diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-10 12:52:27 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-12-10 12:54:55 +0000 |
commit | f1068a1ab726f477ad57783d0d488d4d55f87ded (patch) | |
tree | af4140ab2b18f7063eb001f1aed3a40465112f35 /crypto | |
parent | cadde467a87ad85f2479b6a34992bb2341fddcb8 (diff) |
Get FIPS checking logic right.
We need to lock when *not* in FIPS mode.
(cherry picked from commit 57c4e42d7545b51cbc00015defc81db7236dc15f)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/rand/md_rand.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 2dd22d2beb..dd29163727 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -382,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) */ #ifdef OPENSSL_FIPS /* NB: in FIPS mode we are already under a lock */ - if (FIPS_mode()) + if (!FIPS_mode()) #endif CRYPTO_w_lock(CRYPTO_LOCK_RAND); @@ -464,7 +464,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) /* before unlocking, we must clear 'crypto_lock_rand' */ crypto_lock_rand = 0; #ifdef OPENSSL_FIPS - if (FIPS_mode()) + if (!FIPS_mode()) #endif CRYPTO_w_unlock(CRYPTO_LOCK_RAND); @@ -519,13 +519,13 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); MD_Update(&m,local_md,MD_DIGEST_LENGTH); #ifdef OPENSSL_FIPS - if (FIPS_mode()) + if (!FIPS_mode()) #endif CRYPTO_w_lock(CRYPTO_LOCK_RAND); MD_Update(&m,md,MD_DIGEST_LENGTH); MD_Final(&m,md); #ifdef OPENSSL_FIPS - if (FIPS_mode()) + if (!FIPS_mode()) #endif CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |