Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
1d27c002
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
未验证
提交
1d27c002
编写于
7月 04, 2022
作者:
O
openharmony_ci
提交者:
Gitee
7月 04, 2022
浏览文件
操作
浏览文件
下载
差异文件
!61 fix CVE-2022-1292 and CVE-2022-2068
Merge pull request !61 from zhao_zhen_zhou/master
上级
b664f6e9
3d318062
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
125 addition
and
106 deletion
+125
-106
tools/c_rehash.in
tools/c_rehash.in
+125
-106
未找到文件。
tools/c_rehash.in
浏览文件 @
1d27c002
#!{- $config{HASHBANGPERL} -}
#!{- $config{HASHBANGPERL} -}
# {- join("\n# ", @autowarntext) -}
# {- join("\n# ", @autowarntext) -}
# Copyright 1999-202
1
The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1999-202
2
The OpenSSL Project Authors. All Rights Reserved.
#
#
# Licensed under the OpenSSL license (the "License"). You may not use
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# this file except in compliance with the License. You can obtain a copy
...
@@ -104,54 +104,97 @@ foreach (@dirlist) {
...
@@ -104,54 +104,97 @@ foreach (@dirlist) {
}
}
exit($errorcount);
exit($errorcount);
sub copy_file {
my ($src_fname, $dst_fname) = @_;
if (open(my $in, "<", $src_fname)) {
if (open(my $out, ">", $dst_fname)) {
print $out $_ while (<$in>);
close $out;
} else {
warn "Cannot open $dst_fname for write, $!";
}
close $in;
} else {
warn "Cannot open $src_fname for read, $!";
}
}
sub hash_dir {
sub hash_dir {
my %hashlist;
my $dir = shift;
print "Doing $_[0]\n";
my %hashlist;
chdir $_[0];
opendir(DIR, ".");
print "Doing $dir\n";
my @flist = sort readdir(DIR);
closedir DIR;
if (!chdir $dir) {
if ( $removelinks ) {
print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
# Delete any existing symbolic links
return;
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
}
if (-l $_) {
print "unlink $_" if $verbose;
opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
unlink $_ || warn "Can't unlink $_, $!\n";
my @flist = sort readdir(DIR);
}
closedir DIR;
}
if ( $removelinks ) {
}
# Delete any existing symbolic links
FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
# Check to see if certificates and/or CRLs present.
if (-l $_) {
my ($cert, $crl) = check_file($fname);
print "unlink $_\n" if $verbose;
if (!$cert && !$crl) {
unlink $_ || warn "Can't unlink $_, $!\n";
print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
}
next;
}
}
}
link_hash_cert($fname) if ($cert);
FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
link_hash_crl($fname) if ($crl);
# Check to see if certificates and/or CRLs present.
}
my ($cert, $crl) = check_file($fname);
if (!$cert && !$crl) {
print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
next;
}
link_hash_cert($fname) if ($cert);
link_hash_crl($fname) if ($crl);
}
chdir $pwd;
}
}
sub check_file {
sub check_file {
my ($is_cert, $is_crl) = (0,0);
my ($is_cert, $is_crl) = (0,0);
my $fname = $_[0];
my $fname = $_[0];
open IN, $fname;
while(<IN>) {
open(my $in, "<", $fname);
if (/^-----BEGIN (.*)-----/) {
while(<$in>) {
my $hdr = $1;
if (/^-----BEGIN (.*)-----/) {
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
my $hdr = $1;
$is_cert = 1;
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
last if ($is_crl);
$is_cert = 1;
} elsif ($hdr eq "X509 CRL") {
last if ($is_crl);
$is_crl = 1;
} elsif ($hdr eq "X509 CRL") {
last if ($is_cert);
$is_crl = 1;
}
last if ($is_cert);
}
}
}
}
close IN;
}
return ($is_cert, $is_crl);
close $in;
return ($is_cert, $is_crl);
}
}
sub compute_hash {
my $fh;
if ( $^O eq "VMS" ) {
# VMS uses the open through shell
# The file names are safe there and list form is unsupported
if (!open($fh, "-|", join(' ', @_))) {
print STDERR "Cannot compute hash on '$fname'\n";
return;
}
} else {
if (!open($fh, "-|", @_)) {
print STDERR "Cannot compute hash on '$fname'\n";
return;
}
}
return (<$fh>, <$fh>);
}
# Link a certificate to its subject name hash value, each hash is of
# Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists
# the form <hash>.<n> where n is an integer. If the hash value already exists
...
@@ -160,72 +203,48 @@ sub check_file {
...
@@ -160,72 +203,48 @@ sub check_file {
# certificate fingerprints
# certificate fingerprints
sub link_hash_cert {
sub link_hash_cert {
my $fname = $_[0];
link_hash($_[0], 'cert');
$fname =~ s/\"/\\\"/g;
my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
$fprint =~ tr/://d;
my $suffix = 0;
# Search for an unused hash filename
while(exists $hashlist{"$hash.$suffix"}) {
# Hash matches: if fingerprint matches its a duplicate cert
if ($hashlist{"$hash.$suffix"} eq $fprint) {
print STDERR "WARNING: Skipping duplicate certificate $fname\n";
return;
}
$suffix++;
}
$hash .= ".$suffix";
if ($symlink_exists) {
print "link $fname -> $hash\n" if $verbose;
symlink $fname, $hash || warn "Can't symlink, $!";
} else {
print "copy $fname -> $hash\n" if $verbose;
if (open($in, "<", $fname)) {
if (open($out,">", $hash)) {
print $out $_ while (<$in>);
close $out;
} else {
warn "can't open $hash for write, $!";
}
close $in;
} else {
warn "can't open $fname for read, $!";
}
}
$hashlist{$hash} = $fprint;
}
}
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
sub link_hash_crl {
sub link_hash_crl {
my $fname = $_[0];
link_hash($_[0], 'crl');
$fname =~ s/'/'\\''/g;
}
my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
chomp $hash;
sub link_hash {
chomp $fprint;
my ($fname, $type) = @_;
$fprint =~ s/^.*=//;
my $is_cert = $type eq 'cert';
$fprint =~ tr/://d;
my $suffix = 0;
my ($hash, $fprint) = compute_hash($openssl,
# Search for an unused hash filename
$is_cert ? "x509" : "crl",
while(exists $hashlist{"$hash.r$suffix"}) {
$is_cert ? $x509hash : $crlhash,
# Hash matches: if fingerprint matches its a duplicate cert
"-fingerprint", "-noout",
if ($hashlist{"$hash.r$suffix"} eq $fprint) {
"-in", $fname);
print STDERR "WARNING: Skipping duplicate CRL $fname\n";
chomp $hash;
return;
chomp $fprint;
}
return if !$hash;
$suffix++;
$fprint =~ s/^.*=//;
}
$fprint =~ tr/://d;
$hash .= ".r$suffix";
my $suffix = 0;
if ($symlink_exists) {
# Search for an unused hash filename
print "link $fname -> $hash\n" if $verbose;
my $crlmark = $is_cert ? "" : "r";
symlink $fname, $hash || warn "Can't symlink, $!";
while(exists $hashlist{"$hash.$crlmark$suffix"}) {
} else {
# Hash matches: if fingerprint matches its a duplicate cert
print "cp $fname -> $hash\n" if $verbose;
if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
system ("cp", $fname, $hash);
my $what = $is_cert ? 'certificate' : 'CRL';
warn "Can't copy, $!" if ($? >> 8) != 0;
print STDERR "WARNING: Skipping duplicate $what $fname\n";
}
return;
$hashlist{$hash} = $fprint;
}
$suffix++;
}
$hash .= ".$crlmark$suffix";
if ($symlink_exists) {
print "link $fname -> $hash\n" if $verbose;
symlink $fname, $hash || warn "Can't symlink, $!";
} else {
print "copy $fname -> $hash\n" if $verbose;
copy_file($fname, $hash);
}
$hashlist{$hash} = $fprint;
}
}
\ No newline at end of file
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录