Check RAND_bytes() return value or use RAND_pseudo_bytes().
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 067216b..aaedf6a 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -224,7 +224,7 @@
 #endif
 
 		p=s->s3->client_random;
-		RAND_bytes(p,SSL3_RANDOM_SIZE);
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
 
 		/* Do the message type and length last */
 		d= &(buf[2]);
@@ -285,7 +285,7 @@
 			i=ch_len;
 		s2n(i,d);
 		memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-		RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+		RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 		memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 		p+=i;
 
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index f05b76a..f813c50 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -515,7 +515,7 @@
 		s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
 		s2n(SSL2_CHALLENGE_LENGTH,p);		/* challenge length */
 		/*challenge id data*/
-		RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+		RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
 		memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
 		d+=SSL2_CHALLENGE_LENGTH;
 
@@ -557,12 +557,19 @@
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
-		if (i > 0) RAND_bytes(sess->key_arg,i);
+		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
 		i=EVP_CIPHER_key_length(c);
 		sess->master_key_length=i;
-		if (i > 0) RAND_bytes(sess->master_key,i);
+		if (i > 0)
+			{
+			if (RAND_bytes(sess->master_key,i) <= 0)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				goto err;
+				}
+			}
 
 		if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
 			enc=8;
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 811daa2..af300ba 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -415,7 +415,7 @@
 			i=ek;
 		else
 			i=EVP_CIPHER_key_length(c);
-		RAND_bytes(p,i);
+		RAND_pseudo_bytes(p,i);
 		}
 #else
 	if (i < 0)
@@ -680,7 +680,7 @@
 		/* make and send conn_id */
 		s2n(SSL2_CONNECTION_ID_LENGTH,p);	/* add conn_id length */
 		s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
-		RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+		RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
 		memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
 		d+=SSL2_CONNECTION_ID_LENGTH;
 
@@ -798,7 +798,7 @@
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
 		*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
-		RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+		RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 		memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
 		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 9d85ba4..cec0e3b 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -466,7 +466,7 @@
 		p=s->s3->client_random;
 		Time=time(NULL);			/* Time */
 		l2n(Time,p);
-		RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
 
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
@@ -1341,7 +1341,8 @@
 				
 			tmp_buf[0]=s->client_version>>8;
 			tmp_buf[1]=s->client_version&0xff;
-			RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+			if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
+					goto err;
 
 			s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
 
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index c6cc4f7..fd20f80 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -816,7 +816,7 @@
 		p=s->s3->server_random;
 		Time=time(NULL);			/* Time */
 		l2n(Time,p);
-		RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
 
@@ -1292,7 +1292,7 @@
 				{
 				p[0]=(s->version>>8);
 				p[1]=(s->version & 0xff);
-				RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+				RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
 				i=SSL_MAX_MASTER_KEY_LENGTH;
 				}
 			/* else, an SSLeay bug, ssl only server, tls client */
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index d675580..0573f2c 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -184,7 +184,7 @@
 			{
 			SSL_SESSION *r;
 
-			RAND_bytes(ss->session_id,ss->session_id_length);
+			RAND_pseudo_bytes(ss->session_id,ss->session_id_length);
 			CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
 			r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
 				(char *)ss);