From: Richard Levitte <levitte@openssl.org>
Date: Mon, 17 May 2004 04:30:06 +0000 (+0000)
Subject: Make sure the applications know when we are running in FIPS mode.  We
X-Git-Tag: OpenSSL_0_9_7e~97
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f27a152f69e205ddb7fe3b2f87cf6aca9bbd3b03;p=oweals%2Fopenssl.git

Make sure the applications know when we are running in FIPS mode.  We
can't use the variable in libcrypto, since it's supposedly unknown.

Note: currently only supported in MONOLITH mode.
---

diff --git a/apps/apps.h b/apps/apps.h
index f3f8882b29..4320410dad 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -148,9 +148,11 @@ int WIN32_rename(char *oldname,char *newname);
 #ifndef NON_MAIN
 CONF *config=NULL;
 BIO *bio_err=NULL;
+int in_FIPS_mode=0;
 #else
 extern CONF *config;
 extern BIO *bio_err;
+extern int in_FIPS_mode;
 #endif
 
 #else
@@ -159,6 +161,7 @@ extern BIO *bio_err;
 extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
+extern int in_FIPS_mode;
 
 #endif
 
diff --git a/apps/openssl.c b/apps/openssl.c
index c31a04bb6b..9a9ef91653 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -148,6 +148,7 @@ char *default_config_file=NULL;
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
+int in_FIPS_mode=0;
 #endif
 
 
@@ -228,10 +229,12 @@ int main(int Argc, char *Argv[])
 	char **argv,*p;
 	LHASH *prog=NULL;
 	long errline;
- 
+
 	arg.data=NULL;
 	arg.count=0;
 
+	in_FIPS_mode = 0;
+
 #ifdef OPENSSL_FIPS
 	if(getenv("OPENSSL_FIPS")) {
 #if defined(_WIN32)
@@ -242,10 +245,11 @@ int main(int Argc, char *Argv[])
 		p = Argv[0];
 #endif
 		if (!FIPS_mode_set(1,p)) {
-		ERR_load_crypto_strings();
-		ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-		exit(1);
-			}
+			ERR_load_crypto_strings();
+			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+			exit(1);
+		}
+		in_FIPS_mode = 1;
 		if (getenv("OPENSSL_FIPS_MD5"))
 			FIPS_allow_md5(1);
 		}