Commit Graph

38 Commits

Author SHA1 Message Date
Tobias Girstmair
706fc5f6eb c_rehash: Fix file extension matching
For some reason, parenthesis were added 8 years ago in commit
a787c2590e. This essentially removed the
\. and $ constructs from the middle branches. Hence a file called e.g.
cert.key would accidentally match the (cer) rule.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19427)
2022-10-20 11:26:17 +02:00
Tomas Mraz
87eee75010 c_rehash: Drop the issuer_name_hash= prefix from the CRL hash
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2022-06-20 11:44:52 +01:00
Daniel Fiala
ce60b13707 Fix file operations in c_rehash.
CVE-2022-2068

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2022-06-20 11:44:40 +01:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Tomas Mraz
7c33270707 c_rehash: Do not use shell to invoke openssl
Except on VMS where it is safe.

This fixes CVE-2022-1292.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2022-05-03 11:07:36 +01:00
Viktor Szakats
ea0d79db9b convert tabs to spaces in two distributed Perl scripts
Also fix indentation in c_rehash.in to 4 spaces, where a mixture of 4 and 8
spaces was used before, in addition to tabs.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16459)
2021-09-14 07:21:22 +10:00
Richard Levitte
da51dc5f68 Move some OpenSSL perl utility functions to OpenSSL::Util
quotify1() and quotify_l() were in OpenSSL::Template, but should be
more widely usable.

configdata.pm.in's out_item() is also more widely useful and is
therefore moved to OpenSSL::Util as well, and renamed to dump_data().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)
2021-05-19 10:13:02 +02:00
Matt Caswell
8020d79b40 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
2021-03-11 13:27:36 +00:00
Mark
2d96895122 Fix filename escaping in c_rehash
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14301)
2021-02-26 10:03:48 +10:00
Richard Levitte
9059ab425a Following the license change, modify the boilerplates in util/, tools/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7766)
2018-12-06 14:17:23 +01:00
Matt Caswell
b0edda11cb Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)
2018-03-20 13:08:46 +00:00
Richard Levitte
abe256e795 Make "make variables" config attributes for overridable flags
With the support of "make variables" comes the possibility for the
user to override them.  However, we need to make a difference between
defaults that we use (and that should be overridable by the user) and
flags that are crucial for building OpenSSL (should not be
overridable).

Typically, overridable flags are those setting optimization levels,
warnings levels, that kind of thing, while non-overridable flags are,
for example, macros that indicate aspects of how the config target
should be treated, such as L_ENDIAN and B_ENDIAN.

We do that differentiation by allowing upper case attributes in the
config targets, named exactly like the "make variables" we support,
and reserving the lower case attributes for non-overridable project
flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5534)
2018-03-08 17:24:02 +01:00
Rich Salz
7d959c358a Add -h and -help for c_rehash script and app
Resolves GH1515 and GH1509.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-14 08:59:48 -04:00
Richard Levitte
d513369bfa perl: Separate compile-time environment from runtime environment
Make it possible to have a separate and different perl command string
for installable scripts than we use when building, with the
environment variable HASHBANGPERL.  Its value default to the same as
the environment PERL if it's defined, otherwise '/usr/bin/env perl'.

Note: this is only relevant for Unix-like environments.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-04 15:40:31 +02:00
Rich Salz
b1ffe8dbee GH1123: sort dir before rehash
This is needed to generate stable output names/symlinks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-02 15:12:50 -04:00
Rich Salz
44c8a5e2b9 Add final(?) set of copyrights.
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:27:25 -04:00
Richard Levitte
9ab6fc5936 Generate warning text
Now that we're using templates, we should warn people not to edit the
resulting file.  We do it through util/dofile.pl, which is enhanced
with an option to tell what file it was called from.  We also change
the calls so the template files are on the command line instead of
being redirected through standard input.  That way, we can display
something like this (example taken from include/openssl/opensslconf.h):

    /* WARNING: do not edit! */
    /* Generated by Configure from include/openssl/opensslconf.h.in */

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 21:19:59 +01:00
Richard Levitte
291e94df90 Refactor file writing - introduce template driven file writing
apps/CA.pl and tools/c_rehash are built from template files.  So far,
this was done by Configure, which created its own problems as it
forced everyone to reconfigure just because one of the template files
had changed.
Instead, have those files created as part of the normal build in apps/
and in tools/.

Furthermore, this prepares for a future where Configure may produce
entirely other build files than Makefile, and the latter can't be
guaranteed to be the holder of all information for other scripts.
Instead, configdata.pm (described below) becomes the center of
configuration information.

This introduces a few new things:

%config         a hash table to hold all kinds of configuration data
                that can be used by any other script.
configdata.pm   a perl module that Configure writes.  It currently
                holds the hash tables %config and %target.
util/dofile.pl  a script that takes a template on STDIN and outputs
                the result after applying configuration data on it.
                It's supposed to be called like this:

                        perl -I$(TOP) -Mconfigdata < template > result

                or

                        perl -I$(TOP) -Mconfigdata templ1 templ2 ... > result

                Note: util/dofile.pl requires Text::Template.

As part of this changed, remove a number of variables that are really
just copies of entries in %target, and use %target directly.  The
exceptions are $target{cflags} and $target{lflags}, they do get copied
to $cflags and $lflags.  The reason for this is that those variable
potentially go through a lot of changes and would rather deserve a
place in %config.  That, however, is for another commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-22 23:12:22 +01:00
Rich Salz
4c7103a5ee Unwriteable directories are errors
Make the script and app match the documentation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-10 16:13:55 -04:00
Rich Salz
ff2f6bb084 Fix rehash/c_rehash doc and behavior.
Both now warn once if directory isn't writeable.
Both now warn on file-write errors (multiple times).
Update manpage to describe both program and script correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-08 15:13:57 -04:00
Olaf Johansson
8846adbd36 GH249: Fix bad regexp in arg parsing.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-02 11:24:44 -04:00
Rich Salz
6f46c3c3b0 RT2772 update: c_rehash was broken
Move the readdir() lines out of the if statement, so
that flist is available globally.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-11 13:08:30 -04:00
Matthias Andree
a787c2590e RT2272: Add old-style hash to c_rehash
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:34:44 -04:00
Viktor Dkhovni
5a8addc432 RT1325,2973: Add more extensions to c_rehash
Regexp was bracketed wrong.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-07 18:24:15 -04:00
TANABE Hiroyasu
80ec8d4e3e RT1325,2973: Add more extensions to c_rehash
Add .crt/.cer/.crl to the filenames parsed.

I also updated the podpage (since it didn't exist when
this ticket was first created, nor when it was re-created
seven years later).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-31 00:36:09 -04:00
Dr. Stephen Henson
45078e6c52 PR: 2234
Submitted By: Matthias Andree <matthias.andree@gmx.de>

Use correct path to openssl utility in c_rehash script.
2010-04-14 23:07:12 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Andy Polyakov
a2688c872d Minor portability update to c_rehash. 2006-10-26 10:52:12 +00:00
Andy Polyakov
d8cdd1567f Make c_rehash more platform neutral and make it work in mixed environment,
such as MSYS with "native" Win32 perl.
2006-10-21 16:28:03 +00:00
Richard Levitte
56b5f687e4 And if the path has a space, we definitely need to protect $openssl. 2002-10-11 20:31:27 +00:00
Richard Levitte
caa4f47f61 Oh, there were *two* places where we needed to protect the file
name...
2002-10-11 20:28:23 +00:00
Richard Levitte
b7910992d8 There may be more than one single quote to fix.
PR: 256
2002-10-11 11:34:20 +00:00
Richard Levitte
42b06fbaca Make sure $fname will not give us any surprises with any funny characters.
PR: 256
2002-10-11 11:07:28 +00:00
Richard Levitte
127dca46a0 Check for the executable $openssl, not just the file.
Part of PR: 75
2002-06-13 19:59:40 +00:00
Richard Levitte
bb766a0ad6 Make sure evil file name characters, like spaces or ampersands (!),
don't disturb the rehashing process.
Spotted and suggested patch from Rudo Thomas <rudo@internet.sk>
2001-08-17 04:35:58 +00:00
Richard Levitte
967d95f096 Incorporate some changes that make OpenSSL compilable in CygWin. 2001-04-04 15:50:30 +00:00
Dr. Stephen Henson
439df5087f Fix c_rehash script, add -fingerprint option to crl. 2000-05-18 00:33:00 +00:00
Ulf Möller
31ff97b28a mk1mf.pl and mkdef.pl read OPTIONS from toplevel Makefile.
Configure no longer changes files in place.
1999-05-13 10:28:14 +00:00