Make sure the applications know when we are running in FIPS mode. We

can't use the variable in libcrypto, since it's supposedly unknown.

Note: currently only supported in MONOLITH mode.

diff --git a/apps/apps.h b/apps/apps.h
index f3f8882b296b9c3d9d8a99f50bdf15640f904d48..4320410dad372ec371611cbdd8cf8c99020398f0 100644 (file)
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -148,9 +148,11 @@ int WIN32_rename(char *oldname,char *newname);
 #ifndef NON_MAIN
 CONF *config=NULL;
 BIO *bio_err=NULL;
+int in_FIPS_mode=0;
 #else
 extern CONF *config;
 extern BIO *bio_err;
+extern int in_FIPS_mode;
 #endif
 
 #else
@@ -159,6 +161,7 @@ extern BIO *bio_err;
 extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
+extern int in_FIPS_mode;
 
 #endif
 

diff --git a/apps/openssl.c b/apps/openssl.c
index c31a04bb6babaf28dccd648c9ebd5fcdce874e97..9a9ef916531e0213358ba1067db8160bdb7e000c 100644 (file)
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -148,6 +148,7 @@ char *default_config_file=NULL;
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
+int in_FIPS_mode=0;
 #endif
 
 
@@ -228,10 +229,12 @@ int main(int Argc, char *Argv[])
        char **argv,*p;
        LHASH *prog=NULL;
        long errline;
- 
+
        arg.data=NULL;
        arg.count=0;
 
+       in_FIPS_mode = 0;
+
 #ifdef OPENSSL_FIPS
        if(getenv("OPENSSL_FIPS")) {
 #if defined(_WIN32)
@@ -242,10 +245,11 @@ int main(int Argc, char *Argv[])
                p = Argv[0];
 #endif
                if (!FIPS_mode_set(1,p)) {
-               ERR_load_crypto_strings();
-               ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-               exit(1);
-                       }
+                       ERR_load_crypto_strings();
+                       ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+                       exit(1);
+               }
+               in_FIPS_mode = 1;
                if (getenv("OPENSSL_FIPS_MD5"))
                        FIPS_allow_md5(1);
                }