c2e3151786
- do not use environment variables if __libc_enable_secure is on - fix strict aliasing problems in modes
207 lines
8.1 KiB
Diff
207 lines
8.1 KiB
Diff
diff -up openssl-1.0.1c/Configure.secure-getenv openssl-1.0.1c/Configure
|
|
--- openssl-1.0.1c/Configure.secure-getenv 2012-07-13 13:34:37.309433776 +0200
|
|
+++ openssl-1.0.1c/Configure 2012-07-13 13:34:37.309433776 +0200
|
|
@@ -1437,6 +1437,10 @@ if ($target =~ /^BSD\-/)
|
|
$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
|
|
}
|
|
|
|
+if ($target =~ /^linux/i) {
|
|
+ $cflags .= " -DLIBC_ENABLE_SECURE";
|
|
+}
|
|
+
|
|
if ($sys_id ne "")
|
|
{
|
|
#$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
|
|
diff -up openssl-1.0.1c/crypto/conf/conf_api.c.secure-getenv openssl-1.0.1c/crypto/conf/conf_api.c
|
|
--- openssl-1.0.1c/crypto/conf/conf_api.c.secure-getenv 2011-09-02 13:20:32.000000000 +0200
|
|
+++ openssl-1.0.1c/crypto/conf/conf_api.c 2012-07-13 13:34:37.277433033 +0200
|
|
@@ -140,7 +140,7 @@ char *_CONF_get_string(const CONF *conf,
|
|
vv.section=(char *)section;
|
|
v=lh_CONF_VALUE_retrieve(conf->data,&vv);
|
|
if (v != NULL) return(v->value);
|
|
- if (strcmp(section,"ENV") == 0)
|
|
+ if (!OPENSSL_issetugid() && (strcmp(section,"ENV") == 0))
|
|
{
|
|
p=getenv(name);
|
|
if (p != NULL) return(p);
|
|
@@ -155,7 +155,7 @@ char *_CONF_get_string(const CONF *conf,
|
|
return(NULL);
|
|
}
|
|
else
|
|
- return(getenv(name));
|
|
+ return (OPENSSL_issetugid() ? NULL : getenv(name));
|
|
}
|
|
|
|
#if 0 /* There's no way to provide error checking with this function, so
|
|
diff -up openssl-1.0.1c/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.1c/crypto/conf/conf_mod.c
|
|
--- openssl-1.0.1c/crypto/conf/conf_mod.c.secure-getenv 2008-11-05 19:38:55.000000000 +0100
|
|
+++ openssl-1.0.1c/crypto/conf/conf_mod.c 2012-07-13 13:34:37.277433033 +0200
|
|
@@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void
|
|
char *file;
|
|
int len;
|
|
|
|
- file = getenv("OPENSSL_CONF");
|
|
- if (file)
|
|
+ if (!OPENSSL_issetugid() &&
|
|
+ (file = getenv("OPENSSL_CONF")) != NULL);
|
|
return BUF_strdup(file);
|
|
|
|
len = strlen(X509_get_default_cert_area());
|
|
diff -up openssl-1.0.1c/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1c/crypto/engine/eng_list.c
|
|
--- openssl-1.0.1c/crypto/engine/eng_list.c.secure-getenv 2010-03-27 19:28:13.000000000 +0100
|
|
+++ openssl-1.0.1c/crypto/engine/eng_list.c 2012-07-13 13:34:37.278433056 +0200
|
|
@@ -399,9 +399,9 @@ ENGINE *ENGINE_by_id(const char *id)
|
|
if (strcmp(id, "dynamic"))
|
|
{
|
|
#ifdef OPENSSL_SYS_VMS
|
|
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
|
|
+ if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
|
|
#else
|
|
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
|
|
+ if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
|
|
#endif
|
|
iterator = ENGINE_by_id("dynamic");
|
|
if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
|
|
diff -up openssl-1.0.1c/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.1c/crypto/md5/md5_dgst.c
|
|
--- openssl-1.0.1c/crypto/md5/md5_dgst.c.secure-getenv 2012-07-13 13:34:37.000000000 +0200
|
|
+++ openssl-1.0.1c/crypto/md5/md5_dgst.c 2012-07-13 13:37:27.709392052 +0200
|
|
@@ -74,7 +74,7 @@ const char MD5_version[]="MD5" OPENSSL_V
|
|
int MD5_Init(MD5_CTX *c)
|
|
#ifdef OPENSSL_FIPS
|
|
{
|
|
- if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
|
|
+ if (FIPS_mode() && (OPENSSL_issetugid() || getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL))
|
|
OpenSSLDie(__FILE__, __LINE__, \
|
|
"Digest MD5 forbidden in FIPS mode!");
|
|
return private_MD5_Init(c);
|
|
diff -up openssl-1.0.1c/crypto/o_init.c.secure-getenv openssl-1.0.1c/crypto/o_init.c
|
|
--- openssl-1.0.1c/crypto/o_init.c.secure-getenv 2012-07-13 13:34:37.237432103 +0200
|
|
+++ openssl-1.0.1c/crypto/o_init.c 2012-07-13 13:34:37.278433056 +0200
|
|
@@ -71,7 +71,7 @@ static void init_fips_mode(void)
|
|
char buf[2] = "0";
|
|
int fd;
|
|
|
|
- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
|
|
+ if (!OPENSSL_issetugid() && getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
|
|
{
|
|
buf[0] = '1';
|
|
}
|
|
diff -up openssl-1.0.1c/crypto/uid.c.secure-getenv openssl-1.0.1c/crypto/uid.c
|
|
--- openssl-1.0.1c/crypto/uid.c.secure-getenv 2003-11-28 14:10:55.000000000 +0100
|
|
+++ openssl-1.0.1c/crypto/uid.c 2012-07-13 13:34:37.278433056 +0200
|
|
@@ -77,8 +77,26 @@ int OPENSSL_issetugid(void)
|
|
#include OPENSSL_UNISTD
|
|
#include <sys/types.h>
|
|
|
|
+#ifdef LIBC_ENABLE_SECURE
|
|
+extern int __libc_enable_secure;
|
|
+#endif
|
|
+#ifdef PRCTL_DUMPABLE
|
|
+#include <sys/prctl.h>
|
|
+#endif
|
|
+
|
|
int OPENSSL_issetugid(void)
|
|
{
|
|
+#ifdef LIBC_ENABLE_SECURE
|
|
+ if (__libc_enable_secure) return 1;
|
|
+#endif
|
|
+#ifdef PRCTL_DUMPABLE
|
|
+ /* 0 -> not dumpable, 2 -> dumpable by root only from
|
|
+ * Linux kernel 2.6.13 - 2.6.17, so we require dumpable
|
|
+ * flag to be == 1 to accept non-secure mode.
|
|
+ */
|
|
+ if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) != 1)
|
|
+ return 1;
|
|
+#endif
|
|
if (getuid() != geteuid()) return 1;
|
|
if (getgid() != getegid()) return 1;
|
|
return 0;
|
|
diff -up openssl-1.0.1c/crypto/x509/by_dir.c.secure-getenv openssl-1.0.1c/crypto/x509/by_dir.c
|
|
--- openssl-1.0.1c/crypto/x509/by_dir.c.secure-getenv 2010-02-19 19:26:23.000000000 +0100
|
|
+++ openssl-1.0.1c/crypto/x509/by_dir.c 2012-07-13 13:34:37.279433079 +0200
|
|
@@ -135,7 +135,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
|
|
case X509_L_ADD_DIR:
|
|
if (argl == X509_FILETYPE_DEFAULT)
|
|
{
|
|
- dir=(char *)getenv(X509_get_default_cert_dir_env());
|
|
+ if (!OPENSSL_issetugid())
|
|
+ dir=(char *)getenv(X509_get_default_cert_dir_env());
|
|
if (dir)
|
|
ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
|
|
else
|
|
diff -up openssl-1.0.1c/crypto/x509/by_file.c.secure-getenv openssl-1.0.1c/crypto/x509/by_file.c
|
|
--- openssl-1.0.1c/crypto/x509/by_file.c.secure-getenv 2012-07-13 13:34:37.187430942 +0200
|
|
+++ openssl-1.0.1c/crypto/x509/by_file.c 2012-07-13 13:34:37.279433079 +0200
|
|
@@ -93,14 +93,15 @@ static int by_file_ctrl(X509_LOOKUP *ctx
|
|
char **ret)
|
|
{
|
|
int ok=0;
|
|
- char *file;
|
|
+ char *file = NULL;
|
|
|
|
switch (cmd)
|
|
{
|
|
case X509_L_FILE_LOAD:
|
|
if (argl == X509_FILETYPE_DEFAULT)
|
|
{
|
|
- file = (char *)getenv(X509_get_default_cert_file_env());
|
|
+ if (!OPENSSL_issetugid())
|
|
+ file = (char *)getenv(X509_get_default_cert_file_env());
|
|
if (file)
|
|
ok = (X509_load_cert_crl_file(ctx,file,
|
|
X509_FILETYPE_PEM) != 0);
|
|
diff -up openssl-1.0.1c/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.1c/crypto/x509/x509_vfy.c
|
|
--- openssl-1.0.1c/crypto/x509/x509_vfy.c.secure-getenv 2011-09-23 15:39:35.000000000 +0200
|
|
+++ openssl-1.0.1c/crypto/x509/x509_vfy.c 2012-07-13 13:34:37.280433102 +0200
|
|
@@ -456,7 +456,7 @@ static int check_chain_extensions(X509_S
|
|
int (*cb)(int xok,X509_STORE_CTX *xctx);
|
|
int proxy_path_length = 0;
|
|
int purpose;
|
|
- int allow_proxy_certs;
|
|
+ int allow_proxy_certs = 0;
|
|
cb=ctx->verify_cb;
|
|
|
|
/* must_be_ca can have 1 of 3 values:
|
|
@@ -481,7 +481,7 @@ static int check_chain_extensions(X509_S
|
|
!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
|
|
/* A hack to keep people who don't want to modify their
|
|
software happy */
|
|
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
|
|
+ if (!OPENSSL_issetugid() && getenv("OPENSSL_ALLOW_PROXY_CERTS"))
|
|
allow_proxy_certs = 1;
|
|
purpose = ctx->param->purpose;
|
|
}
|
|
diff -up openssl-1.0.1c/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.1c/engines/ccgost/gost_ctl.c
|
|
--- openssl-1.0.1c/engines/ccgost/gost_ctl.c.secure-getenv 2008-03-16 22:05:44.000000000 +0100
|
|
+++ openssl-1.0.1c/engines/ccgost/gost_ctl.c 2012-07-13 13:34:37.280433102 +0200
|
|
@@ -59,13 +59,14 @@ int gost_control_func(ENGINE *e,int cmd,
|
|
|
|
const char *get_gost_engine_param(int param)
|
|
{
|
|
- char *tmp;
|
|
+ char *tmp = NULL;
|
|
if (param <0 || param >GOST_PARAM_MAX) return NULL;
|
|
if (gost_params[param]!=NULL)
|
|
{
|
|
return gost_params[param];
|
|
}
|
|
- tmp = getenv(gost_envnames[param]);
|
|
+ if (!OPENSSL_issetugid())
|
|
+ tmp = getenv(gost_envnames[param]);
|
|
if (tmp)
|
|
{
|
|
if (gost_params[param]) OPENSSL_free(gost_params[param]);
|
|
@@ -77,9 +78,10 @@ const char *get_gost_engine_param(int pa
|
|
|
|
int gost_set_default_param(int param, const char *value)
|
|
{
|
|
- const char *tmp;
|
|
+ const char *tmp = NULL;
|
|
if (param <0 || param >GOST_PARAM_MAX) return 0;
|
|
- tmp = getenv(gost_envnames[param]);
|
|
+ if (!OPENSSL_issetugid())
|
|
+ tmp = getenv(gost_envnames[param]);
|
|
/* if there is value in the environment, use it, else -passed string * */
|
|
if (!tmp) tmp=value;
|
|
if (gost_params[param]) OPENSSL_free(gost_params[param]);
|