Small bug fixes.

Move the declaration of FIPS_allow_md5() from fips_locl.h to fips.h.
Consequently, util/mkdef.pl doesn't need to look at fips_locl.h any
more.

apps/openssl.c

@@ -233,11 +233,21 @@ int main(int Argc, char *Argv[])
 	arg.count=0;
 
 #ifdef OPENSSL_FIPS
-	if(getenv("OPENSSL_FIPS") && !FIPS_mode_set(1,Argv[0]))
-		{
+	if(getenv("OPENSSL_FIPS")) {
+#if defined(_WIN32)
+		char filename[MAX_PATH] = "";
+		GetModuleFileName( NULL, filename, MAX_PATH) ;
+		p = filename;
+#else
+		p = Argv[0];
+#endif
+		if (!FIPS_mode_set(1,p)) {
 		ERR_load_crypto_strings();
 		ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 		exit(1);
+			}
+		if (getenv("OPENSSL_FIPS_MD5"))
+			FIPS_allow_md5(1);
 		}
 #endif
 	if (bio_err == NULL)

fips/fips.c

@@ -111,7 +111,7 @@ static int FIPS_check_exe(const char *path)
     f=fopen(p2,"rb");
     if(!f || fread(buf,1,20,f) != 20)
 	{
-	fclose(f);
+	if (f) fclose(f);
 	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
 	return 0;
 	}

fips/fips.h

@@ -64,6 +64,7 @@ extern void *FIPS_rand_check;
 struct dsa_st;
 
 int FIPS_mode_set(int onoff,const char *path);
+void FIPS_allow_md5(int onoff);
 int FIPS_dsa_check(struct dsa_st *dsa);
 void FIPS_corrupt_sha1(void);
 int FIPS_selftest_sha1(void);

fips/fips_locl.h

@@ -54,7 +54,6 @@ extern "C" {
 #endif
 
 /* FIPS 140 allows MD5 to be used during certain parts of TLS */
-void FIPS_allow_md5(int onoff);
 extern int FIPS_md5_allowed;
 
 #ifdef  __cplusplus

util/mkdef.pl

@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
 $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
 $crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/tmdiff.h";
-$crypto.=" fips/fips.h fips/fips_locl.h fips/rand/fips_rand.h";
+$crypto.=" fips/fips.h fips/rand/fips_rand.h";
 
 my $symhacks="crypto/symhacks.h";