openssl/sme8/openssl-fips-0.9.8e-secure-getenv.patch

diff -up openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_api.c
--- openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv    2002-01-18 17:50:42.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/conf/conf_api.c  2013-02-25 11:30:12.236666564 +0100
@@ -145,7 +145,7 @@ char *_CONF_get_string(const CONF *conf,
                        if (v != NULL) return(v->value);
                        if (strcmp(section,"ENV") == 0)
                                {
-                               p=Getenv(name);
+                               p=__secure_getenv(name);
                                if (p != NULL) return(p);
                                }
                        }
@@ -158,7 +158,7 @@ char *_CONF_get_string(const CONF *conf,
                        return(NULL);
                }
        else
-               return(Getenv(name));
+               return(__secure_getenv(name));
        }
 
 #if 0 /* There's no way to provide error checking with this function, so
diff -up openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_mod.c
--- openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv    2007-04-09 13:47:59.000000000 +0200
+++ openssl-fips-0.9.8e/crypto/conf/conf_mod.c  2013-02-25 11:08:07.151779458 +0100
@@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void
        char *file;
        int len;
 
-       file = getenv("OPENSSL_CONF");
-       if (file) 
+       file = __secure_getenv("OPENSSL_CONF");
+       if (file)
                return BUF_strdup(file);
 
        len = strlen(X509_get_default_cert_area());
diff -up openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv openssl-fips-0.9.8e/crypto/engine/eng_list.c
--- openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv  2005-08-06 12:34:35.000000000 +0200
+++ openssl-fips-0.9.8e/crypto/engine/eng_list.c        2013-02-25 11:08:07.158779477 +0100
@@ -398,9 +398,9 @@ ENGINE *ENGINE_by_id(const char *id)
        if (strcmp(id, "dynamic"))
                {
 #ifdef OPENSSL_SYS_VMS
-               if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
+               if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
 #else
-               if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
+               if((load_dir = __secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
 #endif
                iterator = ENGINE_by_id("dynamic");
                if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff -up openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv openssl-fips-0.9.8e/crypto/o_init.c
--- openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv   2013-02-25 11:06:31.267583370 +0100
+++ openssl-fips-0.9.8e/crypto/o_init.c 2013-02-25 11:08:07.160779483 +0100
@@ -77,7 +77,7 @@ static void init_fips_mode(void)
        char buf[2] = "0";
        int fd;
        
-       if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+       if (__secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
                {
                buf[0] = '1';
                }
diff -up openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv openssl-fips-0.9.8e/crypto/rand/randfile.c
--- openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv    2007-03-02 18:44:55.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/rand/randfile.c  2013-02-25 11:08:07.161779486 +0100
@@ -231,8 +231,7 @@ const char *RAND_file_name(char *buf, si
        struct stat sb;
 #endif
 
-       if (OPENSSL_issetugid() == 0)
-               s=getenv("RANDFILE");
+       s=__secure_getenv("RANDFILE");
        if (s != NULL && *s && strlen(s) + 1 < size)
                {
                if (BUF_strlcpy(buf,s,size) >= size)
@@ -240,8 +239,7 @@ const char *RAND_file_name(char *buf, si
                }
        else
                {
-               if (OPENSSL_issetugid() == 0)
-                       s=getenv("HOME");
+               s=__secure_getenv("HOME");
 #ifdef DEFAULT_HOME
                if (s == NULL)
                        {
diff -up openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_dir.c
--- openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv      2007-02-18 18:23:20.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/by_dir.c    2013-02-25 11:30:43.748730065 +0100
@@ -123,7 +123,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
        case X509_L_ADD_DIR:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                       dir=(char *)Getenv(X509_get_default_cert_dir_env());
+                       dir=(char *)__secure_getenv(X509_get_default_cert_dir_env());
                        if (dir)
                                ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
                        else
diff -up openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_file.c
--- openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv     2013-02-25 11:06:31.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/by_file.c   2013-02-25 11:31:03.429770740 +0100
@@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
        case X509_L_FILE_LOAD:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                       file = (char *)Getenv(X509_get_default_cert_file_env());
+                       file = (char *)__secure_getenv(X509_get_default_cert_file_env());
                        if (file)
                                ok = (X509_load_cert_crl_file(ctx,file,
                                              X509_FILETYPE_PEM) != 0);
diff -up openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/x509_vfy.c
--- openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv    2013-02-25 11:06:31.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/x509/x509_vfy.c  2013-02-25 11:11:48.476243592 +0100
@@ -414,7 +414,7 @@ static int check_chain_extensions(X509_S
 
        /* A hack to keep people who don't want to modify their software
           happy */
-       if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+       if (__secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
                allow_proxy_certs = 1;
 
        /* Check all untrusted certificates */
1	diff -up openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_api.c
2	--- openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv 2002-01-18 17:50:42.000000000 +0100
3	+++ openssl-fips-0.9.8e/crypto/conf/conf_api.c 2013-02-25 11:30:12.236666564 +0100
4	@@ -145,7 +145,7 @@ char _CONF_get_string(const CONF conf,
5	if (v != NULL) return(v->value);
6	if (strcmp(section,"ENV") == 0)
7	{
8	- p=Getenv(name);
9	+ p=__secure_getenv(name);
10	if (p != NULL) return(p);
11	}
12	}
13	@@ -158,7 +158,7 @@ char _CONF_get_string(const CONF conf,
14	return(NULL);
15	}
16	else
17	- return(Getenv(name));
18	+ return(__secure_getenv(name));
19	}
20
21	#if 0 /* There's no way to provide error checking with this function, so
22	diff -up openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_mod.c
23	--- openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv 2007-04-09 13:47:59.000000000 +0200
24	+++ openssl-fips-0.9.8e/crypto/conf/conf_mod.c 2013-02-25 11:08:07.151779458 +0100
25	@@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void
26	char *file;
27	int len;
28
29	- file = getenv("OPENSSL_CONF");
30	- if (file)
31	+ file = __secure_getenv("OPENSSL_CONF");
32	+ if (file)
33	return BUF_strdup(file);
34
35	len = strlen(X509_get_default_cert_area());
36	diff -up openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv openssl-fips-0.9.8e/crypto/engine/eng_list.c
37	--- openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv 2005-08-06 12:34:35.000000000 +0200
38	+++ openssl-fips-0.9.8e/crypto/engine/eng_list.c 2013-02-25 11:08:07.158779477 +0100
39	@@ -398,9 +398,9 @@ ENGINE ENGINE_by_id(const char id)
40	if (strcmp(id, "dynamic"))
41	{
42	#ifdef OPENSSL_SYS_VMS
43	- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
44	+ if(OPENSSL_issetugid() \|\| (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
45	#else
46	- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
47	+ if((load_dir = __secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
48	#endif
49	iterator = ENGINE_by_id("dynamic");
50	if(!iterator \|\| !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) \|\|
51	diff -up openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv openssl-fips-0.9.8e/crypto/o_init.c
52	--- openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv 2013-02-25 11:06:31.267583370 +0100
53	+++ openssl-fips-0.9.8e/crypto/o_init.c 2013-02-25 11:08:07.160779483 +0100
54	@@ -77,7 +77,7 @@ static void init_fips_mode(void)
55	char buf[2] = "0";
56	int fd;
57
58	- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
59	+ if (__secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
60	{
61	buf[0] = '1';
62	}
63	diff -up openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv openssl-fips-0.9.8e/crypto/rand/randfile.c
64	--- openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv 2007-03-02 18:44:55.000000000 +0100
65	+++ openssl-fips-0.9.8e/crypto/rand/randfile.c 2013-02-25 11:08:07.161779486 +0100
66	@@ -231,8 +231,7 @@ const char RAND_file_name(char buf, si
67	struct stat sb;
68	#endif
69
70	- if (OPENSSL_issetugid() == 0)
71	- s=getenv("RANDFILE");
72	+ s=__secure_getenv("RANDFILE");
73	if (s != NULL && *s && strlen(s) + 1 < size)
74	{
75	if (BUF_strlcpy(buf,s,size) >= size)
76	@@ -240,8 +239,7 @@ const char RAND_file_name(char buf, si
77	}
78	else
79	{
80	- if (OPENSSL_issetugid() == 0)
81	- s=getenv("HOME");
82	+ s=__secure_getenv("HOME");
83	#ifdef DEFAULT_HOME
84	if (s == NULL)
85	{
86	diff -up openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_dir.c
87	--- openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv 2007-02-18 18:23:20.000000000 +0100
88	+++ openssl-fips-0.9.8e/crypto/x509/by_dir.c 2013-02-25 11:30:43.748730065 +0100
89	@@ -123,7 +123,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
90	case X509_L_ADD_DIR:
91	if (argl == X509_FILETYPE_DEFAULT)
92	{
93	- dir=(char *)Getenv(X509_get_default_cert_dir_env());
94	+ dir=(char *)__secure_getenv(X509_get_default_cert_dir_env());
95	if (dir)
96	ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
97	else
98	diff -up openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_file.c
99	--- openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv 2013-02-25 11:06:31.000000000 +0100
100	+++ openssl-fips-0.9.8e/crypto/x509/by_file.c 2013-02-25 11:31:03.429770740 +0100
101	@@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
102	case X509_L_FILE_LOAD:
103	if (argl == X509_FILETYPE_DEFAULT)
104	{
105	- file = (char *)Getenv(X509_get_default_cert_file_env());
106	+ file = (char *)__secure_getenv(X509_get_default_cert_file_env());
107	if (file)
108	ok = (X509_load_cert_crl_file(ctx,file,
109	X509_FILETYPE_PEM) != 0);
110	diff -up openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/x509_vfy.c
111	--- openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv 2013-02-25 11:06:31.000000000 +0100
112	+++ openssl-fips-0.9.8e/crypto/x509/x509_vfy.c 2013-02-25 11:11:48.476243592 +0100
113	@@ -414,7 +414,7 @@ static int check_chain_extensions(X509_S
114
115	/* A hack to keep people who don't want to modify their software
116	happy */
117	- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
118	+ if (__secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
119	allow_proxy_certs = 1;
120
121	/* Check all untrusted certificates */