1 files changed, 6 insertions, 1 deletions

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 36f4a8b4c3..ebf83b0322 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -117,6 +117,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include <openssl/fips.h>
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -534,7 +535,8 @@ static int ssl3_client_hello(SSL *s)
                 p=s->s3->client_random;
                 Time=time(NULL);                        /* Time */
                 l2n(Time,p);
-                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+                if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+                    goto err;
 
                 /* Do the message type and length last */
                 d=p= &(buf[4]);
@@ -1160,11 +1162,14 @@ static int ssl3_get_key_exchange(SSL *s)
                         q=md_buf;
                         for (num=2; num > 0; num--)
                                 {
+                                EVP_MD_CTX_set_flags(&md_ctx,
+                                        EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                 EVP_DigestInit_ex(&md_ctx,(num == 2)
                                         ?s->ctx->md5:s->ctx->sha1, NULL);
                                 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                                 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                                 EVP_DigestUpdate(&md_ctx,param,param_len);
+                                
                                 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
                                 q+=i;
                                 j+=i;