Merge branch 'master' into patch-1

.github/workflows/build.yml

@@ -35,7 +35,10 @@ jobs:
       run: opam install .
     - name: Build and test
       if: ${{ matrix.setup.runtest }}
-      run: opam install -t .
+      run: |
+        opam install -t .
+        eval $(opam env)
+        dune build @github_action_tests
 
   nix-build:
     runs-on: ${{ matrix.setup.os }}

CHANGES.md

@@ -1,3 +1,8 @@
+Unreleased
+=====
+
+-  Fix naked pointer in cipher function (#144)
+
 0.7.0 (2023-07-12)
 =====
 

dune-project

@@ -1,11 +1,12 @@
 (lang dune 2.7)
 
 (name ssl)
+(version 0.7.0)
 
 (generate_opam_files true)
 
 (source
- (github melange-re/melange))
+ (github savonet/ocaml-ssl))
 
 (maintainers "Antonio Monteiro <[email protected]>")
 
@@ -23,6 +24,7 @@
  (depends
   (ocaml
    (>= "4.03.0"))
+  (ocaml (and :with_test (>= "4.08.0")))
   dune-configurator
   conf-libssl
   (alcotest :with-test)

nix/default.nix

@@ -25,4 +25,7 @@ buildDunePackage {
   checkInputs = [ alcotest ];
 
   inherit doCheck;
+  checkPhase = ''
+    dune build -p ssl @runtest @github_action_tests ''${enableParallelBuilding:+-j $NIX_BUILD_CORES}
+  '';
 }

src/ssl_stubs.c

@@ -1074,20 +1074,29 @@ CAMLprim value ocaml_ssl_version(value socket) {
 CAMLprim value ocaml_ssl_get_current_cipher(value socket) {
   CAMLparam1(socket);
   SSL *ssl = SSL_val(socket);
-
   caml_release_runtime_system();
   SSL_CIPHER *cipher = (SSL_CIPHER *)SSL_get_current_cipher(ssl);
   caml_acquire_runtime_system();
   if (!cipher)
     caml_raise_constant(*caml_named_value("ssl_exn_cipher_error"));
-
+#if defined(NO_NAKED_POINTERS) || defined(NAKED_POINTERS_CHECKER)
+  value vcipher = caml_alloc_shr(1, Abstract_tag);
+  *((SSL_CIPHER **) Data_abstract_val(vcipher)) = cipher;
+  CAMLreturn(vcipher);
+#else
   CAMLreturn((value)cipher);
+#endif
 }
 
 CAMLprim value ocaml_ssl_get_cipher_description(value vcipher) {
   CAMLparam1(vcipher);
   char buf[1024];
+
+#if defined(NO_NAKED_POINTERS) || defined(NAKED_POINTERS_CHECKER)
+  SSL_CIPHER *cipher = *((SSL_CIPHER **) Data_abstract_val(vcipher));
+#else
   SSL_CIPHER *cipher = (SSL_CIPHER *)vcipher;
+#endif
 
   caml_release_runtime_system();
   SSL_CIPHER_description(cipher, buf, 1024);
@@ -1099,7 +1108,12 @@ CAMLprim value ocaml_ssl_get_cipher_description(value vcipher) {
 CAMLprim value ocaml_ssl_get_cipher_name(value vcipher) {
   CAMLparam1(vcipher);
   const char *name;
+
+#if defined(NO_NAKED_POINTERS) || defined(NAKED_POINTERS_CHECKER)
+  SSL_CIPHER *cipher = *((SSL_CIPHER **) Data_abstract_val(vcipher));
+#else
   SSL_CIPHER *cipher = (SSL_CIPHER *)vcipher;
+#endif
 
   caml_release_runtime_system();
   name = SSL_CIPHER_get_name(cipher);
@@ -1111,7 +1125,12 @@ CAMLprim value ocaml_ssl_get_cipher_name(value vcipher) {
 CAMLprim value ocaml_ssl_get_cipher_version(value vcipher) {
   CAMLparam1(vcipher);
   const char *version;
+
+#if defined(NO_NAKED_POINTERS) || defined(NAKED_POINTERS_CHECKER)
+  SSL_CIPHER *cipher = *((SSL_CIPHER **) Data_abstract_val(vcipher));
+#else
   SSL_CIPHER *cipher = (SSL_CIPHER *)vcipher;
+#endif
 
   caml_release_runtime_system();
   version = SSL_CIPHER_get_version(cipher);

ssl.opam

@@ -9,7 +9,8 @@ homepage: "https://github.com/savonet/ocaml-ssl"
 bug-reports: "https://github.com/savonet/ocaml-ssl/issues"
 depends: [
   "dune" {>= "2.7"}
-  "ocaml" {>= "4.05.0"}
+  "ocaml" {>= "4.03.0"}
+  "ocaml" {with_test & >= "4.08.0"}
   "dune-configurator"
   "conf-libssl"
   "alcotest" {with-test}
@@ -30,4 +31,4 @@ build: [
     "@doc" {with-doc}
   ]
 ]
-dev-repo: "git+https://github.com/melange-re/melange.git"
+dev-repo: "git+https://github.com/savonet/ocaml-ssl.git"

tests/dune

@@ -1,3 +1,8 @@
+(alias
+ (name github_action_tests)
+ (deps
+  (alias_rec runtest)))
+
 (library
  (name util)
  (modules util)
@@ -14,6 +19,16 @@
  (modules ssl_comm)
  (libraries ssl alcotest))
 
+(executable
+ (name ssl_version)
+ (modules ssl_version)
+ (libraries ssl alcotest))
+
+(rule
+ (alias github_action_tests)
+ (action
+  (run ./ssl_version.exe)))
+
 (test
  (name ssl_context)
  (modules ssl_context)

tests/ssl_comm.ml

@@ -25,23 +25,11 @@ let test_error_queue () =
     check string "Library string" "SSL routines" (Option.get err.lib);
     check string "Reason string" "system lib" (Option.get err.reason)
 
-let test_version () =
-  let ch = Unix.open_process_in "openssl version" in
-  let m, n, p =
-    Scanf.(bscanf (Scanning.from_channel ch)) "OpenSSL %d.%d.%d" (fun x y z ->
-        x, y, z)
-  in
-  Unix.close_process_in ch |> ignore;
-  check int "major" m Ssl.native_library_version.major;
-  check int "minor" n Ssl.native_library_version.minor;
-  check int "patch" p Ssl.native_library_version.patch
-
 let () =
   Alcotest.run
     "Ssl communication"
     [ ( "Communication"
       , [ test_case "Test init" `Quick test_init
-        ; test_case "Test version" `Quick test_version
         ; test_case "Test error queue" `Quick test_error_queue
         ] )
     ]

tests/ssl_version.ml

@@ -0,0 +1,27 @@
+open Alcotest
+open Ssl
+
+let test_init () = init () |> ignore
+
+(* This test is not super robust b/c `openssl` might not be installed or
+   installed but linked to a different shared libary. For this reason, this test
+   is only run in our internal github action CI. *)
+let test_version () =
+  let ch = Unix.open_process_in "openssl version" in
+  let m, n, p =
+    Scanf.(bscanf (Scanning.from_channel ch)) "OpenSSL %d.%d.%d" (fun x y z ->
+        x, y, z)
+  in
+  Unix.close_process_in ch |> ignore;
+  check int "major" m Ssl.native_library_version.major;
+  check int "minor" n Ssl.native_library_version.minor;
+  check int "patch" p Ssl.native_library_version.patch
+
+let () =
+  Alcotest.run
+    "Ssl version"
+    [ ( "Version"
+      , [ test_case "Test init" `Quick test_init
+        ; test_case "Test version" `Quick test_version
+        ] )
+    ]