Get FIPS checking logic right.

We need to lock when *not* in FIPS mode. (cherry picked from commit 57c4e42d7545b51cbc00015defc81db7236dc15f)
author: Dr. Stephen Henson <steve@openssl.org> 2013-12-10 12:52:27 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-12-10 12:54:55 +0000
commit: f1068a1ab726f477ad57783d0d488d4d55f87ded (patch)
tree: af4140ab2b18f7063eb001f1aed3a40465112f35
parent: cadde467a87ad85f2479b6a34992bb2341fddcb8 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 2dd22d2beb..dd29163727 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -382,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	 */
 #ifdef OPENSSL_FIPS
 	/* NB: in FIPS mode we are already under a lock */
-	if (FIPS_mode())
+	if (!FIPS_mode())
 #endif
 		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
@@ -464,7 +464,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	/* before unlocking, we must clear 'crypto_lock_rand' */
 	crypto_lock_rand = 0;
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode())
+	if (!FIPS_mode())
 #endif
 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
@@ -519,13 +519,13 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
 	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode())
+	if (!FIPS_mode())
 #endif
 		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
 	MD_Final(&m,md);
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode())
+	if (!FIPS_mode())
 #endif
 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
author	Dr. Stephen Henson <steve@openssl.org>	2013-12-10 12:52:27 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-12-10 12:54:55 +0000
commit	f1068a1ab726f477ad57783d0d488d4d55f87ded (patch)
tree	af4140ab2b18f7063eb001f1aed3a40465112f35
parent	cadde467a87ad85f2479b6a34992bb2341fddcb8 (diff)