diff -up openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_api.c
--- openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv	2002-01-18 17:50:42.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/conf/conf_api.c	2013-02-25 11:30:12.236666564 +0100
@@ -145,7 +145,7 @@ char *_CONF_get_string(const CONF *conf,
 			if (v != NULL) return(v->value);
 			if (strcmp(section,"ENV") == 0)
 				{
-				p=Getenv(name);
+				p=__secure_getenv(name);
 				if (p != NULL) return(p);
 				}
 			}
@@ -158,7 +158,7 @@ char *_CONF_get_string(const CONF *conf,
 			return(NULL);
 		}
 	else
-		return(Getenv(name));
+		return(__secure_getenv(name));
 	}
 
 #if 0 /* There's no way to provide error checking with this function, so
diff -up openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_mod.c
--- openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv	2007-04-09 13:47:59.000000000 +0200
+++ openssl-fips-0.9.8e/crypto/conf/conf_mod.c	2013-02-25 11:08:07.151779458 +0100
@@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void
 	char *file;
 	int len;
 
-	file = getenv("OPENSSL_CONF");
-	if (file) 
+	file = __secure_getenv("OPENSSL_CONF");
+	if (file)
 		return BUF_strdup(file);
 
 	len = strlen(X509_get_default_cert_area());
diff -up openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv openssl-fips-0.9.8e/crypto/engine/eng_list.c
--- openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv	2005-08-06 12:34:35.000000000 +0200
+++ openssl-fips-0.9.8e/crypto/engine/eng_list.c	2013-02-25 11:08:07.158779477 +0100
@@ -398,9 +398,9 @@ ENGINE *ENGINE_by_id(const char *id)
 	if (strcmp(id, "dynamic"))
 		{
 #ifdef OPENSSL_SYS_VMS
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
+		if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
 #else
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
+		if((load_dir = __secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
 #endif
 		iterator = ENGINE_by_id("dynamic");
 		if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff -up openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv openssl-fips-0.9.8e/crypto/o_init.c
--- openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv	2013-02-25 11:06:31.267583370 +0100
+++ openssl-fips-0.9.8e/crypto/o_init.c	2013-02-25 11:08:07.160779483 +0100
@@ -77,7 +77,7 @@ static void init_fips_mode(void)
 	char buf[2] = "0";
 	int fd;
 	
-	if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+	if (__secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
 		{
 		buf[0] = '1';
 		}
diff -up openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv openssl-fips-0.9.8e/crypto/rand/randfile.c
--- openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv	2007-03-02 18:44:55.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/rand/randfile.c	2013-02-25 11:08:07.161779486 +0100
@@ -231,8 +231,7 @@ const char *RAND_file_name(char *buf, si
 	struct stat sb;
 #endif
 
-	if (OPENSSL_issetugid() == 0)
-		s=getenv("RANDFILE");
+	s=__secure_getenv("RANDFILE");
 	if (s != NULL && *s && strlen(s) + 1 < size)
 		{
 		if (BUF_strlcpy(buf,s,size) >= size)
@@ -240,8 +239,7 @@ const char *RAND_file_name(char *buf, si
 		}
 	else
 		{
-		if (OPENSSL_issetugid() == 0)
-			s=getenv("HOME");
+		s=__secure_getenv("HOME");
 #ifdef DEFAULT_HOME
 		if (s == NULL)
 			{
diff -up openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_dir.c
--- openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv	2007-02-18 18:23:20.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/by_dir.c	2013-02-25 11:30:43.748730065 +0100
@@ -123,7 +123,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
 	case X509_L_ADD_DIR:
 		if (argl == X509_FILETYPE_DEFAULT)
 			{
-			dir=(char *)Getenv(X509_get_default_cert_dir_env());
+			dir=(char *)__secure_getenv(X509_get_default_cert_dir_env());
 			if (dir)
 				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
 			else
diff -up openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_file.c
--- openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv	2013-02-25 11:06:31.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/by_file.c	2013-02-25 11:31:03.429770740 +0100
@@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
 	case X509_L_FILE_LOAD:
 		if (argl == X509_FILETYPE_DEFAULT)
 			{
-			file = (char *)Getenv(X509_get_default_cert_file_env());
+			file = (char *)__secure_getenv(X509_get_default_cert_file_env());
 			if (file)
 				ok = (X509_load_cert_crl_file(ctx,file,
 					      X509_FILETYPE_PEM) != 0);
diff -up openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/x509_vfy.c
--- openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv	2013-02-25 11:06:31.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/x509_vfy.c	2013-02-25 11:11:48.476243592 +0100
@@ -414,7 +414,7 @@ static int check_chain_extensions(X509_S
 
 	/* A hack to keep people who don't want to modify their software
 	   happy */
-	if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+	if (__secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
 		allow_proxy_certs = 1;
 
 	/* Check all untrusted certificates */