From 83b5f0e801bceffa657773c29ff371765de8c04a Mon Sep 17 00:00:00 2001 From: Florian Date: Sun, 25 Jun 2023 02:07:00 +0200 Subject: [PATCH 1/2] Adjustments to ffi calls to match updates to openssl api. 1. Deleted tmp_dh_callback references, since the interface no longer matches. This backports changes made in `async_ssl.v0.18.0`. 2. Deleted references to `ENGINE_unregister_RAND`, since it doesn't exist in newer versions of `openssl` anymore Co-authored-by: Leon --- bindings/dune | 2 +- bindings/ffi_bindings.ml | 14 -------------- src/ffi__library_must_be_initialized.ml | 3 --- src/ffi__library_must_be_initialized.mli | 3 --- src/initialize.ml | 2 -- src/ssl.ml | 12 ------------ stubgen/ffi_stubgen.ml | 1 + 7 files changed, 2 insertions(+), 35 deletions(-) diff --git a/bindings/dune b/bindings/dune index 2a12111..be7cd63 100644 --- a/bindings/dune +++ b/bindings/dune @@ -16,6 +16,6 @@ (:standard (:include openssl-ccopt.sexp) \ -Werror -pedantic -Wall -Wunused)) (c_library_flags :standard (:include openssl-cclib.sexp)) - (libraries ctypes.stubs ctypes ctypes.foreign.threaded base) + (libraries ctypes.stubs ctypes ctypes.foreign base) (virtual_deps conf-openssl) (preprocessor_deps config.h) (preprocess (pps ppx_jane))) \ No newline at end of file diff --git a/bindings/ffi_bindings.ml b/bindings/ffi_bindings.ml index 7d8b2e1..38b4105 100644 --- a/bindings/ffi_bindings.ml +++ b/bindings/ffi_bindings.ml @@ -40,8 +40,6 @@ module Dh = Voidp (struct module Progress_callback = (val Foreign.dynamic_funptr Ctypes.(int @-> int @-> ptr void @-> returning void)) -module Tmp_dh_callback = - (val Foreign.dynamic_funptr Ctypes.(Ssl.t @-> bool @-> int @-> returning Dh.t)) module Tmp_rsa_callback = (val Foreign.dynamic_funptr Ctypes.(Ssl.t @-> bool @-> int @-> returning Rsa.t)) @@ -220,10 +218,6 @@ module Bindings (F : Cstubs.FOREIGN) = struct foreign "ENGINE_load_builtin_engines" Ctypes.(void @-> returning void) ;; - let unregister_RAND = - foreign "ENGINE_unregister_RAND" Ctypes.(void @-> returning void) - ;; - let register_all_complete = foreign "ENGINE_register_all_complete" Ctypes.(void @-> returning void) ;; @@ -492,14 +486,6 @@ module Bindings (F : Cstubs.FOREIGN) = struct foreign "SSL_get_cipher_list" Ctypes.(t @-> int @-> returning string_opt) ;; - module Tmp_dh_callback = Tmp_dh_callback - - let set_tmp_dh_callback = - foreign - "SSL_set_tmp_dh_callback" - Ctypes.(t @-> Tmp_dh_callback.t @-> returning void) - ;; - let set_tmp_ecdh = foreign "SSL_set_tmp_ecdh" Ctypes.(t @-> Ec_key.t @-> returning void) ;; diff --git a/src/ffi__library_must_be_initialized.ml b/src/ffi__library_must_be_initialized.ml index 6fbdfee..070b248 100644 --- a/src/ffi__library_must_be_initialized.ml +++ b/src/ffi__library_must_be_initialized.ml @@ -560,9 +560,6 @@ module Ssl = struct | n -> failwithf "OpenSSL bug: SSL_set_cipher_list returned %d" n () ;; - module Tmp_dh_callback = Bindings.Ssl.Tmp_dh_callback - - let set_tmp_dh_callback = Bindings.Ssl.set_tmp_dh_callback let set_tmp_ecdh = Bindings.Ssl.set_tmp_ecdh module Tmp_rsa_callback = Bindings.Ssl.Tmp_rsa_callback diff --git a/src/ffi__library_must_be_initialized.mli b/src/ffi__library_must_be_initialized.mli index 77400c3..ac3f844 100644 --- a/src/ffi__library_must_be_initialized.mli +++ b/src/ffi__library_must_be_initialized.mli @@ -230,9 +230,6 @@ module Ssl : sig val set_cipher_list_exn : t -> string list -> unit - module Tmp_dh_callback : Foreign.Funptr with type fn = t -> bool -> int -> Dh.t - - val set_tmp_dh_callback : t -> Tmp_dh_callback.t -> unit val set_tmp_ecdh : t -> Ec_key.t -> unit module Tmp_rsa_callback : Foreign.Funptr with type fn = t -> bool -> int -> Rsa.t diff --git a/src/initialize.ml b/src/initialize.ml index 3901701..578ada0 100644 --- a/src/initialize.ml +++ b/src/initialize.ml @@ -23,8 +23,6 @@ let initialize () = Bindings.openssl_config None; (* Make hardware accelaration available *) Bindings.Engine.load_builtin_engines (); - (* But unload RAND because RDRAND is suspected to have been compromised *) - Bindings.Engine.unregister_RAND (); (* Finish engine registration *) Bindings.Engine.register_all_complete (); (* SSL_library_init() initializes the SSL algorithms. diff --git a/src/ssl.ml b/src/ssl.ml index 6ac9ef4..743e6ba 100644 --- a/src/ssl.ml +++ b/src/ssl.ml @@ -81,19 +81,8 @@ module Connection = struct Ffi.Ec_key.new_by_curve_name curve) ;; - let tmp_dh_callback = - lazy - (* To ensure that the underlying libffi closure is not released pre-maturely - we create (and never free) a [Foreign.dynamic_funptr] here. - This does not leak as only 2 callbacks are ever defined. *) - (let (module Ffi) = force ffi in - Ffi.Ssl.Tmp_dh_callback.of_fun (fun _t _is_export key_length -> - Rfc3526.modp key_length)) - ;; - let tmp_rsa_callback = lazy - (* Like [tmp_dh_callback]. *) (let (module Ffi) = force ffi in Ffi.Ssl.Tmp_rsa_callback.of_fun (fun _t _is_export key_length -> tmp_rsa key_length)) @@ -131,7 +120,6 @@ module Connection = struct | `Openssl_default -> () | `Secure -> Ffi.Ssl.set_cipher_list_exn ssl secure_ciphers | `Only allowed_ciphers -> Ffi.Ssl.set_cipher_list_exn ssl allowed_ciphers); - Ffi.Ssl.set_tmp_dh_callback ssl (force tmp_dh_callback); Ffi.Ssl.set_tmp_ecdh ssl (force tmp_ecdh); (* Ffi.Ssl.set_tmp_rsa_callback ssl (force tmp_rsa_callback); *) Ffi.Ssl.set_bio ssl ~input:rbio ~output:wbio; diff --git a/stubgen/ffi_stubgen.ml b/stubgen/ffi_stubgen.ml index a8739ed..c8db2b6 100644 --- a/stubgen/ffi_stubgen.ml +++ b/stubgen/ffi_stubgen.ml @@ -7,6 +7,7 @@ let prologue = #include \n\ #include \n\ #include \n\n\ + #include \n\n\ #include \"../bindings/openssl_helpers.h\"\n" ;; From 036902ff61b84b8c589ee09cd5c16fd5f7c35de6 Mon Sep 17 00:00:00 2001 From: leon chou Date: Wed, 24 Sep 2025 08:54:38 -0400 Subject: [PATCH 2/2] v0.14-o1labs --- async_ssl.opam | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/async_ssl.opam b/async_ssl.opam index ff9509a..49b7e23 100644 --- a/async_ssl.opam +++ b/async_ssl.opam @@ -1,6 +1,6 @@ opam-version: "2.0" -version: "v0.14.0" -maintainer: "opensource@janestreet.com" +version: "v0.14.0-o1labs" +maintainer: "leon@o1labs.org" authors: ["Jane Street Group, LLC "] homepage: "https://github.com/janestreet/async_ssl" bug-reports: "https://github.com/janestreet/async_ssl/issues"