Dr. Henson,
I'm not understanding the code changes in your recent commit to the
OpenSSL_1_0_1-stable branch.
>From the associated commit comment: "To avoid multiple locks disable use of
>CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes."
But it looks as though the calls to "CRYPTO_w_[un]lock(CRYPTO_LOCK_RAND)" will
still happen when FIPS_mode() is true...
Shouldn't the code read:
if (!FIPS_mode())
CRYPTO_w_[un]lock(CRYPTO_LOCK_RAND);
Note the '!' operator.
Thanks,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
