[DNM] adjustments to ffi calls to match updates to openssl api

async_ssl.opam

@@ -1,6 +1,6 @@
 opam-version: "2.0"
-version: "v0.14.0"
-maintainer: "opensource@janestreet.com"
+version: "v0.14.0-o1labs"
+maintainer: "leon@o1labs.org"
 authors: ["Jane Street Group, LLC <opensource@janestreet.com>"]
 homepage: "https://github.com/janestreet/async_ssl"
 bug-reports: "https://github.com/janestreet/async_ssl/issues"

bindings/dune

@@ -16,6 +16,6 @@
   (:standard (:include openssl-ccopt.sexp) \ -Werror -pedantic -Wall
    -Wunused))
  (c_library_flags :standard (:include openssl-cclib.sexp))
- (libraries ctypes.stubs ctypes ctypes.foreign.threaded base)
+ (libraries ctypes.stubs ctypes ctypes.foreign base)
  (virtual_deps conf-openssl) (preprocessor_deps config.h)
  (preprocess (pps ppx_jane)))

bindings/ffi_bindings.ml

@@ -40,8 +40,6 @@ module Dh = Voidp (struct
 module Progress_callback =
   (val Foreign.dynamic_funptr Ctypes.(int @-> int @-> ptr void @-> returning void))
 
-module Tmp_dh_callback =
-  (val Foreign.dynamic_funptr Ctypes.(Ssl.t @-> bool @-> int @-> returning Dh.t))
 
 module Tmp_rsa_callback =
   (val Foreign.dynamic_funptr Ctypes.(Ssl.t @-> bool @-> int @-> returning Rsa.t))
@@ -220,10 +218,6 @@ module Bindings (F : Cstubs.FOREIGN) = struct
       foreign "ENGINE_load_builtin_engines" Ctypes.(void @-> returning void)
     ;;
 
-    let unregister_RAND =
-      foreign "ENGINE_unregister_RAND" Ctypes.(void @-> returning void)
-    ;;
-
     let register_all_complete =
       foreign "ENGINE_register_all_complete" Ctypes.(void @-> returning void)
     ;;
@@ -492,14 +486,6 @@ module Bindings (F : Cstubs.FOREIGN) = struct
       foreign "SSL_get_cipher_list" Ctypes.(t @-> int @-> returning string_opt)
     ;;
 
-    module Tmp_dh_callback = Tmp_dh_callback
-
-    let set_tmp_dh_callback =
-      foreign
-        "SSL_set_tmp_dh_callback"
-        Ctypes.(t @-> Tmp_dh_callback.t @-> returning void)
-    ;;
-
     let set_tmp_ecdh =
       foreign "SSL_set_tmp_ecdh" Ctypes.(t @-> Ec_key.t @-> returning void)
     ;;

src/ffi__library_must_be_initialized.ml

@@ -560,9 +560,6 @@ module Ssl = struct
     | n -> failwithf "OpenSSL bug: SSL_set_cipher_list returned %d" n ()
   ;;
 
-  module Tmp_dh_callback = Bindings.Ssl.Tmp_dh_callback
-
-  let set_tmp_dh_callback = Bindings.Ssl.set_tmp_dh_callback
   let set_tmp_ecdh = Bindings.Ssl.set_tmp_ecdh
 
   module Tmp_rsa_callback = Bindings.Ssl.Tmp_rsa_callback

src/ffi__library_must_be_initialized.mli

@@ -230,9 +230,6 @@ module Ssl : sig
 
   val set_cipher_list_exn : t -> string list -> unit
 
-  module Tmp_dh_callback : Foreign.Funptr with type fn = t -> bool -> int -> Dh.t
-
-  val set_tmp_dh_callback : t -> Tmp_dh_callback.t -> unit
   val set_tmp_ecdh : t -> Ec_key.t -> unit
 
   module Tmp_rsa_callback : Foreign.Funptr with type fn = t -> bool -> int -> Rsa.t

src/initialize.ml

@@ -23,8 +23,6 @@ let initialize () =
     Bindings.openssl_config None;
     (* Make hardware accelaration available *)
     Bindings.Engine.load_builtin_engines ();
-    (* But unload RAND because RDRAND is suspected to have been compromised *)
-    Bindings.Engine.unregister_RAND ();
     (* Finish engine registration *)
     Bindings.Engine.register_all_complete ();
     (* SSL_library_init() initializes the SSL algorithms.

src/ssl.ml

@@ -81,19 +81,8 @@ module Connection = struct
        Ffi.Ec_key.new_by_curve_name curve)
   ;;
 
-  let tmp_dh_callback =
-    lazy
-      (* To ensure that the underlying libffi closure is not released pre-maturely
-         we create (and never free) a [Foreign.dynamic_funptr] here.
-         This does not leak as only 2 callbacks are ever defined. *)
-      (let (module Ffi) = force ffi in
-       Ffi.Ssl.Tmp_dh_callback.of_fun (fun _t _is_export key_length ->
-         Rfc3526.modp key_length))
-  ;;
-
   let tmp_rsa_callback =
     lazy
-      (* Like [tmp_dh_callback]. *)
       (let (module Ffi) = force ffi in
        Ffi.Ssl.Tmp_rsa_callback.of_fun (fun _t _is_export key_length ->
          tmp_rsa key_length))
@@ -131,7 +120,6 @@ module Connection = struct
      | `Openssl_default -> ()
      | `Secure -> Ffi.Ssl.set_cipher_list_exn ssl secure_ciphers
      | `Only allowed_ciphers -> Ffi.Ssl.set_cipher_list_exn ssl allowed_ciphers);
-    Ffi.Ssl.set_tmp_dh_callback ssl (force tmp_dh_callback);
     Ffi.Ssl.set_tmp_ecdh ssl (force tmp_ecdh);
     (* Ffi.Ssl.set_tmp_rsa_callback ssl (force tmp_rsa_callback); *)
     Ffi.Ssl.set_bio ssl ~input:rbio ~output:wbio;

stubgen/ffi_stubgen.ml

@@ -7,6 +7,7 @@ let prologue =
    #include <openssl/ssl.h>\n\
    #include <openssl/err.h>\n\
    #include <openssl/conf.h>\n\n\
+   #include <openssl/engine.h>\n\n\
    #include \"../bindings/openssl_helpers.h\"\n"
 ;;