This repository has been archived by the owner on Jan 18, 2020. It is now read-only.
/
NEWS
415 lines (323 loc) · 13.7 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
-*- coding: utf-8 -*-
Changes from 0.10.3.1 to 0.10.3.2
---------------------------------
* Merged #15 "Fixed build with base-4.6" by Mikhail Vorozhtsov.
* Added a configuration flag 'fast-bignum', fixes #16.
Changes from 0.10.3 to 0.10.3.1
-------------------------------
* Merged #14 "Fixed X509_STORE_CTX bindings vs OpenSSL 0.9.x" by
Mikhail Vorozhtsov.
Changes from 0.10.2.1 to 0.10.3
-------------------------------
* Merged #12 "Bindings to some of the X509_STORE_CTX functions" by
Mikhail Vorozhtsov:
- New functions in OpenSSL.X509.Store:
- getStoreCtxCert
- getStoreCtxIssuer
- getStoreCtxCRL
- getStoreCtxChain
* Merged #13 "Fixed early verification callback deallocation crash" by
Mikhail Vorozhtsov.
Changes from 0.10.2 to 0.10.2.1
-------------------------------
* Merged #10 "Fix X509 PEM reading/writing" by Mikhail Vorozhtsov:
- OpenSSL.PEM.readX509 now uses PEM_read_bio_X509() instead of
PEM_read_bio_X509_AUX().
- OpenSSL.PEM.writeX509 now uses PEM_write_bio_X509() instead of
PEM_write_bio_X509_AUX().
Changes from 0.10.1.4 to 0.10.2
-------------------------------
* Merged #9 "Add raw pointer read/write operations" by Iavor
S. Diatchki:
- OpenSSL.Session.readPtr
- OpenSSL.Session.tryReadPtr
- OpenSSL.Session.writePtr
- OpenSSL.Session.tryWritePtr
* Fixed #8 "HsOpenSSL 0.10.1.4 won't build" reported by vcxp:
- Workaround for broken versions of Cabal, including one that comes
with ghc-7.0.4.
Changes from 0.10.1.3 to 0.10.1.4
---------------------------------
* Fixed #7 "Haskell Platform 2011.4 Support", reported by stepcut:
- Foreign.ForeignPtr.Unsafe does not exist prior to base-4.4
Changes from 0.10.1.2 to 0.10.1.3
---------------------------------
* OpenSSL.Session:
- SSL, SSLContext, SSLResult, ShutdownType and VerificationMode are
now instances of Typeable.
* Applied a series of patches "Various fixes for GHC 7.5" by Ben Gamari:
- Use unsafeForeignPtrToPtr from Foreign.ForeignPtr.Unsafe
- Use unsafePerformIO from System.IO.Unsafe
- Add Num to constraints with Bits
Changes from 0.10.1.1 to 0.10.1.2
---------------------------------
* Applied a patch by Mikhail Vorozhtsov:
- Moved all EVP-related private functions to OpenSSL.EVP.Internal.
* Improve the error handling in OpenSSL.Session:
- SSL_get_error() must be called within the OS thread which caused
the failed operation as it inspects the thread-local storage.
- write/tryWrite should throw EPIPE for cleanly-closed connections
rather than EOF.
- shutdown/tryShutdown shouldn't throw an exception when a remote
peer sends us a "close notify" alert and closes the connection
without waiting for our reply.
- ProtocolError should contain an error message string.
Changes from 0.10.1 to 0.10.1.1
-------------------------------
* Applied a patch by Peter Gammie:
- GHC 6.12.3 friendliness: don't use Control.Monad.void
* Applied a patch by Peter Gammie and David Terei:
- Placate LLVM in GHC 7.3.x HEAD: give memcpy the right
type. Courtesy of David Terei.
* Applied a patch by Mikhail Vorozhtsov:
- Use throwIO instead of throw to raise SSL exceptions.
* Fixed breakage on OpenSSL 0.9.8:
- DHparams_dup() is a function in OpenSSL 1.0.0 but is a macro in 0.9.8.
- OpenSSL 0.9.8 doesn't provide X509_CRL_get0_by_serial().
Changes from 0.10 to 0.10.1
---------------------------
* Applied patches by Mikhail Vorozhtsov:
- Added optional verification callback to VerifyPeer.
- Added revocation lookup function.
- Added bindings to Diffie-Hellman functions.
- Expose low-level asynchronous versions of accept, connect, read,
write and shutdown.
* Moved the repository to GitHub:
git://github.com/phonohawk/HsOpenSSL.git
Changes from 0.9.0.1 to 0.10
----------------------------
* Applied a patch by Mikhail Vorozhtsov to support wrapping plain file
descriptors in SSL connections.
- New function:
fdConnection :: SSLContext -> Socket -> IO SSL
sslFd :: SSL -> Fd
- Function signature change:
sslSocket :: SSL -> Maybe Socket
(It was "SSL -> Socket" before.)
Changes from 0.9 to 0.9.0.1
---------------------------
* Applied a patch by Mikhail Vorozhtsov
- Added missing BangPatterns pragma to OpenSSL/BN.hsc. It was
failing to build on GHC 7.1 without this.
Changes from 0.8.0.2 to 0.9
---------------------------
* (Suggested by Arthur Chan) Operations in OpenSSL.Session now throw
exceptions of individual exception types instead of plain
strings. The following exception types are defined:
- ConnectionCleanlyClosed
- ConnectionAbruptlyTerminated
- WantConnect
- WantAccept
- WantX509Lookup
- SSLIOError
- ProtocolError
- UnknownError(..)
Changes from 0.8 to 0.8.0.2
---------------------------
* 0.8.0.1 was broken so it's invalidated.
* Fix Windows support as suggested in this page:
http://hackage.haskell.org/trac/ghc/wiki/Builder
(Thanks Edward Z. Yang for notifying me.)
Changes from 0.7 to 0.8
-----------------------
* Applied 7 patches by Taru Karttunen:
- Add cipherStrictLBS - Encrypt a lazy bytestring in a strict
manner. Does not leak the keys
- Add rsaCopyPublic and rsaKeyPairFinalize to OpenSSL.RSA
- Document pkcs5_pbkdf2_hmac_sha1 in OpenSSL.EVP.Digest
- Make OpenSSL.EVP.Sign.signFinal use ByteStrings internally
- Export OpenSSL.EVP.Sign.signFinal
- Add PEM-functionality with a new PwBS that works like PwStr except
there are no superfluous extra copies retained in the memory.
- Make PEM callbacks use bracket which makes cleanup work even if
there are exceptions.
Changes from 0.6.5 to 0.7
-------------------------
* Applied patches by Taru Karttunen to make HsOpenSSL compatible with
GHC 6.12.1.
* Many cosmetic changes to suppress warnings which GHC 6.12.1
emits. It shouldn't change any semantics.
Changes from 0.6.4 to 0.6.5
---------------------------
* Suggestion by Carl Mackey:
- OpenSSL.Cipher now exports a type AESCtx.
Changes from 0.6.3 to 0.6.4
---------------------------
* Applied a patch by Taru Karttunen:
> Unbreak BIO ForeignPtrs for GHC 6.10
>
> In GHC 6.10 it is no longer possible to mix C and Haskell
> finalizers on the same ForeignPtr. This patch fixes that
> and unbreaks things for GHC 6.10.
Changes from 0.6.2 to 0.6.3
---------------------------
* Suggestion by Grant Monroe:
- Changed the signature of OpenSSL.EVP.Sign.signBS from
signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO String
to
signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO Strict.ByteString
- Changed the signature of OpenSSL.EVP.Sign.signLBS from
signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO String
to
signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO Lazy.ByteString
Chanegs from 0.6.1 to 0.6.2
---------------------------
* Applied a patch by John Van Enk and his friend:
1) Moved away from the Configure build type to the Simple build
type.
2) Removed the direct dependency on pthreads. This involved an
indirection layer using the preprocessor. In linux/bsd, we use
pthreads. In windows, we call out to the OS mutexing
functions. This allows us to "cabal install" the HsOpenSSL
library from the cmd.exe terminal in windows *without* having to
use cygwin.
Changes from 0.6 to 0.6.1
-------------------------
* OpenSSL.Session:
- New functions:
# lazyRead
# lazyWrite
# contextGetCAStore
# contextSetPrivateKey
# contextSetCertificate
Changes from 0.5.2 to 0.6
-------------------------
* INCOMPATIBLE CHANGES:
+ OpenSSL.DSA:
- The data type "DSA" is now broken into two separate types
"DSAPubKey" and "DSAKeyPair" to distinguish between public
keys and keypairs at type-level. These two data types are
instances of class "DSAKey".
- These functions are renamed to avoid name collision with
OpenSSL.RSA:
# generateParameters --> generateDSAParameters
# generateKey --> generateDSAKey
# generateParametersAndKey --> generateDSAParametersAndKey
# signDigestedData --> signDigestedDataWithDSA
# verifyDigestedData --> verifyDigestedDataWithDSA
- These functions are broken into two separate functions:
# dsaToTuple --> dsaPubKeyToTuple, dsaKeyPairToTuple
# tupleToDSA --> tupleToDSAPubKey, tupleToDSAKeyPair
+ OpenSSL.RSA:
- The data type "RSA" is now broken into two separate types
"RSAPubKey" and "RSAKeyPair" to distinguish between public
keys and keypairs at type-level. These two data types are
instances of class "RSAKey".
+ OpenSSL.EVP.PKey:
- The data type "PKey" is now broken into two separate
classes, not data types, "PublicKey" and "KeyPair" to
distinguish between public keys and keypairs at
type-level. You can pass "RSAPubKey" and such like directly
to cryptographic functions instead of the prior polymorphic
type "PKey", for the sake of type classes.
+ OpenSSL.EVP.Open:
- These functions now take "KeyPair k" instead of "PKey":
# open
# openBS
# openLBS
+ OpenSSL.EVP.Seal:
- These functions now take "SomePublicKey" instead of "PKey":
# seal
# sealBS
# sealLBS
+ OpenSSL.EVP.Sign:
- These functions now take "KeyPair k" instead of "PKey":
# sign
# signBS
# signLBS
+ OpenSSL.EVP.Verify:
- These functions now take "PublicKey k" instead of "PKey":
# verify
# verifyBS
# verifyLBS
+ OpenSSL.PEM:
- writePKCS8PrivateKey now takes "KeyPair k" instead of "PKey".
- readPrivateKey now returns "SomeKeyPair" instead of "PKey".
- writePublicKey now takes "PublicKey k" instead of "PKey".
- readPublicKey now returns "SomePublicKey" instead of "PKey".
+ OpenSSL.PKCS7:
- pkcs7Sign now takes "KeyPair k" instead of "PKey".
- pkcs7Decrypt now takes "KeyPair k" instead of "PKey".
+ OpenSSL.X509:
- signX509 now takes "KeyPair k" instead of "PKey".
- verifyX509 now takes "PublicKey k" instead of "PKey".
- getPublicKey now returns "SomePublicKey" instead of "PKey".
- setPublicKey now takes "PublicKey k" instead of "PKey".
+ OpenSSL.X509.Request:
- signX509Req now takes "KeyPair k" instead of "PKey".
- verifyX509Req now takes "PublicKey k" instead of "PKey".
- getPublicKey now returns "SomePublicKey" instead of "PKey".
- setPublicKey now takes "PublicKey k" instead of "PKey".
+ OpenSSL.X509.Revocation:
- signCRL now takes "KeyPair k" instead of "PKey".
- verifyCRL now takes "PublicKey k" instead of "PKey".
* OpenSSL.RSA:
- RSAPubKey and RSAKeyPair are now instances of Eq, Ord and Show.
- New function: generateRSAKey'
* OpenSSL.DSA:
- DSAPubKey and DSAKeyPair are now instances of Eq, Ord and Show.
Changes from 0.5.1 to 0.5.2
---------------------------
* Fixed incorrect dependency declaration in HsOpenSSL.cabal. No
semantical changes to the code.
Changes from 0.5 to 0.5.1
-------------------------
* Fixed breakage on 64-bit architectures.
Reported by: Neumark Péter
Changes from 0.4.2 to 0.5
-------------------------
* Fixed breakage on GHC 6.10.1. And now requires 6.10.1...
* Applied a patch by Taru Karttunen:
- Add pkcs5_pbkdf2_hmac_sha1 to OpenSSL.EVP.Digest
Changes from 0.4.1 to 0.4.2
---------------------------
* No .hs files which are generated from .hsc files should be in the
tarball. If any .hs files are outdated, Cabal seems to compile the
outdated files instead of newer .hsc files.
Changes from 0.4 to 0.4.1
-------------------------
* Applied patches by Adam Langley:
- Fix BN<->Integer conversions on 64-bit systems
- Another 64-bit fix (OpenSSL.ASN1.peekASN1String)
- Add ByteString version of digestBS
- Fix the foreign types of the cipher functions to use CInt, not Int
- 64-bit fix for HMAC
- Turn the Session IO inside out
- Silly cosmetic change
Changes from 0.3.1 to 0.4
-------------------------
* Applied patches by Adam Langley:
- Add the beginnings of session support
- Add an example SSL server
Changes from 0.3 to 0.3.1
-------------------------
* OpenSSL.EVP.Base64: Fix a bug in an internal function `decodeBlock':
decodeBase64* didn't drop the padding NUL.
* Applied patches by Adam Langley:
- Updates for 6.8.1 (also *requires* 6.8.1 now)
- tests/Base64.hs: Test for Base64
Changes from 0.2 to 0.3
-----------------------
* Applied patches by Adam Langley:
- tests/DSA.hs: Add a DSA test: this just adds a binary which tests
a few simple DSA cases (and runs a timing test) and prints "PASS"
as the last line of stdout in the case that everything looks good.
It doesn't include any hooks nor framework for running these.
- Bug fix for fast Integer<->BN functions
- OpenSSL.Cipher: Add non-EVP cipher support
- OpenSSL.EVP.Digest: Add HMAC support in EVP
- OpenSSL.Random: Add OpenSSL.Random
- OpenSSL.BN: Additional utility functions in BN and exposing BN
Changes from 0.1.1. to 0.2
--------------------------
* Applied patches by Adam Langley:
- OpenSSL.DSA: Add DSA support
- OpenSSL.BN: Add support for fast Integer<->BN conversions
- OpenSSL.BN: New BN utility function, newBN
- OpenSSL.BN: FIX: set the BN ptr to NULL before calling BN_dec2bn,
otherwise that function thinks that there's a valid BN there
- OpenSSL.Utils: Add utility functions to print and read hex numbers
Changes from 0.1 to 0.1.1
-------------------------
* Moved hidden modules from Exposed-Modules to Other-Modules.
* Added "time >= 1.1.1" to the Build-Depends.