Cygwin specific FIPS fix-ups.

fips/fingerprint.sha1

@@ -1,4 +1,4 @@
-HMAC-SHA1(fips.c)= cee3a7da1f236b11dd8b08b7fc96e505f7695460
+HMAC-SHA1(fips.c)= f764539b7d09141738d86c9e0442de990ab8ae3f
 HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898
 HMAC-SHA1(fips.h)= fbedad5dbd8986ddd521ea576bf2a20e6881540a
 HMAC-SHA1(fips_err.h)= 4a73f2a88e206f1f88edfd9b26609a0eed818491

fips/fips.c

@@ -126,8 +126,20 @@ static int FIPS_check_exe(const char *path)
     FILE *f;
     static char key[]="etaonrishdlcupfm";
     HMAC_CTX hmac;
+    const char *sha1_fmt="%s.sha1";
 
     f=fopen(path,"rb");
+#ifdef __CYGWIN32__
+    /* cygwin scrupulously strips .exe extentions:-( as of now it's
+       actually no point to attempt above fopen, but we keep the call
+       just in case the behavior changes in the future... */
+    if (!f)
+	{
+	sha1_fmt="%s.exe.sha1";
+	BIO_snprintf(p2,sizeof p2,"%s.exe",path);
+	f=fopen(p2,"rb");
+	}
+#endif
     if(!f)
 	{
 	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
@@ -148,7 +160,7 @@ static int FIPS_check_exe(const char *path)
 	}
     fclose(f);
     HMAC_Final(&hmac,mdbuf,&n);
-    BIO_snprintf(p2,sizeof p2,"%s.sha1",path);
+    BIO_snprintf(p2,sizeof p2,sha1_fmt,path);
     f=fopen(p2,"rb");
     if(!f || fread(buf,1,20,f) != 20)
 	{

fips/openssl_fips_fingerprint

@@ -11,7 +11,7 @@ exe=$2
 # case shared libraries are built.
 if [ "X$TOP" != "X" ]
 then
-    PATH=$TOP/apps:$PATH
+    PATH="$TOP/apps:$TOP:$PATH"
     LD_LIBRARY_PATH=$TOP; export LD_LIBRARY_PATH
 else
     LD_LIBRARY_PATH=.; export LD_LIBRARY_PATH
@@ -20,5 +20,7 @@ fi
 echo "Checking library fingerprint for $lib"
 openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }
 
+[ -x $exe.exe ] && exe=$exe.exe
+
 echo "Making fingerprint for $exe"
-openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.sha1
+openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.sha1 || rm $exe.sha1