Move the declaration of FIPS_allow_md5() from fips_locl.h to fips.h.
Consequently, util/mkdef.pl doesn't need to look at fips_locl.h any
more.
arg.count=0;
#ifdef OPENSSL_FIPS
- if(getenv("OPENSSL_FIPS") && !FIPS_mode_set(1,Argv[0]))
- {
+ if(getenv("OPENSSL_FIPS")) {
+#if defined(_WIN32)
+ char filename[MAX_PATH] = "";
+ GetModuleFileName( NULL, filename, MAX_PATH) ;
+ p = filename;
+#else
+ p = Argv[0];
+#endif
+ if (!FIPS_mode_set(1,p)) {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
exit(1);
+ }
+ if (getenv("OPENSSL_FIPS_MD5"))
+ FIPS_allow_md5(1);
}
#endif
if (bio_err == NULL)
f=fopen(p2,"rb");
if(!f || fread(buf,1,20,f) != 20)
{
- fclose(f);
+ if (f) fclose(f);
FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
return 0;
}
struct dsa_st;
int FIPS_mode_set(int onoff,const char *path);
+void FIPS_allow_md5(int onoff);
int FIPS_dsa_check(struct dsa_st *dsa);
void FIPS_corrupt_sha1(void);
int FIPS_selftest_sha1(void);
#endif
/* FIPS 140 allows MD5 to be used during certain parts of TLS */
-void FIPS_allow_md5(int onoff);
extern int FIPS_md5_allowed;
#ifdef __cplusplus
$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
$crypto.=" crypto/krb5/krb5_asn.h";
$crypto.=" crypto/tmdiff.h";
-$crypto.=" fips/fips.h fips/fips_locl.h fips/rand/fips_rand.h";
+$crypto.=" fips/fips.h fips/rand/fips_rand.h";
my $symhacks="crypto/symhacks.h";
projects / oweals / openssl.git / commitdiff