[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Paul I. Dale
pauli at openssl.org
Mon Sep 24 01:32:44 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via 1abdf08284af055f68c5ece4c7c0efa8f2bf323a (commit)
from 4aa1739c111e1390909533e7b2f485bc655c2489 (commit)
- Log -----------------------------------------------------------------
commit 1abdf08284af055f68c5ece4c7c0efa8f2bf323a
Author: Pauli <paul.dale at oracle.com>
Date: Mon Sep 24 11:21:18 2018 +1000
Use secure_getenv(3) when available.
Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.
CPU processor override flags are unchanged.
Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7047)
(cherry picked from commit 5c39a55d04ea6e6f734b627a050b9e702788d50d)
-----------------------------------------------------------------------
Summary of changes:
crypto/build.info | 2 +-
crypto/conf/conf_api.c | 7 ++++---
crypto/conf/conf_mod.c | 3 +--
crypto/ct/ct_log.c | 2 +-
crypto/engine/eng_list.c | 2 +-
crypto/getenv.c | 31 +++++++++++++++++++++++++++++++
crypto/include/internal/cryptlib.h | 2 ++
crypto/pkcs12/p12_mutl.c | 18 +++++++++---------
crypto/rand/randfile.c | 9 ++-------
crypto/x509/by_dir.c | 3 ++-
crypto/x509/by_file.c | 2 +-
11 files changed, 55 insertions(+), 26 deletions(-)
create mode 100644 crypto/getenv.c
diff --git a/crypto/build.info b/crypto/build.info
index e693eba..8e15379 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -2,7 +2,7 @@ LIBS=../libcrypto
SOURCE[../libcrypto]=\
cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c \
- threads_pthread.c threads_win.c threads_none.c \
+ threads_pthread.c threads_win.c threads_none.c getenv.c \
o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
{- $target{uplink_aux_src} -}
EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 79e682a..36c91b1 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -9,11 +9,12 @@
/* Part of the code in here was originally in conf.c, which is now removed */
+#include "e_os.h"
+#include "internal/cryptlib.h"
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
#include <openssl/conf_api.h>
-#include "e_os.h"
static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
static void value_free_stack_doall(CONF_VALUE *a);
@@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
if (v != NULL)
return (v->value);
if (strcmp(section, "ENV") == 0) {
- p = getenv(name);
+ p = ossl_safe_getenv(name);
if (p != NULL)
return (p);
}
@@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
else
return (NULL);
} else
- return (getenv(name));
+ return ossl_safe_getenv(name);
}
static unsigned long conf_value_hash(const CONF_VALUE *v)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 543a8ea..7314435 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -478,8 +478,7 @@ char *CONF_get1_default_config_file(void)
char *file;
int len;
- file = getenv("OPENSSL_CONF");
- if (file)
+ if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
return OPENSSL_strdup(file);
len = strlen(X509_get_default_cert_area());
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index d442322..881dc98 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *sec
int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
{
- const char *fpath = getenv(CTLOG_FILE_EVP);
+ const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
if (fpath == NULL)
fpath = CTLOG_FILE;
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 934389f..fcab415 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -322,7 +322,7 @@ ENGINE *ENGINE_by_id(const char *id)
* Prevent infinite recursion if we're looking for the dynamic engine.
*/
if (strcmp(id, "dynamic")) {
- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
load_dir = ENGINESDIR;
iterator = ENGINE_by_id("dynamic");
if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff --git a/crypto/getenv.c b/crypto/getenv.c
new file mode 100644
index 0000000..7e98b64
--- /dev/null
+++ b/crypto/getenv.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+
+char *ossl_safe_getenv(const char *name)
+{
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 17)
+# define SECURE_GETENV
+ return secure_getenv(name);
+# endif
+#endif
+
+#ifndef SECURE_GETENV
+ if (OPENSSL_issetugid())
+ return NULL;
+ return getenv(name);
+#endif
+}
diff --git a/crypto/include/internal/cryptlib.h b/crypto/include/internal/cryptlib.h
index 627fd8c..d42a134 100644
--- a/crypto/include/internal/cryptlib.h
+++ b/crypto/include/internal/cryptlib.h
@@ -67,6 +67,8 @@ void OPENSSL_showfatal(const char *fmta, ...);
extern int OPENSSL_NONPIC_relocated;
void crypto_cleanup_all_ex_data_int(void);
+char *ossl_safe_getenv(const char *name);
+
int openssl_strerror_r(int errnum, char *buf, size_t buflen);
# if !defined(OPENSSL_NO_STDIO)
FILE *openssl_fopen(const char *filename, const char *mode);
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 02e529c..0c47250 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -7,13 +7,13 @@
* https://www.openssl.org/source/license.html
*/
-# include <stdio.h>
-# include "internal/cryptlib.h"
-# include <openssl/crypto.h>
-# include <openssl/hmac.h>
-# include <openssl/rand.h>
-# include <openssl/pkcs12.h>
-# include "p12_lcl.h"
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
int PKCS12_mac_present(const PKCS12 *p12)
{
@@ -44,7 +44,7 @@ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
}
}
-# define TK26_MAC_KEY_LEN 32
+#define TK26_MAC_KEY_LEN 32
static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
const unsigned char *salt, int saltlen,
@@ -112,7 +112,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
if ((md_type_nid == NID_id_GostR3411_94
|| md_type_nid == NID_id_GostR3411_2012_256
|| md_type_nid == NID_id_GostR3411_2012_512)
- && !getenv("LEGACY_GOST_PKCS12")) {
+ && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) {
md_size = TK26_MAC_KEY_LEN;
if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
md_size, key, md_type)) {
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index dbd03ff..ee6a1ec 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -314,14 +314,9 @@ const char *RAND_file_name(char *buf, size_t size)
}
}
#else
- if (OPENSSL_issetugid() != 0) {
+ if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
use_randfile = 0;
- } else {
- s = getenv("RANDFILE");
- if (s == NULL || *s == '\0') {
- use_randfile = 0;
- s = getenv("HOME");
- }
+ s = ossl_safe_getenv("HOME");
}
#endif
#ifdef DEFAULT_HOME
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index a690455..4fa1dd3 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -78,7 +78,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
- dir = (char *)getenv(X509_get_default_cert_dir_env());
+ dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env());
+
if (dir)
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
else
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 0bcc6af..c4e33d3 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -47,7 +47,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = getenv(X509_get_default_cert_file_env());
+ file = ossl_safe_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
More information about the openssl-commits
mailing list