Blame SOURCES/0068-CVE-2022-2068.patch

727bdf
diff -up openssl-3.0.1/tools/c_rehash.in.cve20222068 openssl-3.0.1/tools/c_rehash.in
727bdf
--- openssl-3.0.1/tools/c_rehash.in.cve20222068	2022-06-22 13:15:57.347421765 +0200
727bdf
+++ openssl-3.0.1/tools/c_rehash.in	2022-06-22 13:16:14.797576250 +0200
727bdf
@@ -104,18 +104,41 @@ foreach (@dirlist) {
727bdf
 }
727bdf
 exit($errorcount);
727bdf
 
727bdf
+sub copy_file {
727bdf
+    my ($src_fname, $dst_fname) = @_;
727bdf
+
727bdf
+    if (open(my $in, "<", $src_fname)) {
727bdf
+        if (open(my $out, ">", $dst_fname)) {
727bdf
+            print $out $_ while (<$in>);
727bdf
+            close $out;
727bdf
+        } else {
727bdf
+            warn "Cannot open $dst_fname for write, $!";
727bdf
+        }
727bdf
+        close $in;
727bdf
+    } else {
727bdf
+        warn "Cannot open $src_fname for read, $!";
727bdf
+    }
727bdf
+}
727bdf
+
727bdf
 sub hash_dir {
727bdf
+    my $dir = shift;
727bdf
     my %hashlist;
727bdf
-    print "Doing $_[0]\n";
727bdf
-    chdir $_[0];
727bdf
-    opendir(DIR, ".");
727bdf
+
727bdf
+    print "Doing $dir\n";
727bdf
+
727bdf
+    if (!chdir $dir) {
727bdf
+        print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
727bdf
+        return;
727bdf
+    }
727bdf
+
727bdf
+    opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
727bdf
     my @flist = sort readdir(DIR);
727bdf
     closedir DIR;
727bdf
     if ( $removelinks ) {
727bdf
         # Delete any existing symbolic links
727bdf
         foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
727bdf
             if (-l $_) {
727bdf
-                print "unlink $_" if $verbose;
727bdf
+                print "unlink $_\n" if $verbose;
727bdf
                 unlink $_ || warn "Can't unlink $_, $!\n";
727bdf
             }
727bdf
         }
727bdf
@@ -130,13 +153,16 @@ sub hash_dir {
727bdf
         link_hash_cert($fname) if ($cert);
727bdf
         link_hash_crl($fname) if ($crl);
727bdf
     }
727bdf
+
727bdf
+    chdir $pwd;
727bdf
 }
727bdf
 
727bdf
 sub check_file {
727bdf
     my ($is_cert, $is_crl) = (0,0);
727bdf
     my $fname = $_[0];
727bdf
-    open IN, $fname;
727bdf
-    while(<IN>) {
727bdf
+
727bdf
+    open(my $in, "<", $fname);
727bdf
+    while(<$in>) {
727bdf
         if (/^-----BEGIN (.*)-----/) {
727bdf
             my $hdr = $1;
727bdf
             if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
727bdf
@@ -148,7 +174,7 @@ sub check_file {
727bdf
             }
727bdf
         }
727bdf
     }
727bdf
-    close IN;
727bdf
+    close $in;
727bdf
     return ($is_cert, $is_crl);
727bdf
 }
727bdf
 
727bdf
@@ -177,76 +203,49 @@ sub compute_hash {
727bdf
 # certificate fingerprints
727bdf
 
727bdf
 sub link_hash_cert {
727bdf
-    my $fname = $_[0];
727bdf
-    my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
727bdf
-                                       "-fingerprint", "-noout",
727bdf
-                                       "-in", $fname);
727bdf
-    chomp $hash;
727bdf
-    chomp $fprint;
727bdf
-    return if !$hash;
727bdf
-    $fprint =~ s/^.*=//;
727bdf
-    $fprint =~ tr/://d;
727bdf
-    my $suffix = 0;
727bdf
-    # Search for an unused hash filename
727bdf
-    while(exists $hashlist{"$hash.$suffix"}) {
727bdf
-        # Hash matches: if fingerprint matches its a duplicate cert
727bdf
-        if ($hashlist{"$hash.$suffix"} eq $fprint) {
727bdf
-            print STDERR "WARNING: Skipping duplicate certificate $fname\n";
727bdf
-            return;
727bdf
-        }
727bdf
-        $suffix++;
727bdf
-    }
727bdf
-    $hash .= ".$suffix";
727bdf
-    if ($symlink_exists) {
727bdf
-        print "link $fname -> $hash\n" if $verbose;
727bdf
-        symlink $fname, $hash || warn "Can't symlink, $!";
727bdf
-    } else {
727bdf
-        print "copy $fname -> $hash\n" if $verbose;
727bdf
-        if (open($in, "<", $fname)) {
727bdf
-            if (open($out,">", $hash)) {
727bdf
-                print $out $_ while (<$in>);
727bdf
-                close $out;
727bdf
-            } else {
727bdf
-                warn "can't open $hash for write, $!";
727bdf
-            }
727bdf
-            close $in;
727bdf
-        } else {
727bdf
-            warn "can't open $fname for read, $!";
727bdf
-        }
727bdf
-    }
727bdf
-    $hashlist{$hash} = $fprint;
727bdf
+    link_hash($_[0], 'cert');
727bdf
 }
727bdf
 
727bdf
 # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
727bdf
 
727bdf
 sub link_hash_crl {
727bdf
-    my $fname = $_[0];
727bdf
-    my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
727bdf
+    link_hash($_[0], 'crl');
727bdf
+}
727bdf
+
727bdf
+sub link_hash {
727bdf
+    my ($fname, $type) = @_;
727bdf
+    my $is_cert = $type eq 'cert';
727bdf
+
727bdf
+    my ($hash, $fprint) = compute_hash($openssl,
727bdf
+                                       $is_cert ? "x509" : "crl",
727bdf
+                                       $is_cert ? $x509hash : $crlhash,
727bdf
                                        "-fingerprint", "-noout",
727bdf
                                        "-in", $fname);
727bdf
     chomp $hash;
727bdf
+    $hash =~ s/^.*=// if !$is_cert;
727bdf
     chomp $fprint;
727bdf
     return if !$hash;
727bdf
     $fprint =~ s/^.*=//;
727bdf
     $fprint =~ tr/://d;
727bdf
     my $suffix = 0;
727bdf
     # Search for an unused hash filename
727bdf
-    while(exists $hashlist{"$hash.r$suffix"}) {
727bdf
+    my $crlmark = $is_cert ? "" : "r";
727bdf
+    while(exists $hashlist{"$hash.$crlmark$suffix"}) {
727bdf
         # Hash matches: if fingerprint matches its a duplicate cert
727bdf
-        if ($hashlist{"$hash.r$suffix"} eq $fprint) {
727bdf
-            print STDERR "WARNING: Skipping duplicate CRL $fname\n";
727bdf
+        if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
727bdf
+            my $what = $is_cert ? 'certificate' : 'CRL';
727bdf
+            print STDERR "WARNING: Skipping duplicate $what $fname\n";
727bdf
             return;
727bdf
         }
727bdf
         $suffix++;
727bdf
     }
727bdf
-    $hash .= ".r$suffix";
727bdf
+    $hash .= ".$crlmark$suffix";
727bdf
     if ($symlink_exists) {
727bdf
         print "link $fname -> $hash\n" if $verbose;
727bdf
         symlink $fname, $hash || warn "Can't symlink, $!";
727bdf
     } else {
727bdf
-        print "cp $fname -> $hash\n" if $verbose;
727bdf
-        system ("cp", $fname, $hash);
727bdf
-        warn "Can't copy, $!" if ($? >> 8) != 0;
727bdf
+        print "copy $fname -> $hash\n" if $verbose;
727bdf
+        copy_file($fname, $hash);
727bdf
     }
727bdf
     $hashlist{$hash} = $fprint;
727bdf
 }