Use RAND_status to determine PRNG state

CHANGES

@@ -58,6 +58,9 @@ porting:
 	Make Socat compatible with BoringSSL.
 	Thanks to Matt Braithwaite for providing a patch.
 
+	OpenSSL: Use RAND_status to determine PRNG state
+	Thanks to Adam Langley for providing a patch
+
 testing:
 	socks4echo.sh and socks4a-echo.sh hung with new bash with read -n
 

config.h.in

@@ -456,6 +456,9 @@
 /* Define if you have the OpenSSL RAND_egd function */
 #undef HAVE_RAND_egd
 
+/* Define if you have the OpenSSL RAND_status function */
+#undef HAVE_RAND_status
+
 /* Define if you have the OpenSSL DH_set0_pqg function */
 #undef HAVE_DH_set0_pqg
 

configure.in

@@ -1464,6 +1464,7 @@ AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHE
 AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS]))
 AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS]))
 AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS]))
+AC_CHECK_FUNC(RAND_status, AC_DEFINE(HAVE_RAND_status))
 
 AC_MSG_CHECKING(for type EC_KEY)
 AC_CACHE_VAL(sc_cv_type_EC_TYPE,

xio-openssl.c

@@ -1123,6 +1123,8 @@ static int openssl_SSL_ERROR_SSL(int level, const char *funcname) {
 	 (
 #if defined(OPENSSL_IS_BORINGSSL)
 	  0  /* BoringSSL's RNG always succeeds. */
+#elif defined(HAVE_RAND_status)
+	  ERR_GET_LIB(e) == ERR_LIB_RAND && RAND_status() != 1
 #else
 	  e == ((ERR_LIB_RAND<<24)|
 #if defined(RAND_F_RAND_BYTES)