WIP: fix GHC warnings

Author: jorisdral

botan-bindings/botan-bindings.cabal

@@ -141,3 +141,32 @@ library
             Botan.Bindings.X509.Path
             Botan.Bindings.X509.Store
         cpp-options: -DXFFI
+
+--library x509
+--  if !flag(xffi)
+--    buildable: False
+--
+--  visibility:      private
+--  hs-source-dirs:  src
+--  exposed-modules:
+--    Botan.Bindings.X509.CA
+--    Botan.Bindings.X509.CRL
+--    Botan.Bindings.X509.CSR
+--    Botan.Bindings.X509.DN
+--    Botan.Bindings.X509.Extensions
+--    Botan.Bindings.X509.Options
+--    Botan.Bindings.X509.Path
+--    Botan.Bindings.X509.Store
+--
+--    -- Botan.Bindings.X509.OCSP
+--  cpp-options:     -DXFFI
+--
+--  if flag(pkg-config)
+--    -- NB: pkg-config is available on windows as well when using msys2
+--    pkgconfig-depends: botan-3 >=3.0.0
+--
+--  else
+--    extra-libraries: botan-3
+--
+--  build-depends:
+--    , base                 <5

botan-low/bench/Bcrypt.hs

@@ -37,8 +37,10 @@ longtext = ByteString.concat $ replicate 10000 $ plaintext
 cryptonHash :: ByteString -> Crypton.Digest Crypton.SHA3_512
 cryptonHash = Crypton.hash
 
-botanHash :: ByteString -> IO Botan.HashDigest
-botanHash = Botan.hashWithName "SHA-3(512)"
+-- TODO: hashWithName is not exposed from Botan.Low.Hash
+{- botanHash :: ByteString -> IO Botan.HashDigest
+   botanHash = Botan.hashWithName "SHA-3(512)"
+-}
 
 main :: IO ()
 main = defaultMain
@@ -60,11 +62,13 @@ main = defaultMain
             , bench "plaintext" $ nf cryptonHash plaintext
             , bench "longtext" $ nf cryptonHash longtext
             ]
-        , bgroup "Botan"
+        -- TODO: hashWithName is not exposed from Botan.Low.Hash
+        {- , bgroup "Botan"
             [ bench "password"  $ nfIO $ botanHash password
             , bench "plaintext" $ nfIO $ botanHash plaintext
             , bench "longtext" $ nfIO $ botanHash longtext
             ]
+        -}
         ]
     ]
 

botan-low/src/Botan/Low/BlockCipher.hs

@@ -238,7 +238,7 @@ type BlockCipherKey = ByteString
 
 -- | A block cipher ciphertext
 type BlockCipherCiphertext = ByteString
-    
+
 -- | Initialize a block cipher object
 blockCipherInit
     :: BlockCipherName  -- ^ __cipher_name__
@@ -293,7 +293,6 @@ blockCipherEncryptBlocks blockCipher bytes = withBlockCipher blockCipher $ \ blo
                 (ConstPtr bytesPtr)
                 destPtr
                 bytesLen
-{-# WARNING blockCipherEncryptBlocks "The plaintext length should be a multiple of the block size." #-}
 
 {- |
 Decrypt one or more blocks with a block cipher.
@@ -314,7 +313,6 @@ blockCipherDecryptBlocks blockCipher bytes = withBlockCipher blockCipher $ \ blo
                 (ConstPtr bytesPtr)
                 destPtr
                 bytesLen
-{-# WARNING blockCipherDecryptBlocks "The ciphertext length should be a multiple of the block size." #-}
 
 {- |
 Get the name of a block cipher.

botan-low/src/Botan/Low/PubKey/KeyAgreement.hs

@@ -23,7 +23,7 @@ module Botan.Low.PubKey.KeyAgreement
 , keyAgreementDestroy
 , keyAgreementExportPublic
 , keyAgreementSize
-, keyAgreement 
+, keyAgreement
 
 ) where
 
@@ -80,9 +80,9 @@ First, Alice and Bob generate their private keys:
 > import Botan.Low.KDF
 > rng <- rngInit "system"
 > -- Alice creates her private key
-> alicePrivKey <- privKeyCreate ECDH Secp521r1 rng 
+> alicePrivKey <- privKeyCreate ECDH Secp521r1 rng
 > -- Bob creates his private key
-> bobPrivKey <-  privKeyCreate ECDH Secp521r1 rng 
+> bobPrivKey <-  privKeyCreate ECDH Secp521r1 rng
 
 Then, they exchange their public keys using any channel, private or public:
 
@@ -171,7 +171,8 @@ keyAgreementSize
     -> IO Int       -- ^ __out_len__
 keyAgreementSize = mkGetSize withKeyAgreement botan_pk_op_key_agreement_size
 
-{-# WARNING keyAgreement "This function was leaking memory and causing crashes. Please observe carefully and report any future leaks." #-}
+-- | TODO: This function was leaking memory and causing crashes. Please observe
+-- carefully and report any future leaks.
 keyAgreement
     :: KeyAgreement     -- ^ __op__
     -> ByteString       -- ^ __out[]__

botan-low/src/Botan/Low/PubKey/Sign.hs

@@ -92,12 +92,16 @@ signUpdate
 -- signUpdate = mkSetBytesLen withSign botan_pk_op_sign_update
 signUpdate = mkWithObjectSetterCBytesLen withSign botan_pk_op_sign_update
 
--- TODO: Signature type
--- NOTE: This function is still highly suspect
+-- | Finish signing
+--
+-- Note: depending on the algorithm, signatures produced using
+-- StandardFormatSignature may have trailing null bytes.
 signFinish
     :: Sign             -- ^ __op__
     -> RNG              -- ^ __rng__
     -> IO ByteString    -- ^ __sig[]__
+-- TODO: Signature type
+-- NOTE: This function is still highly suspect
 signFinish sign rng = withSign sign $ \ signPtr -> do
     withRNG rng $ \ botanRNG -> do
         -- NOTE: Investigation into DER format shows lots of trailing nulls that may need to be trimmed
@@ -120,7 +124,6 @@ signFinish sign rng = withSign sign $ \ signPtr -> do
                 throwBotanIfNegative_ $ botan_pk_op_sign_finish signPtr botanRNG sigPtr szPtr
                 peek szPtr
         return $!! ByteString.take (fromIntegral sz') bytes
-{-# WARNING signFinish "Depending on the algorithm, signatures produced using StandardFormatSignature may have trailing null bytes." #-}
 
 -- /**
 -- * Signature Scheme Utility Functions

botan-low/src/Botan/Low/PwdHash.hs

@@ -30,7 +30,7 @@ module Botan.Low.PwdHash
 , pattern Bcrypt_PBKDF
 , pattern OpenPGP_S2K
 , openPGP_S2K
-    
+
 ) where
 
 import qualified Data.ByteString as ByteString
@@ -71,6 +71,11 @@ openPGP_S2K h = OpenPGP_S2K /$ h
 
 -- NOTE: Should passphrase be Text or ByteString? Text is implied by use of const char*
 --  as well as the non-null context implied by passphrase_len == 0. ByteString for now.
+
+-- | Password hash
+--
+-- Note: 'pwdhash' and 'pwdhashTimed'\'s parameter order may be inconsistent. See
+-- botan-low/test/Botan/Low/PwdHashSpec.hs for more information.
 pwdhash
     :: PBKDFName        -- ^ __algo__: PBKDF algorithm, e.g., "Scrypt" or "PBKDF2(SHA-256)"
     -> Int              -- ^ __param1__: the first PBKDF algorithm parameter
@@ -95,10 +100,11 @@ pwdhash algo p1 p2 p3 outLen passphrase salt = allocBytes outLen $ \ outPtr -> d
                     passphraseLen
                     (ConstPtr saltPtr)
                     saltLen
-{-# WARNING pwdhash "pwdhash and pwdhashTimed's parameter order may be inconsistent. See botan-low/test/Botan/Low/PwdHashSpec.hs for more information." #-}
-
-
 
+-- | Timed password hash
+--
+-- Note: 'pwdhash' and 'pwdhashTimed'\'s parameter order may be inconsistent. See
+-- botan-low/test/Botan/Low/PwdHashSpec.hs for more information.
 pwdhashTimed
     :: PBKDFName                    -- ^ __algo__: PBKDF algorithm, e.g., "Scrypt" or "PBKDF2(SHA-256)"
     -> Int                          -- ^ __msec__: the desired runtime in milliseconds
@@ -127,4 +133,3 @@ pwdhashTimed algo msec outLen passphrase salt = alloca $ \ p1Ptr -> alloca $ \ p
     p2 <- fromIntegral <$> peek p2Ptr
     p3 <- fromIntegral <$> peek p3Ptr
     return (p1,p2,p3,out)
-{-# WARNING pwdhashTimed "pwdhash and pwdhashTimed's parameter order may be inconsistent. See botan-low/test/Botan/Low/PwdHashSpec.hs for more information." #-}

botan-low/src/Botan/Low/Remake.hs

@@ -65,7 +65,7 @@ createByteString sz f = ByteString.create sz (f . castPtr)
 
 --
 
--- type NewObject      object botan = botan -> IO object 
+-- type NewObject      object botan = botan -> IO object
 -- type WithObject     object botan = (forall a . object -> (botan -> IO a) -> IO a)
 -- type DestroyObject  object botan = object -> IO ()
 -- type CreateObject   object botan = (Ptr botan -> IO CInt) -> IO object
@@ -81,7 +81,7 @@ rngDestroy  :: RNG -> IO ()
 createRNG   :: (Ptr BotanRNG -> IO CInt) -> IO RNG
 (newRNG, withRNG, rngDestroy, createRNG, _)
     = mkBindings MkBotanRNG runBotanRNG MkRNG getRNGForeignPtr botan_rng_destroy
-    
+
 rngInit :: RNGType -> IO RNG
 rngInit name = asCString name $ \ namePtr -> do
     createRNG $ \ outPtr -> botan_rng_init outPtr (ConstPtr namePtr)
@@ -174,15 +174,16 @@ mkCreateObjectCString1
 mkCreateObjectCString1 createObject init str a = withCString str $ \ cstr -> do
     createObject $ \ outPtr -> init outPtr (ConstPtr cstr) a
 
--- TODO: Rename mkCreateCBytes
+-- | Note: You probably want mkCreateObjectCBytesLen; this is for functions that
+-- expect a bytestring of known exact length.
 mkCreateObjectCBytes
     :: ((Ptr botan -> IO CInt) -> IO object)
     -> (Ptr botan -> ConstPtr Word8 -> IO CInt)
     -> ByteString
     -> IO object
+-- TODO: Rename mkCreateCBytes
 mkCreateObjectCBytes createObject init bytes = withCBytes bytes $ \ cbytes -> do
     createObject $ \ out -> init out (ConstPtr cbytes)
-{-# WARNING mkCreateObjectCBytes "You probably want mkCreateObjectCBytesLen; this is for functions that expect a bytestring of known exact length." #-}
 
 -- TODO: Rename mkCreateCBytesLen
 mkCreateObjectCBytesLen
@@ -205,7 +206,7 @@ mkCreateObjectCBytesLen1 createObject init bytes a = withCBytesLen bytes $ \ (cb
 {-
 Action
 -}
- 
+
 -- TODO: Rename mkAction
 mkWithObjectAction
     :: (forall a . object -> (botan -> IO a) -> IO a)
@@ -250,7 +251,7 @@ Setters
 -}
 
 -- TODO: Rename mkSetterCString
-mkWithObjectSetterCString 
+mkWithObjectSetterCString
     :: (forall a . object -> (botan -> IO a) -> IO a)
     -> (botan -> ConstPtr CChar -> IO BotanErrorCode)
     -> object

botan-low/src/Botan/Low/X509.hs

@@ -183,7 +183,7 @@ x509CertGetAuthorityKeyId
     -> IO ByteString    -- ^ __out[]__
 x509CertGetAuthorityKeyId = mkGetBytes withX509Cert botan_x509_cert_get_authority_key_id
 
-x509CertGetSubjectKeyId 
+x509CertGetSubjectKeyId
     :: X509Cert         -- ^ __cert__
     -> IO ByteString    -- ^ __out[]__
 x509CertGetSubjectKeyId = mkGetBytes withX509Cert botan_x509_cert_get_subject_key_id
@@ -275,21 +275,23 @@ pattern CRLSign = CRL_SIGN
 pattern EncipherOnly = ENCIPHER_ONLY
 pattern DecipherOnly = DECIPHER_ONLY
 
-{-# WARNING x509CertAllowedUsage "Unexplained function, best-guess implementation" #-}
+-- | Note: unexplained function, best-guess implementation
+--
 -- NOTE: This function lacks documentation, and it is unknown whether this is
---  setting a value (as implied by Z-botan), or whether it is using either
---  a negative error or INVALID_IDENTIFIER to return a bool
+-- setting a value (as implied by Z-botan), or whether it is using either
+-- a negative error or INVALID_IDENTIFIER to return a bool
 x509CertAllowedUsage
     :: X509Cert             -- ^ __cert__
     -> X509KeyConstraints   -- ^ __key_usage__
     -> IO Bool
 x509CertAllowedUsage cert usage = withX509Cert cert $ \ certPtr -> do
     throwBotanCatchingSuccess $ botan_x509_cert_allowed_usage certPtr usage
 
-{-# WARNING x509CertHostnameMatch "Unexplained function, best-guess implementation" #-}
 {- |
 Check if the certificate matches the specified hostname via alternative name or CN match.
 RFC 5280 wildcards also supported.
+
+Note: unexplained function, best-guess implementation
 -}
 x509CertHostnameMatch
     :: X509Cert     -- ^ __cert__
@@ -369,8 +371,8 @@ createX509CRL   :: (Ptr BotanX509CRL -> IO CInt) -> IO X509CRL
     = mkBindings MkBotanX509CRL runBotanX509CRL MkX509CRL getX509CRLForeignPtr botan_x509_crl_destroy
 
 x509CRLLoad
-    :: ByteString   -- ^ __crl_bits[]__        
-    -> IO X509CRL   -- ^ __crl_obj__        
+    :: ByteString   -- ^ __crl_bits[]__
+    -> IO X509CRL   -- ^ __crl_obj__
 x509CRLLoad = mkCreateObjectCBytesLen createX509CRL botan_x509_crl_load
 
 x509CRLLoadFile

botan-low/test/Botan/Low/CipherSpec.hs

@@ -1,3 +1,5 @@
+{-# OPTIONS_GHC -Wno-deprecations #-}
+
 module Main where
 
 import Test.Prelude

botan/src/Botan/Cipher.hs

@@ -1,3 +1,5 @@
+{-# OPTIONS_GHC -Wno-overlapping-patterns #-}
+
 {-|
 Module      : Botan.Low.Cipher
 Description : Symmetric cipher modes
@@ -272,7 +274,7 @@ newCipherKey :: (MonadRandomIO m) => Cipher -> m CipherKey
 newCipherKey = newKey . cipherKeySpec
 
 newCipherKeyMaybe :: (MonadRandomIO m) => Int -> Cipher -> m (Maybe CipherKey)
-newCipherKeyMaybe sz bc = newKeyMaybe sz (cipherKeySpec bc) 
+newCipherKeyMaybe sz bc = newKeyMaybe sz (cipherKeySpec bc)
 
 type CipherNonce = ByteString
 
@@ -347,7 +349,7 @@ cipherDefaultNonceSize (CBC bc _) = blockCipherBlockSize bc
 cipherDefaultNonceSize (CFB bc _) = blockCipherBlockSize bc
 cipherDefaultNonceSize (XTS bc)   = blockCipherBlockSize bc
 -- NOTE: This is the value at current, and matches the default in botan,
--- presumably because 12 is valid for all remaining cipher / AEAD nonces 
+-- presumably because 12 is valid for all remaining cipher / AEAD nonces
 cipherDefaultNonceSize _          = 12
 -- NOTE: Extracted from inspecting:
 {-
@@ -467,7 +469,7 @@ cipherIdealUpdateGranularity cipher = unsafePerformIO $ do
     Low.cipherGetIdealUpdateGranularity ctx
 {-# NOINLINE cipherIdealUpdateGranularity #-}
 -- NOTE: This is machine-dependent, but should stay consistent per-machine
--- so we do this instead of inlining the values  
+-- so we do this instead of inlining the values
 
 cipherOutputLength :: Cipher -> CipherDirection -> Int -> Int
 cipherOutputLength c dir n = unsafePerformIO $ do
@@ -550,7 +552,7 @@ data CipherDirection
     = CipherEncrypt
     | CipherDecrypt
     deriving (Eq, Ord, Show)
-    
+
 cipherDirectionFlags :: CipherDirection -> Low.CipherInitFlags
 cipherDirectionFlags CipherEncrypt = Low.Encrypt
 cipherDirectionFlags CipherDecrypt = Low.Decrypt
@@ -612,7 +614,7 @@ getCipherEstimateOutputLength ctx input = do
     t <- getCipherTagSize ctx
     if mutableCipherDirection ctx == CipherEncrypt
         then return (o + u + t)
-        else return (o + u - t) -- TODO: Maybe just 'o'... 
+        else return (o + u - t) -- TODO: Maybe just 'o'...
 
 -- NOTE: Supposed to be an upper bound, may not always be valid? - needs checking
 {-# WARNING getCipherOutputLength "Needs to be confirmed accurate, use getCipherEstimateOutputLength" #-}