Use secure_getenv(3) when available.

Change all calls to getenv() inside libcrypto to use a new wrapper function that use secure_getenv() if available and an issetugid then getenv if not. CPU processor override flags are unchanged. Extra checks for OPENSSL_issetugid() have been removed in favour of the safe getenv. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7047)
author: Pauli <paul.dale@oracle.com> 2018-09-24 11:21:18 +1000
committer: Pauli <paul.dale@oracle.com> 2018-09-24 11:21:18 +1000
commit: 5c39a55d04ea6e6f734b627a050b9e702788d50d (patch)
tree: ca64965f2c41af4b4827847753aaf2883e1a840a /crypto/rand/randfile.c
parent: 0f58220973a02248ca5c69db59e615378467b9c8 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index c652ddcf1e..89720eb5cf 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -262,11 +262,9 @@ const char *RAND_file_name(char *buf, size_t size)
         }
     }
 #else
-    if (OPENSSL_issetugid() != 0) {
+    if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
         use_randfile = 0;
-    } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') {
-        use_randfile = 0;
-        s = getenv("HOME");
+        s = ossl_safe_getenv("HOME");
     }
 #endif
author	Pauli <paul.dale@oracle.com>	2018-09-24 11:21:18 +1000
committer	Pauli <paul.dale@oracle.com>	2018-09-24 11:21:18 +1000
commit	5c39a55d04ea6e6f734b627a050b9e702788d50d (patch)
tree	ca64965f2c41af4b4827847753aaf2883e1a840a /crypto/rand/randfile.c
parent	0f58220973a02248ca5c69db59e615378467b9c8 (diff)