Hello community, here is the log from the commit of package ghc-x509-validation for openSUSE:Factory checked in at 2018-11-09 07:53:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-x509-validation (Old) and /work/SRC/openSUSE:Factory/.ghc-x509-validation.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-x509-validation" Fri Nov 9 07:53:12 2018 rev:12 rq:646366 version:1.6.11 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-x509-validation/ghc-x509-validation.changes 2018-10-25 09:07:34.702460669 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-x509-validation.new/ghc-x509-validation.changes 2018-11-09 07:53:12.787794153 +0100 @@ -1,0 +2,6 @@ +Mon Nov 5 03:01:24 UTC 2018 - psim...@suse.com + +- Update x509-validation to version 1.6.11. + Upstream does not provide a change log file. + +------------------------------------------------------------------- Old: ---- x509-validation-1.6.10.tar.gz x509-validation.cabal New: ---- x509-validation-1.6.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-x509-validation.spec ++++++ --- /var/tmp/diff_new_pack.DD0qSC/_old 2018-11-09 07:53:13.431793414 +0100 +++ /var/tmp/diff_new_pack.DD0qSC/_new 2018-11-09 07:53:13.435793410 +0100 @@ -19,14 +19,13 @@ %global pkg_name x509-validation %bcond_with tests Name: ghc-%{pkg_name} -Version: 1.6.10 +Version: 1.6.11 Release: 0 Summary: X.509 Certificate and CRL validation License: BSD-3-Clause Group: Development/Libraries/Haskell URL: https://hackage.haskell.org/package/%{pkg_name} Source0: https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz -Source1: https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal BuildRequires: ghc-Cabal-devel BuildRequires: ghc-asn1-encoding-devel BuildRequires: ghc-asn1-types-devel @@ -47,7 +46,7 @@ %endif %description -X.509 Certificate and CRL validation. +X.509 Certificate and CRL validation. please see README. %package devel Summary: Haskell %{pkg_name} library development files @@ -63,7 +62,6 @@ %prep %setup -q -n %{pkg_name}-%{version} -cp -p %{SOURCE1} %{pkg_name}.cabal %build %ghc_lib_build ++++++ x509-validation-1.6.10.tar.gz -> x509-validation-1.6.11.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-validation-1.6.10/Data/X509/Validation/Signature.hs new/x509-validation-1.6.11/Data/X509/Validation/Signature.hs --- old/x509-validation-1.6.10/Data/X509/Validation/Signature.hs 2017-07-31 22:17:24.000000000 +0200 +++ new/x509-validation-1.6.11/Data/X509/Validation/Signature.hs 2018-11-04 11:10:41.000000000 +0100 @@ -14,11 +14,14 @@ , SignatureFailure(..) ) where +import Crypto.Error (CryptoFailable(..)) import qualified Crypto.PubKey.RSA.PKCS15 as RSA import qualified Crypto.PubKey.RSA.PSS as PSS import qualified Crypto.PubKey.DSA as DSA import qualified Crypto.PubKey.ECC.Types as ECC import qualified Crypto.PubKey.ECC.ECDSA as ECDSA +import qualified Crypto.PubKey.Ed25519 as Ed25519 +import qualified Crypto.PubKey.Ed448 as Ed448 import Crypto.Hash import Data.ByteString (ByteString) @@ -121,6 +124,21 @@ rsaVerify HashSHA384 = RSA.verify (Just SHA384) rsaVerify HashSHA512 = RSA.verify (Just SHA512) +verifySignature (SignatureALG_IntrinsicHash pubkeyALG) pubkey cdata signature + | pubkeyToAlg pubkey == pubkeyALG = doVerify pubkey + | otherwise = SignatureFailed SignaturePubkeyMismatch + where + doVerify (PubKeyEd25519 key) = eddsa Ed25519.verify Ed25519.signature key + doVerify (PubKeyEd448 key) = eddsa Ed448.verify Ed448.signature key + doVerify _ = SignatureFailed SignatureUnimplemented + + eddsa verify toSig key = + case toSig signature of + CryptoPassed sig + | verify key cdata sig -> SignaturePass + | otherwise -> SignatureFailed SignatureInvalid + CryptoFailed _ -> SignatureFailed SignatureInvalid + verifyECDSA :: HashALG -> PubKeyEC -> Maybe (ByteString -> ByteString -> Bool) verifyECDSA hashALG key = ecPubKeyCurveName key >>= verifyCurve (pubkeyEC_pub key) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-validation-1.6.10/Tests/Certificate.hs new/x509-validation-1.6.11/Tests/Certificate.hs --- old/x509-validation-1.6.10/Tests/Certificate.hs 2017-07-31 22:17:24.000000000 +0200 +++ new/x509-validation-1.6.11/Tests/Certificate.hs 2018-11-04 11:10:41.000000000 +0100 @@ -35,6 +35,8 @@ import qualified Crypto.PubKey.ECC.ECDSA as ECDSA import qualified Crypto.PubKey.ECC.Generate as ECC import qualified Crypto.PubKey.ECC.Types as ECC +import qualified Crypto.PubKey.Ed25519 as Ed25519 +import qualified Crypto.PubKey.Ed448 as Ed448 import qualified Crypto.PubKey.RSA as RSA import qualified Crypto.PubKey.RSA.PKCS15 as RSA import qualified Crypto.PubKey.RSA.PSS as PSS @@ -44,6 +46,7 @@ import Data.ASN1.BinaryEncoding (DER(..)) import Data.ASN1.Encoding import Data.ASN1.Types +import Data.ByteArray (convert) import Data.Maybe (catMaybes) import Data.String (fromString) import Data.X509 @@ -97,6 +100,10 @@ -> GHash hash -> Alg ECDSA.PublicKey ECDSA.PrivateKey + AlgEd25519 :: Alg Ed25519.PublicKey Ed25519.SecretKey + + AlgEd448 :: Alg Ed448.PublicKey Ed448.SecretKey + -- | Types of public and private keys used by a signature algorithm. type Keys pub priv = (Alg pub priv, pub, priv) @@ -112,6 +119,12 @@ let curve = ECC.getCurveByName name (pub, priv) <- ECC.generate curve return (alg, pub, priv) +generateKeys alg@AlgEd25519 = do + secret <- Ed25519.generateSecretKey + return (alg, Ed25519.toPublic secret, secret) +generateKeys alg@AlgEd448 = do + secret <- Ed448.generateSecretKey + return (alg, Ed448.toPublic secret, secret) generateRSAKeys :: Alg RSA.PublicKey RSA.PrivateKey -> Int @@ -133,12 +146,16 @@ bs = B.cons 4 (i2ospOf_ bytes x `B.append` i2ospOf_ bytes y) bits = ECC.curveSizeBits (ECC.getCurveByName name) bytes = (bits + 7) `div` 8 +getPubKey AlgEd25519 key = PubKeyEd25519 key +getPubKey AlgEd448 key = PubKeyEd448 key getSignatureALG :: Alg pub priv -> SignatureALG getSignatureALG (AlgRSA _ hash) = SignatureALG (getHashALG hash) PubKeyALG_RSA getSignatureALG (AlgRSAPSS _ _ hash) = SignatureALG (getHashALG hash) PubKeyALG_RSAPSS getSignatureALG (AlgDSA _ hash) = SignatureALG (getHashALG hash) PubKeyALG_DSA getSignatureALG (AlgEC _ hash) = SignatureALG (getHashALG hash) PubKeyALG_EC +getSignatureALG AlgEd25519 = SignatureALG_IntrinsicHash PubKeyALG_Ed25519 +getSignatureALG AlgEd448 = SignatureALG_IntrinsicHash PubKeyALG_Ed448 doSign :: Alg pub priv -> priv -> B.ByteString -> IO B.ByteString doSign (AlgRSA _ hash) key msg = do @@ -167,6 +184,10 @@ , IntVal (ECDSA.sign_s sig) , End Sequence ] +doSign AlgEd25519 key msg = + return $ convert $ Ed25519.sign key (Ed25519.toPublic key) msg +doSign AlgEd448 key msg = + return $ convert $ Ed448.sign key (Ed448.toPublic key) msg -- Certificate utilities -- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-validation-1.6.10/Tests/Tests.hs new/x509-validation-1.6.11/Tests/Tests.hs --- old/x509-validation-1.6.10/Tests/Tests.hs 2017-06-26 18:12:09.000000000 +0200 +++ new/x509-validation-1.6.11/Tests/Tests.hs 2018-11-04 11:10:41.000000000 +0100 @@ -583,6 +583,8 @@ , treeWithAlg "RSAPSS" (AlgRSAPSS 2048 pssParams hashSHA224) , treeWithAlg "DSA" (AlgDSA dsaParams hashSHA1) , treeWithAlg "ECDSA" (AlgEC curveName hashSHA512) + , treeWithAlg "Ed25519" AlgEd25519 + , treeWithAlg "Ed448" AlgEd448 ] where pssParams = PSS.defaultPSSParams SHA224 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-validation-1.6.10/x509-validation.cabal new/x509-validation-1.6.11/x509-validation.cabal --- old/x509-validation-1.6.10/x509-validation.cabal 2018-03-01 22:16:09.000000000 +0100 +++ new/x509-validation-1.6.11/x509-validation.cabal 2018-11-04 12:43:25.000000000 +0100 @@ -1,6 +1,6 @@ Name: x509-validation -version: 1.6.10 -Description: X.509 Certificate and CRL validation +version: 1.6.11 +Description: X.509 Certificate and CRL validation. please see README License: BSD3 License-file: LICENSE Copyright: Vincent Hanquez <vinc...@snarc.org> @@ -25,9 +25,9 @@ , pem >= 0.1 , asn1-types >= 0.3 && < 0.4 , asn1-encoding >= 0.9 && < 0.10 - , x509 >= 1.6.5 + , x509 >= 1.7.5 , x509-store >= 1.6 - , cryptonite >= 0.8 + , cryptonite >= 0.24 Exposed-modules: Data.X509.Validation Other-modules: Data.X509.Validation.Signature Data.X509.Validation.Fingerprint @@ -43,6 +43,7 @@ Other-modules: Certificate Build-Depends: base >= 3 && < 5 , bytestring + , memory , data-default-class , tasty , tasty-hunit