feat: replace picotls by BoringSSL (#21)

.github/workflows/test.yml

@@ -25,15 +25,11 @@ jobs:
             cpu: i386
           - os: linux-gcc-14
             cpu: amd64
-          - os: macos
-            cpu: amd64
           - os: macos-14
             cpu: arm64
           - os: windows
             cpu: amd64
         nim:
-          - ref: version-1-6
-            memory_management: refc
           - ref: version-2-0
             memory_management: refc
         include:
@@ -45,10 +41,6 @@ jobs:
               os: linux-gcc-14
             builder: ubuntu-24.04
             shell: bash
-          - platform:
-              os: macos
-            builder: macos-13
-            shell: bash
           - platform:
               os: macos-14
             builder: macos-14
@@ -62,7 +54,7 @@ jobs:
       run:
         shell: ${{ matrix.shell }}
 
-    name: '${{ matrix.platform.os }}-${{ matrix.platform.cpu }} (Nim ${{ matrix.nim.ref }})'
+    name: "${{ matrix.platform.os }}-${{ matrix.platform.cpu }} (Nim ${{ matrix.nim.ref }})"
     runs-on: ${{ matrix.builder }}
     steps:
       - name: Checkout
@@ -93,7 +85,7 @@ jobs:
           nimble install
 
       - name: Use gcc 14
-        if : ${{ matrix.platform.os == 'linux-gcc-14'}}
+        if: ${{ matrix.platform.os == 'linux-gcc-14'}}
         run: |
           # Add GCC-14 to alternatives
           sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14
@@ -102,7 +94,7 @@ jobs:
           sudo update-alternatives --set gcc /usr/bin/gcc-14
 
       - name: Install deps (windows)
-        if : ${{ matrix.platform.os == 'windows'}}
+        if: ${{ matrix.platform.os == 'windows'}}
         run: |
           pacman -S --noconfirm base-devel gcc
 

.gitmodules

@@ -1,6 +1,6 @@
 [submodule "libs/ngtcp2"]
 	path = libs/ngtcp2
 	url = https://github.com/ngtcp2/ngtcp2
-[submodule "libs/picotls"]
+[submodule "libs/boringssl"]
-	path = libs/picotls
+	path = libs/boringssl
-	url = https://github.com/h2o/picotls
+	url = https://boringssl.googlesource.com/boringssl

README.md

@@ -1,18 +1,14 @@
-ngtcp2 for Nim
+# ngtcp2 for Nim
-==============
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 [![License: Apache](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 ![Github action](https://github.com/status-im/nim-bearssl/workflows/CI/badge.svg)
 <img src="https://img.shields.io/badge/nim-%3E%3D1.2.0-orange.svg?style=flat-square" />
 
-
-
 Wrapper around the [ngtcp2](https://github.com/ngtcp2/ngtcp2) C library for
 [Nim](https://nim-lang.org/).
 
-Updating to a newer version
+## Updating to a newer version
----------------------------
 
 Follow these steps when updating the wrapper to a newer version of ngtcp2:
 
@@ -21,3 +17,9 @@ Follow these steps when updating the wrapper to a newer version of ngtcp2:
 - run `build.sh` (requires Nim, CMake and clang to be installed)
 - increase the `version` property in the `ngtcp2.nimble` file
 - commit the changes
+
+### Enabling QuicTLS
+
+```
+`-d:ngtcp2_enable_quictls`
+```

boringssl.nim

@@ -0,0 +1,309 @@
+# libcrypto + libssl sources without cmake, no-asm, no fips, no tests, tools
+# TODO: look into use assembly files for perf
+
+# ----- toolchain + includes -----
+{.passc: "-DBORINGSSL_IMPLEMENTATION -DOPENSSL_NO_ASM -DS2N_BN_HIDE_SYMBOLS".}
+{.localPassC: "-ffunction-sections -fdata-sections -fno-exceptions -fno-rtti".}
+{.passc: "-I./libs/boringssl/include".}
+
+when not defined(release):
+  {.localPassC: "-DNDEBUG".}
+
+# link stdc++/pthread as needed
+when defined(macosx):
+  {.localPassC: "-lc++".}
+elif defined(linux):
+  {.localPassC: "-D_XOPEN_SOURCE=700".}
+  {.localPassC: "-lstdc++".}
+elif defined(windows):
+  {.
+    localPassC:
+      "-D_HAS_EXCEPTIONS=0 -DWIN32_LEAN_AND_MEAN -DNOMINMAX -D_CRT_SECURE_NO_WARNINGS"
+  .}
+
+# ----- generated sources -----
+{.compile: "./libs/boringssl/crypto/fipsmodule/bcm.cc".}
+{.compile: "./libs/boringssl/crypto/aes/aes.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_bitstr.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_bool.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_d2i_fp.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_dup.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_gentm.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_i2d_fp.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_int.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_mbstr.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_object.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_octet.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_strex.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_strnid.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_time.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_type.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/a_utctm.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/asn1_lib.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/asn1_par.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/asn_pack.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/f_int.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/f_string.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/posix_time.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/tasn_dec.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/tasn_enc.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/tasn_fre.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/tasn_new.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/tasn_typ.cc".}
+{.compile: "./libs/boringssl/crypto/asn1/tasn_utl.cc".}
+{.compile: "./libs/boringssl/crypto/base64/base64.cc".}
+{.compile: "./libs/boringssl/crypto/bio/bio.cc".}
+{.compile: "./libs/boringssl/crypto/bio/bio_mem.cc".}
+{.compile: "./libs/boringssl/crypto/bio/connect.cc".}
+{.compile: "./libs/boringssl/crypto/bio/errno.cc".}
+{.compile: "./libs/boringssl/crypto/bio/fd.cc".}
+{.compile: "./libs/boringssl/crypto/bio/file.cc".}
+{.compile: "./libs/boringssl/crypto/bio/hexdump.cc".}
+{.compile: "./libs/boringssl/crypto/bio/pair.cc".}
+{.compile: "./libs/boringssl/crypto/bio/printf.cc".}
+{.compile: "./libs/boringssl/crypto/bio/socket.cc".}
+{.compile: "./libs/boringssl/crypto/bio/socket_helper.cc".}
+{.compile: "./libs/boringssl/crypto/blake2/blake2.cc".}
+{.compile: "./libs/boringssl/crypto/bn/bn_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/bn/convert.cc".}
+{.compile: "./libs/boringssl/crypto/bn/div.cc".}
+{.compile: "./libs/boringssl/crypto/bn/exponentiation.cc".}
+{.compile: "./libs/boringssl/crypto/bn/sqrt.cc".}
+{.compile: "./libs/boringssl/crypto/buf/buf.cc".}
+{.compile: "./libs/boringssl/crypto/bytestring/asn1_compat.cc".}
+{.compile: "./libs/boringssl/crypto/bytestring/ber.cc".}
+{.compile: "./libs/boringssl/crypto/bytestring/cbb.cc".}
+{.compile: "./libs/boringssl/crypto/bytestring/cbs.cc".}
+{.compile: "./libs/boringssl/crypto/bytestring/unicode.cc".}
+{.compile: "./libs/boringssl/crypto/chacha/chacha.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/derive_key.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_aesctrhmac.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_aeseax.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_aesgcmsiv.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_chacha20poly1305.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_des.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_null.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_rc2.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_rc4.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/e_tls.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/get_cipher.cc".}
+{.compile: "./libs/boringssl/crypto/cipher/tls_cbc.cc".}
+{.compile: "./libs/boringssl/crypto/cms/cms.cc".}
+{.compile: "./libs/boringssl/crypto/conf/conf.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_aarch64_apple.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_aarch64_fuchsia.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_aarch64_linux.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_aarch64_openbsd.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_aarch64_sysreg.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_aarch64_win.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_arm_freebsd.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_arm_linux.cc".}
+{.compile: "./libs/boringssl/crypto/cpu_intel.cc".}
+{.compile: "./libs/boringssl/crypto/crypto.cc".}
+{.compile: "./libs/boringssl/crypto/curve25519/curve25519.cc".}
+{.compile: "./libs/boringssl/crypto/curve25519/curve25519_64_adx.cc".}
+{.compile: "./libs/boringssl/crypto/curve25519/spake25519.cc".}
+{.compile: "./libs/boringssl/crypto/des/des.cc".}
+{.compile: "./libs/boringssl/crypto/dh/dh_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/dh/params.cc".}
+{.compile: "./libs/boringssl/crypto/digest/digest_extra.cc".}
+{.compile: "./libs/boringssl/crypto/dsa/dsa.cc".}
+{.compile: "./libs/boringssl/crypto/dsa/dsa_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/ec/ec_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/ec/ec_derive.cc".}
+{.compile: "./libs/boringssl/crypto/ec/hash_to_curve.cc".}
+{.compile: "./libs/boringssl/crypto/ecdh/ecdh.cc".}
+{.compile: "./libs/boringssl/crypto/ecdsa/ecdsa_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/ecdsa/ecdsa_p1363.cc".}
+{.compile: "./libs/boringssl/crypto/engine/engine.cc".}
+{.compile: "./libs/boringssl/crypto/err/err.cc".}
+{.compile: "./libs/boringssl/crypto/evp/evp.cc".}
+{.compile: "./libs/boringssl/crypto/evp/evp_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/evp/evp_ctx.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_dh.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_dh_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_dsa_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_ec.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_ec_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_ed25519.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_ed25519_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_hkdf.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_rsa.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_rsa_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_x25519.cc".}
+{.compile: "./libs/boringssl/crypto/evp/p_x25519_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/evp/pbkdf.cc".}
+{.compile: "./libs/boringssl/crypto/evp/print.cc".}
+{.compile: "./libs/boringssl/crypto/evp/scrypt.cc".}
+{.compile: "./libs/boringssl/crypto/evp/sign.cc".}
+{.compile: "./libs/boringssl/crypto/ex_data.cc".}
+{.compile: "./libs/boringssl/crypto/fipsmodule/fips_shared_support.cc".}
+{.compile: "./libs/boringssl/crypto/fuzzer_mode.cc".}
+{.compile: "./libs/boringssl/crypto/hpke/hpke.cc".}
+{.compile: "./libs/boringssl/crypto/hrss/hrss.cc".}
+{.compile: "./libs/boringssl/crypto/kyber/kyber.cc".}
+{.compile: "./libs/boringssl/crypto/lhash/lhash.cc".}
+{.compile: "./libs/boringssl/crypto/md4/md4.cc".}
+{.compile: "./libs/boringssl/crypto/md5/md5.cc".}
+{.compile: "./libs/boringssl/crypto/mem.cc".}
+{.compile: "./libs/boringssl/crypto/mldsa/mldsa.cc".}
+{.compile: "./libs/boringssl/crypto/mlkem/mlkem.cc".}
+{.compile: "./libs/boringssl/crypto/obj/obj.cc".}
+{.compile: "./libs/boringssl/crypto/obj/obj_xref.cc".}
+{.compile: "./libs/boringssl/crypto/pem/pem_all.cc".}
+{.compile: "./libs/boringssl/crypto/pem/pem_info.cc".}
+{.compile: "./libs/boringssl/crypto/pem/pem_lib.cc".}
+{.compile: "./libs/boringssl/crypto/pem/pem_oth.cc".}
+{.compile: "./libs/boringssl/crypto/pem/pem_pk8.cc".}
+{.compile: "./libs/boringssl/crypto/pem/pem_pkey.cc".}
+{.compile: "./libs/boringssl/crypto/pem/pem_x509.cc".}
+{.compile: "./libs/boringssl/crypto/pem/pem_xaux.cc".}
+{.compile: "./libs/boringssl/crypto/pkcs7/pkcs7.cc".}
+{.compile: "./libs/boringssl/crypto/pkcs7/pkcs7_x509.cc".}
+{.compile: "./libs/boringssl/crypto/pkcs8/p5_pbev2.cc".}
+{.compile: "./libs/boringssl/crypto/pkcs8/pkcs8.cc".}
+{.compile: "./libs/boringssl/crypto/pkcs8/pkcs8_x509.cc".}
+{.compile: "./libs/boringssl/crypto/poly1305/poly1305.cc".}
+{.compile: "./libs/boringssl/crypto/poly1305/poly1305_arm.cc".}
+{.compile: "./libs/boringssl/crypto/poly1305/poly1305_vec.cc".}
+{.compile: "./libs/boringssl/crypto/pool/pool.cc".}
+{.compile: "./libs/boringssl/crypto/rand/deterministic.cc".}
+{.compile: "./libs/boringssl/crypto/rand/fork_detect.cc".}
+{.compile: "./libs/boringssl/crypto/rand/forkunsafe.cc".}
+{.compile: "./libs/boringssl/crypto/rand/getentropy.cc".}
+{.compile: "./libs/boringssl/crypto/rand/ios.cc".}
+{.compile: "./libs/boringssl/crypto/rand/passive.cc".}
+{.compile: "./libs/boringssl/crypto/rand/rand.cc".}
+{.compile: "./libs/boringssl/crypto/rand/trusty.cc".}
+{.compile: "./libs/boringssl/crypto/rand/urandom.cc".}
+{.compile: "./libs/boringssl/crypto/rand/windows.cc".}
+{.compile: "./libs/boringssl/crypto/rc4/rc4.cc".}
+{.compile: "./libs/boringssl/crypto/refcount.cc".}
+{.compile: "./libs/boringssl/crypto/rsa/rsa_asn1.cc".}
+{.compile: "./libs/boringssl/crypto/rsa/rsa_crypt.cc".}
+{.compile: "./libs/boringssl/crypto/rsa/rsa_extra.cc".}
+{.compile: "./libs/boringssl/crypto/rsa/rsa_print.cc".}
+{.compile: "./libs/boringssl/crypto/sha/sha1.cc".}
+{.compile: "./libs/boringssl/crypto/sha/sha256.cc".}
+{.compile: "./libs/boringssl/crypto/sha/sha512.cc".}
+{.compile: "./libs/boringssl/crypto/siphash/siphash.cc".}
+{.compile: "./libs/boringssl/crypto/slhdsa/slhdsa.cc".}
+{.compile: "./libs/boringssl/crypto/spake2plus/spake2plus.cc".}
+{.compile: "./libs/boringssl/crypto/stack/stack.cc".}
+{.compile: "./libs/boringssl/crypto/thread.cc".}
+{.compile: "./libs/boringssl/crypto/thread_none.cc".}
+{.compile: "./libs/boringssl/crypto/thread_pthread.cc".}
+{.compile: "./libs/boringssl/crypto/thread_win.cc".}
+{.compile: "./libs/boringssl/crypto/trust_token/pmbtoken.cc".}
+{.compile: "./libs/boringssl/crypto/trust_token/trust_token.cc".}
+{.compile: "./libs/boringssl/crypto/trust_token/voprf.cc".}
+{.compile: "./libs/boringssl/crypto/x509/a_digest.cc".}
+{.compile: "./libs/boringssl/crypto/x509/a_sign.cc".}
+{.compile: "./libs/boringssl/crypto/x509/a_verify.cc".}
+{.compile: "./libs/boringssl/crypto/x509/algorithm.cc".}
+{.compile: "./libs/boringssl/crypto/x509/asn1_gen.cc".}
+{.compile: "./libs/boringssl/crypto/x509/by_dir.cc".}
+{.compile: "./libs/boringssl/crypto/x509/by_file.cc".}
+{.compile: "./libs/boringssl/crypto/x509/i2d_pr.cc".}
+{.compile: "./libs/boringssl/crypto/x509/name_print.cc".}
+{.compile: "./libs/boringssl/crypto/x509/policy.cc".}
+{.compile: "./libs/boringssl/crypto/x509/rsa_pss.cc".}
+{.compile: "./libs/boringssl/crypto/x509/t_crl.cc".}
+{.compile: "./libs/boringssl/crypto/x509/t_req.cc".}
+{.compile: "./libs/boringssl/crypto/x509/t_x509.cc".}
+{.compile: "./libs/boringssl/crypto/x509/t_x509a.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_akey.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_akeya.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_alt.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_bcons.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_bitst.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_conf.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_cpols.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_crld.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_enum.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_extku.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_genn.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_ia5.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_info.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_int.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_lib.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_ncons.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_ocsp.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_pcons.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_pmaps.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_prn.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_purp.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_skey.cc".}
+{.compile: "./libs/boringssl/crypto/x509/v3_utl.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_att.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_cmp.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_d2.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_def.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_ext.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_lu.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_obj.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_req.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_set.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_trs.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_txt.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_v3.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_vfy.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509_vpm.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509cset.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509name.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509rset.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x509spki.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_algor.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_all.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_attrib.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_crl.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_exten.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_name.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_pubkey.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_req.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_sig.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_spki.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_x509.cc".}
+{.compile: "./libs/boringssl/crypto/x509/x_x509a.cc".}
+{.compile: "./libs/boringssl/crypto/xwing/xwing.cc".}
+{.compile: "./libs/boringssl/gen/crypto//err_data.cc".}
+{.compile: "./libs/boringssl/ssl/bio_ssl.cc".}
+{.compile: "./libs/boringssl/ssl/d1_both.cc".}
+{.compile: "./libs/boringssl/ssl/d1_lib.cc".}
+{.compile: "./libs/boringssl/ssl/d1_pkt.cc".}
+{.compile: "./libs/boringssl/ssl/d1_srtp.cc".}
+{.compile: "./libs/boringssl/ssl/dtls_method.cc".}
+{.compile: "./libs/boringssl/ssl/dtls_record.cc".}
+{.compile: "./libs/boringssl/ssl/encrypted_client_hello.cc".}
+{.compile: "./libs/boringssl/ssl/extensions.cc".}
+{.compile: "./libs/boringssl/ssl/handoff.cc".}
+{.compile: "./libs/boringssl/ssl/handshake.cc".}
+{.compile: "./libs/boringssl/ssl/handshake_client.cc".}
+{.compile: "./libs/boringssl/ssl/handshake_server.cc".}
+{.compile: "./libs/boringssl/ssl/s3_both.cc".}
+{.compile: "./libs/boringssl/ssl/s3_lib.cc".}
+{.compile: "./libs/boringssl/ssl/s3_pkt.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_aead_ctx.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_asn1.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_buffer.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_cert.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_cipher.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_credential.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_file.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_key_share.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_lib.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_privkey.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_session.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_stat.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_transcript.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_versions.cc".}
+{.compile: "./libs/boringssl/ssl/ssl_x509.cc".}
+{.compile: "./libs/boringssl/ssl/t1_enc.cc".}
+{.compile: "./libs/boringssl/ssl/tls13_both.cc".}
+{.compile: "./libs/boringssl/ssl/tls13_client.cc".}
+{.compile: "./libs/boringssl/ssl/tls13_enc.cc".}
+{.compile: "./libs/boringssl/ssl/tls13_server.cc".}
+{.compile: "./libs/boringssl/ssl/tls_method.cc".}
+{.compile: "./libs/boringssl/ssl/tls_record.cc".}
+{.compile: "./libs/boringssl/decrepit/x509/x509_decrepit.cc".}

build.sh

@@ -6,25 +6,18 @@ rm -f ngtcp2.nim
 
 # assemble list of C files to be compiled
 toCompile=(
-  "${sources}/picotls/picotlsvs/picotls/wintimeofday.c"
+  # "${sources}/path/to/file.c"
-  "${sources}/picotls/lib/pembase64.c"
-  "${sources}/picotls/lib/hpke.c"
-  "${sources}/picotls/lib/picotls.c"
-  "${sources}/picotls/lib/openssl.c"
 )
 
 for file in `ls "${sources}/ngtcp2/crypto"/*.c`; do
   toCompile+=("$file")
 done
-for file in `ls "${sources}/ngtcp2/crypto/picotls"/*.c`; do
+for file in `ls "${sources}/ngtcp2/crypto/boringssl"/*.c`; do
   toCompile+=("$file")
 done
 for file in `ls "${sources}/ngtcp2/lib"/*.c`; do
   toCompile+=("$file")
 done
-for file in `ls "${root}/build/lib"/*.c`; do
-  toCompile+=("$file")
-done
 
 # futhark is required by generate_ngtcp2.nim
 nimble install futhark@0.15.0

build/lib/cred_buffer.c

@@ -1,140 +0,0 @@
-#include <stddef.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "utils/cred_buffer.h"
-
-#define MIN(a, b) ((a) < (b) ? (a) : (b))
-
-static int cred_buffer_getc(ptls_cred_buffer_t *buf)
-{
-    return PTLS_CRED_BUFFER_LEFT(buf) > 0 ? buf->base[buf->off++] : -1;
-}
-
-static ssize_t fsize(FILE *fp)
-{
-    long sz;
-
-    if (fseek(fp, 0, SEEK_END) == -1 || (sz = ftell(fp)) == -1) {
-        return -1;
-    }
-
-    rewind(fp);
-
-    return (ssize_t) sz;
-}
-
-/* The caller owns 'mem' and must have called ptls_buffer_init prior to
- * invoking this function */
-int ptls_cred_buffer_set_from_file(ptls_cred_buffer_t *buf, const char *fname)
-{
-    FILE *fp = NULL;
-    ssize_t sz;
-    char *m = NULL;
-
-#ifdef _WINDOWS
-    errno_t err = fopen_s(&fp, fname, "r");
-    if (err != 0) {
-        return -1;
-    }
-#else
-    fp = fopen(fname, "r");
-    if (fp == NULL) {
-        return -1;
-    }
-#endif
-
-    if ((sz = fsize(fp)) == -1 ||
-        (m = malloc(sz)) == NULL ||
-        fread(m, sz, 1, fp) != 1) {
-        goto err;
-    }
-
-    (void) fclose(fp);
-
-    buf->base = m;
-    buf->len = sz;
-    buf->off = 0;
-    buf->owns_base = 1;
-
-    return 0;
-err:
-    if (m)
-        free(m);
-    if (fp != NULL)
-      (void) fclose(fp);
-
-    return -1;
-}
-
-int ptls_cred_buffer_set_from_string(ptls_cred_buffer_t *buf, char *s)
-{
-    buf->base = s;
-    buf->len = strlen(s);
-    buf->off = 0;
-    buf->owns_base = 0;
-
-    return 0;
-}
-
-void ptls_cred_buffer_dispose(ptls_cred_buffer_t *buf)
-{
-    if (buf->owns_base) {
-        if (buf->base) {
-            free(buf->base);
-            buf->base = NULL;
-        }
-        buf->len = buf->off = 0;
-        buf->owns_base = 0;
-    }
-
-    return;
-}
-
-void ptls_cred_buffer_rewind(ptls_cred_buffer_t *buf)
-{
-    buf->off = 0;
-    return;
-}
-
-/* z -> nlptr */
-char *ptls_cred_buffer_gets(char *s, int n, ptls_cred_buffer_t *buf)
-{
-    char *p = s;
-    char *z;
-    size_t k;
-    int c;
-
-    if (n-- <= 1) {
-        if (n) return NULL;
-        *s = '\0';
-        return s;
-    }
-
-    while (n) {
-        if (PTLS_CRED_BUFFER_RPOS(buf) != PTLS_CRED_BUFFER_REND(buf)) {
-            z = memchr(PTLS_CRED_BUFFER_RPOS(buf), '\n', PTLS_CRED_BUFFER_LEFT(buf));
-            k = z ? z - PTLS_CRED_BUFFER_RPOS(buf) + 1 : PTLS_CRED_BUFFER_LEFT(buf);
-            k = MIN(k, n);
-            memcpy(p, PTLS_CRED_BUFFER_RPOS(buf), k);
-            buf->off += k;
-            p += k;
-            n -= k;
-            if (z || !n) break;
-        }
-
-        if ((c = cred_buffer_getc(buf)) < 0) {
-            if (p == s || PTLS_CRED_BUFFER_LEFT(buf) > 0) s = NULL;
-            break;
-        }
-
-        n--;
-
-        if ((*p++ = c) == '\n') break;
-    }
-
-    if (s) *p = '\0';
-
-    return s;
-}

build/lib/includes/utils/cred_buffer.h

@@ -1,24 +0,0 @@
-
-#ifndef PTLS_CRED_BUFFER_H
-#define PTLS_CRED_BUFFER_H
-
-#include <stddef.h>
-#include "picotls.h"
-
-typedef struct ptls_cred_buffer_s {
-    char *base;
-    size_t len;
-    size_t off;
-    int owns_base;
-#define PTLS_CRED_BUFFER_RPOS(buf) ((buf)->base + (buf)->off)
-#define PTLS_CRED_BUFFER_REND(buf) ((buf)->base + (buf)->len)
-#define PTLS_CRED_BUFFER_LEFT(buf) ((buf)->len - (buf)->off)
-} ptls_cred_buffer_t;
-
-int ptls_cred_buffer_set_from_file(ptls_cred_buffer_t *buf, const char *fname);
-int ptls_cred_buffer_set_from_string(ptls_cred_buffer_t *buf, char *s);
-void ptls_cred_buffer_dispose(ptls_cred_buffer_t *buf);
-void ptls_cred_buffer_rewind(ptls_cred_buffer_t *buf);
-char *ptls_cred_buffer_gets(char *s, int n, ptls_cred_buffer_t *buf);
-
-#endif  /* !PTLS_CRED_BUFFER_H */

build/lib/includes/utils/pem_utils.h

@@ -1,28 +0,0 @@
-/*
-* Copyright (c) 2017 Christian Huitema <huitema@huitema.net>
-*
-* Permission to use, copy, modify, and distribute this software for any
-* purpose with or without fee is hereby granted, provided that the above
-* copyright notice and this permission notice appear in all copies.
-*
-* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-*/
-
-#ifndef PTLS_PEM_UTILS
-#define PTLS_PEM_UTILS
-
-#include <picotls.h>
-#include <picotls/openssl.h>
-#include "cred_buffer.h"
-
-int ptls_load_certificates_from_memory(ptls_context_t *ctx, ptls_cred_buffer_t *mem);
-
-int ptls_openssl_init_sign_certificate_with_mem_key(ptls_openssl_sign_certificate_t *self, const void *buf, int len);
-
-#endif /* PTLS_PEM_UTILS */

build/lib/pem_utils.c

@@ -1,152 +0,0 @@
-#include <stdlib.h>
-#include <picotls.h>
-#include <picotls/pembase64.h>
-#include "utils/pem_utils.h"
-#include <openssl/pem.h>
-#include <openssl/evp.h>
-#include <openssl/ec.h>
-#include <openssl/err.h>
-
-static int ptls_compare_separator_line(const char *line, const char *begin_or_end, const char *label)
-{
-    int ret = strncmp(line, "-----", 5);
-    size_t text_index = 5;
-
-    if (ret == 0) {
-        size_t begin_or_end_length = strlen(begin_or_end);
-        ret = strncmp(line + text_index, begin_or_end, begin_or_end_length);
-        text_index += begin_or_end_length;
-    }
-
-    if (ret == 0) {
-        ret = line[text_index] - ' ';
-        text_index++;
-    }
-
-    if (ret == 0) {
-        size_t label_length = strlen(label);
-        ret = strncmp(line + text_index, label, label_length);
-        text_index += label_length;
-    }
-
-    if (ret == 0) {
-        ret = strncmp(line + text_index, "-----", 5);
-    }
-
-    return ret;
-}
-
-// Extracted from https://github.com/h2o/picotls/pull/284/
-// Remove both pem.c/h and cred_buffer.c/h once that PR gets merged
-static int ptls_get_pem_object_from_memory(ptls_cred_buffer_t *mem, const char *label, ptls_buffer_t *buf)
-{
-    int ret = PTLS_ERROR_PEM_LABEL_NOT_FOUND;
-    char line[256];
-    ptls_base64_decode_state_t state;
-
-    /* Get the label on a line by itself */
-    while (ptls_cred_buffer_gets(line, 256, mem)) {
-        if (ptls_compare_separator_line(line, "BEGIN", label) == 0) {
-            ret = 0;
-            ptls_base64_decode_init(&state);
-            break;
-        }
-    }
-    /* Get the data in the buffer */
-    while (ret == 0 && ptls_cred_buffer_gets(line, 256, mem)) {
-        if (ptls_compare_separator_line(line, "END", label) == 0) {
-            if (state.status == PTLS_BASE64_DECODE_DONE || (state.status == PTLS_BASE64_DECODE_IN_PROGRESS && state.nbc == 0)) {
-                ret = 0;
-            } else {
-                ret = PTLS_ERROR_INCORRECT_BASE64;
-            }
-            break;
-        } else {
-            ret = ptls_base64_decode(line, &state, buf);
-        }
-    }
-
-    return ret;
-}
-
-
-
-int ptls_load_pem_objects_from_memory(ptls_cred_buffer_t *mem, const char *label, ptls_iovec_t *list, size_t list_max, size_t *nb_objects)
-{
-    int ret = 0;
-    size_t count = 0;
-
-    *nb_objects = 0;
-
-    if (ret == 0) {
-        while (count < list_max) {
-            ptls_buffer_t buf;
-
-            ptls_buffer_init(&buf, "", 0);
-
-            ret = ptls_get_pem_object_from_memory(mem, label, &buf);
-
-            if (ret == 0) {
-                if (buf.off > 0 && buf.is_allocated) {
-                    list[count].base = buf.base;
-                    list[count].len = buf.off;
-                    count++;
-                } else {
-                    ptls_buffer_dispose(&buf);
-                }
-            } else {
-                ptls_buffer_dispose(&buf);
-                break;
-            }
-        }
-    }
-
-    if (ret == PTLS_ERROR_PEM_LABEL_NOT_FOUND && count > 0) {
-        ret = 0;
-    }
-
-    *nb_objects = count;
-
-    return ret;
-}
-
-
-
-#define PTLS_MAX_CERTS_IN_CONTEXT 16
-
-int ptls_load_certificates_from_memory(ptls_context_t *ctx, ptls_cred_buffer_t *mem)
-{
-    int ret = 0;
-
-    ctx->certificates.list = (ptls_iovec_t *)malloc(PTLS_MAX_CERTS_IN_CONTEXT * sizeof(ptls_iovec_t));
-
-    if (ctx->certificates.list == NULL) {
-        ret = PTLS_ERROR_NO_MEMORY;
-    } else {
-        ret = ptls_load_pem_objects_from_memory(mem, "CERTIFICATE", ctx->certificates.list, PTLS_MAX_CERTS_IN_CONTEXT,
-                                    &ctx->certificates.count);
-    }
-
-    return ret;
-}
-
-
-int ptls_openssl_init_sign_certificate_with_mem_key(ptls_openssl_sign_certificate_t *self, const void *buf, int len) {   
-    BIO *bio = BIO_new_mem_buf(buf, len);
-    if (bio == NULL) {
-        return 8880;
-    }
-
-    EVP_PKEY *evp_key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
-    BIO_free(bio);
-    if (evp_key == NULL) {
-        return 8881;
-    }
-
-    // Initialize the certificate signing structure
-    int ret = ptls_openssl_init_sign_certificate(self, evp_key);
-
-    EVP_PKEY_free(evp_key);
-
-    return ret;
-}

config.nims

@@ -1,5 +1,11 @@
---styleCheck:usages
+when not defined(windows):
-if (NimMajor, NimMinor) < (1, 6):
+  # use the C++ linker profile because it's a C++ library
-  --styleCheck:hint
+  when defined(macosx):
-else:
+    switch("clang.linkerexe", "clang++")
-  --styleCheck:error
+  else:
+    switch("gcc.linkerexe", "g++")
+
+--styleCheck:
+  usages
+--styleCheck:
+  error

diff1

@@ -0,0 +1,67 @@
+diff --git a/crypto/x509/x509name.cc b/crypto/x509/x509name.cc
+index 72c88834b..97966b518 100644
+--- a/crypto/x509/x509name.cc
++++ b/crypto/x509/x509name.cc
+@@ -21,7 +21,7 @@
+ #include <openssl/obj.h>
+ #include <openssl/stack.h>
+ #include <openssl/x509.h>
+-
++#include <iostream>
+ #include "../internal.h"
+ #include "internal.h"
+ 
+@@ -182,12 +182,17 @@ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                                const unsigned char *bytes, ossl_ssize_t len,
+                                int loc, int set) {
+-  X509_NAME_ENTRY *ne =
++    std::cout << "HERE" << std::endl;
++
++          X509_NAME_ENTRY *ne =
+       X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
+   if (!ne) {
++    std::cout << "FAIL1" << std::endl;
+     return 0;
+   }
+   int ret = X509_NAME_add_entry(name, ne, loc, set);
++  std::cout << "THE RET2: " << ret << std::endl;
++
+   X509_NAME_ENTRY_free(ne);
+   return ret;
+ }
+@@ -197,11 +202,13 @@ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *entry, int loc,
+                         int set) {
+   if (name == nullptr) {
++        std::cout << "FAIL3" << std::endl;
+     return 0;
+   }
+   if (name->entries == nullptr) {
+     name->entries = sk_X509_NAME_ENTRY_new_null();
+     if (name->entries == nullptr) {
++          std::cout << "FAIL4" << std::endl;
+       return 0;
+     }
+   }
+@@ -238,10 +245,12 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *entry, int loc,
+ 
+   bssl::UniquePtr<X509_NAME_ENTRY> new_entry(X509_NAME_ENTRY_dup(entry));
+   if (new_entry == nullptr) {
++        std::cout << "FAIL5" << std::endl;
+     return 0;
+   }
+   new_entry->set = set;
+   if (!sk_X509_NAME_ENTRY_insert(sk, new_entry.get(), loc)) {
++        std::cout << "FAIL6" << std::endl;
+     return 0;
+   }
+   new_entry.release(); // |sk| took ownership.
+@@ -263,6 +272,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+ 
+   obj = OBJ_txt2obj(field, 0);
+   if (obj == NULL) {
++        std::cout << "FAIL2" << std::endl;
+     OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_NAME);
+     ERR_add_error_data(2, "name=", field);
+     return NULL;

extras.nim

@@ -1,14 +1,80 @@
-type
+when defined(ngtcp2_enable_quictls):
-  ptls_handshake_properties_t_anon0_t* = struct_st_ptls_handshake_properties_t_anon0_t
+  # OpenSSL/QuicTLS crypto support
-  ptls_handshake_properties_t_anon0_t_client_t* =
+  # OpenSSL/QuicTLS type definitions
-    struct_st_ptls_handshake_properties_t_anon0_t_client_t
+  type
-  ptls_handshake_properties_t_anon0_t_client_t_negotiated_protocols_t* =
+    SSL_CTX* = pointer
-    struct_st_ptls_handshake_properties_t_anon0_t_client_t_negotiated_protocols_t
+    OSSL_ENCRYPTION_LEVEL* = enum
-  ptls_handshake_properties_t_anon0_t_client_t_ech_t* =
+      OSSL_ENCRYPTION_LEVEL_INITIAL = 0
-    struct_st_ptls_handshake_properties_t_anon0_t_client_t_ech_t
+      OSSL_ENCRYPTION_LEVEL_EARLY_DATA = 1
-  ptls_handshake_properties_t_anon0_t_server_t* =
+      OSSL_ENCRYPTION_LEVEL_HANDSHAKE = 2
-    struct_st_ptls_handshake_properties_t_anon0_t_server_t
+      OSSL_ENCRYPTION_LEVEL_APPLICATION = 3
-  ptls_handshake_properties_t_anon0_t_server_t_selected_psk_binder_t* =
+
-    struct_st_ptls_handshake_properties_t_anon0_t_server_t_selected_psk_binder_t
+  # ngtcp2_crypto_quictls error constants
-  ptls_handshake_properties_t_anon0_t_server_t_cookie_t* =
+  const
-    struct_st_ptls_handshake_properties_t_anon0_t_server_t_cookie_t
+    NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_X509_LOOKUP* = -10001
+    NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_CLIENT_HELLO_CB* = -10002
+
+  # ngtcp2_crypto_quictls function bindings
+  when not declared(ngtcp2_crypto_quictls_init):
+    proc ngtcp2_crypto_quictls_init*(): cint {.
+      cdecl, importc: "ngtcp2_crypto_quictls_init"
+    .}
+
+  else:
+    static:
+      hint(
+        "Declaration of " & "ngtcp2_crypto_quictls_init" &
+          " already exists, not redeclaring"
+      )
+
+  when not declared(ngtcp2_crypto_quictls_from_ossl_encryption_level):
+    proc ngtcp2_crypto_quictls_from_ossl_encryption_level*(
+      ossl_level: OSSL_ENCRYPTION_LEVEL
+    ): ngtcp2_encryption_level_553648745 {.
+      cdecl, importc: "ngtcp2_crypto_quictls_from_ossl_encryption_level"
+    .}
+
+  else:
+    static:
+      hint(
+        "Declaration of " & "ngtcp2_crypto_quictls_from_ossl_encryption_level" &
+          " already exists, not redeclaring"
+      )
+
+  when not declared(ngtcp2_crypto_quictls_from_ngtcp2_encryption_level):
+    proc ngtcp2_crypto_quictls_from_ngtcp2_encryption_level*(
+      encryption_level: ngtcp2_encryption_level_553648745
+    ): OSSL_ENCRYPTION_LEVEL {.
+      cdecl, importc: "ngtcp2_crypto_quictls_from_ngtcp2_encryption_level"
+    .}
+
+  else:
+    static:
+      hint(
+        "Declaration of " & "ngtcp2_crypto_quictls_from_ngtcp2_encryption_level" &
+          " already exists, not redeclaring"
+      )
+
+  when not declared(ngtcp2_crypto_quictls_configure_server_context):
+    proc ngtcp2_crypto_quictls_configure_server_context*(
+      ssl_ctx: SSL_CTX
+    ): cint {.cdecl, importc: "ngtcp2_crypto_quictls_configure_server_context".}
+
+  else:
+    static:
+      hint(
+        "Declaration of " & "ngtcp2_crypto_quictls_configure_server_context" &
+          " already exists, not redeclaring"
+      )
+
+  when not declared(ngtcp2_crypto_quictls_configure_client_context):
+    proc ngtcp2_crypto_quictls_configure_client_context*(
+      ssl_ctx: SSL_CTX
+    ): cint {.cdecl, importc: "ngtcp2_crypto_quictls_configure_client_context".}
+
+  else:
+    static:
+      hint(
+        "Declaration of " & "ngtcp2_crypto_quictls_configure_client_context" &
+          " already exists, not redeclaring"
+      )

generate_ngtcp2.nim

@@ -1,16 +1,15 @@
-import futhark, strformat
+import futhark
 from os import parentDir, `/`
 
 importc:
-    outputPath currentSourcePath.parentDir / "tmp_ngtcp2.nim"
+  outputPath currentSourcePath.parentDir / "tmp_ngtcp2.nim"
-    path currentSourcePath.parentDir/"libs/ngtcp2/lib/includes"
+  path currentSourcePath.parentDir / "libs/ngtcp2/lib/includes"
-    path currentSourcePath.parentDir/"build/lib/includes"
+  path currentSourcePath.parentDir / "build/lib/includes"
-    path currentSourcePath.parentDir/"libs/ngtcp2/crypto/includes/"
+  path currentSourcePath.parentDir / "libs/ngtcp2/crypto/includes"
-    path currentSourcePath.parentDir/"libs"/"picotls"/"include"
+  path currentSourcePath.parentDir / "libs/boringssl/include"
-    "ngtcp2/ngtcp2.h"
+  rename FILE, CFile # Rename `FILE` that STB uses to `CFile` which is the Nim equivalent
-    "ngtcp2/ngtcp2_crypto.h"
+  "ngtcp2/ngtcp2.h"
-    "picotls.h"
+  "ngtcp2/ngtcp2_crypto.h"
-    "picotls/openssl.h"
+  "ngtcp2/ngtcp2_crypto_boringssl.h"
-    "ngtcp2/ngtcp2_crypto_picotls.h"
+  "openssl/rand.h"
-    "utils/cred_buffer.h"
+  "openssl/asn1.h"
-    "utils/pem_utils.h"

ngtcp2.nimble

@@ -1,9 +1,19 @@
 packageName = "ngtcp2"
-version = "0.36.1"
+version = "0.39.0"
 author = "Status Research & Development GmbH"
 description = "Nim wrapper around the ngtcp2 library"
 license = "MIT"
 installDirs = @["libs", "build"]
-installFiles = @["ngtcp2.nim"]
+installFiles = @["ngtcp2.nim", "boringssl.nim"]
 
-requires "nim >= 1.6.0"
+requires "nim >= 2.0.0"
+
+task format, "Format nim code using nph":
+  exec "nimble install nph"
+  exec "nph ."
+
+task test, "Run tests":
+  when defined(windows):
+    exec "nim cpp -d:nimDebugDlOpen -r --threads:on tests/testNgtcp2.nim"
+  else:
+    exec "nim cpp -r --threads:on tests/testNgtcp2.nim"

prelude.nim

@@ -1,9 +1,12 @@
 import os
-import strformat
+import strformat, strutils
+import ./boringssl
 
 # Socket definitions
 import nativesockets
 
+type ptrdiff_t* {.importc: "ptrdiff_t", header: "<stddef.h>".} = int
+
 {.passc: "-DNGTCP2_STATICLIB".}
 
 when defined(windows):
@@ -13,23 +16,22 @@ when defined(windows):
 else:
   {.passc: "-DHAVE_UNISTD_H".}
 
-when defined(macosx):
-  {.passl: "-L/opt/homebrew/opt/openssl@3/lib -lcrypto".}
-  {.passc: "-I/opt/homebrew/opt/openssl@3/include".}
-else:
-  {.passl: "-lcrypto".}
-
 const root = currentSourcePath.parentDir
-const libIncludes          = root/"build"/"lib"/"includes"
+const libIncludes = root / "build/lib/includes"
-const ngtcp2Crypto         = root/"libs"/"ngtcp2"/"crypto"
+const ngtcp2Crypto = root / "libs/ngtcp2/crypto"
-const ngtcp2CryptoIncludes = root/"libs"/"ngtcp2"/"crypto"/"includes"
+const ngtcp2CryptoIncludes = root / "libs/ngtcp2/crypto/includes"
-const ngtcp2Lib            = root/"libs"/"ngtcp2"/"lib"
+const ngtcp2Lib = root / "libs/ngtcp2/lib"
-const ngtcp2LibIncludes    = root/"libs"/"ngtcp2"/"lib"/"includes"
+const ngtcp2LibIncludes = root / "libs/ngtcp2/lib/includes"
-const picotlsInclude       = root/"libs"/"picotls"/"include"
+const boringsslInclude = root / "libs/boringssl/include"
 
 {.passc: fmt"-I{libIncludes}".}
 {.passc: fmt"-I{ngtcp2Crypto}".}
 {.passc: fmt"-I{ngtcp2CryptoIncludes}".}
 {.passc: fmt"-I{ngtcp2Lib}".}
 {.passc: fmt"-I{ngtcp2LibIncludes}".}
-{.passc: fmt"-I{picotlsInclude}".}
+{.passc: fmt"-I{boringsslInclude}".}
+
+when defined(ngtcp2_enable_quictls):
+  # QuicTLS/OpenSSL crypto support
+  {.passc: "-DNGTCP2_CRYPTO_QUICTLS".}
+  {.passc: "-I/usr/include/openssl".}

tests/testNgtcp2.nim

@@ -7,15 +7,30 @@ test "default settings":
   check settings.max_tx_udp_payload_size > 0
 
   var transport_params: ngtcp2_transport_params
-  ngtcp2_transport_params_default_versioned(NGTCP2_TRANSPORT_PARAMS_V1, addr transport_params)
+  ngtcp2_transport_params_default_versioned(
+    NGTCP2_TRANSPORT_PARAMS_V1, addr transport_params
+  )
   check transport_params.active_connection_id_limit > 0
 
-test "ptls_instantiation":
+test "BoringSSL bindings":
-  var ctx: ptls_context_t
+  let
-  ctx.random_bytes = ptls_openssl_random_bytes
+    clientMethod = TLS_client_method()
-  ctx.get_time = addr ptls_get_time
+    ssl_ctx = SSL_CTX_new(clientMethod)
-  ctx.key_exchanges =  cast[ptr ptr ptls_key_exchange_algorithm_t](addr ptls_openssl_key_exchanges[0])
+    ssl = SSL_new(ssl_ctx)
-  ctx.cipher_suites = cast[ptr ptr ptls_cipher_suite_t](ptls_openssl_cipher_suites[0])
+
-  
+  check ssl != nil
-  var tls: ptr ptls_t = ptls_client_new(addr ctx);
+
-  check tls != nil
+when defined(ngtcp2_enable_quictls):
+  test "QuicTLS bindings":
+    # Test error constants
+    check NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_X509_LOOKUP == -10001
+    check NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_CLIENT_HELLO_CB == -10002
+
+    # Test OSSL_ENCRYPTION_LEVEL enum values
+    check ord(OSSL_ENCRYPTION_LEVEL_INITIAL) == 0
+    check ord(OSSL_ENCRYPTION_LEVEL_EARLY_DATA) == 1
+    check ord(OSSL_ENCRYPTION_LEVEL_HANDSHAKE) == 2
+    check ord(OSSL_ENCRYPTION_LEVEL_APPLICATION) == 3
+
+    # Test that SSL_CTX type is properly defined as pointer
+    check sizeof(SSL_CTX) == sizeof(pointer)