Hello community,
here is the log from the commit of package ghc-HsOpenSSL for openSUSE:Factory checked in at 2017-04-06 11:02:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-HsOpenSSL (Old)
and /work/SRC/openSUSE:Factory/.ghc-HsOpenSSL.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-HsOpenSSL"
Thu Apr 6 11:02:27 2017 rev:5 rq:484560 version:0.11.4.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-HsOpenSSL/ghc-HsOpenSSL.changes 2017-03-20 17:06:43.873859199 +0100
+++ /work/SRC/openSUSE:Factory/.ghc-HsOpenSSL.new/ghc-HsOpenSSL.changes 2017-04-06 11:02:29.040752903 +0200
@@ -1,0 +2,5 @@
+Mon Mar 27 12:41:56 UTC 2017 - psimons@suse.com
+
+- Update to version 0.11.4.4 with cabal2obs.
+
+-------------------------------------------------------------------
Old:
----
HsOpenSSL-0.11.4.1.tar.gz
New:
----
HsOpenSSL-0.11.4.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-HsOpenSSL.spec ++++++
--- /var/tmp/diff_new_pack.SmmzKg/_old 2017-04-06 11:02:29.532683375 +0200
+++ /var/tmp/diff_new_pack.SmmzKg/_new 2017-04-06 11:02:29.532683375 +0200
@@ -19,7 +19,7 @@
%global pkg_name HsOpenSSL
%bcond_with tests
Name: ghc-%{pkg_name}
-Version: 0.11.4.1
+Version: 0.11.4.4
Release: 0
Summary: Partial OpenSSL binding for Haskell
License: SUSE-Public-Domain
++++++ HsOpenSSL-0.11.4.1.tar.gz -> HsOpenSSL-0.11.4.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HsOpenSSL-0.11.4.1/ChangeLog new/HsOpenSSL-0.11.4.4/ChangeLog
--- old/HsOpenSSL-0.11.4.1/ChangeLog 2017-02-26 22:48:27.000000000 +0100
+++ new/HsOpenSSL-0.11.4.4/ChangeLog 2017-03-23 23:44:20.000000000 +0100
@@ -1,3 +1,25 @@
+2017-03-24 Vladimir Shabanov
+
+ * HsOpenSSL.cabal (Version): Bump version to 0.11.4.4
+
+ * OpenSSL/EVP/Digest.hsc (hmacLBS): fixed linking error (#19).
+
+ * Tests/OpenSSL/EVP/Digest.hs: added tests for hmacBS and hmacLBS.
+
+2017-03-22 Vladimir Shabanov
+
+ * HsOpenSSL.cabal (Version): Bump version to 0.11.4.3
+
+ * OpenSSL/EVP/Digest.hsc (hmacLBS): added HMAC on lazy bytestrings,
+ by SX91 (#18).
+
+2017-03-11 Vladimir Shabanov
+
+ * HsOpenSSL.cabal (Version): Bump version to 0.11.4.2
+
+ * Ported BN to integer-gmp-1.0.x,
+ by SX91 (#17).
+
2017-02-27 Vladimir Shabanov
* HsOpenSSL.cabal (Version): Bump version to 0.11.4.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HsOpenSSL-0.11.4.1/HsOpenSSL.cabal new/HsOpenSSL-0.11.4.4/HsOpenSSL.cabal
--- old/HsOpenSSL-0.11.4.1/HsOpenSSL.cabal 2017-02-26 22:48:27.000000000 +0100
+++ new/HsOpenSSL-0.11.4.4/HsOpenSSL.cabal 2017-03-23 23:44:20.000000000 +0100
@@ -12,7 +12,7 @@
http://hackage.haskell.org/package/tls, which is a pure Haskell
implementation of SSL.
.
-Version: 0.11.4.1
+Version: 0.11.4.4
License: PublicDomain
License-File: COPYING
Author: Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen
@@ -68,15 +68,12 @@
network >= 2.1 && < 2.7,
time >= 1.5 && < 1.7
- if flag(fast-bignum)
+ if flag(fast-bignum) && impl(ghc >= 7.10.1)
+ -- only new integer-gmp 1.0.0 is supported
+ -- and it only works in OpenSSL version < 1.1.0 where BIGNUM
+ -- wasn't opaque structure.
CPP-Options: -DFAST_BIGNUM
- if impl(ghc >= 6.11)
- -- TODO: integer-gmp >= 1 is not supported yet.
- -- https://github.com/phonohawk/HsOpenSSL/issues/36
- Build-Depends: integer-gmp >= 0.2 && < 1
- -- Doesn't work since GHC 7.10.1 (integer-gmp-1.0.0.0)
- else
- Build-Depends: ghc-prim, integer
+ Build-Depends: integer-gmp >= 1.0.0 && < 1.1.0
if os(darwin) && flag(homebrew-openssl)
Include-Dirs: /usr/local/opt/openssl/include
@@ -174,6 +171,19 @@
Other-Modules: Test.OpenSSL.TestUtils
Build-Depends:
HsOpenSSL,
+ base >= 4.4 && < 5,
+ bytestring >= 0.9 && < 0.11
+ Default-Language:
+ Haskell2010
+ GHC-Options:
+ -Wall
+
+Test-Suite test-evp-digest
+ Type: exitcode-stdio-1.0
+ Main-Is: Test/OpenSSL/EVP/Digest.hs
+ Other-Modules: Test.OpenSSL.TestUtils
+ Build-Depends:
+ HsOpenSSL,
base >= 4.4 && < 5,
bytestring >= 0.9 && < 0.11
Default-Language:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HsOpenSSL-0.11.4.1/OpenSSL/BN.hsc new/HsOpenSSL-0.11.4.4/OpenSSL/BN.hsc
--- old/HsOpenSSL-0.11.4.1/OpenSSL/BN.hsc 2017-02-26 22:48:26.000000000 +0100
+++ new/HsOpenSSL-0.11.4.4/OpenSSL/BN.hsc 2017-03-23 23:44:20.000000000 +0100
@@ -1,3 +1,10 @@
+#include "HsOpenSSL.h"
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(FAST_BIGNUM))
+-- BIGNUM is opaque type in OpenSSL 1.1.x
+#undef FAST_BIGNUM
+#endif
+
#if defined(FAST_BIGNUM)
{-# LANGUAGE BangPatterns #-}
#endif
@@ -42,7 +49,7 @@
, prandIntegerOneToNMinusOne
)
where
-#include "HsOpenSSL.h"
+
import Control.Exception hiding (try)
import qualified Data.ByteString as BS
import Foreign.Marshal
@@ -54,14 +61,7 @@
#if defined(FAST_BIGNUM)
import Foreign.C.Types
import GHC.Base
-# if MIN_VERSION_integer_gmp(0,2,0)
import GHC.Integer.GMP.Internals
-# else
-import GHC.Num
-import GHC.Prim
-import GHC.Integer.Internals
-import GHC.IOBase (IO(..))
-# endif
#else
import Control.Monad
import Foreign.C
@@ -167,7 +167,7 @@
negative <- (#peek BIGNUM, neg) (unwrapBN bn) :: IO CInt
if negative == 0
then return $ S## i
- else return $ 0 - (S## i)
+ else return $ S## (0## -## i)
_ -> do
let !(I## nlimbsi) = fromIntegral nlimbs
!(I## limbsize) = (#size unsigned long)
@@ -177,8 +177,8 @@
_ <- _copy_in ba limbs $ fromIntegral $ nlimbs * (#size unsigned long)
negative <- (#peek BIGNUM, neg) (unwrapBN bn) :: IO CInt
if negative == 0
- then return $ J## nlimbsi ba
- else return $ 0 - (J## nlimbsi ba)
+ then return $ Jp## (byteArrayToBigNat## ba nlimbsi)
+ else return $ Jn## (byteArrayToBigNat## ba nlimbsi)
-- | This is a GHC specific, fast conversion between Integers and OpenSSL
-- bignums. It returns a malloced BigNum.
@@ -212,9 +212,15 @@
(#poke BIGNUM, neg) bnptr (if (I## v) < 0 then one else 0)
return (wrapBN bnptr)
-integerToBN v@(J## nlimbs_ bytearray)
- | v >= 0 = do
- let nlimbs = (I## nlimbs_)
+integerToBN v =
+ case v of
+ Jp## bn -> convert 0 bn
+ Jn## bn -> convert 1 bn
+ S## _ -> undefined
+ where
+ convert :: CInt -> BigNat -> IO BigNum
+ convert negValue bn@(BN## bytearray) = do
+ let nlimbs = I## (sizeofBigNat## bn)
bnptr <- mallocBytes (#size BIGNUM)
limbs <- mallocBytes ((#size unsigned long) * nlimbs)
(#poke BIGNUM, d) bnptr limbs
@@ -222,12 +228,8 @@
_ <- _copy_out limbs bytearray (fromIntegral $ (#size unsigned long) * nlimbs)
(#poke BIGNUM, top) bnptr ((fromIntegral nlimbs) :: CInt)
(#poke BIGNUM, dmax) bnptr ((fromIntegral nlimbs) :: CInt)
- (#poke BIGNUM, neg) bnptr (0 :: CInt)
+ (#poke BIGNUM, neg) bnptr negValue
return (wrapBN bnptr)
- | otherwise = do bnptr <- integerToBN (0-v)
- (#poke BIGNUM, neg) (unwrapBN bnptr) (1 :: CInt)
- return bnptr
-
#endif
-- TODO: we could make a function which doesn't even allocate BN data if we
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HsOpenSSL-0.11.4.1/OpenSSL/EVP/Digest.hsc new/HsOpenSSL-0.11.4.4/OpenSSL/EVP/Digest.hsc
--- old/HsOpenSSL-0.11.4.1/OpenSSL/EVP/Digest.hsc 2017-02-26 22:48:26.000000000 +0100
+++ new/HsOpenSSL-0.11.4.4/OpenSSL/EVP/Digest.hsc 2017-03-23 23:44:20.000000000 +0100
@@ -11,6 +11,7 @@
, digestLBS
, hmacBS
+ , hmacLBS
, pkcs5_pbkdf2_hmac_sha1
)
where
@@ -99,6 +100,10 @@
bufLen <- fromIntegral <$> peek bufLenPtr
B8.packCStringLen (bufPtr, bufLen)
+hmacLBS :: Digest -> B8.ByteString -> L8.ByteString -> B8.ByteString
+hmacLBS md key input
+ = unsafePerformIO $ hmacLazily md key input >>= hmacFinalBS
+
-- | Calculate a PKCS5-PBKDF2 SHA1-HMAC suitable for password hashing.
pkcs5_pbkdf2_hmac_sha1 :: B8.ByteString -- ^ password
-> B8.ByteString -- ^ salt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HsOpenSSL-0.11.4.1/OpenSSL/EVP/Internal.hsc new/HsOpenSSL-0.11.4.4/OpenSSL/EVP/Internal.hsc
--- old/HsOpenSSL-0.11.4.1/OpenSSL/EVP/Internal.hsc 2017-02-26 22:48:26.000000000 +0100
+++ new/HsOpenSSL-0.11.4.4/OpenSSL/EVP/Internal.hsc 2017-03-23 23:44:20.000000000 +0100
@@ -35,6 +35,14 @@
digestStrictly,
digestLazily,
+ HmacCtx(..),
+ HMAC_CTX,
+ withHmacCtxPtr,
+
+ hmacUpdateBS,
+ hmacFinalBS,
+ hmacLazily,
+
VaguePKey(..),
EVP_PKEY,
PKey(..),
@@ -77,6 +85,7 @@
import System.IO.Unsafe (unsafeInterleaveIO)
import OpenSSL.Utils
+
{- EVP_CIPHER ---------------------------------------------------------------- -}
-- |@Cipher@ is an opaque object that represents an algorithm of
@@ -314,6 +323,62 @@
mapM_ (digestUpdateBS ctx) $ L8.toChunks lbs
return ctx
+{- HMAC ---------------------------------------------------------------------- -}
+newtype HmacCtx = HmacCtx (ForeignPtr HMAC_CTX)
+data HMAC_CTX
+
+foreign import ccall unsafe "HsOpenSSL_HMAC_CTX_new"
+ _hmac_ctx_new :: IO (Ptr HMAC_CTX)
+
+foreign import ccall unsafe "HMAC_Init"
+ _hmac_init :: Ptr HMAC_CTX -> Ptr () -> CInt -> Ptr EVP_MD -> IO CInt
+
+foreign import ccall unsafe "HMAC_Update"
+ _hmac_update :: Ptr HMAC_CTX -> Ptr CChar -> CInt -> IO CInt
+
+foreign import ccall unsafe "HMAC_Final"
+ _hmac_final :: Ptr HMAC_CTX -> Ptr CChar -> Ptr CInt -> IO CUInt
+
+foreign import ccall unsafe "&HsOpenSSL_HMAC_CTX_free"
+ _hmac_ctx_free :: FunPtr (Ptr HMAC_CTX -> IO ())
+
+newHmacCtx :: IO HmacCtx
+newHmacCtx = do
+ ctxPtr <- _hmac_ctx_new
+ HmacCtx <$> newForeignPtr _hmac_ctx_free ctxPtr
+
+withHmacCtxPtr :: HmacCtx -> (Ptr HMAC_CTX -> IO a) -> IO a
+withHmacCtxPtr (HmacCtx ctx) = withForeignPtr ctx
+
+hmacInit :: Digest -> B8.ByteString -> IO HmacCtx
+hmacInit (Digest md) key = do
+ ctx <- newHmacCtx
+ withHmacCtxPtr ctx $ \ctxPtr ->
+ B8.unsafeUseAsCStringLen key $ \(keyPtr, keyLen) ->
+ _hmac_init ctxPtr (castPtr keyPtr) (fromIntegral keyLen) md
+ >>= failIf_ (/= 1)
+ >> return ctx
+
+hmacUpdateBS :: HmacCtx -> B8.ByteString -> IO ()
+hmacUpdateBS ctx bs = withHmacCtxPtr ctx $ \ctxPtr -> do
+ B8.unsafeUseAsCStringLen bs $ \(buf, len) ->
+ _hmac_update ctxPtr (castPtr buf) (fromIntegral len)
+ >>= failIf_ (/= 1)
+
+hmacFinalBS :: HmacCtx -> IO B8.ByteString
+hmacFinalBS ctx =
+ withHmacCtxPtr ctx $ \ctxPtr ->
+ B8.createAndTrim (#const EVP_MAX_MD_SIZE) $ \bufPtr ->
+ alloca $ \bufLenPtr -> do
+ _hmac_final ctxPtr (castPtr bufPtr) bufLenPtr >>= failIf_ (/= 1)
+ fromIntegral <$> peek bufLenPtr
+
+hmacLazily :: Digest -> B8.ByteString -> L8.ByteString -> IO HmacCtx
+hmacLazily md key lbs = do
+ ctx <- hmacInit md key
+ mapM_ (hmacUpdateBS ctx) $ L8.toChunks lbs
+ return ctx
+
{- EVP_PKEY ------------------------------------------------------------------ -}
-- | VaguePKey is a 'ForeignPtr' to 'EVP_PKEY', that is either public
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HsOpenSSL-0.11.4.1/Test/OpenSSL/EVP/Digest.hs new/HsOpenSSL-0.11.4.4/Test/OpenSSL/EVP/Digest.hs
--- old/HsOpenSSL-0.11.4.1/Test/OpenSSL/EVP/Digest.hs 1970-01-01 01:00:00.000000000 +0100
+++ new/HsOpenSSL-0.11.4.4/Test/OpenSSL/EVP/Digest.hs 2017-03-23 23:44:20.000000000 +0100
@@ -0,0 +1,38 @@
+module Main (main) where
+
+import qualified Data.ByteString.Char8 as B
+import qualified Data.ByteString.Lazy.Char8 as BL
+import Data.Char
+import OpenSSL
+import Text.Printf
+import OpenSSL.EVP.Digest
+import Test.OpenSSL.TestUtils
+
+main :: IO ()
+main = withOpenSSL $ do
+ Just md5 <- getDigestByName "MD5"
+ Just sha1 <- getDigestByName "SHA1"
+ Just sha256 <- getDigestByName "SHA256"
+ let hex = concatMap (printf "%02x" . ord) . B.unpack
+ checkHMAC digestName key testData result = do
+ assertEqual what result $
+ hex $ hmacBS d (B.pack key) (B.pack testData)
+ assertEqual ("lazy " ++ what) result $
+ hex $ hmacLBS d (B.pack key) (BL.pack testData)
+ where what =
+ "HMAC_" ++ digestName ++
+ "(" ++ show key ++ ", " ++ show testData ++ ")"
+ d = case digestName of
+ "MD5" -> md5
+ "SHA1" -> sha1
+ "SHA256" -> sha256
+ _ -> error digestName
+ -- test data from
+ -- https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
+
+ checkHMAC "MD5" "" "" "74e6f7298a9c2d168935f58c001bad88"
+ checkHMAC "SHA1" "" "" "fbdb1d1b18aa6c08324b7d64b71fb76370690e1d"
+ checkHMAC "SHA256" "" "" "b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad"
+ checkHMAC "MD5" "key" "The quick brown fox jumps over the lazy dog" "80070713463e7749b90c2dc24911e275"
+ checkHMAC "SHA1" "key" "The quick brown fox jumps over the lazy dog" "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
+ checkHMAC "SHA256" "key" "The quick brown fox jumps over the lazy dog" "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HsOpenSSL-0.11.4.1/cbits/HsOpenSSL.c new/HsOpenSSL-0.11.4.4/cbits/HsOpenSSL.c
--- old/HsOpenSSL-0.11.4.1/cbits/HsOpenSSL.c 2017-02-26 22:48:26.000000000 +0100
+++ new/HsOpenSSL-0.11.4.4/cbits/HsOpenSSL.c 2017-03-23 23:44:20.000000000 +0100
@@ -70,6 +70,26 @@
return EVP_CIPHER_iv_length(cipher);
}
+/* EVP HMAC *******************************************************************/
+HMAC_CTX *HsOpenSSL_HMAC_CTX_new(void) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ return HMAC_CTX_new();
+#else
+ HMAC_CTX *ctx = (HMAC_CTX *)malloc(sizeof(HMAC_CTX));
+ HMAC_CTX_init(ctx);
+ return ctx;
+#endif
+}
+
+void HsOpenSSL_HMAC_CTX_free(HMAC_CTX *ctx) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ return HMAC_CTX_free();
+#else
+ HMAC_CTX_cleanup(ctx);
+ free(ctx);
+#endif
+}
+
/* X509 ***********************************************************************/
long HsOpenSSL_X509_get_version(X509* x509) {
return X509_get_version(x509);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HsOpenSSL-0.11.4.1/cbits/HsOpenSSL.h new/HsOpenSSL-0.11.4.4/cbits/HsOpenSSL.h
--- old/HsOpenSSL-0.11.4.1/cbits/HsOpenSSL.h 2017-02-26 22:48:27.000000000 +0100
+++ new/HsOpenSSL-0.11.4.4/cbits/HsOpenSSL.h 2017-03-23 23:44:20.000000000 +0100
@@ -54,6 +54,10 @@
int HsOpenSSL_EVP_CIPHER_CTX_block_size(EVP_CIPHER_CTX* ctx);
int HsOpenSSL_EVP_CIPHER_iv_length(EVP_CIPHER* cipher);
+/* EVP HMAC *******************************************************************/
+HMAC_CTX *HsOpenSSL_HMAC_CTX_new(void);
+void HsOpenSSL_HMAC_CTX_free(HMAC_CTX *ctx);
+
/* X509 ***********************************************************************/
long HsOpenSSL_X509_get_version(X509* x509);
ASN1_TIME* HsOpenSSL_X509_get_notBefore(X509* x509);