Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
3d318062
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
3d318062
编写于
7月 04, 2022
作者:
Z
zhao_zhen_zhou
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix CVE-2022-1292 and CVE-2022-2068
Signed-off-by:
N
zhao_zhen_zhou
<
zhaozhenzhou@huawei.com
>
上级
b664f6e9
变更
1
显示空白变更内容
内联
并排
Showing
1 changed file
with
125 addition
and
106 deletion
+125
-106
tools/c_rehash.in
tools/c_rehash.in
+125
-106
未找到文件。
tools/c_rehash.in
浏览文件 @
3d318062
#!{- $config{HASHBANGPERL} -}
#!{- $config{HASHBANGPERL} -}
# {- join("\n# ", @autowarntext) -}
# {- join("\n# ", @autowarntext) -}
# Copyright 1999-202
1
The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1999-202
2
The OpenSSL Project Authors. All Rights Reserved.
#
#
# Licensed under the OpenSSL license (the "License"). You may not use
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# this file except in compliance with the License. You can obtain a copy
...
@@ -104,18 +104,41 @@ foreach (@dirlist) {
...
@@ -104,18 +104,41 @@ foreach (@dirlist) {
}
}
exit($errorcount);
exit($errorcount);
sub copy_file {
my ($src_fname, $dst_fname) = @_;
if (open(my $in, "<", $src_fname)) {
if (open(my $out, ">", $dst_fname)) {
print $out $_ while (<$in>);
close $out;
} else {
warn "Cannot open $dst_fname for write, $!";
}
close $in;
} else {
warn "Cannot open $src_fname for read, $!";
}
}
sub hash_dir {
sub hash_dir {
my $dir = shift;
my %hashlist;
my %hashlist;
print "Doing $_[0]\n";
chdir $_[0];
print "Doing $dir\n";
opendir(DIR, ".");
if (!chdir $dir) {
print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
return;
}
opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
my @flist = sort readdir(DIR);
my @flist = sort readdir(DIR);
closedir DIR;
closedir DIR;
if ( $removelinks ) {
if ( $removelinks ) {
# Delete any existing symbolic links
# Delete any existing symbolic links
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
if (-l $_) {
if (-l $_) {
print "unlink $_
" if $verbose;
print "unlink $_\n
" if $verbose;
unlink $_ || warn "Can't unlink $_, $!\n";
unlink $_ || warn "Can't unlink $_, $!\n";
}
}
}
}
...
@@ -130,13 +153,16 @@ sub hash_dir {
...
@@ -130,13 +153,16 @@ sub hash_dir {
link_hash_cert($fname) if ($cert);
link_hash_cert($fname) if ($cert);
link_hash_crl($fname) if ($crl);
link_hash_crl($fname) if ($crl);
}
}
chdir $pwd;
}
}
sub check_file {
sub check_file {
my ($is_cert, $is_crl) = (0,0);
my ($is_cert, $is_crl) = (0,0);
my $fname = $_[0];
my $fname = $_[0];
open IN, $fname;
while(<IN>) {
open(my $in, "<", $fname);
while(<$in>) {
if (/^-----BEGIN (.*)-----/) {
if (/^-----BEGIN (.*)-----/) {
my $hdr = $1;
my $hdr = $1;
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
...
@@ -148,10 +174,27 @@ sub check_file {
...
@@ -148,10 +174,27 @@ sub check_file {
}
}
}
}
}
}
close IN
;
close $in
;
return ($is_cert, $is_crl);
return ($is_cert, $is_crl);
}
}
sub compute_hash {
my $fh;
if ( $^O eq "VMS" ) {
# VMS uses the open through shell
# The file names are safe there and list form is unsupported
if (!open($fh, "-|", join(' ', @_))) {
print STDERR "Cannot compute hash on '$fname'\n";
return;
}
} else {
if (!open($fh, "-|", @_)) {
print STDERR "Cannot compute hash on '$fname'\n";
return;
}
}
return (<$fh>, <$fh>);
}
# Link a certificate to its subject name hash value, each hash is of
# Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists
# the form <hash>.<n> where n is an integer. If the hash value already exists
...
@@ -160,72 +203,48 @@ sub check_file {
...
@@ -160,72 +203,48 @@ sub check_file {
# certificate fingerprints
# certificate fingerprints
sub link_hash_cert {
sub link_hash_cert {
my $fname = $_[0];
link_hash($_[0], 'cert');
$fname =~ s/\"/\\\"/g;
my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
$fprint =~ tr/://d;
my $suffix = 0;
# Search for an unused hash filename
while(exists $hashlist{"$hash.$suffix"}) {
# Hash matches: if fingerprint matches its a duplicate cert
if ($hashlist{"$hash.$suffix"} eq $fprint) {
print STDERR "WARNING: Skipping duplicate certificate $fname\n";
return;
}
$suffix++;
}
$hash .= ".$suffix";
if ($symlink_exists) {
print "link $fname -> $hash\n" if $verbose;
symlink $fname, $hash || warn "Can't symlink, $!";
} else {
print "copy $fname -> $hash\n" if $verbose;
if (open($in, "<", $fname)) {
if (open($out,">", $hash)) {
print $out $_ while (<$in>);
close $out;
} else {
warn "can't open $hash for write, $!";
}
close $in;
} else {
warn "can't open $fname for read, $!";
}
}
$hashlist{$hash} = $fprint;
}
}
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
sub link_hash_crl {
sub link_hash_crl {
my $fname = $_[0];
link_hash($_[0], 'crl');
$fname =~ s/'/'\\''/g;
}
my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
sub link_hash {
my ($fname, $type) = @_;
my $is_cert = $type eq 'cert';
my ($hash, $fprint) = compute_hash($openssl,
$is_cert ? "x509" : "crl",
$is_cert ? $x509hash : $crlhash,
"-fingerprint", "-noout",
"-in", $fname);
chomp $hash;
chomp $hash;
chomp $fprint;
chomp $fprint;
return if !$hash;
$fprint =~ s/^.*=//;
$fprint =~ s/^.*=//;
$fprint =~ tr/://d;
$fprint =~ tr/://d;
my $suffix = 0;
my $suffix = 0;
# Search for an unused hash filename
# Search for an unused hash filename
while(exists $hashlist{"$hash.r$suffix"}) {
my $crlmark = $is_cert ? "" : "r";
while(exists $hashlist{"$hash.$crlmark$suffix"}) {
# Hash matches: if fingerprint matches its a duplicate cert
# Hash matches: if fingerprint matches its a duplicate cert
if ($hashlist{"$hash.r$suffix"} eq $fprint) {
if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
print STDERR "WARNING: Skipping duplicate CRL $fname\n";
my $what = $is_cert ? 'certificate' : 'CRL';
print STDERR "WARNING: Skipping duplicate $what $fname\n";
return;
return;
}
}
$suffix++;
$suffix++;
}
}
$hash .= ".r
$suffix";
$hash .= ".$crlmark
$suffix";
if ($symlink_exists) {
if ($symlink_exists) {
print "link $fname -> $hash\n" if $verbose;
print "link $fname -> $hash\n" if $verbose;
symlink $fname, $hash || warn "Can't symlink, $!";
symlink $fname, $hash || warn "Can't symlink, $!";
} else {
} else {
print "cp $fname -> $hash\n" if $verbose;
print "copy $fname -> $hash\n" if $verbose;
system ("cp", $fname, $hash);
copy_file($fname, $hash);
warn "Can't copy, $!" if ($? >> 8) != 0;
}
}
$hashlist{$hash} = $fprint;
$hashlist{$hash} = $fprint;
}
}
\ No newline at end of file
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录