HsOpenSSL 0.11.7.2 → 0.11.7.3
raw patch · 34 files changed
+400/−350 lines, 34 filesdep ~basePVP: major bump suggested
API removals or changes: PVP suggests a major version bump
Dependency ranges changed: base
API changes (from Hackage documentation)
- OpenSSL.EVP.Internal: data EVP_CIPHER
- OpenSSL.EVP.Internal: data EVP_CIPHER_CTX
- OpenSSL.EVP.Internal: data EVP_MD
- OpenSSL.EVP.Internal: data EVP_MD_CTX
- OpenSSL.EVP.Internal: data EVP_PKEY
- OpenSSL.EVP.Internal: data HMAC_CTX
- OpenSSL.Session: data SSLContext_
- OpenSSL.Session: data SSL_
+ OpenSSL.EVP.Internal: data {-# CTYPE "openssl/evp.h" "EVP_PKEY" #-} EVP_PKEY
+ OpenSSL.Session: data {-# CTYPE "openssl/ssl.h" "SSL" #-} SSL_
Files
- ChangeLog +10/−1
- HsOpenSSL.cabal +9/−9
- OpenSSL.hs +3/−2
- OpenSSL/ASN1.hsc +17/−16
- OpenSSL/BIO.hs +24/−23
- OpenSSL/BN.hsc +18/−17
- OpenSSL/Cipher.hsc +9/−8
- OpenSSL/DER.hsc +11/−8
- OpenSSL/DH.hs +9/−8
- OpenSSL/DH/Internal.hs +3/−2
- OpenSSL/DSA.hsc +16/−15
- OpenSSL/ERR.hs +4/−3
- OpenSSL/EVP/Base64.hs +3/−2
- OpenSSL/EVP/Cipher.hs +2/−1
- OpenSSL/EVP/Digest.hsc +4/−3
- OpenSSL/EVP/Internal.hsc +35/−34
- OpenSSL/EVP/Open.hs +2/−1
- OpenSSL/EVP/PKey.hsc +8/−6
- OpenSSL/EVP/Seal.hs +3/−2
- OpenSSL/EVP/Sign.hs +2/−1
- OpenSSL/EVP/Verify.hs +2/−1
- OpenSSL/Objects.hsc +4/−3
- OpenSSL/PEM.hs +19/−18
- OpenSSL/PKCS7.hsc +12/−11
- OpenSSL/RSA.hsc +10/−9
- OpenSSL/Random.hs +4/−3
- OpenSSL/Session.hsc +41/−39
- OpenSSL/Stack.hsc +11/−10
- OpenSSL/X509.hsc +30/−29
- OpenSSL/X509/Name.hsc +10/−9
- OpenSSL/X509/Request.hs +17/−16
- OpenSSL/X509/Revocation.hsc +28/−27
- OpenSSL/X509/Store.hsc +14/−13
- cbits/HsOpenSSL.h +6/−0
ChangeLog view
@@ -1,3 +1,13 @@+2022-12-17 Vladimir Shabanov <dev@vshabanov.com>++ * HsOpenSSL.cabal (Version): Bump version to 0.11.7.3++ * Use capi instead of ccall for better compatibility+ with OpenSSL 3.0 (#73, #63)++ * Update documentation for ssl cipher selection+ by Adam Sandberg Eriksson @adamse (#66)+ 2021-09-29 Vladimir Shabanov <dev@vshabanov.com> * HsOpenSSL.cabal (Version): Bump version to 0.11.7.2@@ -10,7 +20,6 @@ * Fix SSL_CTX_set_session_id_context #61 by @flobrosch (#61)- 2021-04-19 Vladimir Shabanov <dev@vshabanov.com>
HsOpenSSL.cabal view
@@ -10,14 +10,14 @@ systems and stable. You may also be interested in the @tls@ package, <http://hackage.haskell.org/package/tls>, which is a pure Haskell implementation of SSL.-Version: 0.11.7.2+Version: 0.11.7.3 License: PublicDomain License-File: COPYING Author: Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen Maintainer: Vladimir Shabanov <dev@vshabanov.com> Stability: stable-Homepage: https://github.com/vshabanov/HsOpenSSL-Bug-Reports: https://github.com/vshabanov/HsOpenSSL/issues+Homepage: https://github.com/haskell-cryptography/HsOpenSSL+Bug-Reports: https://github.com/haskell-cryptography/HsOpenSSL/issues Category: Cryptography Cabal-Version: 1.12 Tested-With:@@ -39,7 +39,7 @@ Source-Repository head Type: git- Location: git://github.com/vshabanov/HsOpenSSL.git+ Location: git://github.com/haskell-cryptography/HsOpenSSL.git Flag fast-bignum Description:@@ -74,9 +74,9 @@ Library Build-Depends: base >= 4.4 && < 5,- bytestring >= 0.9 && < 0.11,+ bytestring >= 0.9 && < 0.12, network >= 2.1 && < 3.2,- time >= 1.5 && < 1.12+ time >= 1.5 && < 1.13 Build-Tools: hsc2hs >= 0.67 @@ -163,7 +163,7 @@ Build-Depends: HsOpenSSL, base >= 4.4 && < 5,- bytestring >= 0.9 && < 0.11+ bytestring >= 0.9 && < 0.12 Default-Language: Haskell2010 GHC-Options:@@ -190,7 +190,7 @@ Build-Depends: HsOpenSSL, base >= 4.4 && < 5,- bytestring >= 0.9 && < 0.11+ bytestring >= 0.9 && < 0.12 Default-Language: Haskell2010 GHC-Options:@@ -204,7 +204,7 @@ Build-Depends: HsOpenSSL, base >= 4.4 && < 5,- bytestring >= 0.9 && < 0.11+ bytestring >= 0.9 && < 0.12 Default-Language: Haskell2010 GHC-Options:
OpenSSL.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |HsOpenSSL is an OpenSSL binding for Haskell. It can generate RSA -- and DSA keys, read and write PEM files, generate message digests, -- sign and verify messages, encrypt and decrypt messages.@@ -52,10 +53,10 @@ import Control.Exception (onException, mask_) #endif -foreign import ccall "HsOpenSSL_init"+foreign import capi "HsOpenSSL.h HsOpenSSL_init" initSSL :: IO () -foreign import ccall "HsOpenSSL_setupMutex"+foreign import capi "HsOpenSSL.h HsOpenSSL_setupMutex" setupMutex :: IO ()
OpenSSL/ASN1.hsc view
@@ -1,6 +1,7 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} module OpenSSL.ASN1 ( ASN1_OBJECT , obj2nid@@ -36,15 +37,15 @@ {- ASN1_OBJECT --------------------------------------------------------------- -} -data ASN1_OBJECT+data {-# CTYPE "openssl/asn1.h" "ASN1_OBJECT" #-} ASN1_OBJECT -foreign import ccall unsafe "OBJ_obj2nid"+foreign import capi unsafe "openssl/objects.h OBJ_obj2nid" obj2nid :: Ptr ASN1_OBJECT -> IO CInt -foreign import ccall unsafe "OBJ_nid2sn"+foreign import capi unsafe "openssl/objects.h OBJ_nid2sn" _nid2sn :: CInt -> IO CString -foreign import ccall unsafe "OBJ_nid2ln"+foreign import capi unsafe "openssl/objects.h OBJ_nid2ln" _nid2ln :: CInt -> IO CString @@ -58,7 +59,7 @@ {- ASN1_STRING --------------------------------------------------------------- -} -data ASN1_STRING+data {-# CTYPE "openssl/asn1.h" "ASN1_STRING" #-} ASN1_STRING peekASN1String :: Ptr ASN1_STRING -> IO String peekASN1String strPtr@@ -69,18 +70,18 @@ {- ASN1_INTEGER -------------------------------------------------------------- -} -data ASN1_INTEGER+data {-# CTYPE "openssl/asn1.h" "ASN1_INTEGER" #-} ASN1_INTEGER -foreign import ccall unsafe "HsOpenSSL_M_ASN1_INTEGER_new"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_M_ASN1_INTEGER_new" _ASN1_INTEGER_new :: IO (Ptr ASN1_INTEGER) -foreign import ccall unsafe "HsOpenSSL_M_ASN1_INTEGER_free"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_M_ASN1_INTEGER_free" _ASN1_INTEGER_free :: Ptr ASN1_INTEGER -> IO () -foreign import ccall unsafe "ASN1_INTEGER_to_BN"+foreign import capi unsafe "openssl/asn1.h ASN1_INTEGER_to_BN" _ASN1_INTEGER_to_BN :: Ptr ASN1_INTEGER -> Ptr BIGNUM -> IO (Ptr BIGNUM) -foreign import ccall unsafe "BN_to_ASN1_INTEGER"+foreign import capi unsafe "openssl/asn1.h BN_to_ASN1_INTEGER" _BN_to_ASN1_INTEGER :: Ptr BIGNUM -> Ptr ASN1_INTEGER -> IO (Ptr ASN1_INTEGER) @@ -108,18 +109,18 @@ {- ASN1_TIME ---------------------------------------------------------------- -} -data ASN1_TIME+data {-# CTYPE "openssl/asn1.h" "ASN1_TIME" #-} ASN1_TIME -foreign import ccall unsafe "HsOpenSSL_M_ASN1_TIME_new"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_M_ASN1_TIME_new" _ASN1_TIME_new :: IO (Ptr ASN1_TIME) -foreign import ccall unsafe "HsOpenSSL_M_ASN1_TIME_free"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_M_ASN1_TIME_free" _ASN1_TIME_free :: Ptr ASN1_TIME -> IO () -foreign import ccall unsafe "ASN1_TIME_set"+foreign import capi unsafe "openssl/asn1.h ASN1_TIME_set" _ASN1_TIME_set :: Ptr ASN1_TIME -> CTime -> IO (Ptr ASN1_TIME) -foreign import ccall unsafe "ASN1_TIME_print"+foreign import capi unsafe "openssl/asn1.h ASN1_TIME_print" _ASN1_TIME_print :: Ptr BIO_ -> Ptr ASN1_TIME -> IO CInt @@ -130,7 +131,7 @@ _ASN1_TIME_print bioPtr time >>= failIf_ (/= 1) timeStr <- bioRead bio-#if MIN_VERSION_time(1,5,0) +#if MIN_VERSION_time(1,5,0) case parseTimeM True defaultTimeLocale "%b %e %H:%M:%S %Y %Z" timeStr of #else case parseTime defaultTimeLocale "%b %e %H:%M:%S %Y %Z" timeStr of
OpenSSL/BIO.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {- --------------------------------------------------------------------------- -} {- -} {- FOR INTERNAL USE ONLY -}@@ -87,25 +88,25 @@ {- bio ---------------------------------------------------------------------- -} -data BIO_METHOD+data {-# CTYPE "openssl/bio.h" "BIO_METHOD" #-} BIO_METHOD -- |@BIO@ is a @ForeignPtr@ to an opaque BIO object. They are created by newXXX actions. newtype BIO = BIO (ForeignPtr BIO_)-data BIO_+data {-# CTYPE "openssl/bio.h" "BIO" #-} BIO_ -foreign import ccall unsafe "BIO_new"+foreign import capi unsafe "openssl/bio.h BIO_new" _new :: Ptr BIO_METHOD -> IO (Ptr BIO_) -foreign import ccall unsafe "BIO_free"+foreign import capi unsafe "openssl/bio.h BIO_free" _free :: Ptr BIO_ -> IO () -foreign import ccall unsafe "BIO_push"+foreign import capi unsafe "openssl/bio.h BIO_push" _push :: Ptr BIO_ -> Ptr BIO_ -> IO (Ptr BIO_) -foreign import ccall unsafe "HsOpenSSL_BIO_set_flags"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_BIO_set_flags" _set_flags :: Ptr BIO_ -> CInt -> IO () -foreign import ccall unsafe "HsOpenSSL_BIO_should_retry"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_BIO_should_retry" _should_retry :: Ptr BIO_ -> IO CInt @@ -178,8 +179,8 @@ setFlags :: BIO -> CInt -> IO () setFlags bio flags = withBioPtr bio $ flip _set_flags flags- + bioShouldRetry :: BIO -> IO Bool bioShouldRetry bio = withBioPtr bio $ \ bioPtr ->@@ -188,13 +189,13 @@ {- ctrl --------------------------------------------------------------------- -} -foreign import ccall unsafe "HsOpenSSL_BIO_flush"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_BIO_flush" _flush :: Ptr BIO_ -> IO CInt -foreign import ccall unsafe "HsOpenSSL_BIO_reset"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_BIO_reset" _reset :: Ptr BIO_ -> IO CInt -foreign import ccall unsafe "HsOpenSSL_BIO_eof"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_BIO_eof" _eof :: Ptr BIO_ -> IO CInt -- |@'bioFlush' bio@ normally writes out any internally buffered data,@@ -223,13 +224,13 @@ {- I/O ---------------------------------------------------------------------- -} -foreign import ccall unsafe "BIO_read"+foreign import capi unsafe "openssl/bio.h BIO_read" _read :: Ptr BIO_ -> Ptr CChar -> CInt -> IO CInt -foreign import ccall unsafe "BIO_gets"+foreign import capi unsafe "openssl/bio.h BIO_gets" _gets :: Ptr BIO_ -> Ptr CChar -> CInt -> IO CInt -foreign import ccall unsafe "BIO_write"+foreign import capi unsafe "openssl/bio.h BIO_write" _write :: Ptr BIO_ -> Ptr CChar -> CInt -> IO CInt -- |@'bioRead' bio@ lazily reads all data in @bio@.@@ -259,7 +260,7 @@ bioReadLBS bio = fmap L.fromChunks lazyRead where chunkSize = L.defaultChunkSize- + lazyRead = unsafeInterleaveIO loop loop = do bs <- bioReadBS bio chunkSize@@ -335,10 +336,10 @@ {- base64 ------------------------------------------------------------------- -} -foreign import ccall unsafe "BIO_f_base64"+foreign import capi unsafe "openssl/bio.h BIO_f_base64" f_base64 :: IO (Ptr BIO_METHOD) -foreign import ccall unsafe "HsOpenSSL_BIO_FLAGS_BASE64_NO_NL"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_BIO_FLAGS_BASE64_NO_NL" _FLAGS_BASE64_NO_NL :: CInt -- |@'newBase64' noNL@ creates a Base64 BIO filter. This is a filter@@ -362,10 +363,10 @@ {- buffer ------------------------------------------------------------------- -} -foreign import ccall unsafe "BIO_f_buffer"+foreign import capi unsafe "openssl/bio.h BIO_f_buffer" f_buffer :: IO (Ptr BIO_METHOD) -foreign import ccall unsafe "HsOpenSSL_BIO_set_buffer_size"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_BIO_set_buffer_size" _set_buffer_size :: Ptr BIO_ -> CInt -> IO CInt @@ -410,10 +411,10 @@ {- mem ---------------------------------------------------------------------- -} -foreign import ccall unsafe "BIO_s_mem"+foreign import capi unsafe "openssl/bio.h BIO_s_mem" s_mem :: IO (Ptr BIO_METHOD) -foreign import ccall unsafe "BIO_new_mem_buf"+foreign import capi unsafe "openssl/bio.h BIO_new_mem_buf" _new_mem_buf :: Ptr CChar -> CInt -> IO (Ptr BIO_) @@ -454,7 +455,7 @@ bio <- newForeignPtr_ bioPtr Conc.addForeignPtrFinalizer bio (_free bioPtr >> touchForeignPtr foreignBuf)- + return $ BIO bio -- |@'newConstMemLBS' lbs@ is like 'newConstMem' but takes a@@ -465,7 +466,7 @@ {- null --------------------------------------------------------------------- -} -foreign import ccall unsafe "BIO_s_null"+foreign import capi unsafe "openssl/bio.h BIO_s_null" s_null :: IO (Ptr BIO_METHOD) -- |@'newNullBIO'@ creates a null BIO sink\/source. Data written to
OpenSSL/BN.hsc view
@@ -10,6 +10,7 @@ #endif {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} #if defined(FAST_BIGNUM) {-# LANGUAGE MagicHash #-} {-# LANGUAGE UnboxedTuples #-}@@ -69,13 +70,13 @@ -- |'BigNum' is an opaque object representing a big number. newtype BigNum = BigNum (Ptr BIGNUM)-data BIGNUM+data {-# CTYPE "openssl/bn.h" "BIGNUM" #-} BIGNUM -foreign import ccall unsafe "BN_new"+foreign import capi unsafe "openssl/bn.h BN_new" _new :: IO (Ptr BIGNUM) -foreign import ccall unsafe "BN_free"+foreign import capi unsafe "openssl/bn.h BN_free" _free :: Ptr BIGNUM -> IO () -- |@'allocaBN' f@ allocates a 'BigNum' and computes @f@. Then it@@ -97,13 +98,13 @@ {- slow, safe functions ----------------------------------------------------- -} -foreign import ccall unsafe "BN_bn2dec"+foreign import capi unsafe "openssl/bn.h BN_bn2dec" _bn2dec :: Ptr BIGNUM -> IO CString -foreign import ccall unsafe "BN_dec2bn"+foreign import capi unsafe "openssl/bn.h BN_dec2bn" _dec2bn :: Ptr (Ptr BIGNUM) -> CString -> IO CInt -foreign import ccall unsafe "HsOpenSSL_OPENSSL_free"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_OPENSSL_free" _openssl_free :: Ptr a -> IO () -- |Convert a BIGNUM to an 'Integer'.@@ -137,10 +138,10 @@ -- GC could do nasty things to the data which we thought that we had a pointer -- to -foreign import ccall unsafe "memcpy"+foreign import capi unsafe "string.h memcpy" _copy_in :: ByteArray## -> Ptr () -> CSize -> IO (Ptr ()) -foreign import ccall unsafe "memcpy"+foreign import capi unsafe "string.h memcpy" _copy_out :: Ptr () -> ByteArray## -> CSize -> IO (Ptr ()) -- These are taken from Data.Binary's disabled fast Integer support@@ -242,10 +243,10 @@ withBN :: Integer -> (BigNum -> IO a) -> IO a withBN dec m = bracket (integerToBN dec) (_free . unwrapBN) m -foreign import ccall unsafe "BN_bn2mpi"+foreign import capi unsafe "openssl/bn.h BN_bn2mpi" _bn2mpi :: Ptr BIGNUM -> Ptr CChar -> IO CInt -foreign import ccall unsafe "BN_mpi2bn"+foreign import capi unsafe "openssl/bn.h BN_mpi2bn" _mpi2bn :: Ptr CChar -> CInt -> Ptr BIGNUM -> IO (Ptr BIGNUM) -- |This is an alias to 'bnToInteger'.@@ -284,16 +285,16 @@ _free (unwrapBN bn) return v -foreign import ccall unsafe "BN_mod_exp"- _mod_exp :: Ptr BIGNUM -> Ptr BIGNUM -> Ptr BIGNUM -> Ptr BIGNUM -> BNCtx -> IO (Ptr BIGNUM)+foreign import capi unsafe "openssl/bn.h BN_mod_exp"+ _mod_exp :: Ptr BIGNUM -> Ptr BIGNUM -> Ptr BIGNUM -> Ptr BIGNUM -> BNCtx -> IO CInt type BNCtx = Ptr BNCTX-data BNCTX+data {-# CTYPE "openssl/bn.h" "BN_CTX" #-} BNCTX -foreign import ccall unsafe "BN_CTX_new"+foreign import capi unsafe "openssl/bn.h BN_CTX_new" _BN_ctx_new :: IO BNCtx -foreign import ccall unsafe "BN_CTX_free"+foreign import capi unsafe "openssl/bn.h BN_CTX_free" _BN_ctx_free :: BNCtx -> IO () withBNCtx :: (BNCtx -> IO a) -> IO a@@ -312,10 +313,10 @@ {- Random Integer generation ------------------------------------------------ -} -foreign import ccall unsafe "BN_rand_range"+foreign import capi unsafe "openssl/bn.h BN_rand_range" _BN_rand_range :: Ptr BIGNUM -> Ptr BIGNUM -> IO CInt -foreign import ccall unsafe "BN_pseudo_rand_range"+foreign import capi unsafe "openssl/bn.h BN_pseudo_rand_range" _BN_pseudo_rand_range :: Ptr BIGNUM -> Ptr BIGNUM -> IO CInt -- | Return a strongly random number in the range 0 <= x < n where the given
OpenSSL/Cipher.hsc view
@@ -3,6 +3,7 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- | This module interfaces to some of the OpenSSL ciphers without using -- EVP (see OpenSSL.EVP.Cipher). The EVP ciphers are easier to use, -- however, in some cases you cannot do without using the OpenSSL@@ -39,7 +40,7 @@ modeToInt Encrypt = 1 modeToInt Decrypt = 0 -data AES_KEY+data {-# CTYPE "openssl/aes.h" "AES_KEY" #-} AES_KEY data AESCtx = AESCtx (ForeignPtr AES_KEY) -- the key schedule (ForeignPtr CUChar) -- the IV / counter@@ -47,21 +48,21 @@ (IORef CUInt) -- the number of bytes of the encrypted counter used Mode -foreign import ccall unsafe "memcpy"+foreign import capi unsafe "string.h memcpy" _memcpy :: Ptr CUChar -> Ptr CChar -> CSize -> IO (Ptr ()) -foreign import ccall unsafe "memset"+foreign import capi unsafe "string.h memset" _memset :: Ptr CUChar -> CChar -> CSize -> IO () -foreign import ccall unsafe "AES_set_encrypt_key"+foreign import capi unsafe "openssl/aes.h AES_set_encrypt_key" _AES_set_encrypt_key :: Ptr CChar -> CInt -> Ptr AES_KEY -> IO CInt-foreign import ccall unsafe "AES_set_decrypt_key"+foreign import capi unsafe "openssl/aes.h AES_set_decrypt_key" _AES_set_decrypt_key :: Ptr CChar -> CInt -> Ptr AES_KEY -> IO CInt -foreign import ccall unsafe "AES_cbc_encrypt"+foreign import capi unsafe "openssl/aes.h AES_cbc_encrypt" _AES_cbc_encrypt :: Ptr CChar -> Ptr Word8 -> CULong -> Ptr AES_KEY -> Ptr CUChar -> CInt -> IO () -foreign import ccall unsafe "&free"+foreign import capi unsafe "stdlib.h &free" _free :: FunPtr (Ptr a -> IO ()) -- | Construct a new context which holds the key schedule and IV.@@ -103,7 +104,7 @@ #if OPENSSL_VERSION_NUMBER < 0x10100000L -- seems that AES_ctr128_encrypt was removed in recent OpenSSL versions-foreign import ccall unsafe "AES_ctr128_encrypt"+foreign import capi unsafe "openssl/aes.h AES_ctr128_encrypt" _AES_ctr_encrypt :: Ptr CChar -> Ptr Word8 -> CULong -> Ptr AES_KEY -> Ptr CUChar -> Ptr CUChar -> Ptr CUInt -> IO () -- | Encrypt some number of bytes using CTR mode. This is an IO function
OpenSSL/DER.hsc view
@@ -1,4 +1,5 @@ {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |Encoding and decoding of RSA keys using the ASN.1 DER format module OpenSSL.DER ( toDERPub@@ -17,27 +18,26 @@ import Data.ByteString (ByteString) import qualified Data.ByteString as B (useAsCStringLen) import qualified Data.ByteString.Internal as BI (createAndTrim)-import Foreign.Ptr (Ptr, nullPtr)-import Foreign.C.String (CString)+import Foreign.Ptr (Ptr, nullPtr, castPtr) import Foreign.C.Types (CLong(..), CInt(..)) import Foreign.Marshal.Alloc (alloca) import Foreign.Storable (poke) import GHC.Word (Word8) import System.IO.Unsafe (unsafePerformIO) -type CDecodeFun = Ptr (Ptr RSA) -> Ptr CString -> CLong -> IO (Ptr RSA)+type CDecodeFun = Ptr (Ptr RSA) -> Ptr (Ptr Word8) -> CLong -> IO (Ptr RSA) type CEncodeFun = Ptr RSA -> Ptr (Ptr Word8) -> IO CInt -foreign import ccall unsafe "d2i_RSAPublicKey"+foreign import capi unsafe "HsOpenSSL.h d2i_RSAPublicKey" _fromDERPub :: CDecodeFun -foreign import ccall unsafe "i2d_RSAPublicKey"+foreign import capi unsafe "HsOpenSSL.h i2d_RSAPublicKey" _toDERPub :: CEncodeFun -foreign import ccall unsafe "d2i_RSAPrivateKey"+foreign import capi unsafe "HsOpenSSL.h d2i_RSAPrivateKey" _fromDERPriv :: CDecodeFun -foreign import ccall unsafe "i2d_RSAPrivateKey"+foreign import capi unsafe "HsOpenSSL.h i2d_RSAPrivateKey" _toDERPriv :: CEncodeFun -- | Generate a function that decodes a key from ASN.1 DER format@@ -47,7 +47,10 @@ -- space required for the RSA key all by itself. It will be freed whenever -- the haskell object is garbage collected, as they are stored in ForeignPtrs -- internally.- rsaPtr <- fun nullPtr csPtr ci+ rsaPtr <- fun nullPtr (castPtr csPtr) ci+ -- CString is represented as a void* in C and the C compiler whines about+ -- a bad pointer conversion in d2i_* functions. So we declare+ -- the CDecodeFun to accept Ptr Word8 and perform the castPtr here. if rsaPtr == nullPtr then return Nothing else absorbRSAPtr rsaPtr where usingConvedBS io = B.useAsCStringLen bs $ \(cs, len) -> alloca $ \csPtr -> poke csPtr cs >> io (csPtr, fromIntegral len)
OpenSSL/DH.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- | Diffie-Hellman key exchange module OpenSSL.DH ( DHP@@ -82,19 +83,19 @@ fromIntegral <$> _DH_compute_key bsPtr (unwrapBN bn) dhPtr >>= failIf (< 0) -foreign import ccall "DH_generate_parameters"+foreign import capi "openssl/dh.h DH_generate_parameters" _DH_generate_parameters :: CInt -> CInt -> Ptr () -> Ptr () -> IO (Ptr DH_)-foreign import ccall "DH_generate_key"+foreign import capi "openssl/dh.h DH_generate_key" _DH_generate_key :: Ptr DH_ -> IO CInt-foreign import ccall "DH_compute_key"+foreign import capi "openssl/dh.h DH_compute_key" _DH_compute_key :: Ptr Word8 -> Ptr BIGNUM -> Ptr DH_ -> IO CInt-foreign import ccall "DH_check"+foreign import capi "openssl/dh.h DH_check" _DH_check :: Ptr DH_ -> Ptr CInt -> IO Bool-foreign import ccall unsafe "DH_size"+foreign import capi unsafe "openssl/dh.h DH_size" _DH_size :: Ptr DH_ -> IO CInt-foreign import ccall unsafe "HsOpenSSL_DHparams_dup"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_DHparams_dup" _DH_dup :: Ptr DH_ -> IO (Ptr DH_)-foreign import ccall unsafe "HsOpenSSL_DH_get_pub_key"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_DH_get_pub_key" _DH_get_pub_key :: Ptr DH_ -> IO (Ptr BIGNUM)-foreign import ccall unsafe "HsOpenSSL_DH_length"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_DH_length" _DH_length :: Ptr DH_ -> IO CInt
OpenSSL/DH/Internal.hs view
@@ -1,6 +1,7 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} module OpenSSL.DH.Internal ( DH_, DHP,@@ -23,7 +24,7 @@ import Control.Applicative ((<$>)) #endif -data DH_+data {-# CTYPE "openssl/dh.h" "DH" #-} DH_ newtype DHP = DHP (ForeignPtr DH_) withDHPPtr :: DHP -> (Ptr DH_ -> IO a) -> IO a@@ -52,5 +53,5 @@ asDHP :: DH -> DHP asDHP (DH fp) = DHP fp -foreign import ccall "DH_free"+foreign import capi "openssl/dh.h DH_free" _DH_free :: Ptr DH_ -> IO ()
OpenSSL/DSA.hsc view
@@ -1,6 +1,7 @@ {-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# OPTIONS_HADDOCK prune #-} -- | The Digital Signature Algorithm (FIPS 186-2). -- See <http://www.openssl.org/docs/crypto/dsa.html>@@ -115,37 +116,37 @@ = fmap (/= nullPtr) (dsa_priv_key dsaPtr) -foreign import ccall unsafe "&DSA_free"+foreign import capi unsafe "openssl/dsa.h &DSA_free" _free :: FunPtr (Ptr DSA -> IO ()) -foreign import ccall unsafe "DSA_free"+foreign import capi unsafe "openssl/dsa.h DSA_free" dsa_free :: Ptr DSA -> IO () -foreign import ccall unsafe "BN_free"+foreign import capi unsafe "openssl/dsa.h BN_free" _bn_free :: Ptr BIGNUM -> IO () -foreign import ccall unsafe "DSA_new"+foreign import capi unsafe "openssl/dsa.h DSA_new" _dsa_new :: IO (Ptr DSA) -foreign import ccall unsafe "DSA_generate_key"+foreign import capi unsafe "openssl/dsa.h DSA_generate_key" _dsa_generate_key :: Ptr DSA -> IO () -foreign import ccall unsafe "HsOpenSSL_dsa_sign"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_dsa_sign" _dsa_sign :: Ptr DSA -> CString -> CInt -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> IO CInt -foreign import ccall unsafe "HsOpenSSL_dsa_verify"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_dsa_verify" _dsa_verify :: Ptr DSA -> CString -> CInt -> Ptr BIGNUM -> Ptr BIGNUM -> IO CInt -foreign import ccall safe "DSA_generate_parameters"+foreign import capi safe "openssl/dsa.h DSA_generate_parameters" _generate_params :: CInt -> Ptr CChar -> CInt -> Ptr CInt -> Ptr CInt -> Ptr () -> Ptr () -> IO (Ptr DSA) -foreign import ccall unsafe "HsOpenSSL_DSAPublicKey_dup"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_DSAPublicKey_dup" _pubDup :: Ptr DSA -> IO (Ptr DSA) -foreign import ccall unsafe "HsOpenSSL_DSAPrivateKey_dup"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_DSAPrivateKey_dup" _privDup :: Ptr DSA -> IO (Ptr DSA) -foreign import ccall unsafe "DSA_size"+foreign import capi unsafe "openssl/dsa.h DSA_size" _size :: Ptr DSA -> IO CInt dsa_p, dsa_q, dsa_g, dsa_pub_key, dsa_priv_key :: Ptr DSA -> IO (Ptr BIGNUM)@@ -154,16 +155,16 @@ #if OPENSSL_VERSION_NUMBER >= 0x10100000L -foreign import ccall unsafe "DSA_get0_pqg"+foreign import capi unsafe "openssl/dsa.h DSA_get0_pqg" _get0_pqg :: Ptr DSA -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> IO () -foreign import ccall unsafe "DSA_get0_key"+foreign import capi unsafe "openssl/dsa.h DSA_get0_key" _get0_key :: Ptr DSA -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> IO () -foreign import ccall unsafe "DSA_set0_pqg"+foreign import capi unsafe "openssl/dsa.h DSA_set0_pqg" _set0_pqg :: Ptr DSA -> Ptr BIGNUM -> Ptr BIGNUM -> Ptr BIGNUM -> IO CInt -foreign import ccall unsafe "DSA_set0_key"+foreign import capi unsafe "openssl/dsa.h DSA_set0_key" _set0_key :: Ptr DSA -> Ptr BIGNUM -> Ptr BIGNUM -> IO CInt withPQG :: (Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> IO a)
OpenSSL/ERR.hs view
@@ -1,4 +1,5 @@ {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} module OpenSSL.ERR ( getError , peekError@@ -9,13 +10,13 @@ import Foreign import Foreign.C -foreign import ccall unsafe "ERR_get_error"+foreign import capi unsafe "openssl/err.h ERR_get_error" getError :: IO CULong -foreign import ccall unsafe "ERR_peek_error"+foreign import capi unsafe "openssl/err.h ERR_peek_error" peekError :: IO CULong -foreign import ccall unsafe "ERR_error_string"+foreign import capi unsafe "openssl/err.h ERR_error_string" _error_string :: CULong -> CString -> IO CString errorString :: CULong -> IO String
OpenSSL/EVP/Base64.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |An interface to Base64 codec. module OpenSSL.EVP.Base64 ( -- * Encoding@@ -48,7 +49,7 @@ {- encode -------------------------------------------------------------------- -} -foreign import ccall unsafe "EVP_EncodeBlock"+foreign import capi unsafe "openssl/evp.h EVP_EncodeBlock" _EncodeBlock :: Ptr CChar -> Ptr CChar -> CInt -> IO CInt @@ -102,7 +103,7 @@ {- decode -------------------------------------------------------------------- -} -foreign import ccall unsafe "EVP_DecodeBlock"+foreign import capi unsafe "openssl/evp.h EVP_DecodeBlock" _DecodeBlock :: Ptr CChar -> Ptr CChar -> CInt -> IO CInt
OpenSSL/EVP/Cipher.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |An interface to symmetric cipher algorithms. module OpenSSL.EVP.Cipher ( Cipher@@ -25,7 +26,7 @@ import Data.Monoid #endif -foreign import ccall unsafe "EVP_get_cipherbyname"+foreign import capi unsafe "openssl/evp.h EVP_get_cipherbyname" _get_cipherbyname :: CString -> IO (Ptr EVP_CIPHER) -- |@'getCipherByName' name@ returns a symmetric cipher algorithm
OpenSSL/EVP/Digest.hsc view
@@ -1,5 +1,6 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |An interface to message digest algorithms. module OpenSSL.EVP.Digest ( Digest@@ -37,7 +38,7 @@ import OpenSSL.Objects import System.IO.Unsafe (unsafePerformIO) -foreign import ccall unsafe "EVP_get_digestbyname"+foreign import capi unsafe "openssl/evp.h EVP_get_digestbyname" _get_digestbyname :: CString -> IO (Ptr EVP_MD) -- |@'getDigestByName' name@ returns a message digest algorithm whose@@ -79,7 +80,7 @@ {- HMAC ---------------------------------------------------------------------- -} -foreign import ccall unsafe "HMAC"+foreign import capi unsafe "openssl/hmac.h HMAC" _HMAC :: Ptr EVP_MD -> Ptr CChar -> CInt -> Ptr CChar -> CSize -> Ptr CChar -> Ptr CUInt -> IO () @@ -121,7 +122,7 @@ (fromIntegral iter) (fromIntegral dkeylen) (castPtr dkeydata) >> return () -foreign import ccall unsafe "PKCS5_PBKDF2_HMAC_SHA1"+foreign import capi unsafe "openssl/hmac.h PKCS5_PBKDF2_HMAC_SHA1" _PKCS5_PBKDF2_HMAC_SHA1 :: Ptr CChar -> CInt -> Ptr CChar -> CInt -> CInt -> CInt -> Ptr CChar
OpenSSL/EVP/Internal.hsc view
@@ -1,5 +1,6 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} module OpenSSL.EVP.Internal ( Cipher(..), EVP_CIPHER,@@ -91,12 +92,12 @@ -- |@Cipher@ is an opaque object that represents an algorithm of -- symmetric cipher. newtype Cipher = Cipher (Ptr EVP_CIPHER)-data EVP_CIPHER+data {-# CTYPE "openssl/evp.h" "EVP_CIPHER" #-} EVP_CIPHER withCipherPtr :: Cipher -> (Ptr EVP_CIPHER -> IO a) -> IO a withCipherPtr (Cipher cipherPtr) f = f cipherPtr -foreign import ccall unsafe "HsOpenSSL_EVP_CIPHER_iv_length"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_EVP_CIPHER_iv_length" _iv_length :: Ptr EVP_CIPHER -> CInt cipherIvLength :: Cipher -> Int@@ -105,26 +106,26 @@ {- EVP_CIPHER_CTX ------------------------------------------------------------ -} newtype CipherCtx = CipherCtx (ForeignPtr EVP_CIPHER_CTX)-data EVP_CIPHER_CTX+data {-# CTYPE "openssl/evp.h" "EVP_CIPHER_CTX" #-} EVP_CIPHER_CTX -foreign import ccall unsafe "EVP_CIPHER_CTX_new"+foreign import capi unsafe "openssl/evp.h EVP_CIPHER_CTX_new" _cipher_ctx_new :: IO (Ptr EVP_CIPHER_CTX) #if OPENSSL_VERSION_NUMBER >= 0x10100000L-foreign import ccall unsafe "EVP_CIPHER_CTX_reset"+foreign import capi unsafe "openssl/evp.h EVP_CIPHER_CTX_reset" _cipher_ctx_reset :: Ptr EVP_CIPHER_CTX -> IO () #else-foreign import ccall unsafe "EVP_CIPHER_CTX_init"+foreign import capi unsafe "openssl/evp.h EVP_CIPHER_CTX_init" _cipher_ctx_reset :: Ptr EVP_CIPHER_CTX -> IO () #endif -foreign import ccall unsafe "&EVP_CIPHER_CTX_free"+foreign import capi unsafe "openssl/evp.h &EVP_CIPHER_CTX_free" _cipher_ctx_free :: FunPtr (Ptr EVP_CIPHER_CTX -> IO ()) -foreign import ccall unsafe "EVP_CIPHER_CTX_free"+foreign import capi unsafe "openssl/evp.h EVP_CIPHER_CTX_free" _cipher_ctx_free' :: Ptr EVP_CIPHER_CTX -> IO () -foreign import ccall unsafe "HsOpenSSL_EVP_CIPHER_CTX_block_size"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_EVP_CIPHER_CTX_block_size" _cipher_ctx_block_size :: Ptr EVP_CIPHER_CTX -> CInt newCipherCtx :: IO CipherCtx@@ -151,7 +152,7 @@ fromCryptoMode Encrypt = 1 fromCryptoMode Decrypt = 0 -foreign import ccall unsafe "EVP_CIPHER_CTX_set_padding"+foreign import capi unsafe "openssl/evp.h EVP_CIPHER_CTX_set_padding" _SetPadding :: Ptr EVP_CIPHER_CTX -> CInt -> IO CInt cipherSetPadding :: CipherCtx -> Int -> IO CipherCtx@@ -161,7 +162,7 @@ >>= failIf_ (/= 1) return ctx -foreign import ccall unsafe "EVP_CipherInit"+foreign import capi unsafe "openssl/evp.h EVP_CipherInit" _CipherInit :: Ptr EVP_CIPHER_CTX -> Ptr EVP_CIPHER -> CString@@ -183,7 +184,7 @@ >>= failIf_ (/= 1) return ctx -foreign import ccall unsafe "EVP_CipherUpdate"+foreign import capi unsafe "openssl/evp.h EVP_CipherUpdate" _CipherUpdate :: Ptr EVP_CIPHER_CTX -> Ptr CChar -> Ptr CInt -> Ptr CChar -> CInt -> IO CInt @@ -199,7 +200,7 @@ >>= failIf (/= 1) >> fromIntegral <$> peek outLenPtr -foreign import ccall unsafe "EVP_CipherFinal"+foreign import capi unsafe "openssl/evp.h EVP_CipherFinal" _CipherFinal :: Ptr EVP_CIPHER_CTX -> Ptr CChar -> Ptr CInt -> IO CInt cipherFinalBS :: CipherCtx -> IO B8.ByteString@@ -231,7 +232,7 @@ -- |@Digest@ is an opaque object that represents an algorithm of -- message digest. newtype Digest = Digest (Ptr EVP_MD)-data EVP_MD+data {-# CTYPE "openssl/evp.h" "EVP_MD" #-} EVP_MD withMDPtr :: Digest -> (Ptr EVP_MD -> IO a) -> IO a withMDPtr (Digest mdPtr) f = f mdPtr@@ -239,22 +240,22 @@ {- EVP_MD_CTX ---------------------------------------------------------------- -} newtype DigestCtx = DigestCtx (ForeignPtr EVP_MD_CTX)-data EVP_MD_CTX+data {-# CTYPE "openssl/evp.h" "EVP_MD_CTX" #-} EVP_MD_CTX #if OPENSSL_VERSION_NUMBER >= 0x10100000L-foreign import ccall unsafe "EVP_MD_CTX_new"+foreign import capi unsafe "openssl/evp.h EVP_MD_CTX_new" _md_ctx_new :: IO (Ptr EVP_MD_CTX)-foreign import ccall unsafe "EVP_MD_CTX_reset"+foreign import capi unsafe "openssl/evp.h EVP_MD_CTX_reset" _md_ctx_reset :: Ptr EVP_MD_CTX -> IO ()-foreign import ccall unsafe "&EVP_MD_CTX_free"+foreign import capi unsafe "openssl/evp.h &EVP_MD_CTX_free" _md_ctx_free :: FunPtr (Ptr EVP_MD_CTX -> IO ()) #else-foreign import ccall unsafe "EVP_MD_CTX_create"+foreign import capi unsafe "openssl/evp.h EVP_MD_CTX_create" _md_ctx_new :: IO (Ptr EVP_MD_CTX)-foreign import ccall unsafe "EVP_MD_CTX_init"+foreign import capi unsafe "openssl/evp.h EVP_MD_CTX_init" _md_ctx_reset :: Ptr EVP_MD_CTX -> IO ()-foreign import ccall unsafe "&EVP_MD_CTX_destroy"+foreign import capi unsafe "openssl/evp.h &EVP_MD_CTX_destroy" _md_ctx_free :: FunPtr (Ptr EVP_MD_CTX -> IO ()) #endif @@ -269,7 +270,7 @@ {- digest -------------------------------------------------------------------- -} -foreign import ccall unsafe "EVP_DigestInit"+foreign import capi unsafe "openssl/evp.h EVP_DigestInit" _DigestInit :: Ptr EVP_MD_CTX -> Ptr EVP_MD -> IO CInt digestInit :: Digest -> IO DigestCtx@@ -280,7 +281,7 @@ >>= failIf_ (/= 1) >> return ctx -foreign import ccall unsafe "EVP_DigestUpdate"+foreign import capi unsafe "openssl/evp.h EVP_DigestUpdate" _DigestUpdate :: Ptr EVP_MD_CTX -> Ptr CChar -> CSize -> IO CInt digestUpdateBS :: DigestCtx -> B8.ByteString -> IO ()@@ -291,7 +292,7 @@ >>= failIf (/= 1) >> return () -foreign import ccall unsafe "EVP_DigestFinal"+foreign import capi unsafe "openssl/evp.h EVP_DigestFinal" _DigestFinal :: Ptr EVP_MD_CTX -> Ptr CChar -> Ptr CUInt -> IO CInt digestFinalBS :: DigestCtx -> IO B8.ByteString@@ -325,21 +326,21 @@ {- HMAC ---------------------------------------------------------------------- -} newtype HmacCtx = HmacCtx (ForeignPtr HMAC_CTX)-data HMAC_CTX+data {-# CTYPE "openssl/hmac.h" "HMAC_CTX" #-} HMAC_CTX -foreign import ccall unsafe "HsOpenSSL_HMAC_CTX_new"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_HMAC_CTX_new" _hmac_ctx_new :: IO (Ptr HMAC_CTX) -foreign import ccall unsafe "HMAC_Init"+foreign import capi unsafe "openssl/hmac.h HMAC_Init" _hmac_init :: Ptr HMAC_CTX -> Ptr () -> CInt -> Ptr EVP_MD -> IO CInt -foreign import ccall unsafe "HMAC_Update"+foreign import capi unsafe "openssl/hmac.h HMAC_Update" _hmac_update :: Ptr HMAC_CTX -> Ptr CChar -> CInt -> IO CInt -foreign import ccall unsafe "HMAC_Final"+foreign import capi unsafe "openssl/hmac.h HMAC_Final" _hmac_final :: Ptr HMAC_CTX -> Ptr CChar -> Ptr CInt -> IO CUInt -foreign import ccall unsafe "&HsOpenSSL_HMAC_CTX_free"+foreign import capi unsafe "HsOpenSSL &HsOpenSSL_HMAC_CTX_free" _hmac_ctx_free :: FunPtr (Ptr HMAC_CTX -> IO ()) newHmacCtx :: IO HmacCtx@@ -384,7 +385,7 @@ -- | VaguePKey is a 'ForeignPtr' to 'EVP_PKEY', that is either public -- key or a ker pair. We can't tell which at compile time. newtype VaguePKey = VaguePKey (ForeignPtr EVP_PKEY)-data EVP_PKEY+data {-# CTYPE "openssl/evp.h" "EVP_PKEY" #-} EVP_PKEY -- | Instances of class 'PKey' can be converted back and forth to -- 'VaguePKey'.@@ -402,13 +403,13 @@ -- | Return the default digesting algorithm for the key. pkeyDefaultMD :: k -> IO Digest -foreign import ccall unsafe "EVP_PKEY_new"+foreign import capi unsafe "openssl/evp.h EVP_PKEY_new" _pkey_new :: IO (Ptr EVP_PKEY) -foreign import ccall unsafe "&EVP_PKEY_free"+foreign import capi unsafe "openssl/evp.h &EVP_PKEY_free" _pkey_free :: FunPtr (Ptr EVP_PKEY -> IO ()) -foreign import ccall unsafe "EVP_PKEY_free"+foreign import capi unsafe "openssl/evp.h EVP_PKEY_free" _pkey_free' :: Ptr EVP_PKEY -> IO () wrapPKeyPtr :: Ptr EVP_PKEY -> IO VaguePKey
OpenSSL/EVP/Open.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |Asymmetric cipher decryption using encrypted symmetric key. This -- is an opposite of "OpenSSL.EVP.Seal". module OpenSSL.EVP.Open@@ -24,7 +25,7 @@ import OpenSSL.Utils import System.IO.Unsafe (unsafePerformIO) -foreign import ccall unsafe "EVP_OpenInit"+foreign import capi unsafe "openssl/evp.h EVP_OpenInit" _OpenInit :: Ptr EVP_CIPHER_CTX -> Cipher -> Ptr CChar
OpenSSL/EVP/PKey.hsc view
@@ -1,6 +1,7 @@ {-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE ExistentialQuantification #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# LANGUAGE Rank2Types #-} {-# OPTIONS_GHC -fno-warn-orphans #-} -- |An interface to asymmetric cipher keypair.@@ -52,9 +53,9 @@ #if OPENSSL_VERSION_PREREQ(3,0)-foreign import ccall unsafe "EVP_PKEY_get_base_id" getType :: Ptr EVP_PKEY -> IO CInt+foreign import capi unsafe "openssl/evp.h EVP_PKEY_get_base_id" getType :: Ptr EVP_PKEY -> IO CInt #elif OPENSSL_VERSION_NUMBER >= 0x10100000L-foreign import ccall unsafe "EVP_PKEY_base_id" getType :: Ptr EVP_PKEY -> IO CInt+foreign import capi unsafe "openssl/evp.h EVP_PKEY_base_id" getType :: Ptr EVP_PKEY -> IO CInt #else getType :: Ptr EVP_PKEY -> IO CInt getType = (#peek EVP_PKEY, type)@@ -157,10 +158,10 @@ #if !defined(OPENSSL_NO_RSA) -- The resulting Ptr RSA must be freed by caller.-foreign import ccall unsafe "EVP_PKEY_get1_RSA"+foreign import capi unsafe "openssl/evp.h EVP_PKEY_get1_RSA" _get1_RSA :: Ptr EVP_PKEY -> IO (Ptr RSA) -foreign import ccall unsafe "EVP_PKEY_set1_RSA"+foreign import capi unsafe "openssl/evp.h EVP_PKEY_set1_RSA" _set1_RSA :: Ptr EVP_PKEY -> Ptr RSA -> IO CInt @@ -197,10 +198,10 @@ #if !defined(OPENSSL_NO_DSA)-foreign import ccall unsafe "EVP_PKEY_get1_DSA"+foreign import capi unsafe "openssl/evp.h EVP_PKEY_get1_DSA" _get1_DSA :: Ptr EVP_PKEY -> IO (Ptr DSA) -foreign import ccall unsafe "EVP_PKEY_set1_DSA"+foreign import capi unsafe "openssl/evp.h EVP_PKEY_set1_DSA" _set1_DSA :: Ptr EVP_PKEY -> Ptr DSA -> IO CInt dsaToPKey :: DSAKey k => k -> IO VaguePKey@@ -208,6 +209,7 @@ = withDSAPtr dsa $ \dsaPtr -> createPKey $ \pkeyPtr -> _set1_DSA pkeyPtr dsaPtr >>= failIf_ (/= 1)+ dsaFromPKey :: DSAKey k => VaguePKey -> IO (Maybe k) dsaFromPKey pk
OpenSSL/EVP/Seal.hs view
@@ -1,4 +1,5 @@ {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |Asymmetric cipher decryption using encrypted symmetric key. This -- is an opposite of "OpenSSL.EVP.Open". module OpenSSL.EVP.Seal@@ -17,12 +18,12 @@ import OpenSSL.Utils -foreign import ccall unsafe "EVP_SealInit"+foreign import capi unsafe "openssl/evp.h EVP_SealInit" _SealInit :: Ptr EVP_CIPHER_CTX -> Cipher -> Ptr (Ptr CChar) -> Ptr CInt- -> CString+ -> Ptr CChar -> Ptr (Ptr EVP_PKEY) -> CInt -> IO CInt
OpenSSL/EVP/Sign.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |Message signing using asymmetric cipher and message digest -- algorithm. This is an opposite of "OpenSSL.EVP.Verify". module OpenSSL.EVP.Sign@@ -21,7 +22,7 @@ import OpenSSL.EVP.Internal import OpenSSL.Utils -foreign import ccall unsafe "EVP_SignFinal"+foreign import capi unsafe "openssl/evp.h EVP_SignFinal" _SignFinal :: Ptr EVP_MD_CTX -> Ptr Word8 -> Ptr CUInt -> Ptr EVP_PKEY -> IO CInt
OpenSSL/EVP/Verify.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |Message verification using asymmetric cipher and message digest -- algorithm. This is an opposite of "OpenSSL.EVP.Sign". module OpenSSL.EVP.Verify@@ -26,7 +27,7 @@ deriving (Show, Eq, Typeable) -foreign import ccall unsafe "EVP_VerifyFinal"+foreign import capi unsafe "openssl/evp.h EVP_VerifyFinal" _VerifyFinal :: Ptr EVP_MD_CTX -> Ptr CChar -> CUInt -> Ptr EVP_PKEY -> IO CInt
OpenSSL/Objects.hsc view
@@ -1,5 +1,6 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} module OpenSSL.Objects ( ObjNameType(..) , getObjNames@@ -12,15 +13,15 @@ type ObjName = Ptr OBJ_NAME-data OBJ_NAME+data {-# CTYPE "openssl/objects.h" "OBJ_NAME" #-} OBJ_NAME type DoAllCallback = ObjName -> Ptr () -> IO () -foreign import ccall safe "OBJ_NAME_do_all"+foreign import capi safe "openssl/objects.h OBJ_NAME_do_all" _NAME_do_all :: CInt -> FunPtr DoAllCallback -> Ptr () -> IO () -foreign import ccall safe "OBJ_NAME_do_all_sorted"+foreign import capi safe "openssl/objects.h OBJ_NAME_do_all_sorted" _NAME_do_all_sorted :: CInt -> FunPtr DoAllCallback -> Ptr () -> IO () foreign import ccall "wrapper"
OpenSSL/PEM.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE CPP #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- |An interface to PEM routines. module OpenSSL.PEM ( -- * Password supply@@ -130,7 +131,7 @@ {- PKCS#8 -------------------------------------------------------------------- -} -foreign import ccall safe "PEM_write_bio_PKCS8PrivateKey"+foreign import capi safe "openssl/pem.h PEM_write_bio_PKCS8PrivateKey" _write_bio_PKCS8PrivateKey :: Ptr BIO_ -> Ptr EVP_PKEY -> Ptr EVP_CIPHER@@ -167,7 +168,7 @@ -> withCipherPtr cipher $ \ cipherPtr -> bracket (mkPemPasswordCallback $ callPasswordCB cb) freeHaskellFunPtr $ \cbPtr -> _write_bio_PKCS8PrivateKey bioPtr pkeyPtr cipherPtr nullPtr 0 cbPtr nullPtr- + Just (cipher, PwTTY) -> withCipherPtr cipher $ \ cipherPtr -> _write_bio_PKCS8PrivateKey bioPtr pkeyPtr cipherPtr nullPtr 0 nullFunPtr nullPtr@@ -191,7 +192,7 @@ bioRead mem -foreign import ccall safe "PEM_read_bio_PrivateKey"+foreign import capi safe "openssl/pem.h PEM_read_bio_PrivateKey" _read_bio_PrivateKey :: Ptr BIO_ -> Ptr (Ptr EVP_PKEY) -> FunPtr PemPasswordCallback'@@ -215,7 +216,7 @@ -> bracket (mkPemPasswordCallback $ callPasswordCB cb) freeHaskellFunPtr $ \cbPtr -> _read_bio_PrivateKey bioPtr nullPtr cbPtr nullPtr PwTTY- -> _read_bio_PrivateKey bioPtr nullPtr nullFunPtr nullPtr + -> _read_bio_PrivateKey bioPtr nullPtr nullFunPtr nullPtr failIfNull_ pkeyPtr fmap fromJust (wrapPKeyPtr pkeyPtr >>= fromPKey) @@ -228,10 +229,10 @@ {- Public Key ---------------------------------------------------------------- -} -foreign import ccall unsafe "PEM_write_bio_PUBKEY"+foreign import capi unsafe "openssl/pem.h PEM_write_bio_PUBKEY" _write_bio_PUBKEY :: Ptr BIO_ -> Ptr EVP_PKEY -> IO CInt -foreign import ccall unsafe "PEM_read_bio_PUBKEY"+foreign import capi unsafe "openssl/pem.h PEM_read_bio_PUBKEY" _read_bio_PUBKEY :: Ptr BIO_ -> Ptr (Ptr EVP_PKEY) -> FunPtr PemPasswordCallback'@@ -273,12 +274,12 @@ {- X.509 certificate --------------------------------------------------------- -} -foreign import ccall unsafe "PEM_write_bio_X509"+foreign import capi unsafe "openssl/pem.h PEM_write_bio_X509" _write_bio_X509 :: Ptr BIO_ -> Ptr X509_ -> IO CInt -foreign import ccall safe "PEM_read_bio_X509"+foreign import capi safe "openssl/pem.h PEM_read_bio_X509" _read_bio_X509 :: Ptr BIO_ -> Ptr (Ptr X509_) -> FunPtr PemPasswordCallback'@@ -318,17 +319,17 @@ {- PKCS#10 certificate request ----------------------------------------------- -} -foreign import ccall unsafe "PEM_write_bio_X509_REQ"+foreign import capi unsafe "openssl/pem.h PEM_write_bio_X509_REQ" _write_bio_X509_REQ :: Ptr BIO_ -> Ptr X509_REQ -> IO CInt -foreign import ccall unsafe "PEM_write_bio_X509_REQ_NEW"+foreign import capi unsafe "openssl/pem.h PEM_write_bio_X509_REQ_NEW" _write_bio_X509_REQ_NEW :: Ptr BIO_ -> Ptr X509_REQ -> IO CInt -foreign import ccall safe "PEM_read_bio_X509_REQ"+foreign import capi safe "openssl/pem.h PEM_read_bio_X509_REQ" _read_bio_X509_REQ :: Ptr BIO_ -> Ptr (Ptr X509_REQ) -> FunPtr PemPasswordCallback'@@ -383,12 +384,12 @@ {- Certificate Revocation List ----------------------------------------------- -} -foreign import ccall unsafe "PEM_write_bio_X509_CRL"+foreign import capi unsafe "openssl/pem.h PEM_write_bio_X509_CRL" _write_bio_X509_CRL :: Ptr BIO_ -> Ptr X509_CRL -> IO CInt -foreign import ccall safe "PEM_read_bio_X509_CRL"+foreign import capi safe "openssl/pem.h PEM_read_bio_X509_CRL" _read_bio_X509_CRL :: Ptr BIO_ -> Ptr (Ptr X509_CRL) -> FunPtr PemPasswordCallback'@@ -429,12 +430,12 @@ {- PKCS#7 -------------------------------------------------------------------- -} -foreign import ccall unsafe "PEM_write_bio_PKCS7"+foreign import capi unsafe "openssl/pem.h PEM_write_bio_PKCS7" _write_bio_PKCS7 :: Ptr BIO_ -> Ptr PKCS7 -> IO CInt -foreign import ccall safe "PEM_read_bio_PKCS7"+foreign import capi safe "openssl/pem.h PEM_read_bio_PKCS7" _read_bio_PKCS7 :: Ptr BIO_ -> Ptr (Ptr PKCS7) -> FunPtr PemPasswordCallback'@@ -473,12 +474,12 @@ {- DH parameters ------------------------------------------------------------- -} -foreign import ccall unsafe "PEM_write_bio_DHparams"+foreign import capi unsafe "openssl/pem.h PEM_write_bio_DHparams" _write_bio_DH :: Ptr BIO_ -> Ptr DH_ -> IO CInt -foreign import ccall safe "PEM_read_bio_DHparams"+foreign import capi safe "openssl/pem.h PEM_read_bio_DHparams" _read_bio_DH :: Ptr BIO_ -> Ptr (Ptr DH_) -> FunPtr PemPasswordCallback'@@ -518,4 +519,4 @@ flip finally (memset passPtr 0 $ fromIntegral passLen) $ act (castPtr passPtr, passLen) -foreign import ccall unsafe memset :: Ptr a -> CInt -> CSize -> IO ()+foreign import capi unsafe "string.h memset" memset :: Ptr a -> CInt -> CSize -> IO ()
OpenSSL/PKCS7.hsc view
@@ -1,6 +1,7 @@ {-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# OPTIONS_HADDOCK prune #-} -- |An interface to PKCS#7 structure and S\/MIME message. module OpenSSL.PKCS7@@ -46,7 +47,7 @@ -- very haskellish but please get it out of your mind since OpenSSL is -- written in C. newtype Pkcs7 = Pkcs7 (ForeignPtr PKCS7)-data PKCS7+data {-# CTYPE "openssl/pkcs7.h" "PKCS7" #-} PKCS7 -- |@'Pkcs7Flag'@ is a set of flags that are used in many operations -- related to PKCS#7.@@ -93,22 +94,22 @@ flagListToInt = foldl' (.|.) 0 . map flagToInt -foreign import ccall "&PKCS7_free"+foreign import capi "openssl/pkcs7.h &PKCS7_free" _free :: FunPtr (Ptr PKCS7 -> IO ()) -foreign import ccall "HsOpenSSL_PKCS7_is_detached"+foreign import capi "HsOpenSSL.h HsOpenSSL_PKCS7_is_detached" _is_detached :: Ptr PKCS7 -> IO CLong -foreign import ccall "PKCS7_sign"+foreign import capi "openssl/pkcs7.h PKCS7_sign" _sign :: Ptr X509_ -> Ptr EVP_PKEY -> Ptr STACK -> Ptr BIO_ -> CInt -> IO (Ptr PKCS7) -foreign import ccall "PKCS7_verify"+foreign import capi "openssl/pkcs7.h PKCS7_verify" _verify :: Ptr PKCS7 -> Ptr STACK -> Ptr X509_STORE -> Ptr BIO_ -> Ptr BIO_ -> CInt -> IO CInt -foreign import ccall "PKCS7_encrypt"+foreign import capi "openssl/pkcs7.h PKCS7_encrypt" _encrypt :: Ptr STACK -> Ptr BIO_ -> Ptr EVP_CIPHER -> CInt -> IO (Ptr PKCS7) -foreign import ccall "PKCS7_decrypt"+foreign import capi "openssl/pkcs7.h PKCS7_decrypt" _decrypt :: Ptr PKCS7 -> Ptr EVP_PKEY -> Ptr X509_ -> Ptr BIO_ -> CInt -> IO CInt @@ -146,7 +147,7 @@ -- chain) -> String -- ^ data to be signed -> [Pkcs7Flag] -- ^ An optional set of flags:- -- + -- -- ['Pkcs7Text'] Many S\/MIME clients -- expect the signed content to include -- valid MIME headers. If the 'Pkcs7Text'@@ -230,7 +231,7 @@ -- present in the PKCS#7 structure -- (that is it is detached). -> [Pkcs7Flag] -- ^ An optional set of flags:- -- + -- -- ['Pkcs7NoIntern'] If -- 'Pkcs7NoIntern' is set the -- certificates in the message itself@@ -344,10 +345,10 @@ {- S/MIME -------------------------------------------------------------------- -} -foreign import ccall unsafe "SMIME_write_PKCS7"+foreign import capi unsafe "openssl/pkcs7.h SMIME_write_PKCS7" _SMIME_write_PKCS7 :: Ptr BIO_ -> Ptr PKCS7 -> Ptr BIO_ -> CInt -> IO CInt -foreign import ccall unsafe "SMIME_read_PKCS7"+foreign import capi unsafe "openssl/pkcs7.h SMIME_read_PKCS7" _SMIME_read_PKCS7 :: Ptr BIO_ -> Ptr (Ptr BIO_) -> IO (Ptr PKCS7) -- |@'writeSmime'@ writes PKCS#7 structure to S\/MIME message.
OpenSSL/RSA.hsc view
@@ -1,6 +1,7 @@ {-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# OPTIONS_HADDOCK prune #-} -- |An interface to RSA public key generator. module OpenSSL.RSA@@ -58,7 +59,7 @@ -- RSAPubKey and RSAKeyPair are in fact the same type at the OpenSSL -- level, but we want to treat them differently for type-safety.-data RSA+data {-# CTYPE "openssl/rsa.h" "RSA" #-} RSA -- |@'RSAKey' a@ is either 'RSAPubKey' or 'RSAKeyPair'. class RSAKey k where@@ -114,16 +115,16 @@ -foreign import ccall unsafe "&RSA_free"+foreign import capi unsafe "openssl/rsa.h &RSA_free" _free :: FunPtr (Ptr RSA -> IO ()) -foreign import ccall unsafe "RSAPublicKey_dup"+foreign import capi unsafe "openssl/rsa.h RSAPublicKey_dup" _pubDup :: Ptr RSA -> IO (Ptr RSA) -foreign import ccall unsafe "RSAPrivateKey_dup"+foreign import capi unsafe "openssl/rsa.h RSAPrivateKey_dup" _privDup :: Ptr RSA -> IO (Ptr RSA) -foreign import ccall unsafe "RSA_size"+foreign import capi unsafe "openssl/rsa.h RSA_size" _size :: Ptr RSA -> IO CInt -- | Make a copy of the public parameters of the given key.@@ -160,7 +161,7 @@ foreign import ccall "wrapper" mkGenKeyCallback :: RSAGenKeyCallback' -> IO (FunPtr RSAGenKeyCallback') -foreign import ccall safe "RSA_generate_key"+foreign import capi safe "openssl/rsa.h RSA_generate_key" _generate_key :: CInt -> CInt -> FunPtr RSAGenKeyCallback' -> Ptr a -> IO (Ptr RSA) -- |@'generateRSAKey'@ generates an RSA keypair.@@ -203,13 +204,13 @@ #if OPENSSL_VERSION_NUMBER >= 0x10100000L -foreign import ccall unsafe "RSA_get0_key"+foreign import capi unsafe "openssl/rsa.h RSA_get0_key" _get0_key :: Ptr RSA -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> IO () -foreign import ccall unsafe "RSA_get0_factors"+foreign import capi unsafe "openssl/rsa.h RSA_get0_factors" _get0_factors :: Ptr RSA -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> IO () -foreign import ccall unsafe "RSA_get0_crt_params"+foreign import capi unsafe "openssl/rsa.h RSA_get0_crt_params" _get0_crt_params :: Ptr RSA -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> IO () withNED :: (Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> Ptr (Ptr BIGNUM) -> IO b)
OpenSSL/Random.hs view
@@ -1,4 +1,5 @@ {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} -- | PRNG services -- See <http://www.openssl.org/docs/crypto/rand.html> -- For random Integer generation, see "OpenSSL.BN"@@ -13,13 +14,13 @@ import qualified Data.ByteString as BS import OpenSSL.Utils -foreign import ccall unsafe "RAND_bytes"+foreign import capi unsafe "openssl/rand.h RAND_bytes" _RAND_bytes :: Ptr CChar -> CInt -> IO CInt -foreign import ccall unsafe "RAND_pseudo_bytes"+foreign import capi unsafe "openssl/rand.h RAND_pseudo_bytes" _RAND_pseudo_bytes :: Ptr CChar -> CInt -> IO () -foreign import ccall unsafe "RAND_add"+foreign import capi unsafe "openssl/rand.h RAND_add" _RAND_add :: Ptr CChar -> CInt -> CInt -> IO () -- | Return a bytestring consisting of the given number of strongly random
OpenSSL/Session.hsc view
@@ -5,6 +5,7 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ExistentialQuantification #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# LANGUAGE NamedFieldPuns #-} {-# OPTIONS_GHC -fno-warn-name-shadowing #-} -- | Functions for handling SSL connections. These functions use GHC specific@@ -128,7 +129,7 @@ foreign import ccall "wrapper" mkVerifyCb :: VerifyCb -> IO (FunPtr VerifyCb) -data SSLContext_+data {-# CTYPE "openssl/ssl.h" "SSL_CTX" #-} SSLContext_ -- | An SSL context. Contexts carry configuration such as a server's private -- key, root CA certiifcates etc. Contexts are stateful IO objects; they -- start empty and various options are set on them by the functions in this@@ -139,14 +140,14 @@ } deriving Typeable -data SSLMethod_+data {-# CTYPE "openssl/ssl.h" "const SSL_METHOD" #-} SSLMethod_ -foreign import ccall unsafe "SSL_CTX_new" _ssl_ctx_new :: Ptr SSLMethod_ -> IO (Ptr SSLContext_)-foreign import ccall unsafe "SSL_CTX_free" _ssl_ctx_free :: Ptr SSLContext_ -> IO ()+foreign import capi unsafe "openssl/ssl.h SSL_CTX_new" _ssl_ctx_new :: Ptr SSLMethod_ -> IO (Ptr SSLContext_)+foreign import capi unsafe "openssl/ssl.h SSL_CTX_free" _ssl_ctx_free :: Ptr SSLContext_ -> IO () #if OPENSSL_VERSION_NUMBER >= 0x10100000L-foreign import ccall unsafe "TLS_method" _ssl_method :: IO (Ptr SSLMethod_)+foreign import capi unsafe "openssl/ssl.h TLS_method" _ssl_method :: IO (Ptr SSLMethod_) #else-foreign import ccall unsafe "SSLv23_method" _ssl_method :: IO (Ptr SSLMethod_)+foreign import capi unsafe "openssl/ssl.h SSLv23_method" _ssl_method :: IO (Ptr SSLMethod_) #endif -- | Create a new SSL context.@@ -172,10 +173,10 @@ touchContext :: SSLContext -> IO () touchContext = (>> return ()) . isEmptyMVar . ctxMVar -foreign import ccall unsafe "HsOpenSSL_SSL_CTX_set_options"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_SSL_CTX_set_options" _SSL_CTX_set_options :: Ptr SSLContext_ -> CLong -> IO CLong -foreign import ccall unsafe "HsOpenSSL_SSL_CTX_clear_options"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_SSL_CTX_clear_options" _SSL_CTX_clear_options :: Ptr SSLContext_ -> CLong -> IO CLong -- | Add a protocol option to the context.@@ -199,9 +200,9 @@ unless (result == 1) $ f ctx cpath (#const SSL_FILETYPE_ASN1) >>= failIf_ (/= 1) -foreign import ccall unsafe "SSL_CTX_use_PrivateKey"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_use_PrivateKey" _ssl_ctx_use_privatekey :: Ptr SSLContext_ -> Ptr EVP_PKEY -> IO CInt-foreign import ccall unsafe "SSL_CTX_use_certificate"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_use_certificate" _ssl_ctx_use_certificate :: Ptr SSLContext_ -> Ptr X509_ -> IO CInt -- | Install a private key into a context.@@ -220,9 +221,9 @@ _ssl_ctx_use_certificate ctx certPtr >>= failIf_ (/= 1) -foreign import ccall unsafe "SSL_CTX_use_PrivateKey_file"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_use_PrivateKey_file" _ssl_ctx_use_privatekey_file :: Ptr SSLContext_ -> CString -> CInt -> IO CInt-foreign import ccall unsafe "SSL_CTX_use_certificate_file"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_use_certificate_file" _ssl_ctx_use_certificate_file :: Ptr SSLContext_ -> CString -> CInt -> IO CInt -- | Install a private key file in a context. The key is given as a path to the@@ -237,7 +238,7 @@ contextSetCertificateFile :: SSLContext -> FilePath -> IO () contextSetCertificateFile = contextLoadFile _ssl_ctx_use_certificate_file -foreign import ccall unsafe "SSL_CTX_use_certificate_chain_file"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_use_certificate_chain_file" _ssl_ctx_use_certificate_chain_file :: Ptr SSLContext_ -> CString -> IO CInt -- | Install a certificate chain in a context. The certificates must be in PEM@@ -250,12 +251,12 @@ withCString path $ \cpath -> _ssl_ctx_use_certificate_chain_file ctx cpath >>= failIf_ (/= 1) -foreign import ccall unsafe "SSL_CTX_set_cipher_list"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_set_cipher_list" _ssl_ctx_set_cipher_list :: Ptr SSLContext_ -> CString -> IO CInt -- | Set the ciphers to be used by the given context. The string argument is a -- list of ciphers, comma separated, as given at--- http://www.openssl.org/docs/apps/ciphers.html+-- <https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html>. -- -- Unrecognised ciphers are ignored. If no ciphers from the list are -- recognised, an exception is raised.@@ -265,10 +266,11 @@ withCString list $ \cpath -> _ssl_ctx_set_cipher_list ctx cpath >>= failIf_ (/= 1) +-- | Set the ciphers to "DEFAULT". contextSetDefaultCiphers :: SSLContext -> IO () contextSetDefaultCiphers = flip contextSetCiphers "DEFAULT" -foreign import ccall unsafe "SSL_CTX_check_private_key"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_check_private_key" _ssl_ctx_check_private_key :: Ptr SSLContext_ -> IO CInt -- | Return true iff the private key installed in the given context matches the@@ -287,7 +289,7 @@ } deriving Typeable -foreign import ccall unsafe "SSL_CTX_set_verify"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_set_verify" _ssl_set_verify_mode :: Ptr SSLContext_ -> CInt -> FunPtr VerifyCb -> IO () contextSetVerificationMode :: SSLContext -> VerificationMode -> IO ()@@ -309,7 +311,7 @@ _ssl_set_verify_mode ctx mode $ fromMaybe nullFunPtr newCb return () -foreign import ccall unsafe "SSL_CTX_set_default_verify_paths"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_set_default_verify_paths" _ssl_set_default_verify_paths :: Ptr SSLContext_ -> IO CInt -- | Specifies that the default locations from which CA certificates are loaded@@ -330,7 +332,7 @@ withContext context $ \ctx -> _ssl_set_default_verify_paths ctx >>= failIf_ (/= 1) -foreign import ccall unsafe "SSL_CTX_load_verify_locations"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_load_verify_locations" _ssl_load_verify_locations :: Ptr SSLContext_ -> Ptr CChar -> Ptr CChar -> IO CInt -- | Set the location of a PEM encoded list of CA certificates to be used when@@ -351,7 +353,7 @@ withCString path $ \cpath -> _ssl_load_verify_locations ctx nullPtr cpath >>= failIf_ (/= 1) -foreign import ccall unsafe "SSL_CTX_get_cert_store"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_get_cert_store" _ssl_get_cert_store :: Ptr SSLContext_ -> IO (Ptr X509_STORE) -- | Get a reference to, not a copy of, the X.509 certificate storage@@ -362,7 +364,7 @@ _ssl_get_cert_store ctx >>= wrapX509Store (touchContext context) -foreign import ccall unsafe "SSL_CTX_set_session_id_context"+foreign import capi unsafe "openssl/ssl.h SSL_CTX_set_session_id_context" _ssl_set_session_id_context :: Ptr SSLContext_ -> Ptr CChar -> CUInt -> IO CInt -- | Set context within which session can be reused (server side only).@@ -376,7 +378,7 @@ _ssl_set_session_id_context ctx cIdCtx (fromIntegral len) >>= failIf_ (/= 1) -data SSL_+data {-# CTYPE "openssl/ssl.h" "SSL" #-} SSL_ -- | This is the type of an SSL connection -- -- IO with SSL objects is non-blocking and many SSL functions return a error@@ -392,9 +394,9 @@ } deriving Typeable -foreign import ccall unsafe "SSL_new" _ssl_new :: Ptr SSLContext_ -> IO (Ptr SSL_)-foreign import ccall unsafe "SSL_free" _ssl_free :: Ptr SSL_ -> IO ()-foreign import ccall unsafe "SSL_set_fd" _ssl_set_fd :: Ptr SSL_ -> CInt -> IO ()+foreign import capi unsafe "openssl/ssl.h SSL_new" _ssl_new :: Ptr SSLContext_ -> IO (Ptr SSL_)+foreign import capi unsafe "openssl/ssl.h SSL_free" _ssl_free :: Ptr SSL_ -> IO ()+foreign import capi unsafe "openssl/ssl.h SSL_set_fd" _ssl_set_fd :: Ptr SSL_ -> CInt -> IO () connection' :: SSLContext -> Fd -> Maybe Socket -> IO SSL connection' context fd@(Fd fdInt) sock = do@@ -441,13 +443,13 @@ withSSL :: SSL -> (Ptr SSL_ -> IO a) -> IO a withSSL = withMVar . sslMVar -foreign import ccall unsafe "HsOpenSSL_SSL_set_options"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_SSL_set_options" _SSL_set_options :: Ptr SSL_ -> CLong -> IO CLong -foreign import ccall unsafe "HsOpenSSL_SSL_clear_options"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_SSL_clear_options" _SSL_clear_options :: Ptr SSL_ -> CLong -> IO CLong -foreign import ccall unsafe "HsOpenSSL_SSL_set_tlsext_host_name"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_SSL_set_tlsext_host_name" _SSL_set_tlsext_host_name :: Ptr SSL_ -> CString -> IO CLong -- | Add a protocol option to the SSL connection.@@ -471,7 +473,7 @@ -- Hostname validation, inspired by https://wiki.openssl.org/index.php/Hostname_validation -foreign import ccall unsafe "HsOpenSSL_enable_hostname_validation"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_enable_hostname_validation" _enable_hostname_validation :: Ptr SSL_ -> CString -> CSize -> IO CInt -- | Enable hostname validation. Also see 'setTlsextHostName'.@@ -484,9 +486,9 @@ withCStringLen host $ \(host, hostLen) -> _enable_hostname_validation ssl host (fromIntegral hostLen) >>= failIf_ (/= 1) -foreign import ccall "SSL_accept" _ssl_accept :: Ptr SSL_ -> IO CInt-foreign import ccall "SSL_connect" _ssl_connect :: Ptr SSL_ -> IO CInt-foreign import ccall unsafe "SSL_get_error" _ssl_get_error :: Ptr SSL_ -> CInt -> IO CInt+foreign import capi "openssl/ssl.h SSL_accept" _ssl_accept :: Ptr SSL_ -> IO CInt+foreign import capi "openssl/ssl.h SSL_connect" _ssl_connect :: Ptr SSL_ -> IO CInt+foreign import capi unsafe "openssl/ssl.h SSL_get_error" _ssl_get_error :: Ptr SSL_ -> CInt -> IO CInt throwSSLException :: String -> CInt -> CInt -> IO a throwSSLException loc sslErr ret@@ -591,8 +593,8 @@ tryConnect ssl = (() <$) <$> sslTryHandshake "SSL_connect" _ssl_connect ssl -foreign import ccall "SSL_read" _ssl_read :: Ptr SSL_ -> Ptr Word8 -> CInt -> IO CInt-foreign import ccall unsafe "SSL_get_shutdown" _ssl_get_shutdown :: Ptr SSL_ -> IO CInt+foreign import capi "openssl/ssl.h SSL_read" _ssl_read :: Ptr SSL_ -> Ptr Word8 -> CInt -> IO CInt+foreign import capi unsafe "openssl/ssl.h SSL_get_shutdown" _ssl_get_shutdown :: Ptr SSL_ -> IO CInt -- | Perform an SSL operation which operates of a buffer and can return -- non-blocking error codes, thus requesting that it be performed again when@@ -652,7 +654,7 @@ fmap (fmap fromIntegral) (sslIOInner "SSL_read" _ssl_read (castPtr bufPtr) nBytes ssl) -foreign import ccall "SSL_write" _ssl_write :: Ptr SSL_ -> Ptr Word8 -> CInt -> IO CInt+foreign import capi "openssl/ssl.h SSL_write" _ssl_write :: Ptr SSL_ -> Ptr Word8 -> CInt -> IO CInt -- | Write a given ByteString to the SSL connection. Either all the data is -- written or an exception is raised because of an error.@@ -708,7 +710,7 @@ lazyWrite ssl lbs = mapM_ (write ssl) $ L.toChunks lbs -foreign import ccall "SSL_shutdown" _ssl_shutdown :: Ptr SSL_ -> IO CInt+foreign import capi "openssl/ssl.h SSL_shutdown" _ssl_shutdown :: Ptr SSL_ -> IO CInt data ShutdownType = Bidirectional -- ^ wait for the peer to also shutdown | Unidirectional -- ^ only send our shutdown@@ -768,9 +770,9 @@ return $ SSLDone () _ -> throwSSLException "SSL_shutdown" err n #if OPENSSL_VERSION_PREREQ(3,0)-foreign import ccall "SSL_get1_peer_certificate" _ssl_get_peer_cert :: Ptr SSL_ -> IO (Ptr X509_)+foreign import capi "openssl/ssl.h SSL_get1_peer_certificate" _ssl_get_peer_cert :: Ptr SSL_ -> IO (Ptr X509_) #else-foreign import ccall "SSL_get_peer_certificate" _ssl_get_peer_cert :: Ptr SSL_ -> IO (Ptr X509_)+foreign import capi "openssl/ssl.h SSL_get_peer_certificate" _ssl_get_peer_cert :: Ptr SSL_ -> IO (Ptr X509_) #endif -- | After a successful connection, get the certificate of the other party. If@@ -784,7 +786,7 @@ then return Nothing else fmap Just (wrapX509 cert) -foreign import ccall "SSL_get_verify_result" _ssl_get_verify_result :: Ptr SSL_ -> IO CLong+foreign import capi "openssl/ssl.h SSL_get_verify_result" _ssl_get_verify_result :: Ptr SSL_ -> IO CLong -- | Get the result of verifing the peer's certificate. This is mostly for -- clients to verify the certificate of the server that they have connected
OpenSSL/Stack.hsc view
@@ -1,5 +1,6 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} module OpenSSL.Stack ( STACK , mapStack@@ -17,34 +18,34 @@ #if OPENSSL_VERSION_NUMBER >= 0x10100000L-foreign import ccall unsafe "OPENSSL_sk_new_null"+foreign import capi unsafe "openssl/safestack.h OPENSSL_sk_new_null" skNewNull :: IO (Ptr STACK) -foreign import ccall unsafe "OPENSSL_sk_free"+foreign import capi unsafe "openssl/safestack.h OPENSSL_sk_free" skFree :: Ptr STACK -> IO () -foreign import ccall unsafe "OPENSSL_sk_push"+foreign import capi unsafe "openssl/safestack.h OPENSSL_sk_push" skPush :: Ptr STACK -> Ptr () -> IO () -foreign import ccall unsafe "OPENSSL_sk_num"+foreign import capi unsafe "openssl/safestack.h OPENSSL_sk_num" skNum :: Ptr STACK -> IO CInt -foreign import ccall unsafe "OPENSSL_sk_value"+foreign import capi unsafe "openssl/safestack.h OPENSSL_sk_value" skValue :: Ptr STACK -> CInt -> IO (Ptr ()) #else-foreign import ccall unsafe "sk_new_null"+foreign import capi unsafe "openssl/safestack.h sk_new_null" skNewNull :: IO (Ptr STACK) -foreign import ccall unsafe "sk_free"+foreign import capi unsafe "openssl/safestack.h sk_free" skFree :: Ptr STACK -> IO () -foreign import ccall unsafe "sk_push"+foreign import capi unsafe "openssl/safestack.h sk_push" skPush :: Ptr STACK -> Ptr () -> IO () -foreign import ccall unsafe "sk_num"+foreign import capi unsafe "openssl/safestack.h sk_num" skNum :: Ptr STACK -> IO CInt -foreign import ccall unsafe "sk_value"+foreign import capi unsafe "openssl/safestack.h sk_value" skValue :: Ptr STACK -> CInt -> IO (Ptr ()) #endif
OpenSSL/X509.hsc view
@@ -1,5 +1,6 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# OPTIONS_HADDOCK prune #-} -- |An interface to X.509 certificate. module OpenSSL.X509@@ -74,89 +75,89 @@ -- |@'X509'@ is an opaque object that represents X.509 certificate. newtype X509 = X509 (ForeignPtr X509_)-data X509_+data {-# CTYPE "openssl/x509.h" "X509" #-} X509_ -foreign import ccall unsafe "X509_new"+foreign import capi unsafe "openssl/x509.h X509_new" _new :: IO (Ptr X509_) -foreign import ccall unsafe "&X509_free"+foreign import capi unsafe "openssl/x509.h &X509_free" _free :: FunPtr (Ptr X509_ -> IO ()) -foreign import ccall unsafe "X509_print"+foreign import capi unsafe "openssl/x509.h X509_print" _print :: Ptr BIO_ -> Ptr X509_ -> IO CInt -foreign import ccall unsafe "X509_cmp"+foreign import capi unsafe "openssl/x509.h X509_cmp" _cmp :: Ptr X509_ -> Ptr X509_ -> IO CInt -foreign import ccall unsafe "HsOpenSSL_X509_get_version"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_get_version" _get_version :: Ptr X509_ -> IO CLong -foreign import ccall unsafe "X509_set_version"+foreign import capi unsafe "openssl/x509.h X509_set_version" _set_version :: Ptr X509_ -> CLong -> IO CInt -foreign import ccall unsafe "X509_get_serialNumber"+foreign import capi unsafe "openssl/x509.h X509_get_serialNumber" _get_serialNumber :: Ptr X509_ -> IO (Ptr ASN1_INTEGER) -foreign import ccall unsafe "X509_set_serialNumber"+foreign import capi unsafe "openssl/x509.h X509_set_serialNumber" _set_serialNumber :: Ptr X509_ -> Ptr ASN1_INTEGER -> IO CInt -foreign import ccall unsafe "X509_get_issuer_name"+foreign import capi unsafe "openssl/x509.h X509_get_issuer_name" _get_issuer_name :: Ptr X509_ -> IO (Ptr X509_NAME) -foreign import ccall unsafe "X509_set_issuer_name"+foreign import capi unsafe "openssl/x509.h X509_set_issuer_name" _set_issuer_name :: Ptr X509_ -> Ptr X509_NAME -> IO CInt -foreign import ccall unsafe "X509_get_subject_name"+foreign import capi unsafe "openssl/x509.h X509_get_subject_name" _get_subject_name :: Ptr X509_ -> IO (Ptr X509_NAME) -foreign import ccall unsafe "X509_set_subject_name"+foreign import capi unsafe "openssl/x509.h X509_set_subject_name" _set_subject_name :: Ptr X509_ -> Ptr X509_NAME -> IO CInt -foreign import ccall unsafe "HsOpenSSL_X509_get_notBefore"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_get_notBefore" _get_notBefore :: Ptr X509_ -> IO (Ptr ASN1_TIME) -foreign import ccall unsafe "HsOpenSSL_X509_get_notAfter"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_get_notAfter" _get_notAfter :: Ptr X509_ -> IO (Ptr ASN1_TIME) #if OPENSSL_VERSION_NUMBER >= 0x10100000L-foreign import ccall unsafe "X509_set1_notBefore"+foreign import capi unsafe "openssl/x509.h X509_set1_notBefore" _set_notBefore :: Ptr X509_ -> Ptr ASN1_TIME -> IO CInt -foreign import ccall unsafe "X509_set1_notAfter"+foreign import capi unsafe "openssl/x509.h X509_set1_notAfter" _set_notAfter :: Ptr X509_ -> Ptr ASN1_TIME -> IO CInt #else-foreign import ccall unsafe "X509_set_notBefore"+foreign import capi unsafe "openssl/x509.h X509_set_notBefore" _set_notBefore :: Ptr X509_ -> Ptr ASN1_TIME -> IO CInt -foreign import ccall unsafe "X509_set_notAfter"+foreign import capi unsafe "openssl/x509.h X509_set_notAfter" _set_notAfter :: Ptr X509_ -> Ptr ASN1_TIME -> IO CInt #endif -foreign import ccall unsafe "X509_get_pubkey"+foreign import capi unsafe "openssl/x509.h X509_get_pubkey" _get_pubkey :: Ptr X509_ -> IO (Ptr EVP_PKEY) -foreign import ccall unsafe "X509_set_pubkey"+foreign import capi unsafe "openssl/x509.h X509_set_pubkey" _set_pubkey :: Ptr X509_ -> Ptr EVP_PKEY -> IO CInt -foreign import ccall unsafe "X509_get1_email"+foreign import capi unsafe "openssl/x509.h X509_get1_email" _get1_email :: Ptr X509_ -> IO (Ptr STACK) -foreign import ccall unsafe "X509_email_free"+foreign import capi unsafe "openssl/x509.h X509_email_free" _email_free :: Ptr STACK -> IO () -foreign import ccall unsafe "X509_sign"+foreign import capi unsafe "openssl/x509.h X509_sign" _sign :: Ptr X509_ -> Ptr EVP_PKEY -> Ptr EVP_MD -> IO CInt -foreign import ccall unsafe "X509_verify"+foreign import capi unsafe "openssl/x509.h X509_verify" _verify :: Ptr X509_ -> Ptr EVP_PKEY -> IO CInt -foreign import ccall safe "i2d_X509_bio"+foreign import capi safe "openssl/x509.h i2d_X509_bio" _write_bio_X509 :: Ptr BIO_ -> Ptr X509_ -> IO CInt -foreign import ccall safe "d2i_X509_bio"+foreign import capi safe "openssl/x509.h d2i_X509_bio" _read_bio_X509 :: Ptr BIO_ -> Ptr (Ptr X509_) -> IO (Ptr X509_)@@ -218,9 +219,9 @@ readX509' :: BIO -> IO X509 readX509' bio = withBioPtr bio $ \ bioPtr ->- _read_bio_X509 bioPtr nullPtr + _read_bio_X509 bioPtr nullPtr >>= failIfNull- >>= wrapX509 + >>= wrapX509 -- |@'readDerX509' der@ reads in a certificate. readDerX509 :: ByteString -> IO X509
OpenSSL/X509/Name.hsc view
@@ -1,5 +1,6 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} module OpenSSL.X509.Name ( X509_NAME @@ -15,28 +16,28 @@ import OpenSSL.ASN1 import OpenSSL.Utils -data X509_NAME-data X509_NAME_ENTRY+data {-# CTYPE "openssl/x509.h" "X509_NAME" #-} X509_NAME+data {-# CTYPE "openssl/x509.h" "X509_NAME_ENTRY" #-} X509_NAME_ENTRY -foreign import ccall unsafe "X509_NAME_new"+foreign import capi unsafe "openssl/x509.h X509_NAME_new" _new :: IO (Ptr X509_NAME) -foreign import ccall unsafe "X509_NAME_free"+foreign import capi unsafe "openssl/x509.h X509_NAME_free" _free :: Ptr X509_NAME -> IO () -foreign import ccall unsafe "X509_NAME_add_entry_by_txt"+foreign import capi unsafe "openssl/x509.h X509_NAME_add_entry_by_txt" _add_entry_by_txt :: Ptr X509_NAME -> CString -> CInt -> Ptr CChar -> CInt -> CInt -> CInt -> IO CInt -foreign import ccall unsafe "X509_NAME_entry_count"+foreign import capi unsafe "openssl/x509.h X509_NAME_entry_count" _entry_count :: Ptr X509_NAME -> IO CInt -foreign import ccall unsafe "X509_NAME_get_entry"+foreign import capi unsafe "openssl/x509.h X509_NAME_get_entry" _get_entry :: Ptr X509_NAME -> CInt -> IO (Ptr X509_NAME_ENTRY) -foreign import ccall unsafe "X509_NAME_ENTRY_get_object"+foreign import capi unsafe "openssl/x509.h X509_NAME_ENTRY_get_object" _ENTRY_get_object :: Ptr X509_NAME_ENTRY -> IO (Ptr ASN1_OBJECT) -foreign import ccall unsafe "X509_NAME_ENTRY_get_data"+foreign import capi unsafe "openssl/x509.h X509_NAME_ENTRY_get_data" _ENTRY_get_data :: Ptr X509_NAME_ENTRY -> IO (Ptr ASN1_STRING)
OpenSSL/X509/Request.hs view
@@ -1,5 +1,6 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# OPTIONS_HADDOCK prune #-} -- |An interface to PKCS#10 certificate request. module OpenSSL.X509.Request@@ -53,50 +54,50 @@ -- |@'X509Req'@ is an opaque object that represents PKCS#10 -- certificate request. newtype X509Req = X509Req (ForeignPtr X509_REQ)-data X509_REQ+data {-# CTYPE "openssl/x509.h" "X509_REQ" #-} X509_REQ -data X509_EXT+data X509_EXT -foreign import ccall unsafe "X509_REQ_new"+foreign import capi unsafe "openssl/x509.h X509_REQ_new" _new :: IO (Ptr X509_REQ) -foreign import ccall unsafe "&X509_REQ_free"+foreign import capi unsafe "openssl/x509.h &X509_REQ_free" _free :: FunPtr (Ptr X509_REQ -> IO ()) -foreign import ccall unsafe "X509_REQ_sign"+foreign import capi unsafe "openssl/x509.h X509_REQ_sign" _sign :: Ptr X509_REQ -> Ptr EVP_PKEY -> Ptr EVP_MD -> IO CInt -foreign import ccall unsafe "X509_REQ_verify"+foreign import capi unsafe "openssl/x509.h X509_REQ_verify" _verify :: Ptr X509_REQ -> Ptr EVP_PKEY -> IO CInt -foreign import ccall unsafe "X509_REQ_print"+foreign import capi unsafe "openssl/x509.h X509_REQ_print" _print :: Ptr BIO_ -> Ptr X509_REQ -> IO CInt -foreign import ccall unsafe "i2d_X509_REQ_bio"+foreign import capi unsafe "openssl/x509.h i2d_X509_REQ_bio" _req_to_der :: Ptr BIO_ -> Ptr X509_REQ -> IO CInt -foreign import ccall unsafe "HsOpenSSL_X509_REQ_get_version"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_REQ_get_version" _get_version :: Ptr X509_REQ -> IO CLong -foreign import ccall unsafe "X509_REQ_set_version"+foreign import capi unsafe "openssl/x509.h X509_REQ_set_version" _set_version :: Ptr X509_REQ -> CLong -> IO CInt -foreign import ccall unsafe "HsOpenSSL_X509_REQ_get_subject_name"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_REQ_get_subject_name" _get_subject_name :: Ptr X509_REQ -> IO (Ptr X509_NAME) -foreign import ccall unsafe "X509_REQ_set_subject_name"+foreign import capi unsafe "openssl/x509.h X509_REQ_set_subject_name" _set_subject_name :: Ptr X509_REQ -> Ptr X509_NAME -> IO CInt -foreign import ccall unsafe "X509_REQ_get_pubkey"+foreign import capi unsafe "openssl/x509.h X509_REQ_get_pubkey" _get_pubkey :: Ptr X509_REQ -> IO (Ptr EVP_PKEY) -foreign import ccall unsafe "X509_REQ_set_pubkey"+foreign import capi unsafe "openssl/x509.h X509_REQ_set_pubkey" _set_pubkey :: Ptr X509_REQ -> Ptr EVP_PKEY -> IO CInt -foreign import ccall unsafe "X509V3_EXT_nconf_nid"+foreign import capi unsafe "openssl/x509.h X509V3_EXT_nconf_nid" _ext_create :: Ptr a -> Ptr b -> CInt -> CString -> IO (Ptr X509_EXT) -foreign import ccall unsafe "X509_REQ_add_extensions"+foreign import capi unsafe "openssl/x509.h X509_REQ_add_extensions" _req_add_extensions :: Ptr X509_REQ -> Ptr STACK -> IO CInt
OpenSSL/X509/Revocation.hsc view
@@ -1,6 +1,7 @@ {-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# OPTIONS_HADDOCK prune #-} -- |An interface to Certificate Revocation List. module OpenSSL.X509.Revocation@@ -61,8 +62,8 @@ -- |@'CRL'@ is an opaque object that represents Certificate Revocation -- List. newtype CRL = CRL (ForeignPtr X509_CRL)-data X509_CRL-data X509_REVOKED+data {-# CTYPE "openssl/x509.h" "X509_CRL" #-} X509_CRL+data {-# CTYPE "openssl/x509.h" "X509_REVOKED" #-} X509_REVOKED -- |@'RevokedCertificate'@ represents a revoked certificate in a -- list. Each certificates are supposed to be distinguishable by@@ -76,81 +77,81 @@ deriving (Show, Eq, Typeable) -foreign import ccall unsafe "X509_CRL_new"+foreign import capi unsafe "openssl/x509.h X509_CRL_new" _new :: IO (Ptr X509_CRL) -foreign import ccall unsafe "&X509_CRL_free"+foreign import capi unsafe "openssl/x509.h &X509_CRL_free" _free :: FunPtr (Ptr X509_CRL -> IO ()) -foreign import ccall unsafe "X509_CRL_sign"+foreign import capi unsafe "openssl/x509.h X509_CRL_sign" _sign :: Ptr X509_CRL -> Ptr EVP_PKEY -> Ptr EVP_MD -> IO CInt -foreign import ccall unsafe "X509_CRL_verify"+foreign import capi unsafe "openssl/x509.h X509_CRL_verify" _verify :: Ptr X509_CRL -> Ptr EVP_PKEY -> IO CInt -foreign import ccall unsafe "X509_CRL_print"+foreign import capi unsafe "openssl/x509.h X509_CRL_print" _print :: Ptr BIO_ -> Ptr X509_CRL -> IO CInt -foreign import ccall unsafe "HsOpenSSL_X509_CRL_get_version"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_CRL_get_version" _get_version :: Ptr X509_CRL -> IO CLong -foreign import ccall unsafe "X509_CRL_set_version"+foreign import capi unsafe "openssl/x509.h X509_CRL_set_version" _set_version :: Ptr X509_CRL -> CLong -> IO CInt -foreign import ccall unsafe "HsOpenSSL_X509_CRL_get_lastUpdate"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_CRL_get_lastUpdate" _get_lastUpdate :: Ptr X509_CRL -> IO (Ptr ASN1_TIME) -foreign import ccall unsafe "HsOpenSSL_X509_CRL_get_nextUpdate"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_CRL_get_nextUpdate" _get_nextUpdate :: Ptr X509_CRL -> IO (Ptr ASN1_TIME) #if OPENSSL_VERSION_NUMBER >= 0x10100000L-foreign import ccall unsafe "X509_CRL_set1_lastUpdate"+foreign import capi unsafe "openssl/x509.h X509_CRL_set1_lastUpdate" _set_lastUpdate :: Ptr X509_CRL -> Ptr ASN1_TIME -> IO CInt -foreign import ccall unsafe "X509_CRL_set1_nextUpdate"+foreign import capi unsafe "openssl/x509.h X509_CRL_set1_nextUpdate" _set_nextUpdate :: Ptr X509_CRL -> Ptr ASN1_TIME -> IO CInt #else-foreign import ccall unsafe "X509_CRL_set_lastUpdate"+foreign import capi unsafe "openssl/x509.h X509_CRL_set_lastUpdate" _set_lastUpdate :: Ptr X509_CRL -> Ptr ASN1_TIME -> IO CInt -foreign import ccall unsafe "X509_CRL_set_nextUpdate"+foreign import capi unsafe "openssl/x509.h X509_CRL_set_nextUpdate" _set_nextUpdate :: Ptr X509_CRL -> Ptr ASN1_TIME -> IO CInt #endif -foreign import ccall unsafe "HsOpenSSL_X509_CRL_get_issuer"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_CRL_get_issuer" _get_issuer_name :: Ptr X509_CRL -> IO (Ptr X509_NAME) -foreign import ccall unsafe "X509_CRL_set_issuer_name"+foreign import capi unsafe "openssl/x509.h X509_CRL_set_issuer_name" _set_issuer_name :: Ptr X509_CRL -> Ptr X509_NAME -> IO CInt -foreign import ccall unsafe "HsOpenSSL_X509_CRL_get_REVOKED"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_CRL_get_REVOKED" _get_REVOKED :: Ptr X509_CRL -> IO (Ptr STACK) -foreign import ccall unsafe "X509_CRL_add0_revoked"+foreign import capi unsafe "openssl/x509.h X509_CRL_add0_revoked" _add0_revoked :: Ptr X509_CRL -> Ptr X509_REVOKED -> IO CInt #if OPENSSL_VERSION_NUMBER >= 0x10000000 -- This function is only available on OpenSSL 1.0.0 or later.-foreign import ccall unsafe "X509_CRL_get0_by_serial"+foreign import capi unsafe "openssl/x509.h X509_CRL_get0_by_serial" _get0_by_serial :: Ptr X509_CRL -> Ptr (Ptr X509_REVOKED) -> Ptr ASN1_INTEGER -> IO CInt #endif -foreign import ccall unsafe "X509_CRL_sort"+foreign import capi unsafe "openssl/x509.h X509_CRL_sort" _sort :: Ptr X509_CRL -> IO CInt -foreign import ccall unsafe "X509_REVOKED_new"+foreign import capi unsafe "openssl/x509.h X509_REVOKED_new" _new_revoked :: IO (Ptr X509_REVOKED) -foreign import ccall unsafe "X509_REVOKED_free"+foreign import capi unsafe "openssl/x509.h X509_REVOKED_free" freeRevoked :: Ptr X509_REVOKED -> IO () -foreign import ccall unsafe "X509_REVOKED_set_serialNumber"+foreign import capi unsafe "openssl/x509.h X509_REVOKED_set_serialNumber" _set_serialNumber :: Ptr X509_REVOKED -> Ptr ASN1_INTEGER -> IO CInt -foreign import ccall unsafe "X509_REVOKED_set_revocationDate"+foreign import capi unsafe "openssl/x509.h X509_REVOKED_set_revocationDate" _set_revocationDate :: Ptr X509_REVOKED -> Ptr ASN1_TIME -> IO CInt -- |@'newCRL'@ creates an empty revocation list. You must set the@@ -302,10 +303,10 @@ #if OPENSSL_VERSION_NUMBER >= 0x10100000L -foreign import ccall unsafe "X509_REVOKED_get0_serialNumber"+foreign import capi unsafe "openssl/x509.h X509_REVOKED_get0_serialNumber" _get0_serialNumber :: Ptr X509_REVOKED -> IO (Ptr ASN1_INTEGER) -foreign import ccall unsafe "X509_REVOKED_get0_revocationDate"+foreign import capi unsafe "openssl/x509.h X509_REVOKED_get0_revocationDate" _get0_revocationDate :: Ptr X509_REVOKED -> IO (Ptr ASN1_TIME) getSerialNumber = _get0_serialNumber
OpenSSL/X509/Store.hsc view
@@ -1,5 +1,6 @@ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-}+{-# LANGUAGE CApiFFI #-} {-# OPTIONS_HADDOCK prune #-} -- |An interface to X.509 certificate store. module OpenSSL.X509.Store@@ -43,19 +44,19 @@ -- certificate store. The certificate store is usually used for chain -- verification. newtype X509Store = X509Store (ForeignPtr X509_STORE)-data X509_STORE+data {-# CTYPE "openssl/x509.h" "X509_STORE" #-} X509_STORE -foreign import ccall unsafe "X509_STORE_new"+foreign import capi unsafe "openssl/x509.h X509_STORE_new" _new :: IO (Ptr X509_STORE) -foreign import ccall unsafe "X509_STORE_free"+foreign import capi unsafe "openssl/x509.h X509_STORE_free" _free :: Ptr X509_STORE -> IO () -foreign import ccall unsafe "X509_STORE_add_cert"+foreign import capi unsafe "openssl/x509.h X509_STORE_add_cert" _add_cert :: Ptr X509_STORE -> Ptr X509_ -> IO CInt -foreign import ccall unsafe "X509_STORE_add_crl"+foreign import capi unsafe "openssl/x509.h X509_STORE_add_crl" _add_crl :: Ptr X509_STORE -> Ptr X509_CRL -> IO CInt -- |@'newX509Store'@ creates an empty X.509 certificate store.@@ -92,30 +93,30 @@ >>= failIf (/= 1) >> return () -data X509_STORE_CTX+data {-# CTYPE "openssl/x509.h" "X509_STORE_CTX" #-} X509_STORE_CTX newtype X509StoreCtx = X509StoreCtx (ForeignPtr X509_STORE_CTX) -foreign import ccall unsafe "X509_STORE_CTX_get_current_cert"+foreign import capi unsafe "openssl/x509.h X509_STORE_CTX_get_current_cert" _store_ctx_get_current_cert :: Ptr X509_STORE_CTX -> IO (Ptr X509_) -foreign import ccall unsafe "HsOpenSSL_X509_STORE_CTX_get0_current_issuer"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_STORE_CTX_get0_current_issuer" _store_ctx_get0_current_issuer :: Ptr X509_STORE_CTX -> IO (Ptr X509_) -foreign import ccall unsafe "HsOpenSSL_X509_STORE_CTX_get0_current_crl"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_STORE_CTX_get0_current_crl" _store_ctx_get0_current_crl :: Ptr X509_STORE_CTX -> IO (Ptr X509_CRL) #if OPENSSL_VERSION_NUMBER >= 0x10100000L-foreign import ccall unsafe "X509_STORE_CTX_get1_chain"+foreign import capi unsafe "openssl/x509.h X509_STORE_CTX_get1_chain" _store_ctx_get_chain :: Ptr X509_STORE_CTX -> IO (Ptr STACK) #else-foreign import ccall unsafe "X509_STORE_CTX_get_chain"+foreign import capi unsafe "openssl/x509.h X509_STORE_CTX_get_chain" _store_ctx_get_chain :: Ptr X509_STORE_CTX -> IO (Ptr STACK) #endif -foreign import ccall unsafe "HsOpenSSL_X509_ref"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_ref" _x509_ref :: Ptr X509_ -> IO () -foreign import ccall unsafe "HsOpenSSL_X509_CRL_ref"+foreign import capi unsafe "HsOpenSSL.h HsOpenSSL_X509_CRL_ref" _crl_ref :: Ptr X509_CRL -> IO () withX509StoreCtxPtr :: X509StoreCtx -> (Ptr X509_STORE_CTX -> IO a) -> IO a
cbits/HsOpenSSL.h view
@@ -61,6 +61,8 @@ /* DH *************************************************************************/ DH* HsOpenSSL_DHparams_dup(DH* dh);+const BIGNUM *HsOpenSSL_DH_get_pub_key(DH *dh);+int HsOpenSSL_DH_length(DH *dh); /* EVP ************************************************************************/ int HsOpenSSL_EVP_MD_size(EVP_MD* md);@@ -84,6 +86,10 @@ const ASN1_TIME* HsOpenSSL_X509_CRL_get_nextUpdate(const X509_CRL* crl); X509_NAME* HsOpenSSL_X509_CRL_get_issuer(X509_CRL* crl); STACK_OF(X509_REVOKED)* HsOpenSSL_X509_CRL_get_REVOKED(X509_CRL* crl);+void HsOpenSSL_X509_ref(X509* x509);+void HsOpenSSL_X509_CRL_ref(X509_CRL* crl);+X509* HsOpenSSL_X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);+X509_CRL* HsOpenSSL_X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); /* PKCS#7 *********************************************************************/ long HsOpenSSL_PKCS7_is_detached(PKCS7* pkcs7);