diff options
author | William Joye <wjoye@cfa.harvard.edu> | 2017-05-02 16:06:33 (GMT) |
---|---|---|
committer | William Joye <wjoye@cfa.harvard.edu> | 2017-05-02 16:06:33 (GMT) |
commit | 335ca9eb0d2337314cbbec5eb19f9aeea0eaaca7 (patch) | |
tree | 0a0e8d65ee114cb89f58c3159488dd5523123309 /openssl/tools | |
parent | a90d8737b83a4a5bb2bf91a9bdf48a3dad4b51fa (diff) | |
download | blt-335ca9eb0d2337314cbbec5eb19f9aeea0eaaca7.zip blt-335ca9eb0d2337314cbbec5eb19f9aeea0eaaca7.tar.gz blt-335ca9eb0d2337314cbbec5eb19f9aeea0eaaca7.tar.bz2 |
initial commit
Diffstat (limited to 'openssl/tools')
-rw-r--r-- | openssl/tools/Makefile | 61 | ||||
-rwxr-xr-x | openssl/tools/c89.sh | 15 | ||||
-rw-r--r-- | openssl/tools/c_hash | 9 | ||||
-rw-r--r-- | openssl/tools/c_info | 12 | ||||
-rw-r--r-- | openssl/tools/c_issuer | 10 | ||||
-rw-r--r-- | openssl/tools/c_name | 10 | ||||
-rw-r--r-- | openssl/tools/c_rehash | 210 | ||||
-rw-r--r-- | openssl/tools/c_rehash.in | 210 |
8 files changed, 537 insertions, 0 deletions
diff --git a/openssl/tools/Makefile b/openssl/tools/Makefile new file mode 100644 index 0000000..c1a2f6b --- /dev/null +++ b/openssl/tools/Makefile @@ -0,0 +1,61 @@ +# +# OpenSSL/tools/Makefile +# + +DIR= tools +TOP= .. +CC= cc +INCLUDES= -I$(TOP) -I../../include +CFLAG=-g +MAKEFILE= Makefile + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= c_rehash +MISC_APPS= c_hash c_info c_issuer c_name + +all: + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @for i in $(APPS) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + done; + @for i in $(MISC_APPS) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + done; + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + +lint: + +tags: + +errors: + +update: depend + +depend: + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + rm -f c_rehash + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/openssl/tools/c89.sh b/openssl/tools/c89.sh new file mode 100755 index 0000000..b25c9fd --- /dev/null +++ b/openssl/tools/c89.sh @@ -0,0 +1,15 @@ +#!/bin/sh -k +# +# Re-order arguments so that -L comes first +# +opts="" +lopts="" + +for arg in $* ; do + case $arg in + -L*) lopts="$lopts $arg" ;; + *) opts="$opts $arg" ;; + esac +done + +c89 $lopts $opts diff --git a/openssl/tools/c_hash b/openssl/tools/c_hash new file mode 100644 index 0000000..5e0a908 --- /dev/null +++ b/openssl/tools/c_hash @@ -0,0 +1,9 @@ +#!/bin/sh +# print out the hash values +# + +for i in $* +do + h=`openssl x509 -hash -noout -in $i` + echo "$h.0 => $i" +done diff --git a/openssl/tools/c_info b/openssl/tools/c_info new file mode 100644 index 0000000..0e1e633 --- /dev/null +++ b/openssl/tools/c_info @@ -0,0 +1,12 @@ +#!/bin/sh +# +# print the subject +# + +for i in $* +do + n=`openssl x509 -subject -issuer -enddate -noout -in $i` + echo "$i" + echo "$n" + echo "--------" +done diff --git a/openssl/tools/c_issuer b/openssl/tools/c_issuer new file mode 100644 index 0000000..55821ab --- /dev/null +++ b/openssl/tools/c_issuer @@ -0,0 +1,10 @@ +#!/bin/sh +# +# print out the issuer +# + +for i in $* +do + n=`openssl x509 -issuer -noout -in $i` + echo "$i $n" +done diff --git a/openssl/tools/c_name b/openssl/tools/c_name new file mode 100644 index 0000000..28800c0 --- /dev/null +++ b/openssl/tools/c_name @@ -0,0 +1,10 @@ +#!/bin/sh +# +# print the subject +# + +for i in $* +do + n=`openssl x509 -subject -noout -in $i` + echo "$i $n" +done diff --git a/openssl/tools/c_rehash b/openssl/tools/c_rehash new file mode 100644 index 0000000..6a27c02 --- /dev/null +++ b/openssl/tools/c_rehash @@ -0,0 +1,210 @@ +#!/usr/bin/perl + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = "/usr/local/ssl"; +my $prefix = "/usr/local/ssl"; + +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h') { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -help.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if(! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if(-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if(@ARGV) { + @dirlist = @ARGV; +} elsif($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if(-d $_ and -w $_) { + hash_dir($_); + } +} + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if(-l $_) { + unlink $_; + print "unlink $_" if $verbose; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if($cert); + link_hash_crl($fname) if($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while(<IN>) { + if(/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if($is_crl); + } elsif($hdr eq "X509 CRL") { + $is_crl = 1; + last if($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form <hash>.<n> where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + symlink $fname, $hash; + print "link $fname -> $hash\n" if $verbose; + } else { + open IN,"<$fname" or die "can't open $fname for read"; + open OUT,">$hash" or die "can't open $hash for write"; + print OUT <IN>; # does the job for small text files + close OUT; + close IN; + print "copy $fname -> $hash\n" if $verbose; + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form <hash>.r<n> + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + symlink $fname, $hash; + print "link $fname -> $hash\n" if $verbose; + } else { + system ("cp", $fname, $hash); + print "cp $fname -> $hash\n" if $verbose; + } + $hashlist{$hash} = $fprint; +} + diff --git a/openssl/tools/c_rehash.in b/openssl/tools/c_rehash.in new file mode 100644 index 0000000..b086ff9 --- /dev/null +++ b/openssl/tools/c_rehash.in @@ -0,0 +1,210 @@ +#!/usr/local/bin/perl + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir; +my $prefix; + +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h') { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -help.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if(! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if(-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if(@ARGV) { + @dirlist = @ARGV; +} elsif($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if(-d $_ and -w $_) { + hash_dir($_); + } +} + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if(-l $_) { + unlink $_; + print "unlink $_" if $verbose; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if($cert); + link_hash_crl($fname) if($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while(<IN>) { + if(/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if($is_crl); + } elsif($hdr eq "X509 CRL") { + $is_crl = 1; + last if($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form <hash>.<n> where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + symlink $fname, $hash; + print "link $fname -> $hash\n" if $verbose; + } else { + open IN,"<$fname" or die "can't open $fname for read"; + open OUT,">$hash" or die "can't open $hash for write"; + print OUT <IN>; # does the job for small text files + close OUT; + close IN; + print "copy $fname -> $hash\n" if $verbose; + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form <hash>.r<n> + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + symlink $fname, $hash; + print "link $fname -> $hash\n" if $verbose; + } else { + system ("cp", $fname, $hash); + print "cp $fname -> $hash\n" if $verbose; + } + $hashlist{$hash} = $fprint; +} + |