diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c

--- libgcrypt-1.7.3/src/visibility.c.fips-reqs	2016-03-23 12:59:34.000000000 +0100

+++ libgcrypt-1.7.3/src/visibility.c	2016-11-22 16:29:36.992042480 +0100

@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,

                  unsigned long iterations,

                  size_t keysize, void *keybuffer)

 {

+  if (!fips_is_operational ())

+    return gpg_error (fips_not_operational ());

   return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,

                                       salt, saltlen, iterations,

                                       keysize, keybuffer));

@@ -1343,6 +1345,13 @@ void

 gcry_mpi_randomize (gcry_mpi_t w,

                     unsigned int nbits, enum gcry_random_level level)

 {

+  if (!fips_is_operational ())

+    {

+      (void)fips_not_operational ();

+      fips_signal_fatal_error ("called in non-operational state");

+      fips_noreturn ();

+    }

+

   _gcry_mpi_randomize (w, nbits, level);

 }

@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,

                      gcry_random_level_t random_level,

                      unsigned int flags)

 {

+  if (!fips_is_operational ())

+    return gpg_error (fips_not_operational ());

   return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,

                                           factors, cb_func, cb_arg,

                                           random_level, flags));