Bump version to 0.2.5.

gcc 14 support (#62 )
* rsaKeygenGetDefault test * add ubuntu 24 and gcc 14 to ci * use PrngClassPointerConst for rsa keygen * fix test_brssl * add comment about ubuntu 24 * define and use ConstPtrPtrHashClass * remove previous ecKeygen * remove previous x509NoanchorInit * improve test * add ecKeygen test * add x509NoanchorInit test * remove commented code * rename target to linux-gcc-14 * test already exists * fix tests
2026-01-08 16:33:07 +00:00 · 2024-07-18 19:38:37 +03:00 · 2024-07-18 18:50:24 +03:00 · 2024-06-27 02:49:51 +03:00 · 2024-06-27 01:42:04 +03:00 · 2024-06-27 01:22:34 +03:00
16 changed files with 1351 additions and 1090 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -18,22 +18,32 @@ jobs:
        target:
          - os: linux
            cpu: amd64
+          - os: linux-gcc-14 # this is to use ubuntu 24 and install gcc 14. Must be removed when ubuntu-latest is 24.04
+            cpu: amd64
          - os: linux
            cpu: i386
          - os: macos
            cpu: amd64
+          - os: macos
+            cpu: arm64
          - os: windows
            cpu: amd64
-          #- os: windows
-            #cpu: i386
        branch: [version-1-6, version-2-0, devel]
        include:
          - target:
              os: linux
-            builder: ubuntu-20.04
+            builder: ubuntu-latest
+          - target:
+              os: linux-gcc-14 # this is to use ubuntu 24 and install gcc 14. Must be removed when ubuntu-latest is 24.04
+            builder: ubuntu-24.04
          - target:
              os: macos
-            builder: macos-12
+              cpu: amd64
+            builder: macos-13
+          - target:
+              os: macos
+              cpu: arm64
+            builder: macos-latest
          - target:
              os: windows
            builder: windows-latest
@ -47,7 +57,7 @@ jobs:
    continue-on-error: ${{ matrix.branch == 'devel' }}
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          submodules: true

@ -74,7 +84,7 @@ jobs:
      - name: Restore llvm-mingw (Windows) from cache
        if: runner.os == 'Windows'
        id: windows-mingw-cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
        with:
          path: external/mingw-${{ matrix.target.cpu }}
          key: 'mingw-llvm-17-${{ matrix.target.cpu }}'
@ -100,7 +110,7 @@ jobs:
      - name: Restore Nim DLLs dependencies (Windows) from cache
        if: runner.os == 'Windows'
        id: windows-dlls-cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
        with:
          path: external/dlls-${{ matrix.target.cpu }}
          key: 'dlls-${{ matrix.target.cpu }}'
@ -125,6 +135,8 @@ jobs:
        run: |
          if [[ '${{ matrix.target.cpu }}' == 'amd64' ]]; then
            PLATFORM=x64
+          elif [[ '${{ matrix.target.cpu }}' == 'arm64' ]]; then
+            PLATFORM=arm64
          else
            PLATFORM=x86
          fi
@ -156,10 +168,20 @@ jobs:
            bash build_nim.sh nim csources dist/nimble NimBinaries
          echo '${{ github.workspace }}/nim/bin' >> $GITHUB_PATH

+      - name: Use gcc 14
+        if : ${{ matrix.target.os == 'linux-gcc-14' }}
+        run: |
+          # Add GCC-14 to alternatives
+          sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14
+
+          # Set GCC-14 as the default
+          sudo update-alternatives --set gcc /usr/bin/gcc-14
+
      - name: Run tests
        run: |
          nim --version
          nimble --version
+          gcc --version
          nimble install -y --depsOnly
          env NIMLANG=c nimble test
          # C++ support requires fixing const pointer proc assignments
--- a/bearssl.nimble
+++ b/bearssl.nimble
@ -1,7 +1,7 @@
 mode = ScriptMode.Verbose

 packageName   = "bearssl"
-version       = "0.2.2"
+version       = "0.2.5"
 author        = "Status Research & Development GmbH"
 description   = "BearSSL wrapper"
 license       = "MIT or Apache License 2.0"
@ -24,9 +24,9 @@ proc build(args, path: string) =
  exec nimc & " " & lang & " " & cfg & " " & flags & " " & args & " " & path

 proc run(args, path: string) =
-  build args & " -r", path
+  build args & " --mm:refc -r", path
  if (NimMajor, NimMinor) > (1, 6):
-    build args & " --mm:refc -r", path
+    build args & " --mm:orc -r", path

 from std/strutils import endsWith

--- a/bearssl/abi/bearssl_ec.nim
+++ b/bearssl/abi/bearssl_ec.nim
@ -325,10 +325,14 @@ const
  EC_KBUF_PUB_MAX_SIZE* = 145


-proc ecKeygen*(rngCtx: ptr ptr PrngClass; impl: ptr EcImpl; sk: ptr EcPrivateKey;
+proc ecKeygen*(rngCtx: PrngClassPointerConst; impl: ptr EcImpl; sk: ptr EcPrivateKey;
              kbuf: pointer; curve: cint): uint {.importcFunc, importc: "br_ec_keygen",
    header: "bearssl_ec.h".}

+proc ecKeygen*(rngCtx: ptr ptr PrngClass; impl: ptr EcImpl; sk: ptr EcPrivateKey;
+              kbuf: pointer; curve: cint): uint =
+  ecKeygen(PrngClassPointerConst(rngCtx), impl, sk, kbuf, curve)
+
 proc ecComputePub*(impl: ptr EcImpl; pk: ptr EcPublicKey; kbuf: pointer;
                  sk: ptr EcPrivateKey): uint {.importcFunc,
    importc: "br_ec_compute_pub", header: "bearssl_ec.h".}
--- a/bearssl/abi/bearssl_hash.nim
+++ b/bearssl/abi/bearssl_hash.nim
@ -23,19 +23,20 @@ const
 {.compile: bearHashPath & "sha2small.c".}

 type
+  ConstPtrPtrHashClass* {.importc: "const br_hash_class**", header: "bearssl_hash.h", bycopy.} = pointer
+
  HashClass* {.importc: "br_hash_class", header: "bearssl_hash.h", bycopy.} = object
    contextSize* {.importc: "context_size".}: uint
    desc* {.importc: "desc".}: uint32
-    init* {.importc: "init".}: proc (ctx: ptr ptr HashClass) {.importcFunc.}
-    update* {.importc: "update".}: proc (ctx: ptr ptr HashClass; data: pointer;
+    init* {.importc: "init".}: proc (ctx: ConstPtrPtrHashClass) {.importcFunc.}
+    update* {.importc: "update".}: proc (ctx: ConstPtrPtrHashClass; data: pointer;
                                     len: uint) {.importcFunc.}
-    `out`* {.importc: "out".}: proc (ctx: ptr ptr HashClass; dst: pointer) {.importcFunc.}
-    state* {.importc: "state".}: proc (ctx: ptr ptr HashClass; dst: pointer): uint64 {.
+    `out`* {.importc: "out".}: proc (ctx: ConstPtrPtrHashClass; dst: pointer) {.importcFunc.}
+    state* {.importc: "state".}: proc (ctx: ConstPtrPtrHashClass; dst: pointer): uint64 {.
        importcFunc.}
-    setState* {.importc: "set_state".}: proc (ctx: ptr ptr HashClass; stb: pointer;
+    setState* {.importc: "set_state".}: proc (ctx: ConstPtrPtrHashClass; stb: pointer;
        count: uint64) {.importcFunc.}

-
 template hashdesc_Id*(id: untyped): untyped =
  ((uint32)(id) shl hashdesc_Id_Off)

--- a/bearssl/abi/bearssl_rand.nim
+++ b/bearssl/abi/bearssl_rand.nim
@ -21,6 +21,7 @@ type
    update* {.importc: "update".}: proc (ctx: ptr ptr PrngClass; seed: pointer;
                                     seedLen: uint) {.importcFunc.}

+  PrngClassPointerConst* {.importc: "const br_prng_class**", header: "bearssl_rand.h", bycopy.} = pointer


 type
@ -51,10 +52,10 @@ proc hmacDrbgGetHash*(ctx: var HmacDrbgContext): ptr HashClass {.inline.} =


 type
-  PrngSeeder* {.importc: "br_prng_seeder".} = proc (ctx: ptr ptr PrngClass): cint {.importcFunc.}
+  PrngSeeder* {.importc: "br_prng_seeder".} = proc (ctx: PrngClassPointerConst): cint {.importcFunc.}
+  constCstringArray* {.importc: "const char**", nodecl.} = pointer

-
-proc prngSeederSystem*(name: cstringArray): PrngSeeder {.importcFunc,
+proc prngSeederSystem*(name: constCstringArray): PrngSeeder {.importcFunc,
    importc: "br_prng_seeder_system", header: "bearssl_rand.h".}

 # type
--- a/bearssl/abi/bearssl_rsa.nim
+++ b/bearssl/abi/bearssl_rsa.nim
@ -357,20 +357,20 @@ template rsaKbufPubSize*(size: untyped): untyped =


 type
-  RsaKeygen* {.importc: "br_rsa_keygen".} = proc (rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+  RsaKeygen* {.importc: "br_rsa_keygen".} = proc (rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
                  pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
      importcFunc.}


-proc rsaI15Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+proc rsaI15Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
                  pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
    importcFunc, importc: "br_rsa_i15_keygen", header: "bearssl_rsa.h".}

-proc rsaI31Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+proc rsaI31Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
                  pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
    importcFunc, importc: "br_rsa_i31_keygen", header: "bearssl_rsa.h".}

-proc rsaI62Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+proc rsaI62Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
                  pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
    importcFunc, importc: "br_rsa_i62_keygen", header: "bearssl_rsa.h".}

--- a/bearssl/abi/bearssl_ssl.nim
+++ b/bearssl/abi/bearssl_ssl.nim
@ -544,7 +544,7 @@ type
    alert* {.importc: "alert".}: byte
    closeReceived* {.importc: "close_received".}: byte
    mhash* {.importc: "mhash".}: MultihashContext
-    x509ctx* {.importc: "x509ctx".}: ptr ptr X509Class
+    x509ctx* {.importc: "x509ctx".}: X509ClassPointerConst
    chain* {.importc: "chain".}: ptr X509Certificate
    chainLen* {.importc: "chain_len".}: uint
    certCur* {.importc: "cert_cur".}: ptr byte
@ -612,9 +612,12 @@ proc sslEngineSetSuites*(cc: var SslEngineContext; suites: ptr uint16;
                        suitesNum: uint) {.importcFunc,
    importc: "br_ssl_engine_set_suites", header: "bearssl_ssl.h".}

-proc sslEngineSetX509*(cc: var SslEngineContext; x509ctx: ptr ptr X509Class) {.inline.} =
+proc sslEngineSetX509*(cc: var SslEngineContext;
+                       x509ctx: X509ClassPointerConst) =
  cc.x509ctx = x509ctx

+proc sslEngineSetX509*(cc: var SslEngineContext; x509ctx: ptr ptr X509Class) =
+  cc.x509ctx = X509ClassPointerConst(x509ctx)

 proc sslEngineSetProtocolNames*(ctx: var SslEngineContext; names: cstringArray;
                               num: uint) {.inline.} =
@ -1077,6 +1080,7 @@ type
                                 params: ptr SslSessionParameters): cint {.importcFunc.}


+  SslSessionCacheClassPointerConst* {.importc: "const br_ssl_session_cache_class**", header: "bearssl_ssl.h", bycopy.} = pointer


  SslSessionCacheLru* {.importc: "br_ssl_session_cache_lru",
@ -1104,7 +1108,7 @@ type
                     bycopy.} = object
    eng* {.importc: "eng".}: SslEngineContext
    clientMaxVersion* {.importc: "client_max_version".}: uint16
-    cacheVtable* {.importc: "cache_vtable".}: ptr ptr SslSessionCacheClass
+    cacheVtable* {.importc: "cache_vtable".}: SslSessionCacheClassPointerConst
    clientSuites* {.importc: "client_suites".}: array[MAX_CIPHER_SUITES,
        SuiteTranslated]
    clientSuitesNum* {.importc: "client_suites_num".}: byte
@ -1222,7 +1226,7 @@ proc sslServerSetTrustAnchorNamesAlt*(cc: var SslServerContext;


 proc sslServerSetCache*(cc: var SslServerContext;
-                       vtable: ptr ptr SslSessionCacheClass) {.inline.} =
+                        vtable: SslSessionCacheClassPointerConst) {.inline.} =
  cc.cacheVtable = vtable


--- a/bearssl/abi/bearssl_x509.nim
+++ b/bearssl/abi/bearssl_x509.nim
@ -200,7 +200,7 @@ type
    getPkey* {.importc: "get_pkey".}: proc (ctx: ptr ptr X509Class; usages: ptr cuint): ptr X509Pkey {.
        importcFunc.}

-
+  X509ClassPointerConst* {.importc: "const br_x509_class**", header: "bearssl_x509.h", bycopy.} = pointer

 type
  X509KnownkeyContext* {.importc: "br_x509_knownkey_context",
--- a/bearssl/abi/brssl.nim
+++ b/bearssl/abi/brssl.nim
@ -18,8 +18,11 @@ type
    vtable* {.importc: "vtable".}: ptr X509Class
    inner* {.importc: "inner".}: ptr ptr X509Class

-proc x509NoanchorInit*(xwc: var X509NoanchorContext; inner: ptr ptr X509Class) {.importcFunc,
+proc x509NoanchorInit*(xwc: var X509NoanchorContext; inner: X509ClassPointerConst) {.importcFunc,
    importc: "x509_noanchor_init", header: "brssl_cpp.h".}

+proc x509NoanchorInit*(xwc: var X509NoanchorContext; inner: ptr ptr X509Class) =
+  x509NoanchorInit(xwc, X509ClassPointerConst(inner))
+
 proc initNoAnchor*(xwc: var X509NoanchorContext, inner: ptr ptr X509Class) {.
     importcFunc, importc: "x509_noanchor_init", header: "brssl_cpp.h", deprecated: "x509NoanchorInit".}
--- a/bearssl/certs/cacert.nim
+++ b/bearssl/certs/cacert.nim
@ -20,9 +20,9 @@
 import ../abi/csources
 from ../abi/bearssl_x509 import X509TrustAnchor

-{.compile: bearPath & "/../certs/cacert20221116.c".}
+{.compile: bearPath & "/../certs/cacert20240311.c".}

-const MozillaTrustAnchorsCount* = 142 # TAs_NUM
+const MozillaTrustAnchorsCount* = 147 # TAs_NUM

 var MozillaTrustAnchors* {.importc: "TAs".}: array[
  MozillaTrustAnchorsCount, X509TrustAnchor]
--- a/bearssl/certs/cacert20240311.c
+++ b/bearssl/certs/cacert20240311.c
--- a/bearssl/rand.nim
+++ b/bearssl/rand.nim
@ -32,14 +32,14 @@ proc new*(T: type HmacDrbgContext): ref HmacDrbgContext =
  ##
  ## The context is seeded with randomness from the OS / system.
  ## Returns `nil` if the OS / system has no randomness API.
-  let seeder = prngSeederSystem(nil)
+  let seeder = prngSeederSystem(constCstringArray(nil))
  if seeder == nil:
    return nil

  let rng = (ref HmacDrbgContext)()
  hmacDrbgInit(rng[], addr sha256Vtable, nil, 0)

-  if seeder(addr rng.vtable) == 0:
+  if seeder(PrngClassPointerConst(addr rng.vtable)) == 0:
    return nil

  rng
--- a/tests/test_brssl.nim
+++ b/tests/test_brssl.nim
@ -9,4 +9,4 @@ suite "x509":
    var x509: X509MinimalContext

    x509MinimalInit(x509, nil, nil, 0)
-    x509NoanchorInit(xwc, addr x509.vtable)
+    x509NoanchorInit(xwc, X509ClassPointerConst(addr x509.vtable))
--- a/tests/test_ec.nim
+++ b/tests/test_ec.nim
@ -0,0 +1,20 @@
+import
+  unittest2,
+  ../bearssl/[rand, ec]
+
+{.used.}
+
+type
+  EcPrivateKey* = ref object
+    buffer*: array[EC_KBUF_PRIV_MAX_SIZE, byte]
+    key*: ec.EcPrivateKey
+
+suite "ec":
+  test "test ecKeygen interface":
+    let rng = HmacDrbgContext.new()
+
+    var ecimp = ecGetDefault()
+    var res = new EcPrivateKey
+    check ecKeygen(
+      PrngClassPointerConst(addr rng.vtable), ecimp, addr res.key, addr res.buffer[0], cint(EC_secp256r1)
+    ) != 0
--- a/tests/test_rand.nim
+++ b/tests/test_rand.nim
@ -20,7 +20,7 @@ suite "random":
      v2 != default(array[1024, byte]) # probable

    for i in 0..<1000:
-      doAssert cast[int](rng[].generate(bool)) in [0, 1]
+      doAssert int(rng[].generate(bool)) in [0, 1]

    var bools: array[64 * 1024, bool]
    rng[].generate(bools)
--- a/tests/test_rsa.nim
+++ b/tests/test_rsa.nim
@ -0,0 +1,41 @@
+import
+  unittest2,
+  ../bearssl/[rand, rsa]
+
+{.used.}
+
+const
+  DefaultKeySize* = 3072 ## Default RSA key size in bits.
+  DefaultPublicExponent* = 65537'u32
+
+type
+  RsaPrivateKey* = ref object
+    buffer*: seq[byte]
+    seck*: rsa.RsaPrivateKey
+    pubk*: rsa.RsaPublicKey
+    pexp*: ptr byte
+    pexplen*: uint
+
+suite "rsa":
+  test "test rsaKeygenGetDefault interface":
+    let rng = HmacDrbgContext.new()
+
+    let
+      sko = 0
+      pko = rsaKbufPrivSize(DefaultKeySize)
+      eko = pko + rsaKbufPubSize(DefaultKeySize)
+      length = eko + ((DefaultKeySize + 7) shr 3)
+
+    let res = new RsaPrivateKey
+    res.buffer = newSeq[byte](length)
+
+    var keygen = rsaKeygenGetDefault()
+    check keygen(
+      addr rng.vtable,
+      addr res.seck,
+      addr res.buffer[sko],
+      addr res.pubk,
+      addr res.buffer[pko],
+      cuint(DefaultKeySize),
+      DefaultPublicExponent,
+    ) != 0
Author	SHA1	Message	Date
cheatfate	667b40440a	Bump version to 0.2.5.	2024-07-18 19:38:37 +03:00
diegomrsantos	d4e2f555c8	gcc 14 support (#62 ) * rsaKeygenGetDefault test * add ubuntu 24 and gcc 14 to ci * use PrngClassPointerConst for rsa keygen * fix test_brssl * add comment about ubuntu 24 * define and use ConstPtrPtrHashClass * remove previous ecKeygen * remove previous x509NoanchorInit * improve test * add ecKeygen test * add x509NoanchorInit test * remove commented code * rename target to linux-gcc-14 * test already exists * fix tests	2024-07-18 18:50:24 +03:00
cheatfate	646fa2152b	Release v0.2.4	2024-06-27 02:49:51 +03:00
Eugene Kabanov	554b464b34	Fix gcc-14 issues part 2. (#61 ) * Fix recently discovered nim-2.0 gcc-14 issues. * One more place to fix.	2024-06-27 01:42:04 +03:00
Miran	8790ee6401	update ci.yml and be more explicit in .nimble (#60 ) * update ci.yml and be more explicit in .nimble * test both amd64 and arm64 macos	2024-06-27 01:22:34 +03:00
Eugene Kabanov	a806cbfab5	Release 023 (#59 ) * Fix compilation warning in tests. * Release 0.2.3.	2024-06-02 16:55:11 +03:00
Eugene Kabanov	ff0b47ed80	Fix GCC-14 [-Wincompatible-pointer-types] issue. (#58 ) * Fix GCC-14 [-Wincompatible-pointer-types] issue. * Add more fixes. * More fixes.	2024-06-02 06:42:27 +03:00
Eugene Kabanov	d81b37dc20	Bump cacert to version 2024-03-11. (#57 )	2024-04-12 13:21:03 +02:00