Import OpenSSL 1.1.0f

2017-09-07 16:27:43 -07:00
parent ccd3ab4aff
commit f4b81cb7c9
3340 changed files with 325158 additions and 557542 deletions
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -1,61 +0,0 @@
-#
-# OpenSSL/tools/Makefile
-#
-
-DIR=	tools
-TOP=	..
-CC=	cc
-INCLUDES= -I$(TOP) -I../../include
-CFLAG=-g
-MAKEFILE=	Makefile
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=
-APPS= c_rehash
-MISC_APPS= c_hash c_info c_issuer c_name
-
-all:
-
-install:
-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-	@for i in $(APPS) ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-	done;
-	@for i in $(MISC_APPS) ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-	chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-	mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
-	done;
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-
-lint:
-
-tags:
-
-errors:
-
-update: depend
-
-depend:
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-	rm -f c_rehash
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/tools/build.info
+++ b/tools/build.info
@@ -0,0 +1,7 @@
+{- our $c_rehash_name =
+       $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash";
+   "" -}
+IF[{- !$disabled{apps} -}]
+  SCRIPTS={- $c_rehash_name -}
+  SOURCE[{- $c_rehash_name -}]=c_rehash.in
+ENDIF
--- a/tools/c89.sh
+++ b/tools/c89.sh
@@ -1,15 +0,0 @@
-#!/bin/sh -k
-#
-# Re-order arguments so that -L comes first
-#
-opts=""
-lopts=""
-        
-for arg in $* ; do
-  case $arg in
-    -L*) lopts="$lopts $arg" ;;
-    *) opts="$opts $arg" ;;
-  esac
-done
-
-c89 $lopts $opts
--- a/tools/c_hash
+++ b/tools/c_hash
@@ -1,9 +0,0 @@
-#!/bin/sh
-# print out the hash values 
-#
-
-for i in $*
-do
-	h=`openssl x509 -hash -noout -in $i`
-	echo "$h.0 => $i"
-done
--- a/tools/c_info
+++ b/tools/c_info
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-# print the subject
-#
-
-for i in $*
-do
-	n=`openssl x509 -subject -issuer -enddate -noout -in $i`
-	echo "$i"
-	echo "$n"
-	echo "--------"
-done
--- a/tools/c_issuer
+++ b/tools/c_issuer
@@ -1,10 +0,0 @@
-#!/bin/sh
-#
-# print out the issuer
-#
-
-for i in $*
-do
-	n=`openssl x509 -issuer -noout -in $i`
-	echo "$i	$n"
-done
--- a/tools/c_name
+++ b/tools/c_name
@@ -1,10 +0,0 @@
-#!/bin/sh
-#
-# print the subject
-#
-
-for i in $*
-do
-	n=`openssl x509 -subject -noout -in $i`
-	echo "$i	$n"
-done
--- a/tools/c_rehash
+++ b/tools/c_rehash
@@ -1,210 +0,0 @@
-#!/usr/bin/perl
-
-# Perl c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-
-my $dir = "/usr/local/ssl";
-my $prefix = "/usr/local/ssl";
-
-my $openssl = $ENV{OPENSSL} || "openssl";
-my $pwd;
-my $x509hash = "-subject_hash";
-my $crlhash = "-hash";
-my $verbose = 0;
-my $symlink_exists=eval {symlink("",""); 1};
-my $removelinks = 1;
-
-##  Parse flags.
-while ( $ARGV[0] =~ /^-/ ) {
-    my $flag = shift @ARGV;
-    last if ( $flag eq '--');
-    if ( $flag eq '-old') {
-	    $x509hash = "-subject_hash_old";
-	    $crlhash = "-hash_old";
-    } elsif ( $flag eq '-h') {
-	    help();
-    } elsif ( $flag eq '-n' ) {
-	    $removelinks = 0;
-    } elsif ( $flag eq '-v' ) {
-	    $verbose++;
-    }
-    else {
-	    print STDERR "Usage error; try -help.\n";
-	    exit 1;
-    }
-}
-
-sub help {
-	print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n";
-	print "   -old use old-style digest\n";
-	print "   -h print this help text\n";
-	print "   -v print files removed and linked\n";
-	exit 0;
-}
-
-eval "require Cwd";
-if (defined(&Cwd::getcwd)) {
-	$pwd=Cwd::getcwd();
-} else {
-	$pwd=`pwd`;
-	chomp($pwd);
-}
-
-# DOS/Win32 or Unix delimiter?  Prefix our installdir, then search.
-my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
-$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
-
-if(! -x $openssl) {
-	my $found = 0;
-	foreach (split /$path_delim/, $ENV{PATH}) {
-		if(-x "$_/$openssl") {
-			$found = 1;
-			$openssl = "$_/$openssl";
-			last;
-		}	
-	}
-	if($found == 0) {
-		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
-		exit 0;
-	}
-}
-
-if(@ARGV) {
-	@dirlist = @ARGV;
-} elsif($ENV{SSL_CERT_DIR}) {
-	@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
-} else {
-	$dirlist[0] = "$dir/certs";
-}
-
-if (-d $dirlist[0]) {
-	chdir $dirlist[0];
-	$openssl="$pwd/$openssl" if (!-x $openssl);
-	chdir $pwd;
-}
-
-foreach (@dirlist) {
-	if(-d $_ and -w $_) {
-		hash_dir($_);
-	}
-}
-
-sub hash_dir {
-	my %hashlist;
-	print "Doing $_[0]\n";
-	chdir $_[0];
-	opendir(DIR, ".");
-	my @flist = readdir(DIR);
-	closedir DIR;
-	if ( $removelinks ) {
-		# Delete any existing symbolic links
-		foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
-			if(-l $_) {
-				unlink $_;
-				print "unlink $_" if $verbose;
-			}
-		}
-	}
-	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
-		# Check to see if certificates and/or CRLs present.
-		my ($cert, $crl) = check_file($fname);
-		if(!$cert && !$crl) {
-			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
-			next;
-		}
-		link_hash_cert($fname) if($cert);
-		link_hash_crl($fname) if($crl);
-	}
-}
-
-sub check_file {
-	my ($is_cert, $is_crl) = (0,0);
-	my $fname = $_[0];
-	open IN, $fname;
-	while(<IN>) {
-		if(/^-----BEGIN (.*)-----/) {
-			my $hdr = $1;
-			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
-				$is_cert = 1;
-				last if($is_crl);
-			} elsif($hdr eq "X509 CRL") {
-				$is_crl = 1;
-				last if($is_cert);
-			}
-		}
-	}
-	close IN;
-	return ($is_cert, $is_crl);
-}
-
-
-# Link a certificate to its subject name hash value, each hash is of
-# the form <hash>.<n> where n is an integer. If the hash value already exists
-# then we need to up the value of n, unless its a duplicate in which
-# case we skip the link. We check for duplicates by comparing the
-# certificate fingerprints
-
-sub link_hash_cert {
-		my $fname = $_[0];
-		$fname =~ s/'/'\\''/g;
-		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
-		chomp $hash;
-		chomp $fprint;
-		$fprint =~ s/^.*=//;
-		$fprint =~ tr/://d;
-		my $suffix = 0;
-		# Search for an unused hash filename
-		while(exists $hashlist{"$hash.$suffix"}) {
-			# Hash matches: if fingerprint matches its a duplicate cert
-			if($hashlist{"$hash.$suffix"} eq $fprint) {
-				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
-				return;
-			}
-			$suffix++;
-		}
-		$hash .= ".$suffix";
-		if ($symlink_exists) {
-			symlink $fname, $hash;
-			print "link $fname -> $hash\n" if $verbose;
-		} else {
-			open IN,"<$fname" or die "can't open $fname for read";
-			open OUT,">$hash" or die "can't open $hash for write";
-			print OUT <IN>;	# does the job for small text files
-			close OUT;
-			close IN;
-			print "copy $fname -> $hash\n" if $verbose;
-		}
-		$hashlist{$hash} = $fprint;
-}
-
-# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
-
-sub link_hash_crl {
-		my $fname = $_[0];
-		$fname =~ s/'/'\\''/g;
-		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
-		chomp $hash;
-		chomp $fprint;
-		$fprint =~ s/^.*=//;
-		$fprint =~ tr/://d;
-		my $suffix = 0;
-		# Search for an unused hash filename
-		while(exists $hashlist{"$hash.r$suffix"}) {
-			# Hash matches: if fingerprint matches its a duplicate cert
-			if($hashlist{"$hash.r$suffix"} eq $fprint) {
-				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
-				return;
-			}
-			$suffix++;
-		}
-		$hash .= ".r$suffix";
-		if ($symlink_exists) {
-			symlink $fname, $hash;
-			print "link $fname -> $hash\n" if $verbose;
-		} else {
-			system ("cp", $fname, $hash);
-			print "cp $fname -> $hash\n" if $verbose;
-		}
-		$hashlist{$hash} = $fprint;
-}
-
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -1,11 +1,20 @@
-#!/usr/local/bin/perl
+#!{- $config{hashbangperl} -}
+
+# {- join("\n# ", @autowarntext) -}
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html

 # Perl c_rehash script, scan all files in a directory
 # and add symbolic links to their hash values.

-my $dir;
-my $prefix;
+my $dir = {- quotify1($config{openssldir}) -};
+my $prefix = {- quotify1($config{prefix}) -};

+my $errorcount = 0;
 my $openssl = $ENV{OPENSSL} || "openssl";
 my $pwd;
 my $x509hash = "-subject_hash";
@@ -21,7 +30,7 @@ while ( $ARGV[0] =~ /^-/ ) {
    if ( $flag eq '-old') {
 	    $x509hash = "-subject_hash_old";
 	    $crlhash = "-hash_old";
-    } elsif ( $flag eq '-h') {
+    } elsif ( $flag eq '-h' || $flag eq '-help' ) {
 	    help();
    } elsif ( $flag eq '-n' ) {
 	    $removelinks = 0;
@@ -29,15 +38,15 @@ while ( $ARGV[0] =~ /^-/ ) {
 	    $verbose++;
    }
    else {
-	    print STDERR "Usage error; try -help.\n";
+	    print STDERR "Usage error; try -h.\n";
 	    exit 1;
    }
 }

 sub help {
-	print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n";
+	print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
 	print "   -old use old-style digest\n";
-	print "   -h print this help text\n";
+	print "   -h or -help print this help text\n";
 	print "   -v print files removed and linked\n";
 	exit 0;
 }
@@ -54,24 +63,24 @@ if (defined(&Cwd::getcwd)) {
 my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
 $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");

-if(! -x $openssl) {
+if (! -x $openssl) {
 	my $found = 0;
 	foreach (split /$path_delim/, $ENV{PATH}) {
-		if(-x "$_/$openssl") {
+		if (-x "$_/$openssl") {
 			$found = 1;
 			$openssl = "$_/$openssl";
 			last;
 		}	
 	}
-	if($found == 0) {
+	if ($found == 0) {
 		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
 		exit 0;
 	}
 }

-if(@ARGV) {
+if (@ARGV) {
 	@dirlist = @ARGV;
-} elsif($ENV{SSL_CERT_DIR}) {
+} elsif ($ENV{SSL_CERT_DIR}) {
 	@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
 } else {
 	$dirlist[0] = "$dir/certs";
@@ -84,36 +93,42 @@ if (-d $dirlist[0]) {
 }

 foreach (@dirlist) {
-	if(-d $_ and -w $_) {
+	if (-d $_ ) {
+            if ( -w $_) {
 		hash_dir($_);
+            } else {
+                print "Skipping $_, can't write\n";
+                $errorcount++;
+            }
 	}
 }
+exit($errorcount);

 sub hash_dir {
 	my %hashlist;
 	print "Doing $_[0]\n";
 	chdir $_[0];
 	opendir(DIR, ".");
-	my @flist = readdir(DIR);
+	my @flist = sort readdir(DIR);
 	closedir DIR;
 	if ( $removelinks ) {
 		# Delete any existing symbolic links
 		foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
-			if(-l $_) {
-				unlink $_;
+			if (-l $_) {
 				print "unlink $_" if $verbose;
+				unlink $_ || warn "Can't unlink $_, $!\n";
 			}
 		}
 	}
 	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
 		# Check to see if certificates and/or CRLs present.
 		my ($cert, $crl) = check_file($fname);
-		if(!$cert && !$crl) {
+		if (!$cert && !$crl) {
 			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
 			next;
 		}
-		link_hash_cert($fname) if($cert);
-		link_hash_crl($fname) if($crl);
+		link_hash_cert($fname) if ($cert);
+		link_hash_crl($fname) if ($crl);
 	}
 }

@@ -122,14 +137,14 @@ sub check_file {
 	my $fname = $_[0];
 	open IN, $fname;
 	while(<IN>) {
-		if(/^-----BEGIN (.*)-----/) {
+		if (/^-----BEGIN (.*)-----/) {
 			my $hdr = $1;
-			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+			if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
 				$is_cert = 1;
-				last if($is_crl);
-			} elsif($hdr eq "X509 CRL") {
+				last if ($is_crl);
+			} elsif ($hdr eq "X509 CRL") {
 				$is_crl = 1;
-				last if($is_cert);
+				last if ($is_cert);
 			}
 		}
 	}
@@ -156,7 +171,7 @@ sub link_hash_cert {
 		# Search for an unused hash filename
 		while(exists $hashlist{"$hash.$suffix"}) {
 			# Hash matches: if fingerprint matches its a duplicate cert
-			if($hashlist{"$hash.$suffix"} eq $fprint) {
+			if ($hashlist{"$hash.$suffix"} eq $fprint) {
 				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
 				return;
 			}
@@ -164,15 +179,21 @@ sub link_hash_cert {
 		}
 		$hash .= ".$suffix";
 		if ($symlink_exists) {
-			symlink $fname, $hash;
 			print "link $fname -> $hash\n" if $verbose;
+			symlink $fname, $hash || warn "Can't symlink, $!";
 		} else {
-			open IN,"<$fname" or die "can't open $fname for read";
-			open OUT,">$hash" or die "can't open $hash for write";
-			print OUT <IN>;	# does the job for small text files
-			close OUT;
-			close IN;
 			print "copy $fname -> $hash\n" if $verbose;
+                        if (open($in, "<", $fname)) {
+                            if (open($out,">", $hash)) {
+                                print $out $_ while (<$in>);
+                                close $out;
+                            } else {
+                                warn "can't open $hash for write, $!";
+                            }
+                            close $in;
+                        } else {
+                            warn "can't open $fname for read, $!";
+                        }
 		}
 		$hashlist{$hash} = $fprint;
 }
@@ -191,7 +212,7 @@ sub link_hash_crl {
 		# Search for an unused hash filename
 		while(exists $hashlist{"$hash.r$suffix"}) {
 			# Hash matches: if fingerprint matches its a duplicate cert
-			if($hashlist{"$hash.r$suffix"} eq $fprint) {
+			if ($hashlist{"$hash.r$suffix"} eq $fprint) {
 				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
 				return;
 			}
@@ -199,12 +220,12 @@ sub link_hash_crl {
 		}
 		$hash .= ".r$suffix";
 		if ($symlink_exists) {
-			symlink $fname, $hash;
 			print "link $fname -> $hash\n" if $verbose;
+			symlink $fname, $hash || warn "Can't symlink, $!";
 		} else {
-			system ("cp", $fname, $hash);
 			print "cp $fname -> $hash\n" if $verbose;
+			system ("cp", $fname, $hash);
+                        warn "Can't copy, $!" if ($? >> 8) != 0;
 		}
 		$hashlist{$hash} = $fprint;
 }
-