Hello community,
here is the log from the commit of package ghc-x509-validation for
openSUSE:Factory checked in at 2015-10-08 08:24:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-x509-validation (Old)
and /work/SRC/openSUSE:Factory/.ghc-x509-validation.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-x509-validation"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-x509-validation/ghc-x509-validation.changes
2015-09-17 09:19:51.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.ghc-x509-validation.new/ghc-x509-validation.changes
2015-10-08 08:24:09.000000000 +0200
@@ -1,0 +2,5 @@
+Sun Sep 27 10:28:54 UTC 2015 - [email protected]
+
+- update to 1.6.3
+
+-------------------------------------------------------------------
Old:
----
x509-validation-1.6.2.tar.gz
New:
----
x509-validation-1.6.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-x509-validation.spec ++++++
--- /var/tmp/diff_new_pack.JoKHpc/_old 2015-10-08 08:24:09.000000000 +0200
+++ /var/tmp/diff_new_pack.JoKHpc/_new 2015-10-08 08:24:09.000000000 +0200
@@ -19,7 +19,7 @@
%global pkg_name x509-validation
Name: ghc-x509-validation
-Version: 1.6.2
+Version: 1.6.3
Release: 0
Summary: X.509 Certificate and CRL validation
License: BSD-3-Clause
++++++ x509-validation-1.6.2.tar.gz -> x509-validation-1.6.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/x509-validation-1.6.2/Data/X509/Validation/Signature.hs
new/x509-validation-1.6.3/Data/X509/Validation/Signature.hs
--- old/x509-validation-1.6.2/Data/X509/Validation/Signature.hs 2015-09-08
10:31:28.000000000 +0200
+++ new/x509-validation-1.6.3/Data/X509/Validation/Signature.hs 2015-09-21
22:05:21.000000000 +0200
@@ -16,10 +16,17 @@
import qualified Crypto.PubKey.RSA.PKCS15 as RSA
import qualified Crypto.PubKey.DSA as DSA
+import qualified Crypto.PubKey.ECC.Types as ECC
+import qualified Crypto.PubKey.ECC.Prim as ECC
+import qualified Crypto.PubKey.ECC.ECDSA as ECDSA
import Crypto.Hash
+import Crypto.Number.Basic (numBits)
+import Crypto.Number.Serialize (os2ip)
import Data.ByteString (ByteString)
+import qualified Data.ByteString as B
import Data.X509
+import Data.List (find)
import Data.ASN1.Types
import Data.ASN1.Encoding
import Data.ASN1.BinaryEncoding
@@ -77,6 +84,7 @@
Nothing -> False
Just dsaSig -> DSA.verify
SHA1 key dsaSig b
| otherwise = Nothing
+ verifyF (PubKeyEC key) = verifyECDSA hashALG key
verifyF _ = Nothing
dsaToSignature :: ByteString -> Maybe DSA.Signature
@@ -97,3 +105,56 @@
rsaVerify HashSHA256 = RSA.verify (Just SHA256)
rsaVerify HashSHA384 = RSA.verify (Just SHA384)
rsaVerify HashSHA512 = RSA.verify (Just SHA512)
+
+verifyECDSA :: HashALG -> PubKeyEC -> Maybe (ByteString -> ByteString -> Bool)
+verifyECDSA hashALG key =
+ case key of
+ PubKeyEC_Named curveName pub -> verifyCurve curveName pub
+ PubKeyEC_Prime {} ->
+ case find matchPrimeCurve $ enumFrom $ toEnum 0 of
+ Nothing -> Nothing
+ Just curveName -> verifyCurve curveName (pubkeyEC_pub key)
+ where
+ matchPrimeCurve c =
+ case ECC.getCurveByName c of
+ ECC.CurveFP (ECC.CurvePrime p cc) ->
+ ECC.ecc_a cc == pubkeyEC_a key &&
+ ECC.ecc_b cc == pubkeyEC_b key &&
+ ECC.ecc_n cc == pubkeyEC_order key &&
+ p == pubkeyEC_prime key
+ _ -> False
+
+ verifyCurve curveName pub = Just $ \msg sigBS ->
+ case decodeASN1' BER sigBS of
+ Left _ -> False
+ Right [Start Sequence,IntVal r,IntVal s,End Sequence] ->
+ case unserializePoint (ECC.getCurveByName curveName) pub of
+ Nothing -> False
+ Just pubkey -> (ecdsaVerify hashALG) pubkey
(ECDSA.Signature r s) msg
+ Right _ -> False
+
+ unserializePoint curve (SerializedPoint bs) =
+ case B.uncons bs of
+ Nothing -> Nothing
+ Just (ptFormat, input) ->
+ case ptFormat of
+ 4 -> if B.length bs == 2 * bytes
+ then Nothing
+ else
+ let (x, y) = B.splitAt bytes input
+ p = ECC.Point (os2ip x) (os2ip y)
+ in if ECC.isPointValid curve p
+ then Just $ ECDSA.PublicKey curve p
+ else Nothing
+ -- 2 and 3 for compressed format.
+ _ -> Nothing
+ where bits = numBits . ECC.ecc_n . ECC.common_curve $ curve
+ bytes = (bits + 7) `div` 8
+
+ ecdsaVerify HashMD2 = ECDSA.verify MD2
+ ecdsaVerify HashMD5 = ECDSA.verify MD5
+ ecdsaVerify HashSHA1 = ECDSA.verify SHA1
+ ecdsaVerify HashSHA224 = ECDSA.verify SHA224
+ ecdsaVerify HashSHA256 = ECDSA.verify SHA256
+ ecdsaVerify HashSHA384 = ECDSA.verify SHA384
+ ecdsaVerify HashSHA512 = ECDSA.verify SHA512
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-validation-1.6.2/x509-validation.cabal
new/x509-validation-1.6.3/x509-validation.cabal
--- old/x509-validation-1.6.2/x509-validation.cabal 2015-09-08
10:31:28.000000000 +0200
+++ new/x509-validation-1.6.3/x509-validation.cabal 2015-09-21
22:05:21.000000000 +0200
@@ -1,5 +1,5 @@
Name: x509-validation
-Version: 1.6.2
+Version: 1.6.3
Description: X.509 Certificate and CRL validation
License: BSD3
License-file: LICENSE
