use __getenv_secure() instead of __libc_enable_secure

This commit is contained in:
Tomas Mraz 2012-07-13 22:21:05 +02:00
parent 72a1bddddc
commit af044b4037
2 changed files with 60 additions and 109 deletions

View File

@ -1,55 +1,41 @@
diff -up openssl-1.0.1c/Configure.secure-getenv openssl-1.0.1c/Configure
--- openssl-1.0.1c/Configure.secure-getenv 2012-07-13 13:34:37.309433776 +0200
+++ openssl-1.0.1c/Configure 2012-07-13 13:34:37.309433776 +0200
@@ -1437,6 +1437,10 @@ if ($target =~ /^BSD\-/)
$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
+if ($target =~ /^linux/i) {
+ $cflags .= " -DLIBC_ENABLE_SECURE";
+}
+
if ($sys_id ne "")
{
#$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
diff -up openssl-1.0.1c/crypto/conf/conf_api.c.secure-getenv openssl-1.0.1c/crypto/conf/conf_api.c diff -up openssl-1.0.1c/crypto/conf/conf_api.c.secure-getenv openssl-1.0.1c/crypto/conf/conf_api.c
--- openssl-1.0.1c/crypto/conf/conf_api.c.secure-getenv 2011-09-02 13:20:32.000000000 +0200 --- openssl-1.0.1c/crypto/conf/conf_api.c.secure-getenv 2011-09-02 13:20:32.000000000 +0200
+++ openssl-1.0.1c/crypto/conf/conf_api.c 2012-07-13 13:34:37.277433033 +0200 +++ openssl-1.0.1c/crypto/conf/conf_api.c 2012-07-13 22:10:23.065949230 +0200
@@ -140,7 +140,7 @@ char *_CONF_get_string(const CONF *conf, @@ -142,7 +142,7 @@ char *_CONF_get_string(const CONF *conf,
vv.section=(char *)section;
v=lh_CONF_VALUE_retrieve(conf->data,&vv);
if (v != NULL) return(v->value); if (v != NULL) return(v->value);
- if (strcmp(section,"ENV") == 0) if (strcmp(section,"ENV") == 0)
+ if (!OPENSSL_issetugid() && (strcmp(section,"ENV") == 0))
{ {
p=getenv(name); - p=getenv(name);
+ p=__secure_getenv(name);
if (p != NULL) return(p); if (p != NULL) return(p);
}
}
@@ -155,7 +155,7 @@ char *_CONF_get_string(const CONF *conf, @@ -155,7 +155,7 @@ char *_CONF_get_string(const CONF *conf,
return(NULL); return(NULL);
} }
else else
- return(getenv(name)); - return(getenv(name));
+ return (OPENSSL_issetugid() ? NULL : getenv(name)); + return (__secure_getenv(name));
} }
#if 0 /* There's no way to provide error checking with this function, so #if 0 /* There's no way to provide error checking with this function, so
diff -up openssl-1.0.1c/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.1c/crypto/conf/conf_mod.c diff -up openssl-1.0.1c/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.1c/crypto/conf/conf_mod.c
--- openssl-1.0.1c/crypto/conf/conf_mod.c.secure-getenv 2008-11-05 19:38:55.000000000 +0100 --- openssl-1.0.1c/crypto/conf/conf_mod.c.secure-getenv 2008-11-05 19:38:55.000000000 +0100
+++ openssl-1.0.1c/crypto/conf/conf_mod.c 2012-07-13 13:34:37.277433033 +0200 +++ openssl-1.0.1c/crypto/conf/conf_mod.c 2012-07-13 22:18:31.937928293 +0200
@@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void @@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void
char *file; char *file;
int len; int len;
- file = getenv("OPENSSL_CONF"); - file = getenv("OPENSSL_CONF");
- if (file) - if (file)
+ if (!OPENSSL_issetugid() && + file = __secure_getenv("OPENSSL_CONF");
+ (file = getenv("OPENSSL_CONF")) != NULL); + if (file)
return BUF_strdup(file); return BUF_strdup(file);
len = strlen(X509_get_default_cert_area()); len = strlen(X509_get_default_cert_area());
diff -up openssl-1.0.1c/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1c/crypto/engine/eng_list.c diff -up openssl-1.0.1c/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1c/crypto/engine/eng_list.c
--- openssl-1.0.1c/crypto/engine/eng_list.c.secure-getenv 2010-03-27 19:28:13.000000000 +0100 --- openssl-1.0.1c/crypto/engine/eng_list.c.secure-getenv 2010-03-27 19:28:13.000000000 +0100
+++ openssl-1.0.1c/crypto/engine/eng_list.c 2012-07-13 13:34:37.278433056 +0200 +++ openssl-1.0.1c/crypto/engine/eng_list.c 2012-07-13 22:13:14.736804605 +0200
@@ -399,9 +399,9 @@ ENGINE *ENGINE_by_id(const char *id) @@ -399,9 +399,9 @@ ENGINE *ENGINE_by_id(const char *id)
if (strcmp(id, "dynamic")) if (strcmp(id, "dynamic"))
{ {
@ -58,149 +44,111 @@ diff -up openssl-1.0.1c/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1c/cr
+ if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; + if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
#else #else
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; - if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
+ if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; + if((load_dir = __secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
#endif #endif
iterator = ENGINE_by_id("dynamic"); iterator = ENGINE_by_id("dynamic");
if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff -up openssl-1.0.1c/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.1c/crypto/md5/md5_dgst.c diff -up openssl-1.0.1c/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.1c/crypto/md5/md5_dgst.c
--- openssl-1.0.1c/crypto/md5/md5_dgst.c.secure-getenv 2012-07-13 13:34:37.000000000 +0200 --- openssl-1.0.1c/crypto/md5/md5_dgst.c.secure-getenv 2012-07-13 13:38:36.321985875 +0200
+++ openssl-1.0.1c/crypto/md5/md5_dgst.c 2012-07-13 13:37:27.709392052 +0200 +++ openssl-1.0.1c/crypto/md5/md5_dgst.c 2012-07-13 22:11:01.320808356 +0200
@@ -74,7 +74,7 @@ const char MD5_version[]="MD5" OPENSSL_V @@ -74,7 +74,7 @@ const char MD5_version[]="MD5" OPENSSL_V
int MD5_Init(MD5_CTX *c) int MD5_Init(MD5_CTX *c)
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
{ {
- if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL) - if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
+ if (FIPS_mode() && (OPENSSL_issetugid() || getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)) + if (FIPS_mode() && __secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
OpenSSLDie(__FILE__, __LINE__, \ OpenSSLDie(__FILE__, __LINE__, \
"Digest MD5 forbidden in FIPS mode!"); "Digest MD5 forbidden in FIPS mode!");
return private_MD5_Init(c); return private_MD5_Init(c);
diff -up openssl-1.0.1c/crypto/o_init.c.secure-getenv openssl-1.0.1c/crypto/o_init.c diff -up openssl-1.0.1c/crypto/o_init.c.secure-getenv openssl-1.0.1c/crypto/o_init.c
--- openssl-1.0.1c/crypto/o_init.c.secure-getenv 2012-07-13 13:34:37.237432103 +0200 --- openssl-1.0.1c/crypto/o_init.c.secure-getenv 2012-07-13 13:38:36.307985551 +0200
+++ openssl-1.0.1c/crypto/o_init.c 2012-07-13 13:34:37.278433056 +0200 +++ openssl-1.0.1c/crypto/o_init.c 2012-07-13 22:07:15.482736498 +0200
@@ -71,7 +71,7 @@ static void init_fips_mode(void) @@ -71,7 +71,7 @@ static void init_fips_mode(void)
char buf[2] = "0"; char buf[2] = "0";
int fd; int fd;
- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) - if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ if (!OPENSSL_issetugid() && getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) + if (__secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
{ {
buf[0] = '1'; buf[0] = '1';
} }
diff -up openssl-1.0.1c/crypto/uid.c.secure-getenv openssl-1.0.1c/crypto/uid.c diff -up openssl-1.0.1c/crypto/rand/randfile.c.secure-getenv openssl-1.0.1c/crypto/rand/randfile.c
--- openssl-1.0.1c/crypto/uid.c.secure-getenv 2003-11-28 14:10:55.000000000 +0100 --- openssl-1.0.1c/crypto/rand/randfile.c.secure-getenv 2012-01-15 14:40:21.000000000 +0100
+++ openssl-1.0.1c/crypto/uid.c 2012-07-13 13:34:37.278433056 +0200 +++ openssl-1.0.1c/crypto/rand/randfile.c 2012-07-13 22:11:40.529688907 +0200
@@ -77,8 +77,26 @@ int OPENSSL_issetugid(void) @@ -275,8 +275,7 @@ const char *RAND_file_name(char *buf, si
#include OPENSSL_UNISTD struct stat sb;
#include <sys/types.h> #endif
+#ifdef LIBC_ENABLE_SECURE - if (OPENSSL_issetugid() == 0)
+extern int __libc_enable_secure; - s=getenv("RANDFILE");
+#endif + s=__secure_getenv("RANDFILE");
+#ifdef PRCTL_DUMPABLE if (s != NULL && *s && strlen(s) + 1 < size)
+#include <sys/prctl.h> {
+#endif if (BUF_strlcpy(buf,s,size) >= size)
+ @@ -284,8 +283,7 @@ const char *RAND_file_name(char *buf, si
int OPENSSL_issetugid(void) }
{ else
+#ifdef LIBC_ENABLE_SECURE {
+ if (__libc_enable_secure) return 1; - if (OPENSSL_issetugid() == 0)
+#endif - s=getenv("HOME");
+#ifdef PRCTL_DUMPABLE + s=__secure_getenv("HOME");
+ /* 0 -> not dumpable, 2 -> dumpable by root only from #ifdef DEFAULT_HOME
+ * Linux kernel 2.6.13 - 2.6.17, so we require dumpable if (s == NULL)
+ * flag to be == 1 to accept non-secure mode. {
+ */
+ if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) != 1)
+ return 1;
+#endif
if (getuid() != geteuid()) return 1;
if (getgid() != getegid()) return 1;
return 0;
diff -up openssl-1.0.1c/crypto/x509/by_dir.c.secure-getenv openssl-1.0.1c/crypto/x509/by_dir.c diff -up openssl-1.0.1c/crypto/x509/by_dir.c.secure-getenv openssl-1.0.1c/crypto/x509/by_dir.c
--- openssl-1.0.1c/crypto/x509/by_dir.c.secure-getenv 2010-02-19 19:26:23.000000000 +0100 --- openssl-1.0.1c/crypto/x509/by_dir.c.secure-getenv 2010-02-19 19:26:23.000000000 +0100
+++ openssl-1.0.1c/crypto/x509/by_dir.c 2012-07-13 13:34:37.279433079 +0200 +++ openssl-1.0.1c/crypto/x509/by_dir.c 2012-07-13 22:14:42.707780256 +0200
@@ -135,7 +135,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, in @@ -135,7 +135,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
case X509_L_ADD_DIR: case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) if (argl == X509_FILETYPE_DEFAULT)
{ {
- dir=(char *)getenv(X509_get_default_cert_dir_env()); - dir=(char *)getenv(X509_get_default_cert_dir_env());
+ if (!OPENSSL_issetugid()) + dir=(char *)__secure_getenv(X509_get_default_cert_dir_env());
+ dir=(char *)getenv(X509_get_default_cert_dir_env());
if (dir) if (dir)
ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
else else
diff -up openssl-1.0.1c/crypto/x509/by_file.c.secure-getenv openssl-1.0.1c/crypto/x509/by_file.c diff -up openssl-1.0.1c/crypto/x509/by_file.c.secure-getenv openssl-1.0.1c/crypto/x509/by_file.c
--- openssl-1.0.1c/crypto/x509/by_file.c.secure-getenv 2012-07-13 13:34:37.187430942 +0200 --- openssl-1.0.1c/crypto/x509/by_file.c.secure-getenv 2012-07-13 13:38:36.260984458 +0200
+++ openssl-1.0.1c/crypto/x509/by_file.c 2012-07-13 13:34:37.279433079 +0200 +++ openssl-1.0.1c/crypto/x509/by_file.c 2012-07-13 22:15:23.320692338 +0200
@@ -93,14 +93,15 @@ static int by_file_ctrl(X509_LOOKUP *ctx @@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
char **ret)
{
int ok=0;
- char *file;
+ char *file = NULL;
switch (cmd)
{
case X509_L_FILE_LOAD: case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) if (argl == X509_FILETYPE_DEFAULT)
{ {
- file = (char *)getenv(X509_get_default_cert_file_env()); - file = (char *)getenv(X509_get_default_cert_file_env());
+ if (!OPENSSL_issetugid()) + file = (char *)__secure_getenv(X509_get_default_cert_file_env());
+ file = (char *)getenv(X509_get_default_cert_file_env());
if (file) if (file)
ok = (X509_load_cert_crl_file(ctx,file, ok = (X509_load_cert_crl_file(ctx,file,
X509_FILETYPE_PEM) != 0); X509_FILETYPE_PEM) != 0);
diff -up openssl-1.0.1c/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.1c/crypto/x509/x509_vfy.c diff -up openssl-1.0.1c/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.1c/crypto/x509/x509_vfy.c
--- openssl-1.0.1c/crypto/x509/x509_vfy.c.secure-getenv 2011-09-23 15:39:35.000000000 +0200 --- openssl-1.0.1c/crypto/x509/x509_vfy.c.secure-getenv 2011-09-23 15:39:35.000000000 +0200
+++ openssl-1.0.1c/crypto/x509/x509_vfy.c 2012-07-13 13:34:37.280433102 +0200 +++ openssl-1.0.1c/crypto/x509/x509_vfy.c 2012-07-13 22:14:13.937134124 +0200
@@ -456,7 +456,7 @@ static int check_chain_extensions(X509_S
int (*cb)(int xok,X509_STORE_CTX *xctx);
int proxy_path_length = 0;
int purpose;
- int allow_proxy_certs;
+ int allow_proxy_certs = 0;
cb=ctx->verify_cb;
/* must_be_ca can have 1 of 3 values:
@@ -481,7 +481,7 @@ static int check_chain_extensions(X509_S @@ -481,7 +481,7 @@ static int check_chain_extensions(X509_S
!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
/* A hack to keep people who don't want to modify their /* A hack to keep people who don't want to modify their
software happy */ software happy */
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) - if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+ if (!OPENSSL_issetugid() && getenv("OPENSSL_ALLOW_PROXY_CERTS")) + if (__secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
allow_proxy_certs = 1; allow_proxy_certs = 1;
purpose = ctx->param->purpose; purpose = ctx->param->purpose;
} }
diff -up openssl-1.0.1c/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.1c/engines/ccgost/gost_ctl.c diff -up openssl-1.0.1c/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.1c/engines/ccgost/gost_ctl.c
--- openssl-1.0.1c/engines/ccgost/gost_ctl.c.secure-getenv 2008-03-16 22:05:44.000000000 +0100 --- openssl-1.0.1c/engines/ccgost/gost_ctl.c.secure-getenv 2008-03-16 22:05:44.000000000 +0100
+++ openssl-1.0.1c/engines/ccgost/gost_ctl.c 2012-07-13 13:34:37.280433102 +0200 +++ openssl-1.0.1c/engines/ccgost/gost_ctl.c 2012-07-13 22:16:48.719610222 +0200
@@ -59,13 +59,14 @@ int gost_control_func(ENGINE *e,int cmd, @@ -65,7 +65,7 @@ const char *get_gost_engine_param(int pa
const char *get_gost_engine_param(int param)
{
- char *tmp;
+ char *tmp = NULL;
if (param <0 || param >GOST_PARAM_MAX) return NULL;
if (gost_params[param]!=NULL)
{ {
return gost_params[param]; return gost_params[param];
} }
- tmp = getenv(gost_envnames[param]); - tmp = getenv(gost_envnames[param]);
+ if (!OPENSSL_issetugid()) + tmp = __secure_getenv(gost_envnames[param]);
+ tmp = getenv(gost_envnames[param]);
if (tmp) if (tmp)
{ {
if (gost_params[param]) OPENSSL_free(gost_params[param]); if (gost_params[param]) OPENSSL_free(gost_params[param]);
@@ -77,9 +78,10 @@ const char *get_gost_engine_param(int pa @@ -79,7 +79,7 @@ int gost_set_default_param(int param, co
int gost_set_default_param(int param, const char *value)
{ {
- const char *tmp; const char *tmp;
+ const char *tmp = NULL;
if (param <0 || param >GOST_PARAM_MAX) return 0; if (param <0 || param >GOST_PARAM_MAX) return 0;
- tmp = getenv(gost_envnames[param]); - tmp = getenv(gost_envnames[param]);
+ if (!OPENSSL_issetugid()) + tmp = __secure_getenv(gost_envnames[param]);
+ tmp = getenv(gost_envnames[param]);
/* if there is value in the environment, use it, else -passed string * */ /* if there is value in the environment, use it, else -passed string * */
if (!tmp) tmp=value; if (!tmp) tmp=value;
if (gost_params[param]) OPENSSL_free(gost_params[param]); if (gost_params[param]) OPENSSL_free(gost_params[param]);

View File

@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implem
Name: openssl Name: openssl
Version: 1.0.1c Version: 1.0.1c
# Do not forget to bump SHLIB_VERSION on version upgrades # Do not forget to bump SHLIB_VERSION on version upgrades
Release: 4%{?dist} Release: 5%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -425,6 +425,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Fri Jul 13 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-5
- use __getenv_secure() instead of __libc_enable_secure
* Fri Jul 13 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-4 * Fri Jul 13 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-4
- do not move libcrypto to /lib - do not move libcrypto to /lib
- do not use environment variables if __libc_enable_secure is on - do not use environment variables if __libc_enable_secure is on