Hello community, here is the log from the commit of package ghc-x509-validation for openSUSE:Factory checked in at 2015-10-08 08:24:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-x509-validation (Old) and /work/SRC/openSUSE:Factory/.ghc-x509-validation.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-x509-validation" Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-x509-validation/ghc-x509-validation.changes 2015-09-17 09:19:51.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-x509-validation.new/ghc-x509-validation.changes 2015-10-08 08:24:09.000000000 +0200 @@ -1,0 +2,5 @@ +Sun Sep 27 10:28:54 UTC 2015 - mimi...@gmail.com + +- update to 1.6.3 + +------------------------------------------------------------------- Old: ---- x509-validation-1.6.2.tar.gz New: ---- x509-validation-1.6.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-x509-validation.spec ++++++ --- /var/tmp/diff_new_pack.JoKHpc/_old 2015-10-08 08:24:09.000000000 +0200 +++ /var/tmp/diff_new_pack.JoKHpc/_new 2015-10-08 08:24:09.000000000 +0200 @@ -19,7 +19,7 @@ %global pkg_name x509-validation Name: ghc-x509-validation -Version: 1.6.2 +Version: 1.6.3 Release: 0 Summary: X.509 Certificate and CRL validation License: BSD-3-Clause ++++++ x509-validation-1.6.2.tar.gz -> x509-validation-1.6.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-validation-1.6.2/Data/X509/Validation/Signature.hs new/x509-validation-1.6.3/Data/X509/Validation/Signature.hs --- old/x509-validation-1.6.2/Data/X509/Validation/Signature.hs 2015-09-08 10:31:28.000000000 +0200 +++ new/x509-validation-1.6.3/Data/X509/Validation/Signature.hs 2015-09-21 22:05:21.000000000 +0200 @@ -16,10 +16,17 @@ import qualified Crypto.PubKey.RSA.PKCS15 as RSA import qualified Crypto.PubKey.DSA as DSA +import qualified Crypto.PubKey.ECC.Types as ECC +import qualified Crypto.PubKey.ECC.Prim as ECC +import qualified Crypto.PubKey.ECC.ECDSA as ECDSA import Crypto.Hash +import Crypto.Number.Basic (numBits) +import Crypto.Number.Serialize (os2ip) import Data.ByteString (ByteString) +import qualified Data.ByteString as B import Data.X509 +import Data.List (find) import Data.ASN1.Types import Data.ASN1.Encoding import Data.ASN1.BinaryEncoding @@ -77,6 +84,7 @@ Nothing -> False Just dsaSig -> DSA.verify SHA1 key dsaSig b | otherwise = Nothing + verifyF (PubKeyEC key) = verifyECDSA hashALG key verifyF _ = Nothing dsaToSignature :: ByteString -> Maybe DSA.Signature @@ -97,3 +105,56 @@ rsaVerify HashSHA256 = RSA.verify (Just SHA256) rsaVerify HashSHA384 = RSA.verify (Just SHA384) rsaVerify HashSHA512 = RSA.verify (Just SHA512) + +verifyECDSA :: HashALG -> PubKeyEC -> Maybe (ByteString -> ByteString -> Bool) +verifyECDSA hashALG key = + case key of + PubKeyEC_Named curveName pub -> verifyCurve curveName pub + PubKeyEC_Prime {} -> + case find matchPrimeCurve $ enumFrom $ toEnum 0 of + Nothing -> Nothing + Just curveName -> verifyCurve curveName (pubkeyEC_pub key) + where + matchPrimeCurve c = + case ECC.getCurveByName c of + ECC.CurveFP (ECC.CurvePrime p cc) -> + ECC.ecc_a cc == pubkeyEC_a key && + ECC.ecc_b cc == pubkeyEC_b key && + ECC.ecc_n cc == pubkeyEC_order key && + p == pubkeyEC_prime key + _ -> False + + verifyCurve curveName pub = Just $ \msg sigBS -> + case decodeASN1' BER sigBS of + Left _ -> False + Right [Start Sequence,IntVal r,IntVal s,End Sequence] -> + case unserializePoint (ECC.getCurveByName curveName) pub of + Nothing -> False + Just pubkey -> (ecdsaVerify hashALG) pubkey (ECDSA.Signature r s) msg + Right _ -> False + + unserializePoint curve (SerializedPoint bs) = + case B.uncons bs of + Nothing -> Nothing + Just (ptFormat, input) -> + case ptFormat of + 4 -> if B.length bs == 2 * bytes + then Nothing + else + let (x, y) = B.splitAt bytes input + p = ECC.Point (os2ip x) (os2ip y) + in if ECC.isPointValid curve p + then Just $ ECDSA.PublicKey curve p + else Nothing + -- 2 and 3 for compressed format. + _ -> Nothing + where bits = numBits . ECC.ecc_n . ECC.common_curve $ curve + bytes = (bits + 7) `div` 8 + + ecdsaVerify HashMD2 = ECDSA.verify MD2 + ecdsaVerify HashMD5 = ECDSA.verify MD5 + ecdsaVerify HashSHA1 = ECDSA.verify SHA1 + ecdsaVerify HashSHA224 = ECDSA.verify SHA224 + ecdsaVerify HashSHA256 = ECDSA.verify SHA256 + ecdsaVerify HashSHA384 = ECDSA.verify SHA384 + ecdsaVerify HashSHA512 = ECDSA.verify SHA512 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-validation-1.6.2/x509-validation.cabal new/x509-validation-1.6.3/x509-validation.cabal --- old/x509-validation-1.6.2/x509-validation.cabal 2015-09-08 10:31:28.000000000 +0200 +++ new/x509-validation-1.6.3/x509-validation.cabal 2015-09-21 22:05:21.000000000 +0200 @@ -1,5 +1,5 @@ Name: x509-validation -Version: 1.6.2 +Version: 1.6.3 Description: X.509 Certificate and CRL validation License: BSD3 License-file: LICENSE