Note big-endian compatibility issues in CHANGELOG #623
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Recent changes in Secure Cell code to support password-based API and introduction of automated fuzz testing led to refactoring of a lot of code to improve resilience to malicious and erroneous inputs. This effort has discovered that Themis is likely to be not compatible between little- and big-endian machines. Various parsing and generation code has been using "native" endian order. That is, data encrypted on little-endian machines cannot be read on big-endian machines and vice versa. If usage is strictly confined to exclusively big-endian machines then it's probably fine. I say "probably" because big-endian architectures have never been a priority for Themis. We have never tested on them and are not sure that Themis works there correctly, even without talking about inter-endian compatibility. So... Recent changes in Secure Cell start improving the situation by explicitly using little-endian order in data structures. Eventually this will lead to proper support of big-endian architectures which will be able to talk to little-endian machines just fine. But right now this means that data encrypted by Themis 0.12 on big-endian machines will be not readable with Themis 0.13, even on big-endian machines. Similarly, data encrypted by Themis 0.13 on big-endian machines will not be readable by Themis 0.12 on big-endian machines (but *will* be readable on little-endian machines). If you have been using Themis on big-endian machines and it actually worked then I'm pleasantly surprised by the portability of the code. At the same time I offer my condolences for the loss of time we're going to incur on you by doing these changes. We will announce full big-endian support as soon as it is ready. For now, you're on your own. Themis does not support big-endian machines at the moment.
ilammy
added
docs 📚
vixentael
approved these changes
Apr 20, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recent changes in Secure Cell code to support password-based API and introduction of automated fuzz testing led to refactoring of a lot of code to improve resilience to malicious and erroneous inputs.
This effort has discovered that Themis is likely to be not compatible between little- and big-endian machines. Various parsing and generation code has been using “native” endian order. That is, data encrypted on little-endian machines cannot be read on big-endian machines and vice versa. If usage is strictly confined to exclusively big-endian machines then it's probably fine.
I say “probably” because big-endian architectures have never been a priority for Themis. We have never tested on them and are not sure that Themis works there correctly, even without talking about inter-endian compatibility.
So... Recent changes in Secure Cell start improving the situation by explicitly using little-endian order in data structures. Eventually this will lead to proper support of big-endian architectures which will be able to talk to little-endian machines just fine. But right now this means that data encrypted by Themis 0.12 on big-endian machines will be not readable with Themis 0.13, even on big-endian machines. Similarly, data encrypted by Themis 0.13 on big-endian machines will not be readable by Themis 0.12 on big-endian machines (but will be readable on little-endian machines).
Here's a compatibility table:
Legend:
This is for Secure Cell. For any other cryptosystems, big-endian ⟺ big-endian quadrant is likely to be 🙏🏻, and others are filled with ❌.
If you have been using Themis on big-endian machines and it actually worked then I'm pleasantly surprised by the portability of the code. At the same time I offer my condolences for the loss of time we're going to incur on you by doing these changes.
We will announce full big-endian support as soon as it is ready. For now, you're on your own. Themis does not support big-endian machines at the moment.