After the fix of insecure number generation here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8867
This function as well as the text here needs an update. I believe this function is safe to use in FIPS compliant apps as well as it now used RAND_bytes instead of the insecure RAND_pseudo_bytes().