1 files changed, 17 insertions, 1 deletions
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 513e338985..a21bde79de 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -63,6 +63,8 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -102,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
                        funct_ref = e;
                else
 #endif
-                        default_RAND_meth = RAND_SSLeay();
+#ifdef OPENSSL_FIPS
+                        if(FIPS_mode())
+                                default_RAND_meth=FIPS_rand_method();
+                        else
+#endif
+                                default_RAND_meth = RAND_SSLeay();
                }
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode()
+                && default_RAND_meth != FIPS_rand_check())
+            {
+            RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+            return 0;
+            }
+#endif
        return default_RAND_meth;
        }

diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 513e338985..a21bde79de 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -63,6 +63,8 @@
63	#ifndef OPENSSL_NO_ENGINE	63	#ifndef OPENSSL_NO_ENGINE
64	#include <openssl/engine.h>	64	#include <openssl/engine.h>
65	#endif	65	#endif
		66	#include <openssl/fips.h>
		67	#include <openssl/fips_rand.h>
66		68
67	#ifndef OPENSSL_NO_ENGINE	69	#ifndef OPENSSL_NO_ENGINE
68	/* non-NULL if default_RAND_meth is ENGINE-provided */	70	/* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -102,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
102	funct_ref = e;	104	funct_ref = e;
103	else	105	else
104	#endif	106	#endif
105	default_RAND_meth = RAND_SSLeay();	107	#ifdef OPENSSL_FIPS
		108	if(FIPS_mode())
		109	default_RAND_meth=FIPS_rand_method();
		110	else
		111	#endif
		112	default_RAND_meth = RAND_SSLeay();
106	}	113	}
		114
		115	#ifdef OPENSSL_FIPS
		116	if(FIPS_mode()
		117	&& default_RAND_meth != FIPS_rand_check())
		118	{
		119	RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
		120	return 0;
		121	}
		122	#endif
107	return default_RAND_meth;	123	return default_RAND_meth;
108	}	124	}
109		125