rpms / openssl098e

Clone
Source Code
GIT

Blame SOURCES/openssl-fips-0.9.8e-secure-getenv.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   c92cf81146758bcd9a03cfbec97a254a566685ed
  2.   SOURCES
  3.   openssl-fips-0.9.8e-secure-getenv.patch
Blob History Raw
c4366c 
diff -up openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_api.c
c4366c 
--- openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv	2013-07-17 11:38:28.172584638 +0200
c4366c 
+++ openssl-fips-0.9.8e/crypto/conf/conf_api.c	2013-07-17 11:44:13.779925448 +0200
c4366c 
@@ -62,6 +62,8 @@
c4366c 
 # undef NDEBUG /* avoid conflicting definitions */
c4366c 
 # define NDEBUG
c4366c 
 #endif
c4366c 
+/* for secure_getenv */
c4366c 
+#define _GNU_SOURCE
c4366c
c4366c 
 #include <assert.h>
c4366c 
 #include <string.h>
c4366c 
@@ -145,7 +147,7 @@ char *_CONF_get_string(const CONF *conf,
c4366c 
 			if (v != NULL) return(v->value);
c4366c 
 			if (strcmp(section,"ENV") == 0)
c4366c 
 				{
c4366c 
-				p=Getenv(name);
c4366c 
+				p=secure_getenv(name);
c4366c 
 				if (p != NULL) return(p);
c4366c 
 				}
c4366c 
 			}
c4366c 
@@ -158,7 +160,7 @@ char *_CONF_get_string(const CONF *conf,
c4366c 
 			return(NULL);
c4366c 
 		}
c4366c 
 	else
c4366c 
-		return(Getenv(name));
c4366c 
+		return(secure_getenv(name));
c4366c 
 	}
c4366c
c4366c 
 #if 0 /* There's no way to provide error checking with this function, so
c4366c 
diff -up openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_mod.c
c4366c 
--- openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv	2013-07-17 11:38:28.173584642 +0200
c4366c 
+++ openssl-fips-0.9.8e/crypto/conf/conf_mod.c	2013-07-17 11:44:37.188017398 +0200
c4366c 
@@ -56,6 +56,8 @@
c4366c 
  *
c4366c 
  */
c4366c
c4366c 
+/* for secure_getenv */
c4366c 
+#define _GNU_SOURCE
c4366c 
 #include <stdio.h>
c4366c 
 #include <ctype.h>
c4366c 
 #include <openssl/crypto.h>
c4366c 
@@ -548,8 +550,8 @@ char *CONF_get1_default_config_file(void
c4366c 
 	char *file;
c4366c 
 	int len;
c4366c
c4366c 
-	file = getenv("OPENSSL_CONF");
c4366c 
-	if (file)
c4366c 
+	file = secure_getenv("OPENSSL_CONF");
c4366c 
+	if (file)
c4366c 
 		return BUF_strdup(file);
c4366c
c4366c 
 	len = strlen(X509_get_default_cert_area());
c4366c 
diff -up openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv openssl-fips-0.9.8e/crypto/engine/eng_list.c
c4366c 
--- openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv	2005-08-06 12:34:35.000000000 +0200
c4366c 
+++ openssl-fips-0.9.8e/crypto/engine/eng_list.c	2013-07-17 11:42:52.210608034 +0200
c4366c 
@@ -61,6 +61,8 @@
c4366c 
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
c4366c 
  */
c4366c
c4366c 
+/* for secure_getenv */
c4366c 
+#define _GNU_SOURCE
c4366c 
 #include "eng_int.h"
c4366c
c4366c 
 /* The linked-list of pointers to engine types. engine_list_head
c4366c 
@@ -398,9 +400,9 @@ ENGINE *ENGINE_by_id(const char *id)
c4366c 
 	if (strcmp(id, "dynamic"))
c4366c 
 		{
c4366c 
 #ifdef OPENSSL_SYS_VMS
c4366c 
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
c4366c 
+		if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
c4366c 
 #else
c4366c 
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
c4366c 
+		if((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
c4366c 
 #endif
c4366c 
 		iterator = ENGINE_by_id("dynamic");
c4366c 
 		if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
c4366c 
diff -up openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv openssl-fips-0.9.8e/crypto/o_init.c
c4366c 
--- openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv	2013-07-17 11:38:28.232584911 +0200
c4366c 
+++ openssl-fips-0.9.8e/crypto/o_init.c	2013-07-17 11:41:57.060391907 +0200
c4366c 
@@ -56,6 +56,8 @@
c4366c 
  *
c4366c 
  */
c4366c
c4366c 
+/* for secure_getenv */
c4366c 
+#define _GNU_SOURCE
c4366c 
 #include <e_os.h>
c4366c 
 #include <openssl/err.h>
c4366c
c4366c 
@@ -77,7 +79,7 @@ static void init_fips_mode(void)
c4366c 
 	char buf[2] = "0";
c4366c 
 	int fd;
c4366c
c4366c 
-	if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
c4366c 
+	if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
c4366c 
 		{
c4366c 
 		buf[0] = '1';
c4366c 
 		}
c4366c 
diff -up openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv openssl-fips-0.9.8e/crypto/rand/randfile.c
c4366c 
--- openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv	2007-03-02 18:44:55.000000000 +0100
c4366c 
+++ openssl-fips-0.9.8e/crypto/rand/randfile.c	2013-07-17 11:43:29.891755269 +0200
c4366c 
@@ -58,6 +58,8 @@
c4366c
c4366c 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
c4366c 
 #define _XOPEN_SOURCE 500
c4366c 
+/* for secure_getenv */
c4366c 
+#define _GNU_SOURCE
c4366c
c4366c 
 #include <errno.h>
c4366c 
 #include <stdio.h>
c4366c 
@@ -231,8 +233,7 @@ const char *RAND_file_name(char *buf, si
c4366c 
 	struct stat sb;
c4366c 
 #endif
c4366c
c4366c 
-	if (OPENSSL_issetugid() == 0)
c4366c 
-		s=getenv("RANDFILE");
c4366c 
+	s=secure_getenv("RANDFILE");
c4366c 
 	if (s != NULL && *s && strlen(s) + 1 < size)
c4366c 
 		{
c4366c 
 		if (BUF_strlcpy(buf,s,size) >= size)
c4366c 
@@ -240,8 +241,7 @@ const char *RAND_file_name(char *buf, si
c4366c 
 		}
c4366c 
 	else
c4366c 
 		{
c4366c 
-		if (OPENSSL_issetugid() == 0)
c4366c 
-			s=getenv("HOME");
c4366c 
+		s=secure_getenv("HOME");
c4366c 
 #ifdef DEFAULT_HOME
c4366c 
 		if (s == NULL)
c4366c 
 			{
c4366c 
diff -up openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_dir.c
c4366c 
--- openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv	2007-02-18 18:23:20.000000000 +0100
c4366c 
+++ openssl-fips-0.9.8e/crypto/x509/by_dir.c	2013-07-17 11:45:03.612126552 +0200
c4366c 
@@ -56,6 +56,8 @@
c4366c 
  * [including the GNU Public Licence.]
c4366c 
  */
c4366c
c4366c 
+/* for secure_getenv */
c4366c 
+#define _GNU_SOURCE
c4366c 
 #include <stdio.h>
c4366c 
 #include <time.h>
c4366c 
 #include <errno.h>
c4366c 
@@ -123,7 +125,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
c4366c 
 	case X509_L_ADD_DIR:
c4366c 
 		if (argl == X509_FILETYPE_DEFAULT)
c4366c 
 			{
c4366c 
-			dir=(char *)Getenv(X509_get_default_cert_dir_env());
c4366c 
+			dir=(char *)secure_getenv(X509_get_default_cert_dir_env());
c4366c 
 			if (dir)
c4366c 
 				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
c4366c 
 			else
c4366c 
diff -up openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_file.c
c4366c 
--- openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv	2013-07-17 11:38:28.127584434 +0200
c4366c 
+++ openssl-fips-0.9.8e/crypto/x509/by_file.c	2013-07-17 11:45:22.708202388 +0200
c4366c 
@@ -56,6 +56,8 @@
c4366c 
  * [including the GNU Public Licence.]
c4366c 
  */
c4366c
c4366c 
+/* for secure_getenv */
c4366c 
+#define _GNU_SOURCE
c4366c 
 #include <stdio.h>
c4366c 
 #include <time.h>
c4366c 
 #include <errno.h>
c4366c 
@@ -100,7 +102,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
c4366c 
 	case X509_L_FILE_LOAD:
c4366c 
 		if (argl == X509_FILETYPE_DEFAULT)
c4366c 
 			{
c4366c 
-			file = (char *)Getenv(X509_get_default_cert_file_env());
c4366c 
+			file = (char *)secure_getenv(X509_get_default_cert_file_env());
c4366c 
 			if (file)
c4366c 
 				ok = (X509_load_cert_crl_file(ctx,file,
c4366c 
 					      X509_FILETYPE_PEM) != 0);
c4366c 
diff -up openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/x509_vfy.c
c4366c 
--- openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv	2013-07-17 11:38:28.396585612 +0200
c4366c 
+++ openssl-fips-0.9.8e/crypto/x509/x509_vfy.c	2013-07-17 11:45:49.733310202 +0200
c4366c 
@@ -56,6 +56,8 @@
c4366c 
  * [including the GNU Public Licence.]
c4366c 
  */
c4366c
c4366c 
+/* for secure_getenv */
c4366c 
+#define _GNU_SOURCE
c4366c 
 #include <stdio.h>
c4366c 
 #include <time.h>
c4366c 
 #include <errno.h>
c4366c 
@@ -414,7 +416,7 @@ static int check_chain_extensions(X509_S
c4366c
c4366c 
 	/* A hack to keep people who don't want to modify their software
c4366c 
 	   happy */
c4366c 
-	if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
c4366c 
+	if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
c4366c 
 		allow_proxy_certs = 1;
c4366c
c4366c 
 	/* Check all untrusted certificates */

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation