openssl/openssl-1.1.1-secure-getenv.patch

diff -up openssl-1.1.1-pre8/crypto/conf/conf_api.c.secure-getenv openssl-1.1.1-pre8/crypto/conf/conf_api.c
--- openssl-1.1.1-pre8/crypto/conf/conf_api.c.secure-getenv	2018-06-20 16:48:10.000000000 +0200
+++ openssl-1.1.1-pre8/crypto/conf/conf_api.c	2018-07-16 18:01:11.708359766 +0200
@@ -9,6 +9,8 @@
 
 /* Part of the code in here was originally in conf.c, which is now removed */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "e_os.h"
 #include <stdlib.h>
 #include <string.h>
@@ -82,7 +84,7 @@ char *_CONF_get_string(const CONF *conf,
             if (v != NULL)
                 return v->value;
             if (strcmp(section, "ENV") == 0) {
-                p = getenv(name);
+                p = secure_getenv(name);
                 if (p != NULL)
                     return p;
             }
diff -up openssl-1.1.1-pre8/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.1-pre8/crypto/conf/conf_mod.c
--- openssl-1.1.1-pre8/crypto/conf/conf_mod.c.secure-getenv	2018-06-20 16:48:10.000000000 +0200
+++ openssl-1.1.1-pre8/crypto/conf/conf_mod.c	2018-07-16 18:02:37.308383955 +0200
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "internal/cryptlib.h"
 #include <stdio.h>
 #include <ctype.h>
@@ -481,7 +483,7 @@ char *CONF_get1_default_config_file(void
     int len;
 
     if (!OPENSSL_issetugid()) {
-        file = getenv("OPENSSL_CONF");
+        file = secure_getenv("OPENSSL_CONF");
         if (file)
             return OPENSSL_strdup(file);
     }
diff -up openssl-1.1.1-pre8/crypto/ct/ct_log.c.secure-getenv openssl-1.1.1-pre8/crypto/ct/ct_log.c
--- openssl-1.1.1-pre8/crypto/ct/ct_log.c.secure-getenv	2018-06-20 16:48:10.000000000 +0200
+++ openssl-1.1.1-pre8/crypto/ct/ct_log.c	2018-07-16 18:01:11.708359766 +0200
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdlib.h>
 #include <string.h>
 
@@ -137,7 +139,7 @@ static int ctlog_new_from_conf(CTLOG **c
 
 int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
 {
-    const char *fpath = getenv(CTLOG_FILE_EVP);
+    const char *fpath = secure_getenv(CTLOG_FILE_EVP);
 
     if (fpath == NULL)
       fpath = CTLOG_FILE;
diff -up openssl-1.1.1-pre8/crypto/engine/eng_list.c.secure-getenv openssl-1.1.1-pre8/crypto/engine/eng_list.c
--- openssl-1.1.1-pre8/crypto/engine/eng_list.c.secure-getenv	2018-06-20 16:48:10.000000000 +0200
+++ openssl-1.1.1-pre8/crypto/engine/eng_list.c	2018-07-16 18:03:03.190996004 +0200
@@ -8,6 +8,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "eng_int.h"
 
 /*
@@ -318,7 +320,7 @@ ENGINE *ENGINE_by_id(const char *id)
      */
     if (strcmp(id, "dynamic")) {
         if (OPENSSL_issetugid()
-                || (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
+                || (load_dir = secure_getenv("OPENSSL_ENGINES")) == NULL)
             load_dir = ENGINESDIR;
         iterator = ENGINE_by_id("dynamic");
         if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff -up openssl-1.1.1-pre8/crypto/mem.c.secure-getenv openssl-1.1.1-pre8/crypto/mem.c
--- openssl-1.1.1-pre8/crypto/mem.c.secure-getenv	2018-06-20 16:48:11.000000000 +0200
+++ openssl-1.1.1-pre8/crypto/mem.c	2018-07-16 18:01:11.709359790 +0200
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "e_os.h"
 #include "internal/cryptlib.h"
 #include "internal/cryptlib_int.h"
@@ -180,11 +182,11 @@ static int shouldfail(void)
 
 void ossl_malloc_setup_failures(void)
 {
-    const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
+    const char *cp = secure_getenv("OPENSSL_MALLOC_FAILURES");
 
     if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
         parseit();
-    if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
+    if ((cp = secure_getenv("OPENSSL_MALLOC_FD")) != NULL)
         md_tracefd = atoi(cp);
 }
 #endif
diff -up openssl-1.1.1-pre8/crypto/rand/randfile.c.secure-getenv openssl-1.1.1-pre8/crypto/rand/randfile.c
--- openssl-1.1.1-pre8/crypto/rand/randfile.c.secure-getenv	2018-06-20 16:48:11.000000000 +0200
+++ openssl-1.1.1-pre8/crypto/rand/randfile.c	2018-07-16 18:01:11.709359790 +0200
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "internal/cryptlib.h"
 
 #include <errno.h>
@@ -264,7 +266,7 @@ const char *RAND_file_name(char *buf, si
 #else
     if (OPENSSL_issetugid() != 0) {
         use_randfile = 0;
-    } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') {
+    } else if ((s = secure_getenv("RANDFILE")) == NULL || *s == '\0') {
         use_randfile = 0;
         s = getenv("HOME");
     }
diff -up openssl-1.1.1-pre8/crypto/x509/by_dir.c.secure-getenv openssl-1.1.1-pre8/crypto/x509/by_dir.c
--- openssl-1.1.1-pre8/crypto/x509/by_dir.c.secure-getenv	2018-06-20 16:48:11.000000000 +0200
+++ openssl-1.1.1-pre8/crypto/x509/by_dir.c	2018-07-16 18:03:43.355945786 +0200
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "e_os.h"
 #include "internal/cryptlib.h"
 #include <stdio.h>
@@ -73,7 +75,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
     switch (cmd) {
     case X509_L_ADD_DIR:
         if (argl == X509_FILETYPE_DEFAULT) {
-            const char *dir = getenv(X509_get_default_cert_dir_env());
+            const char *dir = secure_getenv(X509_get_default_cert_dir_env());
 
             if (dir)
                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
diff -up openssl-1.1.1-pre8/crypto/x509/by_file.c.secure-getenv openssl-1.1.1-pre8/crypto/x509/by_file.c
--- openssl-1.1.1-pre8/crypto/x509/by_file.c.secure-getenv	2018-06-20 16:48:11.000000000 +0200
+++ openssl-1.1.1-pre8/crypto/x509/by_file.c	2018-07-16 18:01:11.709359790 +0200
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
@@ -46,7 +48,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
     switch (cmd) {
     case X509_L_FILE_LOAD:
         if (argl == X509_FILETYPE_DEFAULT) {
-            file = getenv(X509_get_default_cert_file_env());
+            file = secure_getenv(X509_get_default_cert_file_env());
             if (file)
                 ok = (X509_load_cert_crl_file(ctx, file,
                                               X509_FILETYPE_PEM) != 0);
update to the latest 1.1.1 beta version 2018-07-25 16:15:19 +00:00			`diff -up openssl-1.1.1-pre8/crypto/conf/conf_api.c.secure-getenv openssl-1.1.1-pre8/crypto/conf/conf_api.c`
			`--- openssl-1.1.1-pre8/crypto/conf/conf_api.c.secure-getenv 2018-06-20 16:48:10.000000000 +0200`
			`+++ openssl-1.1.1-pre8/crypto/conf/conf_api.c 2018-07-16 18:01:11.708359766 +0200`
			`@@ -9,6 +9,8 @@`

			`/* Part of the code in here was originally in conf.c, which is now removed */`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "e_os.h"`
			`#include <stdlib.h>`
			`#include <string.h>`
			`@@ -82,7 +84,7 @@ char _CONF_get_string(const CONF conf,`
			`if (v != NULL)`
			`return v->value;`
			`if (strcmp(section, "ENV") == 0) {`
			`- p = getenv(name);`
			`+ p = secure_getenv(name);`
			`if (p != NULL)`
			`return p;`
			`}`
			`diff -up openssl-1.1.1-pre8/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.1-pre8/crypto/conf/conf_mod.c`
			`--- openssl-1.1.1-pre8/crypto/conf/conf_mod.c.secure-getenv 2018-06-20 16:48:10.000000000 +0200`
			`+++ openssl-1.1.1-pre8/crypto/conf/conf_mod.c 2018-07-16 18:02:37.308383955 +0200`
			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "internal/cryptlib.h"`
			`#include <stdio.h>`
			`#include <ctype.h>`
			`@@ -481,7 +483,7 @@ char *CONF_get1_default_config_file(void`
			`int len;`

			`if (!OPENSSL_issetugid()) {`
			`- file = getenv("OPENSSL_CONF");`
			`+ file = secure_getenv("OPENSSL_CONF");`
			`if (file)`
			`return OPENSSL_strdup(file);`
			`}`
			`diff -up openssl-1.1.1-pre8/crypto/ct/ct_log.c.secure-getenv openssl-1.1.1-pre8/crypto/ct/ct_log.c`
			`--- openssl-1.1.1-pre8/crypto/ct/ct_log.c.secure-getenv 2018-06-20 16:48:10.000000000 +0200`
			`+++ openssl-1.1.1-pre8/crypto/ct/ct_log.c 2018-07-16 18:01:11.708359766 +0200`
			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdlib.h>`
			`#include <string.h>`

			`@@ -137,7 +139,7 @@ static int ctlog_new_from_conf(CTLOG **c`

			`int CTLOG_STORE_load_default_file(CTLOG_STORE *store)`
			`{`
			`- const char *fpath = getenv(CTLOG_FILE_EVP);`
			`+ const char *fpath = secure_getenv(CTLOG_FILE_EVP);`

			`if (fpath == NULL)`
			`fpath = CTLOG_FILE;`
			`diff -up openssl-1.1.1-pre8/crypto/engine/eng_list.c.secure-getenv openssl-1.1.1-pre8/crypto/engine/eng_list.c`
			`--- openssl-1.1.1-pre8/crypto/engine/eng_list.c.secure-getenv 2018-06-20 16:48:10.000000000 +0200`
			`+++ openssl-1.1.1-pre8/crypto/engine/eng_list.c 2018-07-16 18:03:03.190996004 +0200`
			`@@ -8,6 +8,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "eng_int.h"`

			`/*`
			`@@ -318,7 +320,7 @@ ENGINE ENGINE_by_id(const char id)`
			`*/`
			`if (strcmp(id, "dynamic")) {`
			`if (OPENSSL_issetugid()`
			`- \|\| (load_dir = getenv("OPENSSL_ENGINES")) == NULL)`
			`+ \|\| (load_dir = secure_getenv("OPENSSL_ENGINES")) == NULL)`
			`load_dir = ENGINESDIR;`
			`iterator = ENGINE_by_id("dynamic");`
			`if (!iterator \|\| !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) \|\|`
			`diff -up openssl-1.1.1-pre8/crypto/mem.c.secure-getenv openssl-1.1.1-pre8/crypto/mem.c`
			`--- openssl-1.1.1-pre8/crypto/mem.c.secure-getenv 2018-06-20 16:48:11.000000000 +0200`
			`+++ openssl-1.1.1-pre8/crypto/mem.c 2018-07-16 18:01:11.709359790 +0200`
			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "e_os.h"`
			`#include "internal/cryptlib.h"`
			`#include "internal/cryptlib_int.h"`
			`@@ -180,11 +182,11 @@ static int shouldfail(void)`

			`void ossl_malloc_setup_failures(void)`
			`{`
			`- const char *cp = getenv("OPENSSL_MALLOC_FAILURES");`
			`+ const char *cp = secure_getenv("OPENSSL_MALLOC_FAILURES");`

			`if (cp != NULL && (md_failstring = strdup(cp)) != NULL)`
			`parseit();`
			`- if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)`
			`+ if ((cp = secure_getenv("OPENSSL_MALLOC_FD")) != NULL)`
			`md_tracefd = atoi(cp);`
			`}`
			`#endif`
			`diff -up openssl-1.1.1-pre8/crypto/rand/randfile.c.secure-getenv openssl-1.1.1-pre8/crypto/rand/randfile.c`
			`--- openssl-1.1.1-pre8/crypto/rand/randfile.c.secure-getenv 2018-06-20 16:48:11.000000000 +0200`
			`+++ openssl-1.1.1-pre8/crypto/rand/randfile.c 2018-07-16 18:01:11.709359790 +0200`
			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "internal/cryptlib.h"`

			`#include <errno.h>`
			`@@ -264,7 +266,7 @@ const char RAND_file_name(char buf, si`
			`#else`
			`if (OPENSSL_issetugid() != 0) {`
			`use_randfile = 0;`
			`- } else if ((s = getenv("RANDFILE")) == NULL \|\| *s == '\0') {`
			`+ } else if ((s = secure_getenv("RANDFILE")) == NULL \|\| *s == '\0') {`
			`use_randfile = 0;`
			`s = getenv("HOME");`
			`}`
			`diff -up openssl-1.1.1-pre8/crypto/x509/by_dir.c.secure-getenv openssl-1.1.1-pre8/crypto/x509/by_dir.c`
			`--- openssl-1.1.1-pre8/crypto/x509/by_dir.c.secure-getenv 2018-06-20 16:48:11.000000000 +0200`
			`+++ openssl-1.1.1-pre8/crypto/x509/by_dir.c 2018-07-16 18:03:43.355945786 +0200`
			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "e_os.h"`
			`#include "internal/cryptlib.h"`
			`#include <stdio.h>`
			`@@ -73,7 +75,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in`
			`switch (cmd) {`
			`case X509_L_ADD_DIR:`
			`if (argl == X509_FILETYPE_DEFAULT) {`
			`- const char *dir = getenv(X509_get_default_cert_dir_env());`
			`+ const char *dir = secure_getenv(X509_get_default_cert_dir_env());`

			`if (dir)`
			`ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);`
			`diff -up openssl-1.1.1-pre8/crypto/x509/by_file.c.secure-getenv openssl-1.1.1-pre8/crypto/x509/by_file.c`
			`--- openssl-1.1.1-pre8/crypto/x509/by_file.c.secure-getenv 2018-06-20 16:48:11.000000000 +0200`
			`+++ openssl-1.1.1-pre8/crypto/x509/by_file.c 2018-07-16 18:01:11.709359790 +0200`
			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include <time.h>`
			`#include <errno.h>`
			`@@ -46,7 +48,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx`
			`switch (cmd) {`
			`case X509_L_FILE_LOAD:`
			`if (argl == X509_FILETYPE_DEFAULT) {`
			`- file = getenv(X509_get_default_cert_file_env());`
			`+ file = secure_getenv(X509_get_default_cert_file_env());`
			`if (file)`
			`ok = (X509_load_cert_crl_file(ctx, file,`
			`X509_FILETYPE_PEM) != 0);`