Commit f1068a1a authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Get FIPS checking logic right. 

We need to lock when *not* in FIPS mode.
(cherry picked from commit 57c4e42d)
parent cadde467

crypto/rand/md_rand.c

+4 −4
Original line number Diff line number Diff line
@@ -382,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) 
	 */

#ifdef OPENSSL_FIPS

	/* NB: in FIPS mode we are already under a lock */

	if (FIPS_mode())

	if (!FIPS_mode())

#endif

		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
@@ -464,7 +464,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) 
	/* before unlocking, we must clear 'crypto_lock_rand' */

	crypto_lock_rand = 0;

#ifdef OPENSSL_FIPS

	if (FIPS_mode())

	if (!FIPS_mode())

#endif

		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
@@ -519,13 +519,13 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) 
	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));

	MD_Update(&m,local_md,MD_DIGEST_LENGTH);

#ifdef OPENSSL_FIPS

	if (FIPS_mode())

	if (!FIPS_mode())

#endif

		CRYPTO_w_lock(CRYPTO_LOCK_RAND);

	MD_Update(&m,md,MD_DIGEST_LENGTH);

	MD_Final(&m,md);

#ifdef OPENSSL_FIPS

	if (FIPS_mode())

	if (!FIPS_mode())

#endif

		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);