From a95585a25ab25668b931a78b7543f707a3354db8 Mon Sep 17 00:00:00 2001
From: djm <>
Date: Fri, 29 Apr 2005 05:37:34 +0000
Subject: import of openssl-0.9.7g; tested on platforms from alpha to zaurus,
 ok deraadt@

---
 src/lib/libcrypto/rand/rand_lib.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/lib/libcrypto/rand/rand_lib.c')

diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 513e338985..88f1b56d91 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -63,6 +63,8 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
 
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -85,6 +87,16 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
 
 const RAND_METHOD *RAND_get_rand_method(void)
 	{
+#ifdef OPENSSL_FIPS
+	if(FIPS_mode()
+		&& default_RAND_meth != FIPS_rand_check())
+	    {
+	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+	    return 0;
+	    }
+#endif
+
+
 	if (!default_RAND_meth)
 		{
 #ifndef OPENSSL_NO_ENGINE
-- 
cgit v1.2.3-55-g6feb