From d2fca2c59ad28832ccdaff1ea6ebe292e628fe59 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Tue, 20 Apr 2004 10:26:13 +0000
Subject: [PATCH] Small bug fixes. Move the declaration of FIPS_allow_md5()
 from fips_locl.h to fips.h. Consequently, util/mkdef.pl doesn't need to look
 at fips_locl.h any more.

---
 apps/openssl.c   | 14 ++++++++++++--
 fips/fips.c      |  2 +-
 fips/fips.h      |  1 +
 fips/fips_locl.h |  1 -
 util/mkdef.pl    |  2 +-
 5 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/apps/openssl.c b/apps/openssl.c
index 697748c16c..c31a04bb6b 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -233,11 +233,21 @@ int main(int Argc, char *Argv[])
 	arg.count=0;
 
 #ifdef OPENSSL_FIPS
-	if(getenv("OPENSSL_FIPS") && !FIPS_mode_set(1,Argv[0]))
-		{
+	if(getenv("OPENSSL_FIPS")) {
+#if defined(_WIN32)
+		char filename[MAX_PATH] = "";
+		GetModuleFileName( NULL, filename, MAX_PATH) ;
+		p = filename;
+#else
+		p = Argv[0];
+#endif
+		if (!FIPS_mode_set(1,p)) {
 		ERR_load_crypto_strings();
 		ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 		exit(1);
+			}
+		if (getenv("OPENSSL_FIPS_MD5"))
+			FIPS_allow_md5(1);
 		}
 #endif
 	if (bio_err == NULL)
diff --git a/fips/fips.c b/fips/fips.c
index 30bb5fba48..912bb9d1f7 100644
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -111,7 +111,7 @@ static int FIPS_check_exe(const char *path)
     f=fopen(p2,"rb");
     if(!f || fread(buf,1,20,f) != 20)
 	{
-	fclose(f);
+	if (f) fclose(f);
 	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
 	return 0;
 	}
diff --git a/fips/fips.h b/fips/fips.h
index c7f9c5c6dc..e169ebf43e 100644
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -64,6 +64,7 @@ extern void *FIPS_rand_check;
 struct dsa_st;
 
 int FIPS_mode_set(int onoff,const char *path);
+void FIPS_allow_md5(int onoff);
 int FIPS_dsa_check(struct dsa_st *dsa);
 void FIPS_corrupt_sha1(void);
 int FIPS_selftest_sha1(void);
diff --git a/fips/fips_locl.h b/fips/fips_locl.h
index 0b3fecb39d..501fc756f3 100644
--- a/fips/fips_locl.h
+++ b/fips/fips_locl.h
@@ -54,7 +54,6 @@ extern "C" {
 #endif
 
 /* FIPS 140 allows MD5 to be used during certain parts of TLS */
-void FIPS_allow_md5(int onoff);
 extern int FIPS_md5_allowed;
 
 #ifdef  __cplusplus
diff --git a/util/mkdef.pl b/util/mkdef.pl
index c4cdce6c56..443d74d448 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
 $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
 $crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/tmdiff.h";
-$crypto.=" fips/fips.h fips/fips_locl.h fips/rand/fips_rand.h";
+$crypto.=" fips/fips.h fips/rand/fips_rand.h";
 
 my $symhacks="crypto/symhacks.h";