--- crypto/rand/md_rand.c	2013-02-11 07:26:04.000000000 -0800
+++ crypto/rand/md_rand.c.fix	2013-11-04 22:19:39.000000000 -0800
@@ -136,22 +136,22 @@
 /* #define PREDICT	1 */
 
 #define STATE_SIZE	1023
-static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
-static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2]={0,0};
-static double entropy=0;
-static int initialized=0;
+static TMM_OPENSSL_THREAD int state_num=0,state_index=0;
+static TMM_OPENSSL_THREAD unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
+static TMM_OPENSSL_THREAD unsigned char md[MD_DIGEST_LENGTH];
+static TMM_OPENSSL_THREAD long md_count[2]={0,0};
+static TMM_OPENSSL_THREAD double entropy=0;
+static TMM_OPENSSL_THREAD int initialized=0;
 
-static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+static TMM_OPENSSL_THREAD unsigned int crypto_lock_rand = 0; /* may be set only when a thread
                                            * holds CRYPTO_LOCK_RAND
                                            * (to prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
+static TMM_OPENSSL_THREAD CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
 
 
 #ifdef PREDICT
-int rand_predictable=0;
+int TMM_OPENSSL_THREAD rand_predictable=0;
 #endif
 
 const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
@@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_status(void);
 
-RAND_METHOD rand_ssleay_meth={
+TMM_OPENSSL_THREAD RAND_METHOD rand_ssleay_meth={
 	ssleay_rand_seed,
 	ssleay_rand_nopseudo_bytes,
 	ssleay_rand_cleanup,
@@ -265,7 +265,11 @@ static void ssleay_rand_add(const void *
 		j=(num-i);
 		j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
 
-		MD_Init(&m);
+		if (!MD_Init(&m))
+                    {
+	            EVP_MD_CTX_cleanup(&m);
+                    return 0;
+                    }
 		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
 		k=(st_idx+j)-STATE_SIZE;
 		if (k > 0)
@@ -333,7 +337,7 @@ static void ssleay_rand_seed(const void 
 
 static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	{
-	static volatile int stirred_pool = 0;
+	static TMM_OPENSSL_THREAD volatile int stirred_pool = 0;
 	int i,j,k,st_num,st_idx;
 	int num_ceil;
 	int ok;
@@ -389,7 +393,10 @@ static int ssleay_rand_bytes(unsigned ch
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
 	crypto_lock_rand = 1;
 
-	if (!initialized)
+	/* always poll for external entropy in FIPS mode, drbg provides the 
+	 * expansion
+	 */
+	if (!initialized || FIPS_module_mode()) 
 		{
 		RAND_poll();
 		initialized = 1;
@@ -467,7 +474,11 @@ static int ssleay_rand_bytes(unsigned ch
 		/* num_ceil -= MD_DIGEST_LENGTH/2 */
 		j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
 		num-=j;
-		MD_Init(&m);
+		if (!MD_Init(&m))
+                    {
+	            EVP_MD_CTX_cleanup(&m);
+                    return 0;
+                    }
 #ifndef GETPID_IS_MEANINGLESS
 		if (curr_pid) /* just in the first iteration to save time */
 			{
@@ -509,7 +520,11 @@ static int ssleay_rand_bytes(unsigned ch
 			}
 		}
 
-	MD_Init(&m);
+        if (!MD_Init(&m))
+            {
+	    EVP_MD_CTX_cleanup(&m);
+            return 0;
+            }
 	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
 	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);