"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tools/c_rehash.in" between
openssl-1.1.1o.tar.gz and openssl-1.1.1p.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

[ To the main openssl source changes report ]

c_rehash.in  (openssl-1.1.1o):c_rehash.in  (openssl-1.1.1p)
skipping to change at line 107 skipping to change at line 107
if ( -w $_) { if ( -w $_) {
hash_dir($_); hash_dir($_);
} else { } else {
print "Skipping $_, can't write\n"; print "Skipping $_, can't write\n";
$errorcount++; $errorcount++;
} }
} }
} }
exit($errorcount); exit($errorcount);
sub copy_file {
my ($src_fname, $dst_fname) = @_;
if (open(my $in, "<", $src_fname)) {
if (open(my $out, ">", $dst_fname)) {
print $out $_ while (<$in>);
close $out;
} else {
warn "Cannot open $dst_fname for write, $!";
}
close $in;
} else {
warn "Cannot open $src_fname for read, $!";
}
}
sub hash_dir { sub hash_dir {
my %hashlist; my $dir = shift;
print "Doing $_[0]\n"; my %hashlist;
chdir $_[0];
opendir(DIR, "."); print "Doing $dir\n";
my @flist = sort readdir(DIR);
closedir DIR; if (!chdir $dir) {
if ( $removelinks ) { print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
# Delete any existing symbolic links return;
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { }
if (-l $_) {
print "unlink $_" if $verbose; opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
unlink $_ || warn "Can't unlink $_, $!\n"; my @flist = sort readdir(DIR);
} closedir DIR;
} if ( $removelinks ) {
} # Delete any existing symbolic links
FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
# Check to see if certificates and/or CRLs present. if (-l $_) {
my ($cert, $crl) = check_file($fname); print "unlink $_\n" if $verbose;
if (!$cert && !$crl) { unlink $_ || warn "Can't unlink $_, $!\n";
print STDERR "WARNING: $fname does not contain a certific }
ate or CRL: skipping\n"; }
next; }
} FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
link_hash_cert($fname) if ($cert); # Check to see if certificates and/or CRLs present.
link_hash_crl($fname) if ($crl); my ($cert, $crl) = check_file($fname);
} if (!$cert && !$crl) {
print STDERR "WARNING: $fname does not contain a certificate or CRL:
skipping\n";
next;
}
link_hash_cert($fname) if ($cert);
link_hash_crl($fname) if ($crl);
}
chdir $pwd;
} }
sub check_file { sub check_file {
my ($is_cert, $is_crl) = (0,0); my ($is_cert, $is_crl) = (0,0);
my $fname = $_[0]; my $fname = $_[0];
open IN, $fname;
while(<IN>) { open(my $in, "<", $fname);
if (/^-----BEGIN (.*)-----/) { while(<$in>) {
my $hdr = $1; if (/^-----BEGIN (.*)-----/) {
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { my $hdr = $1;
$is_cert = 1; if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
last if ($is_crl); $is_cert = 1;
} elsif ($hdr eq "X509 CRL") { last if ($is_crl);
$is_crl = 1; } elsif ($hdr eq "X509 CRL") {
last if ($is_cert); $is_crl = 1;
} last if ($is_cert);
} }
} }
close IN; }
return ($is_cert, $is_crl); close $in;
return ($is_cert, $is_crl);
} }
sub compute_hash { sub compute_hash {
my $fh; my $fh;
if ( $^O eq "VMS" ) { if ( $^O eq "VMS" ) {
# VMS uses the open through shell # VMS uses the open through shell
# The file names are safe there and list form is unsupported # The file names are safe there and list form is unsupported
if (!open($fh, "-|", join(' ', @_))) { if (!open($fh, "-|", join(' ', @_))) {
print STDERR "Cannot compute hash on '$fname'\n"; print STDERR "Cannot compute hash on '$fname'\n";
return; return;
skipping to change at line 180 skipping to change at line 206
return (<$fh>, <$fh>); return (<$fh>, <$fh>);
} }
# Link a certificate to its subject name hash value, each hash is of # Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists # the form <hash>.<n> where n is an integer. If the hash value already exists
# then we need to up the value of n, unless its a duplicate in which # then we need to up the value of n, unless its a duplicate in which
# case we skip the link. We check for duplicates by comparing the # case we skip the link. We check for duplicates by comparing the
# certificate fingerprints # certificate fingerprints
sub link_hash_cert { sub link_hash_cert {
my $fname = $_[0]; link_hash($_[0], 'cert');
my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
"-fingerprint", "-noout",
"-in", $fname);
chomp $hash;
chomp $fprint;
return if !$hash;
$fprint =~ s/^.*=//;
$fprint =~ tr/://d;
my $suffix = 0;
# Search for an unused hash filename
while(exists $hashlist{"$hash.$suffix"}) {
# Hash matches: if fingerprint matches its a duplicate ce
rt
if ($hashlist{"$hash.$suffix"} eq $fprint) {
print STDERR "WARNING: Skipping duplicate certifi
cate $fname\n";
return;
}
$suffix++;
}
$hash .= ".$suffix";
if ($symlink_exists) {
print "link $fname -> $hash\n" if $verbose;
symlink $fname, $hash || warn "Can't symlink, $!";
} else {
print "copy $fname -> $hash\n" if $verbose;
if (open($in, "<", $fname)) {
if (open($out,">", $hash)) {
print $out $_ while (<$in>);
close $out;
} else {
warn "can't open $hash for write, $!";
}
close $in;
} else {
warn "can't open $fname for read, $!";
}
}
$hashlist{$hash} = $fprint;
} }
# Same as above except for a CRL. CRL links are of the form <hash>.r<n> # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
sub link_hash_crl { sub link_hash_crl {
my $fname = $_[0]; link_hash($_[0], 'crl');
my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, }
"-fingerprint", "-noout",
"-in", $fname); sub link_hash {
chomp $hash; my ($fname, $type) = @_;
chomp $fprint; my $is_cert = $type eq 'cert';
return if !$hash;
$fprint =~ s/^.*=//; my ($hash, $fprint) = compute_hash($openssl,
$fprint =~ tr/://d; $is_cert ? "x509" : "crl",
my $suffix = 0; $is_cert ? $x509hash : $crlhash,
# Search for an unused hash filename "-fingerprint", "-noout",
while(exists $hashlist{"$hash.r$suffix"}) { "-in", $fname);
# Hash matches: if fingerprint matches its a duplicate ce chomp $hash;
rt chomp $fprint;
if ($hashlist{"$hash.r$suffix"} eq $fprint) { return if !$hash;
print STDERR "WARNING: Skipping duplicate CRL $fn $fprint =~ s/^.*=//;
ame\n"; $fprint =~ tr/://d;
return; my $suffix = 0;
} # Search for an unused hash filename
$suffix++; my $crlmark = $is_cert ? "" : "r";
} while(exists $hashlist{"$hash.$crlmark$suffix"}) {
$hash .= ".r$suffix"; # Hash matches: if fingerprint matches its a duplicate cert
if ($symlink_exists) { if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
print "link $fname -> $hash\n" if $verbose; my $what = $is_cert ? 'certificate' : 'CRL';
symlink $fname, $hash || warn "Can't symlink, $!"; print STDERR "WARNING: Skipping duplicate $what $fname\n";
} else { return;
print "cp $fname -> $hash\n" if $verbose; }
system ("cp", $fname, $hash); $suffix++;
warn "Can't copy, $!" if ($? >> 8) != 0; }
} $hash .= ".$crlmark$suffix";
$hashlist{$hash} = $fprint; if ($symlink_exists) {
print "link $fname -> $hash\n" if $verbose;
symlink $fname, $hash || warn "Can't symlink, $!";
} else {
print "copy $fname -> $hash\n" if $verbose;
copy_file($fname, $hash);
}
$hashlist{$hash} = $fprint;
} }
 End of changes. 5 change blocks. 
114 lines changed or deleted 108 lines changed or added
To the Text Files section of the openssl source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)