diff -up openssl-1.1.1/crypto/fips/fips.c.fips-post-rand openssl-1.1.1/crypto/fips/fips.c

--- openssl-1.1.1/crypto/fips/fips.c.fips-post-rand	2018-10-12 17:40:50.631506976 +0200

+++ openssl-1.1.1/crypto/fips/fips.c	2018-11-08 17:49:08.091064655 +0100

@@ -68,6 +68,7 @@

 # include <openssl/fips.h>

 # include "internal/thread_once.h"

+# include "internal/rand_int.h"

 # ifndef PATH_MAX

 #  define PATH_MAX 1024

@@ -76,6 +77,7 @@

 static int fips_selftest_fail = 0;

 static int fips_mode = 0;

 static int fips_started = 0;

+static int fips_post = 0;

 static int fips_is_owning_thread(void);

 static int fips_set_owning_thread(void);

@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)

     fips_selftest_fail = 1;

 }

+int fips_in_post(void)

+{

+    return fips_post;

+}

+

 /* we implement what libfipscheck does ourselves */

 static int

@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)

         }

 # endif

+        fips_post = 1;

+

         if (!FIPS_selftest()) {

             fips_selftest_fail = 1;

             ret = 0;

@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)

             goto end;

         }

+        fips_post = 0;

+

         fips_set_mode(onoff);

+        /* force RNG reseed with entropy from getrandom() on next call */

+        rand_fork();

+

         ret = 1;

         goto end;

     }

diff -up openssl-1.1.1/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1/crypto/include/internal/fips_int.h

--- openssl-1.1.1/crypto/include/internal/fips_int.h.fips-post-rand	2018-11-08 17:32:50.806526458 +0100

+++ openssl-1.1.1/crypto/include/internal/fips_int.h	2018-11-08 17:32:20.533828167 +0100

@@ -76,6 +76,8 @@ int FIPS_selftest_hmac(void);

 int FIPS_selftest_drbg(void);

 int FIPS_selftest_cmac(void);

+int fips_in_post(void);

+

 int fips_pkey_signature_test(EVP_PKEY *pkey,

                                  const unsigned char *tbs, int tbslen,

                                  const unsigned char *kat,

diff -up openssl-1.1.1/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1/crypto/rand/rand_unix.c

--- openssl-1.1.1/crypto/rand/rand_unix.c.fips-post-rand	2018-09-11 14:48:21.000000000 +0200

+++ openssl-1.1.1/crypto/rand/rand_unix.c	2018-11-09 14:03:48.504301170 +0100

@@ -16,10 +16,12 @@

 #include <openssl/rand.h>

 #include "rand_lcl.h"

 #include "internal/rand_int.h"

+#include "internal/fips_int.h"

 #include <stdio.h>

 #include "internal/dso.h"

 #if defined(__linux)

 # include <sys/syscall.h>

+# include <sys/random.h>

 #endif

 #if defined(__FreeBSD__)

 # include <sys/types.h>

@@ -86,7 +88,7 @@ static uint64_t get_timer_bits(void);

     || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \

     || defined(OPENSSL_SYS_UEFI))

-static ssize_t syscall_random(void *buf, size_t buflen);

+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock);

 # if defined(OPENSSL_SYS_VOS)

@@ -248,7 +250,7 @@ static ssize_t sysctl_random(char *buf,

  * syscall_random(): Try to get random data using a system call

  * returns the number of bytes returned in buf, or < 0 on error.

  */

-static ssize_t syscall_random(void *buf, size_t buflen)

+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)

 {

     /*

      * Note: 'buflen' equals the size of the buffer which is used by the

@@ -270,6 +272,7 @@ static ssize_t syscall_random(void *buf,

      * - Linux since 3.17 with glibc 2.25

      * - FreeBSD since 12.0 (1200061)

      */

+#  if 0

 #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)

     extern int getentropy(void *buffer, size_t length) __attribute__((weak));

@@ -291,10 +294,10 @@ static ssize_t syscall_random(void *buf,

     if (p_getentropy.p != NULL)

         return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;

 #  endif

-

+#  endif

     /* Linux supports this since version 3.17 */

 #  if defined(__linux) && defined(SYS_getrandom)

-    return syscall(SYS_getrandom, buf, buflen, 0);

+    return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);

 #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)

     return sysctl_random(buf, buflen);

 #  else

@@ -456,8 +459,10 @@ size_t rand_pool_acquire_entropy(RAND_PO

     size_t bytes_needed;

     size_t entropy_available = 0;

     unsigned char *buffer;

-

 #   ifdef OPENSSL_RAND_SEED_GETRANDOM

+    int in_post;

+

+    for (in_post = fips_in_post(); in_post >= 0; --in_post) {

     {

         ssize_t bytes;

         /* Maximum allowed number of consecutive unsuccessful attempts */

@@ -466,7 +471,7 @@ size_t rand_pool_acquire_entropy(RAND_PO

         bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);

         while (bytes_needed != 0 && attempts-- > 0) {

             buffer = rand_pool_add_begin(pool, bytes_needed);

-            bytes = syscall_random(buffer, bytes_needed);

+            bytes = syscall_random(buffer, bytes_needed, in_post);

             if (bytes > 0) {

                 rand_pool_add_end(pool, bytes, 8 * bytes);

                 bytes_needed -= bytes;

@@ -498,8 +503,10 @@ size_t rand_pool_acquire_entropy(RAND_PO

             int attempts = 3;

             const int fd = get_random_device(i);

-            if (fd == -1)

+            if (fd == -1) {

+                OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);

                 continue;

+            }

             while (bytes_needed != 0 && attempts-- > 0) {

                 buffer = rand_pool_add_begin(pool, bytes_needed);

@@ -559,7 +566,9 @@ size_t rand_pool_acquire_entropy(RAND_PO

         }

     }

 #   endif

-

+#   ifdef OPENSSL_RAND_SEED_GETRANDOM

+    }

+#   endif

     return rand_pool_entropy_available(pool);

 #  endif

 }