diff -aur openssl-1.0.2h/crypto/o_init.c openssl-1.0.2h-1/crypto/o_init.c
--- openssl-1.0.2h/crypto/o_init.c	2016-05-03 06:44:42.000000000 -0700
+++ openssl-1.0.2h-1/crypto/o_init.c	2016-07-22 17:14:23.368059530 -0700
@@ -57,6 +57,7 @@
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
 # include <openssl/fips.h>
+# include <openssl/fips_rand.h>
 # include <openssl/rand.h>
 #endif
 
@@ -76,6 +77,14 @@
     FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
     FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
     RAND_init_fips();
+/*
+* Calling RAND_init_fips() followed by
+* RAND_set_rand_method(FIPS_rand_get_method()) will
+* cause OpenSSL to use the FIPS default DRBG
+* in lieu of the non-compliant OpenSSL default RAND. This 
+* requires FIPS-capable OpenSSL.
+*/
+    RAND_set_rand_method(FIPS_rand_get_method());
 #endif
 #if 0
     fprintf(stderr, "Called OPENSSL_init\n");