup.py. Use setuptools as a backend for no particular reasons ¯\_(ツ)_/¯, just because the name is familiar and we have no reasons to not use it or use something else. Keep the old setup.py for backward compatibility so old systems can try to build the package. For now, keep 0.14.0, we will bump the version in another PR. * makefile: Use pyproject.toml for installing pythemis According to this [1] article, the correct command is pip install . in the project's root. Let's try that. Also, the other option is python -m build --wheel which builds the package but doesn't install it. We can provide something like `pythemis_build` for it for example. [1]: https://godatadriven.com/blog/a-practical-guide-to-setuptools-and-pyproject-toml/ * pythemis: Update classifiers to Python3.6+ With many hours and docker containers I tested that themis actually works up to python 3.4. The other versions require some changes in makefile so they are more like "grey area". However, python3.5 is deprecated and it produces warning like "DEPRECATION: Python 3.5 reached the end of its life on..." so many libraries don't support it. Instead they start with 3.6 which will do as well, I guess. Though, actually python3.6 is also deprecated [1]. The same will be true for python3.7 in a couple of days (Jun 27 2023), so the question is, should we declare support of these versions? [1]: https://devguide.python.org/versions/ * pythemis: Extend range of supported py versions * Update changelog --- CHANGELOG.md | 1 + Makefile | 2 +- src/wrappers/themis/python/PKG-INFO | 7 ++++ src/wrappers/themis/python/pyproject.toml | 40 +++++++++++++++++++++++ src/wrappers/themis/python/setup.py | 7 ++++ 5 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 src/wrappers/themis/python/pyproject.toml diff --git a/CHANGELOG.md b/CHANGELOG.md index c14d3c3c3..7bb198de6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ _Code:_ - **Python** - `pythemis.scomparator` and `pythemis.skeygen` are now imported with `from pythemis import *` ([#914](https://github.com/cossacklabs/themis/pull/914)). + - Pythemis supports `pyproject.toml` as a main way of building packages. The old `setup.py` is preserved for backwards compatibility ([#1006](https://github.com/cossacklabs/themis/pull/1006)). - **Ruby** diff --git a/Makefile b/Makefile index d4eaba55a..e36a44d39 100644 --- a/Makefile +++ b/Makefile @@ -598,7 +598,7 @@ ifdef PIP_VERSION PIP_THEMIS_INSTALL := $(shell pip freeze |grep themis) endif -pythemis_install: CMD = cd src/wrappers/themis/python/ && python3 setup.py install --record files3.txt +pythemis_install: CMD = cd src/wrappers/themis/python/ && pip3 install . pythemis_install: ifeq ($(PYTHON3_VERSION),) @echo "python3 not found" diff --git a/src/wrappers/themis/python/PKG-INFO b/src/wrappers/themis/python/PKG-INFO index 1f78f28b6..efef8c0e6 100644 --- a/src/wrappers/themis/python/PKG-INFO +++ b/src/wrappers/themis/python/PKG-INFO @@ -26,5 +26,12 @@ Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.2 Classifier: Programming Language :: Python :: 3.3 Classifier: Programming Language :: Python :: 3.4 +Classifier: Programming Language :: Python :: 3.5 +Classifier: Programming Language :: Python :: 3.6 +Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3.8 +Classifier: Programming Language :: Python :: 3.9 +Classifier: Programming Language :: Python :: 3.10 +Classifier: Programming Language :: Python :: 3.11 Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Programming Language :: Python :: Implementation :: PyPy diff --git a/src/wrappers/themis/python/pyproject.toml b/src/wrappers/themis/python/pyproject.toml new file mode 100644 index 000000000..48030a60e --- /dev/null +++ b/src/wrappers/themis/python/pyproject.toml @@ -0,0 +1,40 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" + +[project] +name = "pythemis" +version = "0.14.0" +authors = [{ name = "CossackLabs", email = "dev@cossacklabs.com" }] +description = "Themis is multi-platform library with a high-level and easy-to-use cryptographic toolkit for data protection" +readme = "README.md" +requires-python = ">=3.2" +license = { file = "LICENSE" } +dependencies = ["six", "enum34; python_version<'3.4'"] +classifiers = [ + "Intended Audience :: Developers", + "License :: OSI Approved :: Apache Software License", + "Natural Language :: English", + "Operating System :: MacOS :: MacOS X", + "Operating System :: POSIX", + "Operating System :: POSIX :: BSD", + "Operating System :: POSIX :: Linux", + "Programming Language :: Python", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.2", + "Programming Language :: Python :: 3.3", + "Programming Language :: Python :: 3.4", + "Programming Language :: Python :: 3.5", + "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: Implementation :: CPython", + "Programming Language :: Python :: Implementation :: PyPy", +] + +[tool.setuptools] +packages = ["pythemis"] diff --git a/src/wrappers/themis/python/setup.py b/src/wrappers/themis/python/setup.py index c12aa61e9..e5ca792b8 100644 --- a/src/wrappers/themis/python/setup.py +++ b/src/wrappers/themis/python/setup.py @@ -48,6 +48,13 @@ "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", + "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", ], From e7f4ee21ed3acff7ea797386794a092cfe01e25b Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Mon, 19 Jun 2023 20:36:40 +0300 Subject: [PATCH 3/8] Run and pin bindgen (#1008) * rust-themis: Update bindgen It updated and broke something again :facepalm: * rust-themis: Pin bindgen version It is pretty unstable with its frequent releases, so let's pin it. * Update changelog --- .github/workflows/test-rust.yaml | 2 +- CHANGELOG.md | 1 + src/wrappers/themis/rust/libthemis-sys/bindgen.sh | 2 +- src/wrappers/themis/rust/libthemis-sys/src/lib.rs | 6 +++--- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-rust.yaml b/.github/workflows/test-rust.yaml index df01e21e2..8fdac80da 100644 --- a/.github/workflows/test-rust.yaml +++ b/.github/workflows/test-rust.yaml @@ -215,7 +215,7 @@ jobs: ${{ runner.os }}-cargo-build-target-unit-tests- ${{ runner.os }}-cargo-build-target- - name: Install Bindgen - run: cargo install bindgen-cli + run: cargo install bindgen-cli --version 0.66.1 --force - name: Check out code uses: actions/checkout@v2 - name: Check bindgen.sh output diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bb198de6..4268c70bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -43,6 +43,7 @@ _Code:_ This is technically a breaking change, but most reasonble implementations should be `Send` already. Please raise an issue if your code fails to build. - Minimum supported Rust version is now 1.58 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984)). + - Bindgen is pinned to 0.66.1 on CI ([#1008](https://github.com/cossacklabs/themis/pull/1008)). - **WebAssembly** diff --git a/src/wrappers/themis/rust/libthemis-sys/bindgen.sh b/src/wrappers/themis/rust/libthemis-sys/bindgen.sh index ec0a70e31..7ef008c29 100755 --- a/src/wrappers/themis/rust/libthemis-sys/bindgen.sh +++ b/src/wrappers/themis/rust/libthemis-sys/bindgen.sh @@ -10,7 +10,7 @@ # You need to have Bindgen, LLVM, rustfmt installed to run this script. # Bindgen can be installed with # -# cargo install bindgen +# cargo install bindgen-cli --version 0.66.1 --force # # rustfmt can be installed with # diff --git a/src/wrappers/themis/rust/libthemis-sys/src/lib.rs b/src/wrappers/themis/rust/libthemis-sys/src/lib.rs index 06871d0e3..1ddd49ddb 100644 --- a/src/wrappers/themis/rust/libthemis-sys/src/lib.rs +++ b/src/wrappers/themis/rust/libthemis-sys/src/lib.rs @@ -44,6 +44,9 @@ pub const THEMIS_SCOMPARE_SEND_OUTPUT_TO_PEER: u32 = 1; pub const THEMIS_SCOMPARE_MATCH: u32 = 21; pub const THEMIS_SCOMPARE_NO_MATCH: u32 = 22; pub const THEMIS_SCOMPARE_NOT_READY: u32 = 0; +pub const STATE_IDLE: u32 = 0; +pub const STATE_NEGOTIATING: u32 = 1; +pub const STATE_ESTABLISHED: u32 = 2; pub type themis_status_t = i32; extern "C" { pub fn themis_secure_cell_encrypt_seal( @@ -286,9 +289,6 @@ extern "C" { message_length: *mut usize, ) -> themis_status_t; } -pub const STATE_IDLE: u32 = 0; -pub const STATE_NEGOTIATING: u32 = 1; -pub const STATE_ESTABLISHED: u32 = 2; pub type send_protocol_data_callback = ::std::option::Option< unsafe extern "C" fn( data: *const u8, From bc94b63eb6f46f46d82b164264f3497f3a98bf9d Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Tue, 20 Jun 2023 19:36:20 +0300 Subject: [PATCH 4/8] Bump wrapper versions to 0.15.0 (#1007) * changelog: Add 0.15.0 summary * themis-core: Update version * pythemis: Update version * pythemis: Fix 8-year old typo in AUTHORS :) * rbthemis: Update version * jsthemis: Update versions * wasm-themis: Update versions * android-themis: Update version * rust-themis: Update versions * react-native-themis: Update versions * pythemis: https in AUTHORS Co-authored-by: vixentael * rust-themis: Update bench versions Somehow missed that. * changelog: Forgot to mention rust 1.58 * changelog: Mention the new iteration count --------- Co-authored-by: vixentael --- CHANGELOG.md | 17 +++++++++++++++++ PKGBUILD.MSYS2 | 2 +- Themis.nsi | 8 ++++---- VERSION | 2 +- benches/rust/Cargo.toml | 2 +- benches/themis/Cargo.toml | 4 ++-- gradle.properties | 4 ++-- src/wrappers/themis/android/AndroidManifest.xml | 2 +- src/wrappers/themis/jsthemis/package-lock.json | 4 ++-- src/wrappers/themis/jsthemis/package.json | 2 +- src/wrappers/themis/python/AUTHORS | 2 +- src/wrappers/themis/python/PKG-INFO | 4 ++-- src/wrappers/themis/python/pyproject.toml | 2 +- src/wrappers/themis/python/setup.py | 2 +- .../themis/react-native-themis/package.json | 2 +- src/wrappers/themis/ruby/rbthemis.gemspec | 6 +++--- src/wrappers/themis/rust/Cargo.toml | 4 ++-- .../themis/rust/libthemis-sys/Cargo.toml | 2 +- src/wrappers/themis/wasm/package-lock.json | 4 ++-- src/wrappers/themis/wasm/package.json | 2 +- 20 files changed, 47 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4268c70bd..2e49996bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,23 @@ Changes that are currently in development and have not been released yet. +## [0.15.0](https://github.com/cossacklabs/themis/releases/tag/0.15.0), July 1st 2023 + +**TL;DR:** + +- Uncompressed EC public keys are now supported. +- Increased PBKDF2 iteration count from 200000 to 314110 for Secure Cell passphrase mode. +- OpenSSL 3.0 is now supported. +- Pythemis now uses `pyproject.toml`. +- And as usual: enhanced security measures and fixed bugs. + +**Breaking changes and deprecations:** +- AndroidThemis build requires Gradle 7.3, Android SDK 11, Android NDK 25. +- Some Soter functions are deprecated. +- Node.js 8 is no longer supported. +- Rust `SecureSessionTransport` implementations are now `Send`. +- Rust 1.58 is now the minimum supported version. + _Code:_ - **Core** diff --git a/PKGBUILD.MSYS2 b/PKGBUILD.MSYS2 index 05f5839e6..9a96a8fc2 100644 --- a/PKGBUILD.MSYS2 +++ b/PKGBUILD.MSYS2 @@ -4,7 +4,7 @@ pkgname=('themis' 'themis-devel') pkgbase=themis -pkgver=0.14.0 +pkgver=0.15.0 pkgrel=1 pkgdesc="Data security library for network communication and data storage" diff --git a/Themis.nsi b/Themis.nsi index b6dc14253..702080869 100644 --- a/Themis.nsi +++ b/Themis.nsi @@ -7,10 +7,10 @@ VIAddVersionKey "ProductName" "Themis" VIAddVersionKey "CompanyName" "Cossack Labs Limited" VIAddVersionKey "LegalCopyright" "(c) Cossack Labs Limited" VIAddVersionKey "FileDescription" "Themis library installer" -VIAddVersionKey "FileVersion" "0.14.0" -VIAddVersionKey "ProductVersion" "0.14.0" -VIFileVersion 0.14.0.0 -VIProductVersion 0.14.0.0 +VIAddVersionKey "FileVersion" "0.15.0" +VIAddVersionKey "ProductVersion" "0.15.0" +VIFileVersion 0.15.0.0 +VIProductVersion 0.15.0.0 Page license Page directory diff --git a/VERSION b/VERSION index 0548fb4e9..7092c7c46 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.14.0 \ No newline at end of file +0.15.0 \ No newline at end of file diff --git a/benches/rust/Cargo.toml b/benches/rust/Cargo.toml index 92eeb266b..713ce55fb 100644 --- a/benches/rust/Cargo.toml +++ b/benches/rust/Cargo.toml @@ -5,7 +5,7 @@ edition = "2018" publish = false [dependencies] -themis = { version = "0.14", path = "../../src/wrappers/themis/rust" } +themis = { version = "0.15", path = "../../src/wrappers/themis/rust" } [dev-dependencies] criterion = { version = "0.3.4", features = ["cargo_bench_support", "html_reports"] } diff --git a/benches/themis/Cargo.toml b/benches/themis/Cargo.toml index f659b4a66..fb4f4a680 100644 --- a/benches/themis/Cargo.toml +++ b/benches/themis/Cargo.toml @@ -5,8 +5,8 @@ edition = "2018" publish = false [dependencies] -themis = { version = "0.14", path = "../../src/wrappers/themis/rust" } -libthemis-sys = { version = "0.14", path = "../../src/wrappers/themis/rust/libthemis-sys" } +themis = { version = "0.15", path = "../../src/wrappers/themis/rust" } +libthemis-sys = { version = "0.15", path = "../../src/wrappers/themis/rust/libthemis-sys" } [dev-dependencies] criterion = { version = "0.3.4", features = ["cargo_bench_support", "html_reports"] } diff --git a/gradle.properties b/gradle.properties index c56140283..2b3b3911c 100644 --- a/gradle.properties +++ b/gradle.properties @@ -5,8 +5,8 @@ org.gradle.configureondemand=true # Versions of AndroidThemis and JavaThemis packages. -androidThemisVersion=0.14.0 -javaThemisVersion=0.14.0 +androidThemisVersion=0.15.0 +javaThemisVersion=0.15.0 # Android Studio insists that this is set to use JUnit test runner. android.useAndroidX=true diff --git a/src/wrappers/themis/android/AndroidManifest.xml b/src/wrappers/themis/android/AndroidManifest.xml index 12f1c4a8a..23c2056b8 100644 --- a/src/wrappers/themis/android/AndroidManifest.xml +++ b/src/wrappers/themis/android/AndroidManifest.xml @@ -1,3 +1,3 @@ - + diff --git a/src/wrappers/themis/jsthemis/package-lock.json b/src/wrappers/themis/jsthemis/package-lock.json index 3c11c000a..bf7481178 100644 --- a/src/wrappers/themis/jsthemis/package-lock.json +++ b/src/wrappers/themis/jsthemis/package-lock.json @@ -1,12 +1,12 @@ { "name": "jsthemis", - "version": "0.14.0", + "version": "0.15.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "jsthemis", - "version": "0.14.0", + "version": "0.15.0", "license": "Apache-2.0", "dependencies": { "nan": "^2.14.0" diff --git a/src/wrappers/themis/jsthemis/package.json b/src/wrappers/themis/jsthemis/package.json index 4f968edc0..43a5e25b0 100644 --- a/src/wrappers/themis/jsthemis/package.json +++ b/src/wrappers/themis/jsthemis/package.json @@ -1,6 +1,6 @@ { "name": "jsthemis", - "version": "0.14.0", + "version": "0.15.0", "description": "Themis is a convenient cryptographic library for data protection.", "main": "build/Release/jsthemis.node", "scripts": { diff --git a/src/wrappers/themis/python/AUTHORS b/src/wrappers/themis/python/AUTHORS index 3a6314bcf..911673f6e 100644 --- a/src/wrappers/themis/python/AUTHORS +++ b/src/wrappers/themis/python/AUTHORS @@ -1 +1 @@ -CossackLabs (http://cossacklabs.com/) +CossackLabs (https://cossacklabs.com/) diff --git a/src/wrappers/themis/python/PKG-INFO b/src/wrappers/themis/python/PKG-INFO index efef8c0e6..0b089be24 100644 --- a/src/wrappers/themis/python/PKG-INFO +++ b/src/wrappers/themis/python/PKG-INFO @@ -1,6 +1,6 @@ -Metadata-Version: 0.14.0 +Metadata-Version: 0.15.0 Name: pythemis -Version: 0.14.0 +Version: 0.15.0 Summary: Data security library for network communication and data storage for Python Home-page: https://cossacklabs.com Author: Cossack Labs diff --git a/src/wrappers/themis/python/pyproject.toml b/src/wrappers/themis/python/pyproject.toml index 48030a60e..d68400eb3 100644 --- a/src/wrappers/themis/python/pyproject.toml +++ b/src/wrappers/themis/python/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "pythemis" -version = "0.14.0" +version = "0.15.0" authors = [{ name = "CossackLabs", email = "dev@cossacklabs.com" }] description = "Themis is multi-platform library with a high-level and easy-to-use cryptographic toolkit for data protection" readme = "README.md" diff --git a/src/wrappers/themis/python/setup.py b/src/wrappers/themis/python/setup.py index e5ca792b8..e0c1520d0 100644 --- a/src/wrappers/themis/python/setup.py +++ b/src/wrappers/themis/python/setup.py @@ -23,7 +23,7 @@ setup( name='pythemis', - version='0.14.0', + version='0.15.0', description='', long_description=open("README.md").read(), diff --git a/src/wrappers/themis/react-native-themis/package.json b/src/wrappers/themis/react-native-themis/package.json index 92cb2b817..cd63936cf 100644 --- a/src/wrappers/themis/react-native-themis/package.json +++ b/src/wrappers/themis/react-native-themis/package.json @@ -1,6 +1,6 @@ { "name": "react-native-themis", - "version": "0.14.10", + "version": "0.15.0", "description": "Themis React Native is a convenient cryptographic library for data protection", "react-native": "src/index", "source": "src/index", diff --git a/src/wrappers/themis/ruby/rbthemis.gemspec b/src/wrappers/themis/ruby/rbthemis.gemspec index 13926e51e..671340bae 100644 --- a/src/wrappers/themis/ruby/rbthemis.gemspec +++ b/src/wrappers/themis/ruby/rbthemis.gemspec @@ -1,7 +1,7 @@ Gem::Specification.new do |s| s.name = 'rbthemis' - s.version = '0.14.0' - s.date = '2021-12-24' + s.version = '0.15.0' + s.date = '2023-07-01' s.summary = 'Data security library for network communication and data storage for Ruby' s.description = 'Themis is a convenient cryptographic library for data protection. It provides secure messaging with forward secrecy and secure data storage. Themis is aimed at modern development practices and has a unified API across 12 platforms, including Ruby, JavaScript, iOS/macOS, Python, and Java/Android.' s.authors = ['CossackLabs'] @@ -10,5 +10,5 @@ Gem::Specification.new do |s| s.homepage = 'http://cossacklabs.com/' s.license = 'Apache-2.0' s.add_runtime_dependency 'ffi', '~> 1.9', '>= 1.9.8' - s.requirements << 'libthemis, v0.14.0' + s.requirements << 'libthemis, v0.15.0' end diff --git a/src/wrappers/themis/rust/Cargo.toml b/src/wrappers/themis/rust/Cargo.toml index 2ab5a682b..f3b819a76 100644 --- a/src/wrappers/themis/rust/Cargo.toml +++ b/src/wrappers/themis/rust/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "themis" -version = "0.14.0" +version = "0.15.0" edition = "2018" rust-version = "1.58.0" authors = ["rust-themis developers"] @@ -25,7 +25,7 @@ circle-ci = { repository = "cossacklabs/themis", branch = "master" } maintenance = { status = "actively-developed" } [dependencies] -bindings = { package = "libthemis-sys", path = "libthemis-sys", version = "0.14.0" } +bindings = { package = "libthemis-sys", path = "libthemis-sys", version = "0.15.0" } zeroize = "1" [dev-dependencies] diff --git a/src/wrappers/themis/rust/libthemis-sys/Cargo.toml b/src/wrappers/themis/rust/libthemis-sys/Cargo.toml index ad5f740e5..c37f50aac 100644 --- a/src/wrappers/themis/rust/libthemis-sys/Cargo.toml +++ b/src/wrappers/themis/rust/libthemis-sys/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libthemis-sys" -version = "0.14.0" +version = "0.15.0" edition = "2018" rust-version = "1.58.0" authors = ["rust-themis developers"] diff --git a/src/wrappers/themis/wasm/package-lock.json b/src/wrappers/themis/wasm/package-lock.json index 90e39d595..7b284f9d5 100644 --- a/src/wrappers/themis/wasm/package-lock.json +++ b/src/wrappers/themis/wasm/package-lock.json @@ -1,12 +1,12 @@ { "name": "wasm-themis", - "version": "0.14.6", + "version": "0.15.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "wasm-themis", - "version": "0.14.6", + "version": "0.15.0", "license": "Apache-2.0", "devDependencies": { "@types/emscripten": "^1.39.4", diff --git a/src/wrappers/themis/wasm/package.json b/src/wrappers/themis/wasm/package.json index 8f6212e59..943bff683 100644 --- a/src/wrappers/themis/wasm/package.json +++ b/src/wrappers/themis/wasm/package.json @@ -1,6 +1,6 @@ { "name": "wasm-themis", - "version": "0.14.8", + "version": "0.15.0", "description": "Themis is a convenient cryptographic library for data protection.", "main": "dist/index.js", "types": "dist/index.d.ts", From c5d7b48e5d0b9f7839183585e12a651bf69936a5 Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Tue, 20 Jun 2023 20:14:56 +0300 Subject: [PATCH 5/8] Bump embedded BoringSSL (#1004) * Bump BoringSSL and fix makefile This is not the latest BoringSSL version yet, because there are a couple of fixes. So, treat it as the first. Here we also fix our makefile because the BoringSSL team fixed bug with the strange behaviour of absolute path to symbols.txt [1]. [1]: https://boringssl.googlesource.com/boringssl/+/8c75ed046f799f1d8b805036b1dea9c5ec0a0fb5%5E%21/#F0 * Bump BoringSSL and fix opaque EVP As OpenSSL, BoringSSL made many types opaque, so it will require updating some of the code to not use fields. * Bump BoringSSL again and fix RSA The same issue - RSA type became opaque, so we need to use accessors similar to what Openssl had. * Bump BoringSSL once more This is (hoperfully) the last bump. This time without issues but we will see what CI says. * Make bignum_to_bytes accept const bignum* It will prevent some of the warnings. This function doesn't mutate bignum anyway. * Update changelog * boringssl: Bump once again --- CHANGELOG.md | 1 + src/soter/boringssl/soter.mk | 4 +--- src/soter/boringssl/soter_rsa_key.c | 26 +++++++++++++------------- src/soter/boringssl/soter_sign_ecdsa.c | 2 +- third_party/boringssl/src | 2 +- 5 files changed, 17 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e49996bc..dd1d04393 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ _Code:_ - Uncompressed EC public keys are now supported ([#959](https://github.com/cossacklabs/themis/pull/959), [#954](https://github.com/cossacklabs/themis/pull/954)) - Themis will generate uncompressed EC public keys when `THEMIS_GEN_EC_KEY_PAIR_UNCOMPRESSED=1` environment variable is set ([#959](https://github.com/cossacklabs/themis/pull/959)) - Increased PBKDF2 iteration count to maintain security of Secure Cell passphrase mode ([#976](https://github.com/cossacklabs/themis/pull/976)). + - Bumped embedded BoringSSL to the latest version ([#1004](https://github.com/cossacklabs/themis/pull/1004)). - **Soter** (low-level security core used by Themis) diff --git a/src/soter/boringssl/soter.mk b/src/soter/boringssl/soter.mk index 617208e88..a55420e81 100644 --- a/src/soter/boringssl/soter.mk +++ b/src/soter/boringssl/soter.mk @@ -87,14 +87,12 @@ ifeq ($(RENAME_BORINGSSL_SYMBOLS),yes) $(GO) run util/read_symbols.go -out $(abspath $(BIN_PATH)/boringssl/symbols.txt) \ $(abspath $(BIN_PATH)/boringssl/stage-1/crypto/libcrypto.a) \ $(abspath $(BIN_PATH)/boringssl/stage-1/decrepit/libdecrepit.a) - @# Path to symbols must be a relative one (relative to the build directory) - @# because absolute paths confuse BoringSSL's make. @echo "building embedded BoringSSL again with renamed symbols..." @mkdir -p $(BIN_PATH)/boringssl/stage-2 @cd $(BIN_PATH)/boringssl/stage-2 && \ $(CMAKE) $(SOTER_ENGINE_CMAKE_FLAGS) \ -DBORINGSSL_PREFIX=$(SOTER_BORINGSSL_PREFIX) \ - -DBORINGSSL_PREFIX_SYMBOLS=../symbols.txt \ + -DBORINGSSL_PREFIX_SYMBOLS=$(abspath $(BIN_PATH)/boringssl/symbols.txt) \ $(abspath third_party/boringssl/src) ifeq ($(NINJA),) @$(MAKE) -C $(BIN_PATH)/boringssl/stage-2 crypto decrepit diff --git a/src/soter/boringssl/soter_rsa_key.c b/src/soter/boringssl/soter_rsa_key.c index b6c090ef4..c105b4726 100644 --- a/src/soter/boringssl/soter_rsa_key.c +++ b/src/soter/boringssl/soter_rsa_key.c @@ -101,7 +101,7 @@ static bool is_mod_size_supported(unsigned mod_size) } } -static soter_status_t bignum_to_bytes(BIGNUM* bn, uint8_t* to, size_t to_length) +static soter_status_t bignum_to_bytes(const BIGNUM* bn, uint8_t* to, size_t to_length) { size_t bn_size = (size_t)BN_num_bytes(bn); size_t bytes_copied; @@ -159,16 +159,16 @@ soter_status_t soter_engine_specific_to_rsa_pub_key(const soter_engine_specific_ } pub_exp = (uint32_t*)((unsigned char*)(key + 1) + rsa_mod_size); - if (BN_is_word(rsa->e, RSA_F4)) { + if (BN_is_word(RSA_get0_e(rsa), RSA_F4)) { *pub_exp = htobe32(RSA_F4); - } else if (BN_is_word(rsa->e, RSA_3)) { + } else if (BN_is_word(RSA_get0_e(rsa), RSA_3)) { *pub_exp = htobe32(RSA_3); } else { res = SOTER_INVALID_PARAMETER; goto err; } - res = bignum_to_bytes(rsa->n, (unsigned char*)(key + 1), rsa_mod_size); + res = bignum_to_bytes(RSA_get0_n(rsa), (unsigned char*)(key + 1), rsa_mod_size); if (SOTER_SUCCESS != res) { goto err; } @@ -225,9 +225,9 @@ soter_status_t soter_engine_specific_to_rsa_priv_key(const soter_engine_specific } pub_exp = (uint32_t*)(curr_bn + ((rsa_mod_size * 4) + (rsa_mod_size / 2))); - if (BN_is_word(rsa->e, RSA_F4)) { + if (BN_is_word(RSA_get0_e(rsa), RSA_F4)) { *pub_exp = htobe32(RSA_F4); - } else if (BN_is_word(rsa->e, RSA_3)) { + } else if (BN_is_word(RSA_get0_e(rsa), RSA_3)) { *pub_exp = htobe32(RSA_3); } else { res = SOTER_INVALID_PARAMETER; @@ -235,49 +235,49 @@ soter_status_t soter_engine_specific_to_rsa_priv_key(const soter_engine_specific } /* Private exponent */ - res = bignum_to_bytes(rsa->d, curr_bn, rsa_mod_size); + res = bignum_to_bytes(RSA_get0_d(rsa), curr_bn, rsa_mod_size); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size; /* p */ - res = bignum_to_bytes(rsa->p, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_p(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* q */ - res = bignum_to_bytes(rsa->q, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_q(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* dp */ - res = bignum_to_bytes(rsa->dmp1, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_dmp1(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* dq */ - res = bignum_to_bytes(rsa->dmq1, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_dmq1(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* qp */ - res = bignum_to_bytes(rsa->iqmp, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_iqmp(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* modulus */ - res = bignum_to_bytes(rsa->n, curr_bn, rsa_mod_size); + res = bignum_to_bytes(RSA_get0_n(rsa), curr_bn, rsa_mod_size); if (SOTER_SUCCESS != res) { goto err; } diff --git a/src/soter/boringssl/soter_sign_ecdsa.c b/src/soter/boringssl/soter_sign_ecdsa.c index ebc0ff6c0..adc38db47 100644 --- a/src/soter/boringssl/soter_sign_ecdsa.c +++ b/src/soter/boringssl/soter_sign_ecdsa.c @@ -135,7 +135,7 @@ soter_status_t soter_sign_final_ecdsa_none_pkcs8(soter_sign_ctx_t* ctx, if (!pkey) { return SOTER_INVALID_PARAMETER; } - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) { + if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) { return SOTER_INVALID_PARAMETER; } /* TODO: need review */ diff --git a/third_party/boringssl/src b/third_party/boringssl/src index 897a2ca3f..50ee09552 160000 --- a/third_party/boringssl/src +++ b/third_party/boringssl/src @@ -1 +1 @@ -Subproject commit 897a2ca3f184b34278641138c726ef902ab1fab2 +Subproject commit 50ee09552cde1c2019bef24520848d041920cfd4 From 269fd5ac79d47a761cf50138d63685e9a9ef102b Mon Sep 17 00:00:00 2001 From: G1gg1L3s Date: Tue, 20 Jun 2023 22:43:58 +0300 Subject: [PATCH 6/8] msys2: Update hashes temporarily This are test values because we will move the tag. But for now, let's just test it. --- PKGBUILD.MSYS2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/PKGBUILD.MSYS2 b/PKGBUILD.MSYS2 index 9a96a8fc2..312645b0e 100644 --- a/PKGBUILD.MSYS2 +++ b/PKGBUILD.MSYS2 @@ -17,9 +17,9 @@ depends=('libopenssl>=1.1.1') makedepends=('tar' 'gcc' 'make' 'openssl-devel>=1.1.1') source=("https://github.com/cossacklabs/themis/archive/$pkgver.tar.gz") -sha256sums=('2efb793e0ef604fb97258b07671a83135ad9229d83b92d7758b43510dcc6cb07') -sha1sums=('6d89a69014c24f39aedea684a78fc10f6019e505') -md5sums=('46a69d51d9e8a5d96ae919f3bf547ce9') +sha256sums=('1c6082c6440b44eb1331637a39ffe3c5924fb99c28e630cd9adb300f5f46ed69') +sha1sums=('7fa6ca58eed08030b7c68e18bc7eebea8660c39d') +md5sums=('64dbed936994c402a337218854471a28') # TODO: verify package signature # Unfortunately, bsdtar cannot handle symlinks on MSYS2 [1] so we have to use From 7f4f406e2a94db7af138d16ae197c8c20750c7aa Mon Sep 17 00:00:00 2001 From: G1gg1L3s Date: Tue, 20 Jun 2023 23:06:04 +0300 Subject: [PATCH 7/8] phpthemis: Update version for the sake of testing They will fail probably, but just out of curiosity let's try to run the tests. --- src/wrappers/themis/php/php_themis.h | 3 +-- src/wrappers/themis/php7/php_themis.h | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/wrappers/themis/php/php_themis.h b/src/wrappers/themis/php/php_themis.h index fd0acd19c..59789fed6 100644 --- a/src/wrappers/themis/php/php_themis.h +++ b/src/wrappers/themis/php/php_themis.h @@ -17,7 +17,7 @@ #ifndef _PHP_THEMIS_H_ #define _PHP_THEMIS_H_ -#define PHP_THEMIS_VERSION "0.14.0" +#define PHP_THEMIS_VERSION "0.15.0" #define PHP_THEMIS_EXTNAME "phpthemis" PHP_FUNCTION(phpthemis_secure_message_wrap); @@ -38,5 +38,4 @@ PHP_FUNCTION(phpthemis_scell_context_imprint_decrypt); extern zend_module_entry phpthemis_module_entry; #define phpext_themis_ptr &phpthemis_module_entry - #endif /* _PHP_THEMIS_H_ */ diff --git a/src/wrappers/themis/php7/php_themis.h b/src/wrappers/themis/php7/php_themis.h index 4db7e08bc..eb7e2cb6b 100644 --- a/src/wrappers/themis/php7/php_themis.h +++ b/src/wrappers/themis/php7/php_themis.h @@ -17,7 +17,7 @@ #ifndef _PHP_THEMIS_H_ #define _PHP_THEMIS_H_ -#define PHP_THEMIS_VERSION "0.14.0" +#define PHP_THEMIS_VERSION "0.15.0" #define PHP_THEMIS_EXTNAME "phpthemis" extern zend_module_entry phpthemis_module_entry; From a5035f646e4f3d349e72b5cc45ead17c2d840a76 Mon Sep 17 00:00:00 2001 From: G1gg1L3s Date: Wed, 21 Jun 2023 21:11:06 +0300 Subject: [PATCH 8/8] Update date of the release Solstice! --- CHANGELOG.md | 2 +- src/wrappers/themis/ruby/rbthemis.gemspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd1d04393..268e28602 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Changes that are currently in development and have not been released yet. -## [0.15.0](https://github.com/cossacklabs/themis/releases/tag/0.15.0), July 1st 2023 +## [0.15.0](https://github.com/cossacklabs/themis/releases/tag/0.15.0), June 21st 2023 **TL;DR:** diff --git a/src/wrappers/themis/ruby/rbthemis.gemspec b/src/wrappers/themis/ruby/rbthemis.gemspec index 671340bae..29200c545 100644 --- a/src/wrappers/themis/ruby/rbthemis.gemspec +++ b/src/wrappers/themis/ruby/rbthemis.gemspec @@ -1,7 +1,7 @@ Gem::Specification.new do |s| s.name = 'rbthemis' s.version = '0.15.0' - s.date = '2023-07-01' + s.date = '2023-06-21' s.summary = 'Data security library for network communication and data storage for Ruby' s.description = 'Themis is a convenient cryptographic library for data protection. It provides secure messaging with forward secrecy and secure data storage. Themis is aimed at modern development practices and has a unified API across 12 platforms, including Ruby, JavaScript, iOS/macOS, Python, and Java/Android.' s.authors = ['CossackLabs']