Get FIPS checking logic right.

We need to lock when *not* in FIPS mode.

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 2dd22d2beba248e99940d3ea377741a9dd580ef2..dd291637275d3aeae7ec2b1de81af268aeb0edf3 100644 (file)
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -382,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
         */
 #ifdef OPENSSL_FIPS
        /* NB: in FIPS mode we are already under a lock */
-       if (FIPS_mode())
+       if (!FIPS_mode())
 #endif
                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
@@ -464,7 +464,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
        /* before unlocking, we must clear 'crypto_lock_rand' */
        crypto_lock_rand = 0;
 #ifdef OPENSSL_FIPS
-       if (FIPS_mode())
+       if (!FIPS_mode())
 #endif
                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
@@ -519,13 +519,13 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
        MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
        MD_Update(&m,local_md,MD_DIGEST_LENGTH);
 #ifdef OPENSSL_FIPS
-       if (FIPS_mode())
+       if (!FIPS_mode())
 #endif
                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
        MD_Update(&m,md,MD_DIGEST_LENGTH);
        MD_Final(&m,md);
 #ifdef OPENSSL_FIPS
-       if (FIPS_mode())
+       if (!FIPS_mode())
 #endif
                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);