depressed-pho / hsopenssl Goto Github PK

View Code? Open in Web Editor NEW

19.0 19.0 52.0 530 KB

OpenSSL binding for Haskell

Home Page: http://hackage.haskell.org/package/HsOpenSSL

License: Creative Commons Zero v1.0 Universal

Haskell 93.37% Makefile 1.63% C 4.82% C++ 0.17%

hsopenssl's People

Contributors

Stargazers

Watchers

hsopenssl's Issues

HsOpenSSL 0.10.1.4 won't build

While trying to install the latest version of HsOpenSSL from Hackage or this git repo (0.10.1.4), the build died, complaining about a syntax error on line 54 of the X509.hsc file:

X509.hsc:54:21: error: missing binary operator before token "("

I am using GHC 7.0.4 on Debian.

Expose internal OpenSSL pointers

Given that this is a partial binding, it would be good to expose pointers to objects like SSL_CONTEXT and SSL and X509 so that users of the binding to extend it to add missing functionality. As a binding to another concrete library, nothing is gained from hiding these pointers. This could be as easy as exposing types like SSL_CTX_ and functions like withSslCtx.

Extra libs for MinGW

When I tried to use the OpenSSL binaries that was linked to from http://hackage.haskell.org/trac/ghc/wiki/Builder, I had to change a line in the cabal file from:

Extra-Libraries: eay32 ssl32

Extra-Libraries: eay32 ssleay32

Support typechecking initialization

I can understand why this library might not want to be super-opinionated about the right way to statically check that withOpenSSL is being used correctly. I would like to propose that some very lightweight machinery be added to make it possible for downstream authors to add such if they want:

module OpenSSL (InitOpenSSL, withOpenSSL) where
    data InitOpenSSL = InitOpenSSL -- Constructor not exported

    withOpenSSL :: (InitOpenSSL -> IO a) -> IO a
    withOpenSSL act = do
        loadErrorStrings >> addAllAlgorithms >> libraryInit >> setupMutex
        act InitOpenSSL

The existing common use can still be easily supported:

main = withOpenSSL $ const $ do ...

And if library authors wish, they can now require an argument of type InitOpenSSL, or use a ReaderT, or use ImplicitParams, or whatever method they like to statically check that the init has been done, and authors who do not wish to do so still need not wade through much machinery from this library to use it for their purposes.

No digest functions found

Calling getDigestNames returns []

HsOpenSSL 0.11.1 build fails on Travis CI

Hello,

I am using Travis CI for continuous integration testing of my package, and since the upgrade to version 0.11.1 cabal is unable to compile HsOpenSSL:

Building HsOpenSSL-0.11.1...
Preprocessing library HsOpenSSL-0.11.1...
Option.hsc: In function ‘main’:
Option.hsc:144:5: error: ‘SSL_OP_SAFARI_ECDHE_ECDSA_BUG’ undeclared (first use in this function)
Option.hsc:144:5: note: each undeclared identifier is reported only once for each function it appears in compiling dist/build/OpenSSL/SSL/Option_hsc_make.c failed (exit code 1)

https://travis-ci.org/solatis/dissent/builds/45645870

I assume this is caused by some version mismatch between libopenssl installed on the build machine and what HsOpenSSL assumes. Who's at fault here ?

cipher result different from M2Crypto and command line?

I'm writing a program to interface with another program written in python. I find that the ciphered result are different.

In ghci, the ciphered result is \GS\n\197:

import OpenSSL
import OpenSSL.EVP.Cipher 
import Data.Maybe
method <- fmap fromJust $ withOpenSSL $ getCipherByName "bf-cfb"
cipher method "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" "\xcc\x88\xa5\x26\x85\xaf\x7f\x8d" Encrypt "abcd"

In python, the ciphered result is K\x10<Q

import M2Crypto
M2Crypto.EVP.Cipher("bf_cfb", "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", "\xcc\x88\xa5\x26\x85\xaf\x7f\x8d", 1).update("abcd")

In shell, with abcd.txt containing the string "abcd", abcd.bin shown in vim as K^P<Q}

openssl bf-cfb -in abcd.txt -out abcd.bin -pass pass:abc -K 900150983cd24fb0d6963f7d28e17f72 -iv cc88a52685af7f8d -nosalt

I assume the M2Crypto result is equivalent to command line result, why the HsOpenSSL result is different?

OpenSSL.EVP.Cipher.getCipherNames doesn't return any ciphers

GHC 7.4.1, when using the EVP.Cipher module I get no ciphers listed, although OpenSSL on my machine has plenty of options:

$ ghci
GHCi, version 7.4.1: http://www.haskell.org/ghc/  :? for help
Loading package ghc-prim ... linking ... done.
Loading package integer-gmp ... linking ... done.
Loading package base ... linking ... done.
Prelude> import OpenSSL.EVP.Cipher 
Prelude OpenSSL.EVP.Cipher> :!openssl list-cipher-commands
aes-128-cbc
aes-128-ecb
aes-192-cbc
aes-192-ecb
aes-256-cbc
aes-256-ecb
base64
bf
bf-cbc
bf-cfb
bf-ecb
bf-ofb
camellia-128-cbc
camellia-128-ecb
camellia-192-cbc
camellia-192-ecb
camellia-256-cbc
camellia-256-ecb
cast
cast-cbc
cast5-cbc
cast5-cfb
cast5-ecb
cast5-ofb
des
des-cbc
des-cfb
des-ecb
des-ede
des-ede-cbc
des-ede-cfb
des-ede-ofb
des-ede3
des-ede3-cbc
des-ede3-cfb
des-ede3-ofb
des-ofb
des3
desx
rc2
rc2-40-cbc
rc2-64-cbc
rc2-cbc
rc2-cfb
rc2-ecb
rc2-ofb
rc4
rc4-40
seed
seed-cbc
seed-cfb
seed-ecb
seed-ofb
zlib
Prelude OpenSSL.EVP.Cipher> getCipherNames 
Loading package bytestring-0.9.2.1 ... linking ... done.
Loading package transformers-0.3.0.0 ... linking ... done.
Loading package mtl-2.1 ... linking ... done.
Loading package array-0.4.0.0 ... linking ... done.
Loading package deepseq-1.3.0.0 ... linking ... done.
Loading package text-0.11.2.0 ... linking ... done.
Loading package parsec-3.1.2 ... linking ... done.
Loading package unix-2.5.1.0 ... linking ... done.
Loading package network-2.3.0.11 ... linking ... done.
Loading package old-locale-1.0.0.4 ... linking ... done.
Loading package time-1.4 ... linking ... done.
Loading package HsOpenSSL-0.10.2 ... linking ... done.
[]
Prelude OpenSSL.EVP.Cipher> x <- getCipherByName "rc4"
Prelude OpenSSL.EVP.Cipher> case x of { Just _ -> print 1; }
*** Exception: <interactive>:6:1-32: Non-exhaustive patterns in case

Prelude OpenSSL.EVP.Cipher> x <- getCipherByName "aes-256-cbc"
Prelude OpenSSL.EVP.Cipher> case x of { Just _ -> print 1; }
*** Exception: <interactive>:8:1-32: Non-exhaustive patterns in case

Prelude OpenSSL.EVP.Cipher>

Mac OS X 10.11 (El Capitan) drops support for openssl shim

openssl libs and includes are not included in OS X 10.11. I'm not sure if this is permanent or just an effect of the beta release but we should keep our eye on it so when 10.11 is released, HsOpenSSL will work smoothly.

Detect and handle partial writes

The documentation indicates that SSL_write (like normal write) will return the number of bytes written, which might be fewer bytes than given. It is probably necessary for the write functions to return the number of bytes written so that a partial write could be detected or even to continue to write the remaining bytes after a partial write.

Add support for hostname validation

As of OpenSSL 1.0.2 there is hostname validation available. It's only 3 imports needed to take advantage of this, and it makes using OpenSSL much nicer for secure TLS!

It'd be nice to bind at least the 3 procedures used in this example.

https://wiki.openssl.org/index.php/Hostname_validation

Doesn't build on OSX (10.11.5)

I have openssl installed and working. But I get this error when building HsOpenSSL:

Configuring HsOpenSSL-0.11.1.1...
    Building HsOpenSSL-0.11.1.1...
    Preprocessing library HsOpenSSL-0.11.1.1...
    In file included from BN.hsc:45:
    /private/var/folders/7g/hqr575c56f57x2z04zkrfvm40000gn/T/stack18674/HsOpenSSL-0.11.1.1/cbits/HsOpenSSL.h:3:10: fatal error: 'openssl/asn1.h' file not found
    #include <openssl/asn1.h>
             ^
    1 error generated.

DER support?

Hi all.
Is there any chance to get support of reading/writing DER format in HsOpenSSL ?

Add SSL_CTX_set_options function

This is required to disable SSLv3 vulnerable to POODLE attack.

A way to manually enable/disable padding for block ciphers

I need a way to turn of padding for DES-CBC, but it seems there's no way to do so in HsOpenSSL.

I really need this and willing to contribute. What's the best way to add this to HsOpenSSL without breaking anything? Should I just add something like cipherBSNoPad? Any suggestions?

Setting CA certificate with `contextSetCAFile`

I'm attempting to set a CA certificate using contextSetCAFile, but when I send the https request, I get the following error:

TlsExceptionHostPort (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))) "hostname" port

You can see my attempt here. Is there anything else I need to do to specify the CA? My ca.crt file has the following format:

-----BEGIN CERTIFICATE-----
...base64...
-----END CERTIFICATE-----

When I use curl to send the request, the certificate works fine:

curl https://host:port/path --cert ./client-cert.pem --key client-key.pem --cacert ca.crt

Any guidance is appreciated!

HUnit 1.3 support

The test-suite for this package has been disabled in stackage because of this outdated dependency. When a fix is published to hackage please send a PR to re-enable the tests to stackage (it's in the skipped-tests section) or ping me.

Haskell Platform 2011.4 Support

Hello,

HsOpenSSL does not build against Haskell Platform 2011.4 (GHC 7.0.4), because two modules import Foreign.ForeignPtr.Unsafe, which does was not added until base 4.4.

The two fixes I see are:

continue to import unsafeForeignPtrToPtr from Foreign.ForeignPtr until it is really removed from that module.
use conditionals on the version of base to pick where to import it from

happstack-server-tls uses HsOpenSSL and this makes it tricky to install.

jeremy

Not in scope: data constructor ‘J#’

OpenSSL/BN.hsc:180:24:
    Not in scope: data constructor ‘J#’
    Perhaps you meant one of these:
      ‘C#’ (imported from GHC.Base), ‘D#’ (imported from GHC.Base),
      ‘F#’ (imported from GHC.Base)

OpenSSL/BN.hsc:181:29:
    Not in scope: data constructor ‘J#’
    Perhaps you meant one of these:
      ‘C#’ (imported from GHC.Base), ‘D#’ (imported from GHC.Base),
      ‘F#’ (imported from GHC.Base)

OpenSSL/BN.hsc:215:16:
    Not in scope: data constructor ‘J#’
    Perhaps you meant one of these:
      ‘C#’ (imported from GHC.Base), ‘D#’ (imported from GHC.Base),
      ‘F#’ (imported from GHC.Base)

Causes build server to crash (ubuntu), under GHC 7.10.

Relax upper bound to allow `time-1.6`

The API changes from time-1.5 to time-1.6 don't affect HsOpenSSL afaics.

I've already performed a .cabal-edit on Hackage to this effect: https://hackage.haskell.org/package/HsOpenSSL-0.11.1.1/revisions/, so there's no need to upload a new release to address this ticket.

Does not build with integer-simple

Or, more accurately, needlessly includes an integer-gmp build dep. This makes the code less portable for no notable gain.

I notice the code builds fine without the integer-gmp dependency - why is this included at all and what is the issue with removing it?

RSA decryption

I can successfully decrypt some rsa encrypted data with

openssl rsautl -inkey key.pem -decrypt

Does the library have functionality equivalent to this? I suspect that the OpenSSL C function RSA_private_decrypt needs to be called, and a scan of the source for the library doesn't show this as a foreign import.

0.10.1 doesn't work with the GHC bytecode interpreter

Specifically, I get the following error:

Loading package HsOpenSSL-0.10.1 ... linking ... ghc: [...path to libraries...]/HsOpenSSL-0.10.1/ghc-7.0.4/HSHsOpenSSL-0.10.1.o: unknown symbol `X509_CRL_get0_by_serial'

It works fine with the compiler, but this means that HsOpenSSL cannot be used from GHCi, and packages that use HsOpenSSL cannot use Template Haskell, as it uses the bytecode interpreter too.

HsOpenSSL 0.9.0.1 works just fine and doesn't have this issue at all.

I'm running GHC 7.0.4, as the error message shows.

Hopefully there's a simple fix to this, or I did something wrong, since it's blocking my use of HsOpenSSL :)

Thanks in advance for any reply.

Segfault on OS X

HsOpenSSL is segfaulting on my machine (OS X 10.8.3, Intel x86_64) in basic usage. This seems to happen on any call out to OpenSSL.

I'm using the latest version on Hackage, 0.10.3.3., and I've tried this with GHC 7.4.2 and 7.6.3, and with both OpenSSL 0.9.8r (the version that comes with OS X 10.8) and 1.0.1e.

I also posted a question on Stack Overflow about this, but didn't get any takers. I assume the problem has something to do with OS X. If there's anything I can do to help debug, please let me know.

Server: thread blocked indefinitely in an MVar operation

I just cloned the repository, ran cabal install successfully, and then compiled examples/Server.hs with ghc --make -threaded Server.hs. I then run Server. I used openssl s_client -connect localhost:4112 to test the server and issue a GET request to the server. The server accepts the connection, but after the GET request it closes the connection and prints this:

Server: thread blocked indefinitely in an MVar operation

Add support for `integer-gmp-1.0.0`

The API for integer-gmp has significantly changed with integer-gmp-1.0.0.0

See https://hackage.haskell.org/package/integer-gmp-1.0.0.0/candidate/docs/GHC-Integer-GMP-Internals.html for details

Linker error: multiple definition in OpenSSL.Objects

I'm getting the following build error when building with GHC 7.10.2 on ubuntu 12.04.5 LTS (the distro I get on CircleCI). Anyone have any ideas?

Building HsOpenSSL-0.11.1.1...
Preprocessing library HsOpenSSL-0.11.1.1...
[ 1 of 33] Compiling OpenSSL.SSL.Option ( .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/SSL/Option.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/SSL/Option.o )
[ 2 of 33] Compiling OpenSSL.ERR      ( OpenSSL/ERR.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/ERR.o )
[ 3 of 33] Compiling OpenSSL.Stack    ( OpenSSL/Stack.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/Stack.o )
[ 4 of 33] Compiling OpenSSL.DH.Internal ( OpenSSL/DH/Internal.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/DH/Internal.o )

/tmp/stack108855/HsOpenSSL-0.11.1.1/OpenSSL/DH/Internal.hs:17:1: Warning:
    The import of ‘Control.Applicative’ is redundant
      except perhaps to import instances from ‘Control.Applicative’
    To import instances alone, use: import Control.Applicative()
[ 5 of 33] Compiling OpenSSL.Objects  ( .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/Objects.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/Objects.o )
/tmp/ghc109525_0/ghc_32.o: In function `r7OL_closure':
(.data+0x0): multiple definition of `__stginit_HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects'
/tmp/ghc109525_0/ghc_32.o:(.data+0x0): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x10): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_getObjNames1_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x10): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7SA_info':
(.text+0x2c8): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_getObjNames1_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0x2c8): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x20): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_getObjNames_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x20): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xe98): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_getObjNames_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xe98): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x30): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_MDMethodType_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x30): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xeb8): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_MDMethodType_static_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xeb8): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x38): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_CipherMethodType_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x38): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xed8): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_CipherMethodType_static_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xed8): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x40): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_PKeyMethodType_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x40): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xef8): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_PKeyMethodType_static_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xef8): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x48): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_CompMethodType_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x48): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xf18): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_CompMethodType_static_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xf18): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x50): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_ObjNameType_closure_tbl'
/tmp/ghc109525_0/ghc_32.o:(.data+0x50): first defined here
/tmp/ghc109525_0/ghc_31.o: In function `OpenSSLziObjects_d7Ce':
ghc_29.c:(.text+0x0): multiple definition of `OpenSSLziObjects_d7Ce'
/tmp/ghc109525_0/ghc_31.o:ghc_29.c:(.text+0x0): first defined here
collect2: error: ld returned 1 exit status

Compilation error due to hardcoded "dist" path in cbits/HsOpenSSL.h

In line 30 of cbits/HsOpenSSL.h there is the line:

#  include "../dist/build/autogen/cabal_macros.h"

This causes the the compilation to fail, when the cabal option --builddir is used, to use a directory instead of the default of dist (See: http://www.haskell.org/cabal/users-guide/installing-packages.html#setup-test)

The --builddir is often set automatically to various values by sandboxing tools, such as HsEnv

This is the relevant error message:

In file included from cbits/HsOpenSSL.c:1:0: 

cbits/HsOpenSSL.h:30:50:
     fatal error: ../dist/build/autogen/cabal_macros.h: No such file or directory
compilation terminated.
Failed to install HsOpenSSL-0.10.3.3
cabal: Error: some packages failed to install:

While searching I also found this compilation log that someone had that suffers from the same problem(their --builddir is apparently set to dist/dist-sandbox-dc2d92ee): https://gist.github.com/roman/5681021

I am not sure how to fix this bug in HsOpenSSL.

Add support for new `time-1.5` release

Basically the following is needed for that (untested though!):

diff --git a/OpenSSL/ASN1.hsc b/OpenSSL/ASN1.hsc
index 39e6706..aa23f29 100644
--- a/OpenSSL/ASN1.hsc
+++ b/OpenSSL/ASN1.hsc
@@ -29,7 +29,9 @@ import           Foreign.C
 import           OpenSSL.BIO
 import           OpenSSL.BN
 import           OpenSSL.Utils
+#if !(MIN_VERSION_time(1,5,0))
 import           System.Locale
+#endif

 {- ASN1_OBJECT --------------------------------------------------------------- -}

@@ -139,7 +141,11 @@ peekASN1Time time
                                             , "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
                                             ]
                                ]
+#if MIN_VERSION_time(1,5,0)
+               , knownTimeZones = []
+#else
                , intervals   = undefined
+#endif
                , amPm        = undefined
                , dateTimeFmt = undefined
                , dateFmt     = undefined

depressed-pho / hsopenssl Goto Github PK

hsopenssl's People

Contributors

Stargazers

Watchers

Forkers

hsopenssl's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs