On Út, 2013-12-10 at 14:45 +0100, Dr. Stephen Henson wrote:
> On Mon, Dec 09, 2013, geoff_l...@mcafee.com wrote:
>
> > Shouldn't the code read:
> >
> > if (!FIPS_mode())
> > CRYPTO_w_[un]lock(CRYPTO_LOCK_RAND);
> >
> > Note the '!' operator.
> >
>
> Yes it should, sorry about that. Fixed now.
But given skipping the locking in the FIPS mode doesn't that mean that
the reseed operation is now not being protected under lock at all? The
FIPS DRBG does not lock before calling the add/reseed callbacks.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
