From: Matthew X. Economou
Subject: Portable Lisp interface to OpenSSL
Date: Thu, 19 Aug 2004 17:23:38 +0000
Message-ID: <cg2nmq016sv@drn.newsguy.com>

All,

Is anyone working on creating a feature-complete interface to OpenSSL from
Common Lisp?  I would like to use OpenSSL in an application, as I lack the
desire to write my own encryption routines.  I searched the web, but what I
found was incomplete (because only a socket or stream-like interface was
provided, or because only a small number of routines were interfaced) and
implementation-specific (e.g. Chris Double's SSL Sockets for Corman Lisp, Eric
Marsden's SSL streams for CMUCL, Alberto Riva's Blowfish streams for ACL aka
"cl-fish").

If no one else is working on this, I may attempt to write my own interface using
UFFI.

Best wishes,
Matthew 

• Re: Portable Lisp interface to OpenSSL Kevin Rosenberg
  • Re: Portable Lisp interface to OpenSSL Matthew X. Economou
• Re: Portable Lisp interface to OpenSSL Eric Marsden
  • Re: Portable Lisp interface to OpenSSL Matthew X. Economou

From: Kevin Rosenberg
Subject: Re: Portable Lisp interface to OpenSSL
Date: Thu, 19 Aug 2004 20:12:53 +0000
Message-ID: <slrncia2e5.bim.kevin@tiger.med-info.com>

On 2004-08-19, Matthew X Economou <···············@irtnog.org> wrote:
> If no one else is working on this, I may attempt to write my own interface using
> UFFI.

I ported Jochen Schmidt's cl-ssl module (available as a module from
the portableaserve cvs site) to UFFI roughly 18 months ago. I only
performed cursory testing so all features may not work
correctly. Along that line, a test suite would be a good addition to
cl-ssl.

I don't have a need for such a library at the moment. But, you may
want to look at cl-ssl as a portable/uffi layer for openssl.

-- 
Kevin Rosenberg
·····@rosenberg.net

From: Matthew X. Economou
Subject: Re: Portable Lisp interface to OpenSSL
Date: Fri, 20 Aug 2004 13:46:37 +0000
Message-ID: <uy8k96hxe.fsf@irtnog.org>

>>>>> "Kevin" == Kevin Rosenberg <·····@rosenberg.net> writes:

    Kevin> I don't have a need for such a library at the moment. But,
    Kevin> you may want to look at cl-ssl as a portable/uffi layer for
    Kevin> openssl.

Thanks, Kevin.  I will check out cl-ssl as you recommend.

By the way, thank you for UFFI.  I am working on getting it into the
FreeBSD ports tree, along with binary packages for CMUCL and SBCL.
Henrik Motakef has already done the hard work of integrating ASDF with
the three Lisps currently in ports (clisp, cmucl, and sbcl), so adding
UFFI is just a simple matter of copying it into the appropriate place
and telling ASDF to compile the package.

If only more software packages were this easy to install.  :)

Best wishes,
Matthew

-- 
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien

From: Eric Marsden
Subject: Re: Portable Lisp interface to OpenSSL
Date: Fri, 20 Aug 2004 09:27:15 +0000
Message-ID: <wzifz6iupl8.fsf@melbourne.laas.fr>

>>>>> "mxe" == Matthew X Economou <···············@irtnog.org> writes:

  mxe> Is anyone working on creating a feature-complete interface to
  mxe> OpenSSL from Common Lisp? I would like to use OpenSSL in an
  mxe> application, as I lack the desire to write my own encryption
  mxe> routines.

  this would clearly be useful to have, but will require quite a lot
  of work, because the OpenSSL libraries provide a lot of
  functionality. Furthermore, I find the OpenSSL header files to be
  written in a confusing style that makes it tricky to determine the
  layout of the data structures used.

  Besides the simple TLS-stream functionality provided by the released
  version of SSL-CMUCL, I have experimented with client-side and
  server-side certificate checking. I got fed up with reading .h files
  and didn't finish, but could send you the incomplete work that I
  have (still CMUCL-specific). 

-- 
Eric Marsden                          <URL:http://www.laas.fr/~emarsden/>

From: Matthew X. Economou
Subject: Re: Portable Lisp interface to OpenSSL
Date: Fri, 20 Aug 2004 13:31:03 +0000
Message-ID: <u4qmy6inc.fsf@irtnog.org>

>>>>> "ecm" == Eric Marsden <········@laas.fr> writes:

    ecm> Furthermore, I find the OpenSSL header files to be written in
    ecm> a confusing style that makes it tricky to determine the
    ecm> layout of the data structures used.

So true.  I am very concerned that any FFI I create will not be
compatible with other installations of OpenSSL, or even the same
version of OpenSSL with slightly different configuration options.
Unfortunately, writing a C header file parser is currently more
difficult for me than hand-coding the relevant definitions.

    ecm> I got fed up with reading .h files and didn't finish, but
    ecm> could send you the incomplete work that I have (still
    ecm> CMUCL-specific).

If you don't mind and have the files handy, please send them my way.
I can handle attachments up to 10 MB in size.  If you send a MIME-
attached ZIP file, please rename it to ".zi_" so it gets past my
anti-virus filters.

I will also take a closer look at the current release of SSL-CMUCL.

Best wishes,
Matthew

-- 
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien