| Safe Haskell | None | 
|---|---|
| Language | Haskell2010 | 
OpenSSL
Description
HsOpenSSL is an OpenSSL binding for Haskell. It can generate RSA and DSA keys, read and write PEM files, generate message digests, sign and verify messages, encrypt and decrypt messages.
Please note that this project has started at the time when there were no pure-Haskell implementations of TLS. Now there is tls package (http://hackage.haskell.org/package/tls), which looks pretty saner than HsOpenSSL especially for initialisation and error handlings. So PHO (the initial author of HsOpenSSL) wants to encourage you to use and improve the tls package instead as long as possible. The only problem is that the tls package has not received as much review as OpenSSL from cryptography specialists yet, thus we can't assume it's secure enough.
Features that aren't (yet) supported:
- SSL network connection
- ssl(3) functionalities aren't fully covered yet. See OpenSSL.Session.
- Complete coverage of Low-level API to symmetric ciphers
- Only
   high-level APIs (EVP and BIO) are fully available. But I believe
   no one will be lost without functions like DES_set_odd_parity.
- Low-level API to asymmetric ciphers
- Only a high-level API
   (EVP) is available. But I believe no one will complain about the
   absence of functions like RSA_public_encrypt.
- X.509 v3 extension handling
- It should be supported in the future.
- Low-level API to message digest functions
- Just use EVP
   instead of something like MD5_Update.
- API to PKCS#12 functionality
- It should be covered someday.
- BIO
- BIO isn't needed because we are Haskell hackers. Though HsOpenSSL itself uses BIO internally.
- ENGINE cryptographic module
- The default implementations work very well, don't they?
- withOpenSSL :: IO a -> IO a
Documentation
withOpenSSL :: IO a -> IO a Source #
Computation of withOpenSSL actionaction. Every application that
 uses HsOpenSSL must wrap any operations involving OpenSSL with
 withOpenSSL, or they might crash:
module Main where
import OpenSSL
main :: IO ()
main = withOpenSSL $
       do ...Since 0.10.3.5, withOpenSSL is safe to be applied
 redundantly. Library authors may wish to wrap their functions not
 to force their users to think about initialization:
get :: URI -> IO Response get uri = withOpenSSL $ internalImplementationOfGet uri