openssl/sme8/openssl-fips-0.9.8e-secure-getenv.patch

diff -up openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_api.c
--- openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv    2002-01-18 17:50:42.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/conf/conf_api.c  2013-02-25 11:30:12.236666564 +0100
@@ -145,7 +145,7 @@ char *_CONF_get_string(const CONF *conf,
                        if (v != NULL) return(v->value);
                        if (strcmp(section,"ENV") == 0)
                                {
-                               p=Getenv(name);
+                               p=__secure_getenv(name);
                                if (p != NULL) return(p);
                                }
                        }
@@ -158,7 +158,7 @@ char *_CONF_get_string(const CONF *conf,
                        return(NULL);
                }
        else
-               return(Getenv(name));
+               return(__secure_getenv(name));
        }
 
 #if 0 /* There's no way to provide error checking with this function, so
diff -up openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_mod.c
--- openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv    2007-04-09 13:47:59.000000000 +0200
+++ openssl-fips-0.9.8e/crypto/conf/conf_mod.c  2013-02-25 11:08:07.151779458 +0100
@@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void
        char *file;
        int len;
 
-       file = getenv("OPENSSL_CONF");
-       if (file) 
+       file = __secure_getenv("OPENSSL_CONF");
+       if (file)
                return BUF_strdup(file);
 
        len = strlen(X509_get_default_cert_area());
diff -up openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv openssl-fips-0.9.8e/crypto/engine/eng_list.c
--- openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv  2005-08-06 12:34:35.000000000 +0200
+++ openssl-fips-0.9.8e/crypto/engine/eng_list.c        2013-02-25 11:08:07.158779477 +0100
@@ -398,9 +398,9 @@ ENGINE *ENGINE_by_id(const char *id)
        if (strcmp(id, "dynamic"))
                {
 #ifdef OPENSSL_SYS_VMS
-               if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
+               if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
 #else
-               if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
+               if((load_dir = __secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
 #endif
                iterator = ENGINE_by_id("dynamic");
                if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff -up openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv openssl-fips-0.9.8e/crypto/o_init.c
--- openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv   2013-02-25 11:06:31.267583370 +0100
+++ openssl-fips-0.9.8e/crypto/o_init.c 2013-02-25 11:08:07.160779483 +0100
@@ -77,7 +77,7 @@ static void init_fips_mode(void)
        char buf[2] = "0";
        int fd;
        
-       if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+       if (__secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
                {
                buf[0] = '1';
                }
diff -up openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv openssl-fips-0.9.8e/crypto/rand/randfile.c
--- openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv    2007-03-02 18:44:55.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/rand/randfile.c  2013-02-25 11:08:07.161779486 +0100
@@ -231,8 +231,7 @@ const char *RAND_file_name(char *buf, si
        struct stat sb;
 #endif
 
-       if (OPENSSL_issetugid() == 0)
-               s=getenv("RANDFILE");
+       s=__secure_getenv("RANDFILE");
        if (s != NULL && *s && strlen(s) + 1 < size)
                {
                if (BUF_strlcpy(buf,s,size) >= size)
@@ -240,8 +239,7 @@ const char *RAND_file_name(char *buf, si
                }
        else
                {
-               if (OPENSSL_issetugid() == 0)
-                       s=getenv("HOME");
+               s=__secure_getenv("HOME");
 #ifdef DEFAULT_HOME
                if (s == NULL)
                        {
diff -up openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_dir.c
--- openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv      2007-02-18 18:23:20.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/by_dir.c    2013-02-25 11:30:43.748730065 +0100
@@ -123,7 +123,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
        case X509_L_ADD_DIR:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                       dir=(char *)Getenv(X509_get_default_cert_dir_env());
+                       dir=(char *)__secure_getenv(X509_get_default_cert_dir_env());
                        if (dir)
                                ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
                        else
diff -up openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_file.c
--- openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv     2013-02-25 11:06:31.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/by_file.c   2013-02-25 11:31:03.429770740 +0100
@@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
        case X509_L_FILE_LOAD:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                       file = (char *)Getenv(X509_get_default_cert_file_env());
+                       file = (char *)__secure_getenv(X509_get_default_cert_file_env());
                        if (file)
                                ok = (X509_load_cert_crl_file(ctx,file,
                                              X509_FILETYPE_PEM) != 0);
diff -up openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/x509_vfy.c
--- openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv    2013-02-25 11:06:31.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/x509_vfy.c  2013-02-25 11:11:48.476243592 +0100
@@ -414,7 +414,7 @@ static int check_chain_extensions(X509_S
 
        /* A hack to keep people who don't want to modify their software
           happy */
-       if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+       if (__secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
                allow_proxy_certs = 1;
 
        /* Check all untrusted certificates */
1	wellsi	1.1	diff -up openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_api.c
2			--- openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv 2002-01-18 17:50:42.000000000 +0100
3			+++ openssl-fips-0.9.8e/crypto/conf/conf_api.c 2013-02-25 11:30:12.236666564 +0100
4			@@ -145,7 +145,7 @@ char _CONF_get_string(const CONF conf,
5			if (v != NULL) return(v->value);
6			if (strcmp(section,"ENV") == 0)
7			{
8			- p=Getenv(name);
9			+ p=__secure_getenv(name);
10			if (p != NULL) return(p);
11			}
12			}
13			@@ -158,7 +158,7 @@ char _CONF_get_string(const CONF conf,
14			return(NULL);
15			}
16			else
17			- return(Getenv(name));
18			+ return(__secure_getenv(name));
19			}
20
21			#if 0 /* There's no way to provide error checking with this function, so
22			diff -up openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_mod.c
23			--- openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv 2007-04-09 13:47:59.000000000 +0200
24			+++ openssl-fips-0.9.8e/crypto/conf/conf_mod.c 2013-02-25 11:08:07.151779458 +0100
25			@@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void
26			char *file;
27			int len;
28
29			- file = getenv("OPENSSL_CONF");
30			- if (file)
31			+ file = __secure_getenv("OPENSSL_CONF");
32			+ if (file)
33			return BUF_strdup(file);
34
35			len = strlen(X509_get_default_cert_area());
36			diff -up openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv openssl-fips-0.9.8e/crypto/engine/eng_list.c
37			--- openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv 2005-08-06 12:34:35.000000000 +0200
38			+++ openssl-fips-0.9.8e/crypto/engine/eng_list.c 2013-02-25 11:08:07.158779477 +0100
39			@@ -398,9 +398,9 @@ ENGINE ENGINE_by_id(const char id)
40			if (strcmp(id, "dynamic"))
41			{
42			#ifdef OPENSSL_SYS_VMS
43			- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
44			+ if(OPENSSL_issetugid() \|\| (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
45			#else
46			- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
47			+ if((load_dir = __secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
48			#endif
49			iterator = ENGINE_by_id("dynamic");
50			if(!iterator \|\| !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) \|\|
51			diff -up openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv openssl-fips-0.9.8e/crypto/o_init.c
52			--- openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv 2013-02-25 11:06:31.267583370 +0100
53			+++ openssl-fips-0.9.8e/crypto/o_init.c 2013-02-25 11:08:07.160779483 +0100
54			@@ -77,7 +77,7 @@ static void init_fips_mode(void)
55			char buf[2] = "0";
56			int fd;
57
58			- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
59			+ if (__secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
60			{
61			buf[0] = '1';
62			}
63			diff -up openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv openssl-fips-0.9.8e/crypto/rand/randfile.c
64			--- openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv 2007-03-02 18:44:55.000000000 +0100
65			+++ openssl-fips-0.9.8e/crypto/rand/randfile.c 2013-02-25 11:08:07.161779486 +0100
66			@@ -231,8 +231,7 @@ const char RAND_file_name(char buf, si
67			struct stat sb;
68			#endif
69
70			- if (OPENSSL_issetugid() == 0)
71			- s=getenv("RANDFILE");
72			+ s=__secure_getenv("RANDFILE");
73			if (s != NULL && *s && strlen(s) + 1 < size)
74			{
75			if (BUF_strlcpy(buf,s,size) >= size)
76			@@ -240,8 +239,7 @@ const char RAND_file_name(char buf, si
77			}
78			else
79			{
80			- if (OPENSSL_issetugid() == 0)
81			- s=getenv("HOME");
82			+ s=__secure_getenv("HOME");
83			#ifdef DEFAULT_HOME
84			if (s == NULL)
85			{
86			diff -up openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_dir.c
87			--- openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv 2007-02-18 18:23:20.000000000 +0100
88			+++ openssl-fips-0.9.8e/crypto/x509/by_dir.c 2013-02-25 11:30:43.748730065 +0100
89			@@ -123,7 +123,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
90			case X509_L_ADD_DIR:
91			if (argl == X509_FILETYPE_DEFAULT)
92			{
93			- dir=(char *)Getenv(X509_get_default_cert_dir_env());
94			+ dir=(char *)__secure_getenv(X509_get_default_cert_dir_env());
95			if (dir)
96			ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
97			else
98			diff -up openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_file.c
99			--- openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv 2013-02-25 11:06:31.000000000 +0100
100			+++ openssl-fips-0.9.8e/crypto/x509/by_file.c 2013-02-25 11:31:03.429770740 +0100
101			@@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
102			case X509_L_FILE_LOAD:
103			if (argl == X509_FILETYPE_DEFAULT)
104			{
105			- file = (char *)Getenv(X509_get_default_cert_file_env());
106			+ file = (char *)__secure_getenv(X509_get_default_cert_file_env());
107			if (file)
108			ok = (X509_load_cert_crl_file(ctx,file,
109			X509_FILETYPE_PEM) != 0);
110			diff -up openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/x509_vfy.c
111			--- openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv 2013-02-25 11:06:31.000000000 +0100
112			+++ openssl-fips-0.9.8e/crypto/x509/x509_vfy.c 2013-02-25 11:11:48.476243592 +0100
113			@@ -414,7 +414,7 @@ static int check_chain_extensions(X509_S
114
115			/* A hack to keep people who don't want to modify their software
116			happy */
117			- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
118			+ if (__secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
119			allow_proxy_certs = 1;
120
121			/* Check all untrusted certificates */