Make sure the applications know when we are running in FIPS mode. We

can't use the variable in libcrypto, since it's supposedly unknown.

Note: currently only supported in MONOLITH mode.

apps/apps.h

@@ -148,9 +148,11 @@ int WIN32_rename(char *oldname,char *newname);
 #ifndef NON_MAIN
 CONF *config=NULL;
 BIO *bio_err=NULL;
+int in_FIPS_mode=0;
 #else
 extern CONF *config;
 extern BIO *bio_err;
+extern int in_FIPS_mode;
 #endif
 
 #else
@@ -159,6 +161,7 @@ extern BIO *bio_err;
 extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
+extern int in_FIPS_mode;
 
 #endif
 

apps/openssl.c

@@ -148,6 +148,7 @@ char *default_config_file=NULL;
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
+int in_FIPS_mode=0;
 #endif
 
 
@@ -228,10 +229,12 @@ int main(int Argc, char *Argv[])
 	char **argv,*p;
 	LHASH *prog=NULL;
 	long errline;
- 
+
 	arg.data=NULL;
 	arg.count=0;
 
+	in_FIPS_mode = 0;
+
 #ifdef OPENSSL_FIPS
 	if(getenv("OPENSSL_FIPS")) {
 #if defined(_WIN32)
@@ -242,10 +245,11 @@ int main(int Argc, char *Argv[])
 		p = Argv[0];
 #endif
 		if (!FIPS_mode_set(1,p)) {
-		ERR_load_crypto_strings();
-		ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-		exit(1);
-			}
+			ERR_load_crypto_strings();
+			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+			exit(1);
+		}
+		in_FIPS_mode = 1;
 		if (getenv("OPENSSL_FIPS_MD5"))
 			FIPS_allow_md5(1);
 		}