From f27a152f69e205ddb7fe3b2f87cf6aca9bbd3b03 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 17 May 2004 04:30:06 +0000 Subject: [PATCH] Make sure the applications know when we are running in FIPS mode. We can't use the variable in libcrypto, since it's supposedly unknown. Note: currently only supported in MONOLITH mode. --- apps/apps.h | 3 +++ apps/openssl.c | 14 +++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index f3f8882b29..4320410dad 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -148,9 +148,11 @@ int WIN32_rename(char *oldname,char *newname); #ifndef NON_MAIN CONF *config=NULL; BIO *bio_err=NULL; +int in_FIPS_mode=0; #else extern CONF *config; extern BIO *bio_err; +extern int in_FIPS_mode; #endif #else @@ -159,6 +161,7 @@ extern BIO *bio_err; extern CONF *config; extern char *default_config_file; extern BIO *bio_err; +extern int in_FIPS_mode; #endif diff --git a/apps/openssl.c b/apps/openssl.c index c31a04bb6b..9a9ef91653 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -148,6 +148,7 @@ char *default_config_file=NULL; #ifdef MONOLITH CONF *config=NULL; BIO *bio_err=NULL; +int in_FIPS_mode=0; #endif @@ -228,10 +229,12 @@ int main(int Argc, char *Argv[]) char **argv,*p; LHASH *prog=NULL; long errline; - + arg.data=NULL; arg.count=0; + in_FIPS_mode = 0; + #ifdef OPENSSL_FIPS if(getenv("OPENSSL_FIPS")) { #if defined(_WIN32) @@ -242,10 +245,11 @@ int main(int Argc, char *Argv[]) p = Argv[0]; #endif if (!FIPS_mode_set(1,p)) { - ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); - exit(1); - } + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + exit(1); + } + in_FIPS_mode = 1; if (getenv("OPENSSL_FIPS_MD5")) FIPS_allow_md5(1); } -- 2.25.1