1 files changed, 21 insertions, 6 deletions
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index fcdd3f2a84..aee1c30b0a 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -123,10 +123,10 @@
 #include "e_os.h"
+#include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include "rand_lcl.h"
-#include <openssl/crypto.h>
 #include <openssl/err.h>
 #ifdef BN_DEBUG
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
        EVP_MD_CTX m;
        int do_not_lock;
+        if (!num)
+                return;
        /*
         * (Based on the rand(3) manpage)
         *
@@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
         * are fed into the hash function and the results are kept in the
         * global 'md'.
         */
+#ifdef OPENSSL_FIPS
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        /* NB: in FIPS mode we are already under a lock */
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
        /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
        /* before unlocking, we must clear 'crypto_lock_rand' */
        crypto_lock_rand = 0;
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
        while (num > 0)
                {
@@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
        MD_Init(&m);
        MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
        MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
        MD_Update(&m,md,MD_DIGEST_LENGTH);
        MD_Final(&m,md);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
        EVP_MD_CTX_cleanup(&m);
        if (ok)

diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index fcdd3f2a84..aee1c30b0a 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c
@@ -123,10 +123,10 @@
123		123
124	#include "e_os.h"	124	#include "e_os.h"
125		125
		126	#include <openssl/crypto.h>
126	#include <openssl/rand.h>	127	#include <openssl/rand.h>
127	#include "rand_lcl.h"	128	#include "rand_lcl.h"
128		129
129	#include <openssl/crypto.h>
130	#include <openssl/err.h>	130	#include <openssl/err.h>
131		131
132	#ifdef BN_DEBUG	132	#ifdef BN_DEBUG
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
198	EVP_MD_CTX m;	198	EVP_MD_CTX m;
199	int do_not_lock;	199	int do_not_lock;
200		200
		201	if (!num)
		202	return;
		203
201	/*	204	/*
202	* (Based on the rand(3) manpage)	205	* (Based on the rand(3) manpage)
203	*	206	*
@@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
380	* are fed into the hash function and the results are kept in the	383	* are fed into the hash function and the results are kept in the
381	* global 'md'.	384	* global 'md'.
382	*/	385	*/
383		386	#ifdef OPENSSL_FIPS
384	CRYPTO_w_lock(CRYPTO_LOCK_RAND);	387	/* NB: in FIPS mode we are already under a lock */
		388	if (!FIPS_mode())
		389	#endif
		390	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
385		391
386	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */	392	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
387	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);	393	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
460		466
461	/* before unlocking, we must clear 'crypto_lock_rand' */	467	/* before unlocking, we must clear 'crypto_lock_rand' */
462	crypto_lock_rand = 0;	468	crypto_lock_rand = 0;
463	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);	469	#ifdef OPENSSL_FIPS
		470	if (!FIPS_mode())
		471	#endif
		472	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
464		473
465	while (num > 0)	474	while (num > 0)
466	{	475	{
@@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
512	MD_Init(&m);	521	MD_Init(&m);
513	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));	522	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
514	MD_Update(&m,local_md,MD_DIGEST_LENGTH);	523	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
515	CRYPTO_w_lock(CRYPTO_LOCK_RAND);	524	#ifdef OPENSSL_FIPS
		525	if (!FIPS_mode())
		526	#endif
		527	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
516	MD_Update(&m,md,MD_DIGEST_LENGTH);	528	MD_Update(&m,md,MD_DIGEST_LENGTH);
517	MD_Final(&m,md);	529	MD_Final(&m,md);
518	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);	530	#ifdef OPENSSL_FIPS
		531	if (!FIPS_mode())
		532	#endif
		533	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
519		534
520	EVP_MD_CTX_cleanup(&m);	535	EVP_MD_CTX_cleanup(&m);
521	if (ok)	536	if (ok)