Merge pull request #7 from dgv/develop

revision for 0.13.0
shiguredo · Jul 16, 2024 · 6c72bf2 · 6c72bf2
2 parents 4ea93f2 + 8690292
commit 6c72bf2
Show file tree

Hide file tree

Showing 12 changed files with 111 additions and 24 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: goto-bus-stop/setup-zig@v2
         with:
-          version: 0.12.0
+          version: 0.13.0
       - run: zig fmt --check *.zig src/*.zig
 
   test:
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: goto-bus-stop/setup-zig@v2
         with:
-          version: 0.12.0
+          version: 0.13.0
       - run: zig build test
 
   macos-with-openssl:
@@ -38,7 +38,7 @@ jobs:
           source ~/.bashrc
           ./test.sh
           ./test_server.sh
-  
+
   # thanks to https://github.com/docker/build-push-action/issues/225
   create-container:
     runs-on: ubuntu-latest
@@ -62,7 +62,6 @@ jobs:
           name: tls13-zig
           path: /tmp/tls13-zig.tar
 
-
   client-e2e-test-with-openssl:
     runs-on: ubuntu-latest
     needs: create-container
@@ -112,7 +111,12 @@ jobs:
   client-test-stream:
     strategy:
       matrix:
-        cipher: [TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256]
+        cipher:
+          [
+            TLS_AES_128_GCM_SHA256,
+            TLS_AES_256_GCM_SHA384,
+            TLS_CHACHA20_POLY1305_SHA256,
+          ]
     runs-on: ubuntu-latest
     needs: create-container
     steps:
@@ -134,7 +138,7 @@ jobs:
         with:
           image: tls13-zig:tls13zig_base
           run: /tls13-zig/test_stream.sh ${{matrix.cipher}}
-  
+
   server-test-stream:
     runs-on: ubuntu-latest
     needs: create-container
@@ -161,7 +165,12 @@ jobs:
   client-test-stress:
     strategy:
       matrix:
-        cipher: [TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256]
+        cipher:
+          [
+            TLS_AES_128_GCM_SHA256,
+            TLS_AES_256_GCM_SHA384,
+            TLS_CHACHA20_POLY1305_SHA256,
+          ]
     runs-on: ubuntu-latest
     needs: create-container
     steps:
@@ -205,4 +214,4 @@ jobs:
       - uses: addnab/docker-run-action@v3
         with:
           image: tls13-zig:tls13zig_base
-          run: /tls13-zig/test_stress_server.sh
+          run: /tls13-zig/test_stress_server.sh
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 /zig-cache
+/.zig-cache
 /zig-out
 /tmp.zig
 /pkcs1v15.py
@@ -11,4 +12,4 @@
 /cert.pem
 /early_data.txt
 /reverse_mac.sh
-/gen_gcm_test.py
+/gen_gcm_test.py
diff --git a/build.zig b/build.zig
@@ -11,10 +11,15 @@ pub fn build(b: *std.Build) void {
     // between Debug, ReleaseSafe, ReleaseFast, and ReleaseSmall. Here we do not
     // set a preferred release mode, allowing the user to decide how to optimize.
     const optimize = b.standardOptimizeOption(.{});
-
+    _ = b.addModule("tls13-server", .{
+        .root_source_file = b.path("src/server.zig"),
+    });
+    _ = b.addModule("tls13-client", .{
+        .root_source_file = b.path("src/client.zig"),
+    });
     const exe = b.addExecutable(.{
         .name = "tls13-zig",
-        .root_source_file = .{ .path = "src/main.zig" },
+        .root_source_file = b.path("src/main.zig"),
         .target = target,
         .optimize = optimize,
     });
@@ -50,7 +55,7 @@ pub fn build(b: *std.Build) void {
     // Creates a step for unit testing. This only builds the test executable
     // but does not run it.
     const unit_tests = b.addTest(.{
-        .root_source_file = .{ .path = "src/main.zig" },
+        .root_source_file = b.path("src/main.zig"),
         .target = target,
         .optimize = optimize,
     });

diff --git a/build.zig.zon b/build.zig.zon
@@ -0,0 +1,72 @@
+.{
+    // This is the default name used by packages depending on this one. For
+    // example, when a user runs `zig fetch --save <url>`, this field is used
+    // as the key in the `dependencies` table. Although the user can choose a
+    // different name, most users will stick with this provided value.
+    //
+    // It is redundant to include "zig" in this name because it is already
+    // within the Zig package namespace.
+    .name = "tls13-zig",
+
+    // This is a [Semantic Version](https://semver.org/).
+    // In a future version of Zig it will be used for package deduplication.
+    .version = "0.0.0",
+
+    // This field is optional.
+    // This is currently advisory only; Zig does not yet do anything
+    // with this value.
+    //.minimum_zig_version = "0.11.0",
+
+    // This field is optional.
+    // Each dependency must either provide a `url` and `hash`, or a `path`.
+    // `zig build --fetch` can be used to fetch all dependencies of a package, recursively.
+    // Once all dependencies are fetched, `zig build` no longer requires
+    // internet connectivity.
+    .dependencies = .{
+        // See `zig fetch --save <url>` for a command-line interface for adding dependencies.
+        //.example = .{
+        //    // When updating this field to a new URL, be sure to delete the corresponding
+        //    // `hash`, otherwise you are communicating that you expect to find the old hash at
+        //    // the new URL.
+        //    .url = "https://example.com/foo.tar.gz",
+        //
+        //    // This is computed from the file contents of the directory of files that is
+        //    // obtained after fetching `url` and applying the inclusion rules given by
+        //    // `paths`.
+        //    //
+        //    // This field is the source of truth; packages do not come from a `url`; they
+        //    // come from a `hash`. `url` is just one of many possible mirrors for how to
+        //    // obtain a package matching this `hash`.
+        //    //
+        //    // Uses the [multihash](https://multiformats.io/multihash/) format.
+        //    .hash = "...",
+        //
+        //    // When this is provided, the package is found in a directory relative to the
+        //    // build root. In this case the package's hash is irrelevant and therefore not
+        //    // computed. This field and `url` are mutually exclusive.
+        //    .path = "foo",
+
+        //    // When this is set to `true`, a package is declared to be lazily
+        //    // fetched. This makes the dependency only get fetched if it is
+        //    // actually used.
+        //    .lazy = false,
+        //},
+    },
+
+    // Specifies the set of files and directories that are included in this package.
+    // Only files and directories listed here are included in the `hash` that
+    // is computed for this package. Only files listed here will remain on disk
+    // when using the zig package manager. As a rule of thumb, one should list
+    // files required for compilation plus any license(s).
+    // Paths are relative to the build root. Use the empty string (`""`) to refer to
+    // the build root itself.
+    // A directory listed here means that all files within, recursively, are included.
+    .paths = .{
+        "build.zig",
+        "build.zig.zon",
+        "src",
+        // For example...
+        //"LICENSE",
+        //"README.md",
+    },
+}
diff --git a/examples/proxy/.gitignore b/examples/proxy/.gitignore
@@ -1,2 +1,3 @@
 /zig-cache
-/zig-out
+/.zig-cache
+/zig-out
diff --git a/examples/proxy/build.zig b/examples/proxy/build.zig
@@ -14,13 +14,13 @@ pub fn build(b: *std.Build) void {
 
     const exe = b.addExecutable(.{
         .name = "proxy",
-        .root_source_file = .{ .path = "src/main.zig" },
+        .root_source_file = b.path("src/main.zig"),
         .target = target,
         .optimize = optimize,
     });
 
     exe.root_module.addAnonymousImport("tls13-server", .{
-        .root_source_file = .{ .path = "../../src/server.zig" },
+        .root_source_file = b.path("../../src/server.zig"),
     });
     // This declares intent for the executable to be installed into the
     // standard location when the user invokes the "install" step (the default
@@ -53,7 +53,7 @@ pub fn build(b: *std.Build) void {
     // Creates a step for unit testing. This only builds the test executable
     // but does not run it.
     const unit_tests = b.addTest(.{
-        .root_source_file = .{ .path = "src/main.zig" },
+        .root_source_file = b.path("src/main.zig"),
         .target = target,
         .optimize = optimize,
     });

diff --git a/src/crypto/cert.zig b/src/crypto/cert.zig
@@ -2,7 +2,7 @@ const std = @import("std");
 const io = std.io;
 const base64 = std.base64;
 const ArrayList = std.ArrayList;
-const log = @import("log.zig");
+const log = @import("../log.zig");
 const pkcs8 = @import("pkcs8.zig");
 const x509 = @import("x509.zig");
 const key = @import("key.zig");

diff --git a/src/crypto/log.zig b/src/crypto/log.zig
diff --git a/src/crypto/root.zig b/src/crypto/root.zig
@@ -1,5 +1,5 @@
 const std = @import("std");
-const log = @import("log.zig");
+const log = @import("../log.zig");
 const x509 = @import("x509.zig");
 const cert = @import("cert.zig");
 const ArrayList = std.ArrayList;
@@ -112,7 +112,7 @@ pub const RootCA = struct {
     fn loadCAFilesMacOS(self: *Self) !void {
         log.debug("Loading RootCA certificate", .{});
 
-        const result = try std.ChildProcess.run(.{
+        const result = try std.process.Child.run(.{
             .allocator = self.allocator,
             .argv = &[_][]const u8{ "/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain" },
             .max_output_bytes = 1000 * 1024,

diff --git a/src/crypto/x509.zig b/src/crypto/x509.zig
@@ -2,7 +2,7 @@ const std = @import("std");
 const io = std.io;
 const expect = std.testing.expect;
 const expectError = std.testing.expectError;
-const log = @import("log.zig");
+const log = @import("../log.zig");
 const asn1 = @import("asn1.zig");
 const rsa = @import("rsa.zig");
 const errs = @import("errors.zig");

diff --git a/src/log.zig b/src/log.zig
@@ -38,8 +38,8 @@ pub fn log(
     };
 
     const stderr = std.io.getStdErr().writer();
-    std.debug.getStderrMutex().lock();
-    defer std.debug.getStderrMutex().unlock();
+    std.debug.lockStdErr();
+    defer std.debug.unlockStdErr();
     if (builtin.os.tag == .linux) {
         const pid = std.os.linux.getpid();
         nosuspend stderr.print(levelAsText(message_level) ++ " [{s} {}]: " ++ format ++ "\n", .{ date_str, pid } ++ args) catch return;

diff --git a/src/server.zig b/src/server.zig
@@ -950,7 +950,7 @@ pub fn TLSStreamImpl(comptime ReaderType: type, comptime WriterType: type, compt
                     const skey = try P256.SecretKey.fromBytes(k.privateKey[0..P256.SecretKey.encoded_length].*);
                     const kp = try P256.KeyPair.fromSecretKey(skey);
                     const verify_sig = try kp.sign(verify_stream.getWritten(), null);
-                    var sig_buf: [P256.Signature.der_encoded_max_length]u8 = undefined;
+                    var sig_buf: [P256.Signature.der_encoded_length_max]u8 = undefined;
                     const sig_bytes = verify_sig.toDer(&sig_buf);
                     cv = try CertificateVerify.init(.ecdsa_secp256r1_sha256, sig_bytes.len, self.allocator);
                     @memcpy(cv.signature, sig_bytes);