From e8c18345a4ed5b547db1ffbe7d83b0a6212f157d Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Fri, 20 Apr 2012 12:24:39 +0200
Subject: [PATCH] new upstream version fixing CVE-2012-2110

---
 .gitignore                                    |   1 +
 openssl-1.0.1-backport.patch                  | 226 ------
 openssl-1.0.1-beta3-s390xbuild.patch          |  26 -
 ...doc.patch => openssl-1.0.1a-algo-doc.patch |  54 +-
 openssl-1.0.1a-backport.patch                 |  41 ++
 ...a3-fips.patch => openssl-1.0.1a-fips.patch | 682 +++++++++---------
 openssl.spec                                  |  16 +-
 sources                                       |   2 +-
 8 files changed, 403 insertions(+), 645 deletions(-)
 delete mode 100644 openssl-1.0.1-backport.patch
 delete mode 100644 openssl-1.0.1-beta3-s390xbuild.patch
 rename openssl-1.0.0-beta4-algo-doc.patch => openssl-1.0.1a-algo-doc.patch (52%)
 create mode 100644 openssl-1.0.1a-backport.patch
 rename openssl-1.0.1-beta3-fips.patch => openssl-1.0.1a-fips.patch (95%)

diff --git a/.gitignore b/.gitignore
index 2e5ab5d..9a30642 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-1.0.1-beta2-usa.tar.xz
 /openssl-1.0.1-beta3-usa.tar.xz
 /openssl-1.0.1-usa.tar.xz
+/openssl-1.0.1a-usa.tar.xz
diff --git a/openssl-1.0.1-backport.patch b/openssl-1.0.1-backport.patch
deleted file mode 100644
index baaf40f..0000000
--- a/openssl-1.0.1-backport.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-diff -up openssl-1.0.1/apps/s_client.c.backport openssl-1.0.1/apps/s_client.c
---- openssl-1.0.1/apps/s_client.c.backport	2012-03-14 21:15:04.736897459 +0100
-+++ openssl-1.0.1/apps/s_client.c	2012-04-05 19:48:40.469998965 +0200
-@@ -622,13 +622,7 @@ int MAIN(int argc, char **argv)
- 	SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
- #endif
- 
--#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- 	meth=SSLv23_client_method();
--#elif !defined(OPENSSL_NO_SSL3)
--	meth=SSLv3_client_method();
--#elif !defined(OPENSSL_NO_SSL2)
--	meth=SSLv2_client_method();
--#endif
- 
- 	apps_startup();
- 	c_Pause=0;
-diff -up openssl-1.0.1/apps/s_server.c.backport openssl-1.0.1/apps/s_server.c
---- openssl-1.0.1/apps/s_server.c.backport	2012-03-14 21:15:04.690896516 +0100
-+++ openssl-1.0.1/apps/s_server.c	2012-04-05 19:48:40.474999072 +0200
-@@ -969,17 +969,7 @@ int MAIN(int argc, char *argv[])
- 	char *srpuserseed = NULL;
- 	char *srp_verifier_file = NULL;
- #endif
--#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- 	meth=SSLv23_server_method();
--#elif !defined(OPENSSL_NO_SSL3)
--	meth=SSLv3_server_method();
--#elif !defined(OPENSSL_NO_SSL2)
--	meth=SSLv2_server_method();
--#elif !defined(OPENSSL_NO_TLS1)
--	meth=TLSv1_server_method();
--#else
--  /*  #error no SSL version enabled */
--#endif
- 
- 	local_argc=argc;
- 	local_argv=argv;
-diff -up openssl-1.0.1/crypto/aes/asm/aes-armv4.pl.backport openssl-1.0.1/crypto/aes/asm/aes-armv4.pl
---- openssl-1.0.1/crypto/aes/asm/aes-armv4.pl.backport	2012-03-14 21:15:04.777898297 +0100
-+++ openssl-1.0.1/crypto/aes/asm/aes-armv4.pl	2012-04-05 19:51:35.555528155 +0200
-@@ -408,6 +408,7 @@ _armv4_AES_encrypt:
- .type   private_AES_set_encrypt_key,%function
- .align	5
- private_AES_set_encrypt_key:
-+_armv4_AES_set_encrypt_key:
- 	sub	r3,pc,#8		@ AES_set_encrypt_key
- 	teq	r0,#0
- 	moveq	r0,#-1
-@@ -425,7 +426,7 @@ private_AES_set_encrypt_key:
- 	bne	.Labrt
- 
- .Lok:	stmdb   sp!,{r4-r12,lr}
--	sub	$tbl,r3,#private_AES_set_encrypt_key-AES_Te-1024	@ Te4
-+	sub	$tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
- 
- 	mov	$rounds,r0		@ inp
- 	mov	lr,r1			@ bits
-@@ -685,7 +686,7 @@ private_AES_set_encrypt_key:
- .align	5
- private_AES_set_decrypt_key:
- 	str	lr,[sp,#-4]!            @ push lr
--	bl	private_AES_set_encrypt_key
-+	bl	_armv4_AES_set_encrypt_key
- 	teq	r0,#0
- 	ldrne	lr,[sp],#4              @ pop lr
- 	bne	.Labrt
-diff -up openssl-1.0.1/crypto/aes/asm/aes-s390x.pl.backport openssl-1.0.1/crypto/aes/asm/aes-s390x.pl
---- openssl-1.0.1/crypto/aes/asm/aes-s390x.pl.backport	2012-03-14 21:15:04.782898400 +0100
-+++ openssl-1.0.1/crypto/aes/asm/aes-s390x.pl	2012-04-05 19:50:41.290593267 +0200
-@@ -783,6 +783,7 @@ $code.=<<___;
- .type	private_AES_set_encrypt_key,\@function
- .align	16
- private_AES_set_encrypt_key:
-+_s390x_AES_set_encrypt_key:
- 	lghi	$t0,0
- 	cl${g}r	$inp,$t0
- 	je	.Lminus1
-@@ -1068,7 +1069,7 @@ $code.=<<___;
- private_AES_set_decrypt_key:
- 	st${g}	$key,4*$SIZE_T($sp)	# I rely on AES_set_encrypt_key to
- 	st${g}	$ra,14*$SIZE_T($sp)	# save non-volatile registers!
--	bras	$ra,AES_set_encrypt_key
-+	bras	$ra,_s390x_AES_set_encrypt_key
- 	l${g}	$key,4*$SIZE_T($sp)
- 	l${g}	$ra,14*$SIZE_T($sp)
- 	ltgr	%r2,%r2
-diff -up openssl-1.0.1/crypto/aes/asm/vpaes-x86_64.pl.backport openssl-1.0.1/crypto/aes/asm/vpaes-x86_64.pl
---- openssl-1.0.1/crypto/aes/asm/vpaes-x86_64.pl.backport	2012-03-14 21:15:04.777898297 +0100
-+++ openssl-1.0.1/crypto/aes/asm/vpaes-x86_64.pl	2012-04-05 19:48:22.036603157 +0200
-@@ -263,7 +263,7 @@ _vpaes_decrypt_core:
- 	pshufb  %xmm2,  %xmm4	# 4 = sbou
- 	pxor	%xmm0,  %xmm4	# 4 = sb1u + k
- 	movdqa	0x70(%r10), %xmm0	# 0 : sbot
--	movdqa	.Lk_sr-.Lk_dsbd(%r11), %xmm2
-+	movdqa	-0x160(%r11), %xmm2	# .Lk_sr-.Lk_dsbd=-0x160
- 	pshufb  %xmm3,	%xmm0	# 0 = sb1t
- 	pxor	%xmm4,	%xmm0	# 0 = A
- 	pshufb	%xmm2,	%xmm0
-@@ -869,6 +869,8 @@ ${PREFIX}_cbc_encrypt:
- ___
- ($len,$key)=($key,$len);
- $code.=<<___;
-+	sub	\$16,$len
-+	jc	.Lcbc_abort
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -887,7 +889,6 @@ ___
- $code.=<<___;
- 	movdqu	($ivp),%xmm6		# load IV
- 	sub	$inp,$out
--	sub	\$16,$len
- 	call	_vpaes_preheat
- 	cmp	\$0,${enc}d
- 	je	.Lcbc_dec_loop
-@@ -932,6 +933,7 @@ $code.=<<___ if ($win64);
- .Lcbc_epilogue:
- ___
- $code.=<<___;
-+.Lcbc_abort:
- 	ret
- .size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
- ___
-diff -up openssl-1.0.1/crypto/aes/asm/vpaes-x86.pl.backport openssl-1.0.1/crypto/aes/asm/vpaes-x86.pl
---- openssl-1.0.1/crypto/aes/asm/vpaes-x86.pl.backport	2012-03-14 21:15:04.775898257 +0100
-+++ openssl-1.0.1/crypto/aes/asm/vpaes-x86.pl	2012-04-05 19:48:22.036603157 +0200
-@@ -843,6 +843,8 @@ $k_dsbo=0x2c0;		# decryption sbox final
- 	&mov	($out,&wparam(1));		# out
- 	&mov	($round,&wparam(2));		# len
- 	&mov	($key,&wparam(3));		# key
-+	&sub	($round,16);
-+	&jc	(&label("cbc_abort"));
- 	&lea	($base,&DWP(-56,"esp"));
- 	&mov	($const,&wparam(4));		# ivp
- 	&and	($base,-16);
-@@ -853,7 +855,6 @@ $k_dsbo=0x2c0;		# decryption sbox final
- 	&mov	(&DWP(48,"esp"),$base);
- 
- 	&mov	(&DWP(0,"esp"),$out);		# save out
--	&sub	($round,16);
- 	&mov	(&DWP(4,"esp"),$key)		# save key
- 	&mov	(&DWP(8,"esp"),$const);		# save ivp
- 	&mov	($out,$round);			# $out works as $len
-@@ -896,6 +897,7 @@ $k_dsbo=0x2c0;		# decryption sbox final
- 	&mov	($base,&DWP(8,"esp"));		# restore ivp
- 	&mov	("esp",&DWP(48,"esp"));
- 	&movdqu	(&QWP(0,$base),"xmm1");		# write IV
-+&set_label("cbc_abort");
- &function_end("${PREFIX}_cbc_encrypt");
- 
- &asm_finish();
-diff -up openssl-1.0.1/crypto/evp/p5_crpt.c.backport openssl-1.0.1/crypto/evp/p5_crpt.c
---- openssl-1.0.1/crypto/evp/p5_crpt.c.backport	2011-06-03 22:52:57.000000000 +0200
-+++ openssl-1.0.1/crypto/evp/p5_crpt.c	2012-04-05 19:49:01.512450795 +0200
-@@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *c
- 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
- 	rv = 1;
- 	err:
-+	EVP_MD_CTX_cleanup(&ctx);
- 	return rv;
- }
-diff -up openssl-1.0.1/crypto/pkcs7/pk7_doit.c.backport openssl-1.0.1/crypto/pkcs7/pk7_doit.c
---- openssl-1.0.1/crypto/pkcs7/pk7_doit.c.backport	2012-03-12 17:27:50.000000000 +0100
-+++ openssl-1.0.1/crypto/pkcs7/pk7_doit.c	2012-04-05 19:49:40.591289911 +0200
-@@ -430,6 +430,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
- 	STACK_OF(X509_ALGOR) *md_sk=NULL;
- 	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
- 	PKCS7_RECIP_INFO *ri=NULL;
-+       unsigned char *ek = NULL, *tkey = NULL;
-+       int eklen = 0, tkeylen = 0;
- 
- 	i=OBJ_obj2nid(p7->type);
- 	p7->state=PKCS7_S_HEADER;
-@@ -507,8 +509,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
- 		int max;
- 		X509_OBJECT ret;
- #endif
--		unsigned char *ek = NULL, *tkey = NULL;
--		int eklen, tkeylen;
- 
- 		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
- 			{
-@@ -609,11 +609,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
- 			{
- 			OPENSSL_cleanse(ek,eklen);
- 			OPENSSL_free(ek);
-+                       ek = NULL;
- 			}
- 		if (tkey)
- 			{
- 			OPENSSL_cleanse(tkey,tkeylen);
- 			OPENSSL_free(tkey);
-+                       tkey = NULL;
- 			}
- 
- 		if (out == NULL)
-@@ -656,6 +658,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
- 	if (0)
- 		{
- err:
-+               if (ek)
-+                       {
-+                       OPENSSL_cleanse(ek,eklen);
-+                       OPENSSL_free(ek);
-+                       }
-+               if (tkey)
-+                       {
-+                       OPENSSL_cleanse(tkey,tkeylen);
-+                       OPENSSL_free(tkey);
-+                       }
- 		if (out != NULL) BIO_free_all(out);
- 		if (btmp != NULL) BIO_free_all(btmp);
- 		if (etmp != NULL) BIO_free_all(etmp);
-diff -up openssl-1.0.1/ssl/d1_srvr.c.backport openssl-1.0.1/ssl/d1_srvr.c
---- openssl-1.0.1/ssl/d1_srvr.c.backport	2012-03-06 14:24:16.000000000 +0100
-+++ openssl-1.0.1/ssl/d1_srvr.c	2012-04-05 19:47:36.812632091 +0200
-@@ -920,7 +920,7 @@ int dtls1_send_server_hello(SSL *s)
- 		p=s->s3->server_random;
- 		Time=(unsigned long)time(NULL);			/* Time */
- 		l2n(Time,p);
--		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
-+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
- 		/* Do the message type and length last */
- 		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
- 
diff --git a/openssl-1.0.1-beta3-s390xbuild.patch b/openssl-1.0.1-beta3-s390xbuild.patch
deleted file mode 100644
index b937e2f..0000000
--- a/openssl-1.0.1-beta3-s390xbuild.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -up openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl.s390xbuild openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl
---- openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl.s390xbuild	2012-02-29 17:40:30.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl	2012-02-29 20:03:39.642182906 +0100
-@@ -171,10 +171,10 @@ $ikey="%r7";
- $iinp="%r8";
- 
- $code.=<<___;
--.globl	RC4_set_key
--.type	RC4_set_key,\@function
-+.globl	private_RC4_set_key
-+.type	private_RC4_set_key,\@function
- .align	64
--RC4_set_key:
-+private_RC4_set_key:
- 	stm${g}	%r6,%r8,6*$SIZE_T($sp)
- 	lhi	$cnt,256
- 	la	$idx,0(%r0)
-@@ -210,7 +210,7 @@ RC4_set_key:
- .Ldone:
- 	lm${g}	%r6,%r8,6*$SIZE_T($sp)
- 	br	$rp
--.size	RC4_set_key,.-RC4_set_key
-+.size	private_RC4_set_key,.-private_RC4_set_key
- 
- ___
- }
diff --git a/openssl-1.0.0-beta4-algo-doc.patch b/openssl-1.0.1a-algo-doc.patch
similarity index 52%
rename from openssl-1.0.0-beta4-algo-doc.patch
rename to openssl-1.0.1a-algo-doc.patch
index 2f18f3f..c4aaa89 100644
--- a/openssl-1.0.0-beta4-algo-doc.patch
+++ b/openssl-1.0.1a-algo-doc.patch
@@ -1,28 +1,7 @@
-diff -up openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod
---- openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod.algo-doc	2009-10-16 17:29:34.000000000 +0200
-+++ openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod	2009-11-12 14:13:21.000000000 +0100
-@@ -6,7 +6,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_
- EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
- EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
- EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
--EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
-+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224,
-+EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
- EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
- EVP digest routines
- 
-@@ -51,6 +52,10 @@ EVP digest routines
-  const EVP_MD *EVP_md5(void);
-  const EVP_MD *EVP_sha(void);
-  const EVP_MD *EVP_sha1(void);
-+ const EVP_MD *EVP_sha224(void);
-+ const EVP_MD *EVP_sha256(void);
-+ const EVP_MD *EVP_sha384(void);
-+ const EVP_MD *EVP_sha512(void);
-  const EVP_MD *EVP_dss(void);
-  const EVP_MD *EVP_dss1(void);
-  const EVP_MD *EVP_mdc2(void);
-@@ -70,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
+diff -up openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod
+--- openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc	2012-04-11 00:28:22.000000000 +0200
++++ openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod	2012-04-20 09:14:01.865167011 +0200
+@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
  
  EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
  B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
@@ -31,22 +10,7 @@ diff -up openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.
  If B<impl> is NULL then the default implementation of digest B<type> is used.
  
  EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
-@@ -127,9 +132,11 @@ with this digest. For example EVP_sha1()
- return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
- algorithms may not be retained in future versions of OpenSSL.
- 
--EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
--return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
--algorithms respectively. The associated signature algorithm is RSA in each case.
-+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
-+EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160()
-+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384,
-+SHA512, MDC2 and RIPEMD160 digest algorithms respectively. The associated
-+signature algorithm is RSA in each case.
- 
- EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
- algorithms but using DSS (DSA) for the signature algorithm. Note: there is 
-@@ -158,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_
+@@ -165,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_
  EVP_MD_CTX_block_size()	and EVP_MD_block_size() return the digest or block
  size in bytes.
  
@@ -56,10 +20,10 @@ diff -up openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.
  EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
  corresponding EVP_MD structures.
  
-diff -up openssl-1.0.0-beta4/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.0-beta4/doc/crypto/EVP_EncryptInit.pod
---- openssl-1.0.0-beta4/doc/crypto/EVP_EncryptInit.pod.algo-doc	2005-04-15 18:01:35.000000000 +0200
-+++ openssl-1.0.0-beta4/doc/crypto/EVP_EncryptInit.pod	2009-11-12 14:11:03.000000000 +0100
-@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher 
+diff -up openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod
+--- openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc	2005-04-15 18:01:35.000000000 +0200
++++ openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod	2012-04-20 09:10:59.114736465 +0200
+@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
   int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
   int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
  
diff --git a/openssl-1.0.1a-backport.patch b/openssl-1.0.1a-backport.patch
new file mode 100644
index 0000000..b2cd769
--- /dev/null
+++ b/openssl-1.0.1a-backport.patch
@@ -0,0 +1,41 @@
+diff -up openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c.backport openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c
+--- openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c.backport	2012-04-18 19:51:33.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c	2012-04-20 09:20:29.411861130 +0200
+@@ -121,6 +121,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHE
+ 		md5_off = MD5_CBLOCK-key->md.num,
+ 		blocks;
+ 	unsigned int l;
++	extern unsigned int OPENSSL_ia32cap_P[];
+ #endif
+ 	size_t	plen = key->payload_length;
+ 
+@@ -132,7 +133,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHE
+ 		/* cipher has to "fall behind" */
+ 		if (rc4_off>md5_off) md5_off+=MD5_CBLOCK;
+ 
+-		if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) {
++		if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) &&
++		    (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
+ 			MD5_Update(&key->md,in,md5_off);
+ 			RC4(&key->ks,rc4_off,in,out);
+ 
+@@ -172,7 +174,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHE
+ 		if (md5_off>rc4_off)	rc4_off += 2*MD5_CBLOCK;
+ 		else			rc4_off += MD5_CBLOCK;
+ 
+-		if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) {
++		if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) &&
++		    (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
+ 			RC4(&key->ks,rc4_off,in,out);
+ 			MD5_Update(&key->md,out,md5_off);
+ 
+@@ -289,8 +292,6 @@ static EVP_CIPHER r4_hmac_md5_cipher=
+ 
+ const EVP_CIPHER *EVP_rc4_hmac_md5(void)
+ 	{
+-	extern unsigned int OPENSSL_ia32cap_P[];
+-	/* RC4_CHAR flag ------------vvvvv */
+-	return(OPENSSL_ia32cap_P[0]&(1<<20) ? NULL : &r4_hmac_md5_cipher);
++	return(&r4_hmac_md5_cipher);
+ 	}
+ #endif
diff --git a/openssl-1.0.1-beta3-fips.patch b/openssl-1.0.1a-fips.patch
similarity index 95%
rename from openssl-1.0.1-beta3-fips.patch
rename to openssl-1.0.1a-fips.patch
index f2bb340..8754495 100644
--- a/openssl-1.0.1-beta3-fips.patch
+++ b/openssl-1.0.1a-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1-beta3/apps/pkcs12.c.fips openssl-1.0.1-beta3/apps/pkcs12.c
---- openssl-1.0.1-beta3/apps/pkcs12.c.fips	2011-03-13 19:20:23.000000000 +0100
-+++ openssl-1.0.1-beta3/apps/pkcs12.c	2012-02-29 10:33:02.773294716 +0100
+diff -up openssl-1.0.1a/apps/pkcs12.c.fips openssl-1.0.1a/apps/pkcs12.c
+--- openssl-1.0.1a/apps/pkcs12.c.fips	2011-03-13 19:20:23.000000000 +0100
++++ openssl-1.0.1a/apps/pkcs12.c	2012-04-20 09:07:06.229784948 +0200
 @@ -67,6 +67,9 @@
  #include <openssl/err.h>
  #include <openssl/pem.h>
@@ -23,9 +23,9 @@ diff -up openssl-1.0.1-beta3/apps/pkcs12.c.fips openssl-1.0.1-beta3/apps/pkcs12.
      enc = EVP_des_ede3_cbc();
      if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
  
-diff -up openssl-1.0.1-beta3/apps/speed.c.fips openssl-1.0.1-beta3/apps/speed.c
---- openssl-1.0.1-beta3/apps/speed.c.fips	2012-01-11 22:49:16.000000000 +0100
-+++ openssl-1.0.1-beta3/apps/speed.c	2012-02-29 10:33:02.774294724 +0100
+diff -up openssl-1.0.1a/apps/speed.c.fips openssl-1.0.1a/apps/speed.c
+--- openssl-1.0.1a/apps/speed.c.fips	2012-01-11 22:49:16.000000000 +0100
++++ openssl-1.0.1a/apps/speed.c	2012-04-20 09:07:06.230784969 +0200
 @@ -195,7 +195,6 @@
  #ifdef OPENSSL_DOING_MAKEDEPEND
  #undef AES_set_encrypt_key
@@ -123,9 +123,9 @@ diff -up openssl-1.0.1-beta3/apps/speed.c.fips openssl-1.0.1-beta3/apps/speed.c
  #endif
  #ifndef OPENSSL_NO_RSA
  	memset(rsa_c,0,sizeof(rsa_c));
-diff -up openssl-1.0.1-beta3/Configure.fips openssl-1.0.1-beta3/Configure
---- openssl-1.0.1-beta3/Configure.fips	2012-02-29 10:33:02.738294416 +0100
-+++ openssl-1.0.1-beta3/Configure	2012-02-29 10:33:02.775294732 +0100
+diff -up openssl-1.0.1a/Configure.fips openssl-1.0.1a/Configure
+--- openssl-1.0.1a/Configure.fips	2012-04-20 09:07:06.190784111 +0200
++++ openssl-1.0.1a/Configure	2012-04-20 09:07:06.232785011 +0200
 @@ -993,11 +993,6 @@ if (defined($disabled{"md5"}) || defined
  	$disabled{"ssl2"} = "forced";
  	}
@@ -138,7 +138,7 @@ diff -up openssl-1.0.1-beta3/Configure.fips openssl-1.0.1-beta3/Configure
  # RSAX ENGINE sets default non-FIPS RSA method.
  if ($fips)
  	{
-@@ -1478,7 +1473,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
+@@ -1472,7 +1467,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
  if ($fips)
  	{
  	$openssl_other_defines.="#define OPENSSL_FIPS\n";
@@ -146,7 +146,7 @@ diff -up openssl-1.0.1-beta3/Configure.fips openssl-1.0.1-beta3/Configure
  	}
  
  $cpuid_obj="mem_clr.o"	unless ($cpuid_obj =~ /\.o$/);
-@@ -1665,9 +1659,12 @@ while (<IN>)
+@@ -1659,9 +1653,12 @@ while (<IN>)
  
  	s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
  	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
@@ -160,9 +160,9 @@ diff -up openssl-1.0.1-beta3/Configure.fips openssl-1.0.1-beta3/Configure
  	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
  	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
  	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-diff -up openssl-1.0.1-beta3/crypto/aes/aes_misc.c.fips openssl-1.0.1-beta3/crypto/aes/aes_misc.c
---- openssl-1.0.1-beta3/crypto/aes/aes_misc.c.fips	2011-06-05 19:36:33.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/aes/aes_misc.c	2012-02-29 10:33:02.776294741 +0100
+diff -up openssl-1.0.1a/crypto/aes/aes_misc.c.fips openssl-1.0.1a/crypto/aes/aes_misc.c
+--- openssl-1.0.1a/crypto/aes/aes_misc.c.fips	2011-06-05 19:36:33.000000000 +0200
++++ openssl-1.0.1a/crypto/aes/aes_misc.c	2012-04-20 09:07:06.232785011 +0200
 @@ -69,17 +69,11 @@ const char *AES_options(void) {
  int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
  			AES_KEY *key)
@@ -181,9 +181,9 @@ diff -up openssl-1.0.1-beta3/crypto/aes/aes_misc.c.fips openssl-1.0.1-beta3/cryp
 -#endif
  	return private_AES_set_decrypt_key(userKey, bits, key);
  	}
-diff -up openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips openssl-1.0.1-beta3/crypto/cmac/cmac.c
---- openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips	2011-06-12 17:07:25.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/cmac/cmac.c	2012-02-29 10:33:02.776294741 +0100
+diff -up openssl-1.0.1a/crypto/cmac/cmac.c.fips openssl-1.0.1a/crypto/cmac/cmac.c
+--- openssl-1.0.1a/crypto/cmac/cmac.c.fips	2012-04-11 17:11:16.000000000 +0200
++++ openssl-1.0.1a/crypto/cmac/cmac.c	2012-04-20 09:07:06.233785033 +0200
 @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
  
  void CMAC_CTX_cleanup(CMAC_CTX *ctx)
@@ -210,7 +210,7 @@ diff -up openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips openssl-1.0.1-beta3/crypto/
  		}
  #endif
  	/* All zeros means restart */
-@@ -214,10 +202,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
+@@ -216,10 +204,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
  	{
  	const unsigned char *data = in;
  	size_t bl;
@@ -221,7 +221,7 @@ diff -up openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips openssl-1.0.1-beta3/crypto/
  	if (ctx->nlast_block == -1)
  		return 0;
  	if (dlen == 0)
-@@ -259,10 +243,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
+@@ -261,10 +245,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
  int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
  	{
  	int i, bl, lb;
@@ -232,9 +232,9 @@ diff -up openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips openssl-1.0.1-beta3/crypto/
  	if (ctx->nlast_block == -1)
  		return 0;
  	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-diff -up openssl-1.0.1-beta3/crypto/crypto.h.fips openssl-1.0.1-beta3/crypto/crypto.h
---- openssl-1.0.1-beta3/crypto/crypto.h.fips	2012-02-29 10:33:02.538292696 +0100
-+++ openssl-1.0.1-beta3/crypto/crypto.h	2012-02-29 10:33:02.777294750 +0100
+diff -up openssl-1.0.1a/crypto/crypto.h.fips openssl-1.0.1a/crypto/crypto.h
+--- openssl-1.0.1a/crypto/crypto.h.fips	2012-04-20 09:07:05.959779159 +0200
++++ openssl-1.0.1a/crypto/crypto.h	2012-04-20 09:07:06.233785033 +0200
 @@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
  void OPENSSL_init(void);
  
@@ -280,9 +280,9 @@ diff -up openssl-1.0.1-beta3/crypto/crypto.h.fips openssl-1.0.1-beta3/crypto/cry
  /* Error codes for the CRYPTO functions. */
  
  /* Function codes. */
-diff -up openssl-1.0.1-beta3/crypto/des/des.h.fips openssl-1.0.1-beta3/crypto/des/des.h
---- openssl-1.0.1-beta3/crypto/des/des.h.fips	2012-02-29 10:33:02.605293272 +0100
-+++ openssl-1.0.1-beta3/crypto/des/des.h	2012-02-29 10:33:02.777294750 +0100
+diff -up openssl-1.0.1a/crypto/des/des.h.fips openssl-1.0.1a/crypto/des/des.h
+--- openssl-1.0.1a/crypto/des/des.h.fips	2012-04-20 09:07:06.030780681 +0200
++++ openssl-1.0.1a/crypto/des/des.h	2012-04-20 09:07:06.234785055 +0200
 @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
  int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
  int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
@@ -293,9 +293,9 @@ diff -up openssl-1.0.1-beta3/crypto/des/des.h.fips openssl-1.0.1-beta3/crypto/de
  void DES_string_to_key(const char *str,DES_cblock *key);
  void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
  void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-diff -up openssl-1.0.1-beta3/crypto/des/set_key.c.fips openssl-1.0.1-beta3/crypto/des/set_key.c
---- openssl-1.0.1-beta3/crypto/des/set_key.c.fips	2011-06-01 18:54:04.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/des/set_key.c	2012-02-29 10:33:02.777294750 +0100
+diff -up openssl-1.0.1a/crypto/des/set_key.c.fips openssl-1.0.1a/crypto/des/set_key.c
+--- openssl-1.0.1a/crypto/des/set_key.c.fips	2011-06-01 18:54:04.000000000 +0200
++++ openssl-1.0.1a/crypto/des/set_key.c	2012-04-20 09:07:06.234785055 +0200
 @@ -337,13 +337,6 @@ int DES_set_key_checked(const_DES_cblock
  	}
  
@@ -310,9 +310,9 @@ diff -up openssl-1.0.1-beta3/crypto/des/set_key.c.fips openssl-1.0.1-beta3/crypt
  	{
  	static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
  	register DES_LONG c,d,t,s,t2;
-diff -up openssl-1.0.1-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.1-beta3/crypto/dh/dh_gen.c
---- openssl-1.0.1-beta3/crypto/dh/dh_gen.c.fips	2011-06-09 17:21:46.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dh/dh_gen.c	2012-02-29 10:33:02.778294759 +0100
+diff -up openssl-1.0.1a/crypto/dh/dh_gen.c.fips openssl-1.0.1a/crypto/dh/dh_gen.c
+--- openssl-1.0.1a/crypto/dh/dh_gen.c.fips	2011-06-09 17:21:46.000000000 +0200
++++ openssl-1.0.1a/crypto/dh/dh_gen.c	2012-04-20 09:07:06.235785077 +0200
 @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
  #endif
  	if(ret->meth->generate_params)
@@ -346,9 +346,9 @@ diff -up openssl-1.0.1-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.1-beta3/crypto/
  	ctx=BN_CTX_new();
  	if (ctx == NULL) goto err;
  	BN_CTX_start(ctx);
-diff -up openssl-1.0.1-beta3/crypto/dh/dh.h.fips openssl-1.0.1-beta3/crypto/dh/dh.h
---- openssl-1.0.1-beta3/crypto/dh/dh.h.fips	2012-02-29 10:33:02.483292223 +0100
-+++ openssl-1.0.1-beta3/crypto/dh/dh.h	2012-02-29 10:33:02.778294759 +0100
+diff -up openssl-1.0.1a/crypto/dh/dh.h.fips openssl-1.0.1a/crypto/dh/dh.h
+--- openssl-1.0.1a/crypto/dh/dh.h.fips	2012-04-20 09:07:05.898777852 +0200
++++ openssl-1.0.1a/crypto/dh/dh.h	2012-04-20 09:07:06.235785077 +0200
 @@ -77,6 +77,8 @@
  # define OPENSSL_DH_MAX_MODULUS_BITS	10000
  #endif
@@ -358,9 +358,9 @@ diff -up openssl-1.0.1-beta3/crypto/dh/dh.h.fips openssl-1.0.1-beta3/crypto/dh/d
  #define DH_FLAG_CACHE_MONT_P     0x01
  #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
                                         * implementation now uses constant time
-diff -up openssl-1.0.1-beta3/crypto/dh/dh_key.c.fips openssl-1.0.1-beta3/crypto/dh/dh_key.c
---- openssl-1.0.1-beta3/crypto/dh/dh_key.c.fips	2011-11-14 15:16:09.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/dh/dh_key.c	2012-02-29 10:33:02.779294768 +0100
+diff -up openssl-1.0.1a/crypto/dh/dh_key.c.fips openssl-1.0.1a/crypto/dh/dh_key.c
+--- openssl-1.0.1a/crypto/dh/dh_key.c.fips	2011-11-14 15:16:09.000000000 +0100
++++ openssl-1.0.1a/crypto/dh/dh_key.c	2012-04-20 09:07:06.235785077 +0200
 @@ -61,6 +61,9 @@
  #include <openssl/bn.h>
  #include <openssl/rand.h>
@@ -419,9 +419,9 @@ diff -up openssl-1.0.1-beta3/crypto/dh/dh_key.c.fips openssl-1.0.1-beta3/crypto/
  	dh->flags |= DH_FLAG_CACHE_MONT_P;
  	return(1);
  	}
-diff -up openssl-1.0.1-beta3/crypto/dh/dh_lib.c.fips openssl-1.0.1-beta3/crypto/dh/dh_lib.c
---- openssl-1.0.1-beta3/crypto/dh/dh_lib.c.fips	2011-06-20 21:41:11.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dh/dh_lib.c	2012-02-29 10:33:02.779294768 +0100
+diff -up openssl-1.0.1a/crypto/dh/dh_lib.c.fips openssl-1.0.1a/crypto/dh/dh_lib.c
+--- openssl-1.0.1a/crypto/dh/dh_lib.c.fips	2011-06-20 21:41:11.000000000 +0200
++++ openssl-1.0.1a/crypto/dh/dh_lib.c	2012-04-20 09:07:06.236785099 +0200
 @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
  	{
  	if(!default_DH_method)
@@ -437,9 +437,9 @@ diff -up openssl-1.0.1-beta3/crypto/dh/dh_lib.c.fips openssl-1.0.1-beta3/crypto/
  		}
  	return default_DH_method;
  	}
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_err.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_err.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_err.c.fips	2011-10-10 01:13:49.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_err.c	2012-02-29 10:33:02.779294768 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_err.c.fips openssl-1.0.1a/crypto/dsa/dsa_err.c
+--- openssl-1.0.1a/crypto/dsa/dsa_err.c.fips	2011-10-10 01:13:49.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_err.c	2012-04-20 09:07:06.236785099 +0200
 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
  {ERR_FUNC(DSA_F_DO_DSA_PRINT),	"DO_DSA_PRINT"},
  {ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},
@@ -458,9 +458,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_err.c.fips openssl-1.0.1-beta3/crypt
  {ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
  {ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
  {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c.fips	2011-06-09 17:21:46.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c	2012-02-29 10:33:02.780294777 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_gen.c.fips openssl-1.0.1a/crypto/dsa/dsa_gen.c
+--- openssl-1.0.1a/crypto/dsa/dsa_gen.c.fips	2011-06-09 17:21:46.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_gen.c	2012-04-20 09:07:06.237785120 +0200
 @@ -85,6 +85,14 @@
  #include <openssl/fips.h>
  #endif
@@ -867,9 +867,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.1-beta3/crypt
  		}
  	if (mont != NULL) BN_MONT_CTX_free(mont);
  	return ok;
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa.h.fips openssl-1.0.1-beta3/crypto/dsa/dsa.h
---- openssl-1.0.1-beta3/crypto/dsa/dsa.h.fips	2012-02-29 10:33:02.310290735 +0100
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa.h	2012-02-29 10:33:02.780294777 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa.h.fips openssl-1.0.1a/crypto/dsa/dsa.h
+--- openssl-1.0.1a/crypto/dsa/dsa.h.fips	2012-04-20 09:07:05.710773820 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa.h	2012-04-20 09:07:06.238785141 +0200
 @@ -88,6 +88,8 @@
  # define OPENSSL_DSA_MAX_MODULUS_BITS	10000
  #endif
@@ -930,9 +930,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa.h.fips openssl-1.0.1-beta3/crypto/ds
  #define DSA_R_PARAMETER_ENCODING_ERROR			 105
  
  #ifdef  __cplusplus
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_key.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_key.c.fips	2011-06-09 17:21:46.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_key.c	2012-02-29 10:33:02.781294786 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_key.c.fips openssl-1.0.1a/crypto/dsa/dsa_key.c
+--- openssl-1.0.1a/crypto/dsa/dsa_key.c.fips	2011-06-09 17:21:46.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_key.c	2012-04-20 09:07:06.238785141 +0200
 @@ -66,6 +66,24 @@
  
  #ifdef OPENSSL_FIPS
@@ -1000,9 +1000,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.1-beta3/crypt
  	ok=1;
  
  err:
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c.fips	2011-11-14 15:16:09.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c	2012-02-29 10:33:02.781294786 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_lib.c.fips openssl-1.0.1a/crypto/dsa/dsa_lib.c
+--- openssl-1.0.1a/crypto/dsa/dsa_lib.c.fips	2011-11-14 15:16:09.000000000 +0100
++++ openssl-1.0.1a/crypto/dsa/dsa_lib.c	2012-04-20 09:07:06.239785162 +0200
 @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
  	{
  	if(!default_DSA_method)
@@ -1018,18 +1018,18 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c.fips openssl-1.0.1-beta3/crypt
  		}
  	return default_DSA_method;
  	}
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_locl.h.fips openssl-1.0.1-beta3/crypto/dsa/dsa_locl.h
---- openssl-1.0.1-beta3/crypto/dsa/dsa_locl.h.fips	2012-02-29 10:33:02.313290762 +0100
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_locl.h	2012-02-29 10:33:02.781294786 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_locl.h.fips openssl-1.0.1a/crypto/dsa/dsa_locl.h
+--- openssl-1.0.1a/crypto/dsa/dsa_locl.h.fips	2012-04-20 09:07:05.714773906 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_locl.h	2012-04-20 09:07:06.239785162 +0200
 @@ -56,5 +56,4 @@
  
  int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
  	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
 -	unsigned char *seed_out,
  	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c.fips	2011-02-01 13:53:47.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c	2012-02-29 10:33:02.782294795 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1a/crypto/dsa/dsa_ossl.c
+--- openssl-1.0.1a/crypto/dsa/dsa_ossl.c.fips	2011-02-01 13:53:47.000000000 +0100
++++ openssl-1.0.1a/crypto/dsa/dsa_ossl.c	2012-04-20 09:07:06.239785162 +0200
 @@ -65,6 +65,9 @@
  #include <openssl/dsa.h>
  #include <openssl/rand.h>
@@ -1103,9 +1103,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1-beta3/cryp
  	dsa->flags|=DSA_FLAG_CACHE_MONT_P;
  	return(1);
  }
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c.fips	2011-06-20 22:05:13.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c	2012-02-29 10:33:02.782294795 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1a/crypto/dsa/dsa_pmeth.c
+--- openssl-1.0.1a/crypto/dsa/dsa_pmeth.c.fips	2011-06-20 22:05:13.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_pmeth.c	2012-04-20 09:07:06.240785183 +0200
 @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
  	if (!dsa)
  		return 0;
@@ -1115,9 +1115,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1-beta3/cry
  	if (ret)
  		EVP_PKEY_assign_DSA(pkey, dsa);
  	else
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsatest.c.fips openssl-1.0.1-beta3/crypto/dsa/dsatest.c
---- openssl-1.0.1-beta3/crypto/dsa/dsatest.c.fips	2008-08-06 17:54:11.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsatest.c	2012-02-29 10:33:02.782294795 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsatest.c.fips openssl-1.0.1a/crypto/dsa/dsatest.c
+--- openssl-1.0.1a/crypto/dsa/dsatest.c.fips	2008-08-06 17:54:11.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsatest.c	2012-04-20 09:07:06.240785183 +0200
 @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
  /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
   * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@@ -1202,9 +1202,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsatest.c.fips openssl-1.0.1-beta3/crypt
  		goto end;
  		}
  	if (h != 2)
-diff -up openssl-1.0.1-beta3/crypto/engine/eng_all.c.fips openssl-1.0.1-beta3/crypto/engine/eng_all.c
---- openssl-1.0.1-beta3/crypto/engine/eng_all.c.fips	2011-08-10 20:53:13.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/engine/eng_all.c	2012-02-29 10:33:02.783294803 +0100
+diff -up openssl-1.0.1a/crypto/engine/eng_all.c.fips openssl-1.0.1a/crypto/engine/eng_all.c
+--- openssl-1.0.1a/crypto/engine/eng_all.c.fips	2011-08-10 20:53:13.000000000 +0200
++++ openssl-1.0.1a/crypto/engine/eng_all.c	2012-04-20 09:07:06.241785205 +0200
 @@ -58,11 +58,25 @@
  
  #include "cryptlib.h"
@@ -1231,9 +1231,9 @@ diff -up openssl-1.0.1-beta3/crypto/engine/eng_all.c.fips openssl-1.0.1-beta3/cr
  #if 0
  	/* There's no longer any need for an "openssl" ENGINE unless, one day,
  	 * it is the *only* way for standard builtin implementations to be be
-diff -up openssl-1.0.1-beta3/crypto/err/err_all.c.fips openssl-1.0.1-beta3/crypto/err/err_all.c
---- openssl-1.0.1-beta3/crypto/err/err_all.c.fips	2011-06-21 18:58:10.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/err/err_all.c	2012-02-29 10:33:02.783294803 +0100
+diff -up openssl-1.0.1a/crypto/err/err_all.c.fips openssl-1.0.1a/crypto/err/err_all.c
+--- openssl-1.0.1a/crypto/err/err_all.c.fips	2011-06-21 18:58:10.000000000 +0200
++++ openssl-1.0.1a/crypto/err/err_all.c	2012-04-20 09:07:06.241785205 +0200
 @@ -96,6 +96,9 @@
  #include <openssl/ocsp.h>
  #include <openssl/err.h>
@@ -1254,9 +1254,9 @@ diff -up openssl-1.0.1-beta3/crypto/err/err_all.c.fips openssl-1.0.1-beta3/crypt
  #ifndef OPENSSL_NO_CMS
  	ERR_load_CMS_strings();
  #endif
-diff -up openssl-1.0.1-beta3/crypto/evp/c_allc.c.fips openssl-1.0.1-beta3/crypto/evp/c_allc.c
---- openssl-1.0.1-beta3/crypto/evp/c_allc.c.fips	2011-11-14 22:13:35.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/c_allc.c	2012-02-29 10:33:02.783294803 +0100
+diff -up openssl-1.0.1a/crypto/evp/c_allc.c.fips openssl-1.0.1a/crypto/evp/c_allc.c
+--- openssl-1.0.1a/crypto/evp/c_allc.c.fips	2011-11-14 22:13:35.000000000 +0100
++++ openssl-1.0.1a/crypto/evp/c_allc.c	2012-04-20 09:07:06.242785227 +0200
 @@ -65,6 +65,11 @@
  void OpenSSL_add_all_ciphers(void)
  	{
@@ -1330,9 +1330,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/c_allc.c.fips openssl-1.0.1-beta3/crypto
 +		}
 +#endif
  	}
-diff -up openssl-1.0.1-beta3/crypto/evp/c_alld.c.fips openssl-1.0.1-beta3/crypto/evp/c_alld.c
---- openssl-1.0.1-beta3/crypto/evp/c_alld.c.fips	2009-07-08 10:50:53.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/c_alld.c	2012-02-29 10:33:02.784294811 +0100
+diff -up openssl-1.0.1a/crypto/evp/c_alld.c.fips openssl-1.0.1a/crypto/evp/c_alld.c
+--- openssl-1.0.1a/crypto/evp/c_alld.c.fips	2009-07-08 10:50:53.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/c_alld.c	2012-04-20 09:07:06.242785227 +0200
 @@ -64,6 +64,11 @@
  
  void OpenSSL_add_all_digests(void)
@@ -1378,9 +1378,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/c_alld.c.fips openssl-1.0.1-beta3/crypto
 +		}
 +#endif
  	}
-diff -up openssl-1.0.1-beta3/crypto/evp/digest.c.fips openssl-1.0.1-beta3/crypto/evp/digest.c
---- openssl-1.0.1-beta3/crypto/evp/digest.c.fips	2011-05-29 17:55:13.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/digest.c	2012-02-29 10:33:02.784294811 +0100
+diff -up openssl-1.0.1a/crypto/evp/digest.c.fips openssl-1.0.1a/crypto/evp/digest.c
+--- openssl-1.0.1a/crypto/evp/digest.c.fips	2011-05-29 17:55:13.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/digest.c	2012-04-20 09:07:06.243785249 +0200
 @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
  	return EVP_DigestInit_ex(ctx, type, NULL);
  	}
@@ -1529,9 +1529,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/digest.c.fips openssl-1.0.1-beta3/crypto
  	memset(ctx,'\0',sizeof *ctx);
  
  	return 1;
-diff -up openssl-1.0.1-beta3/crypto/evp/e_aes.c.fips openssl-1.0.1-beta3/crypto/evp/e_aes.c
---- openssl-1.0.1-beta3/crypto/evp/e_aes.c.fips	2011-11-15 13:19:56.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/e_aes.c	2012-02-29 10:33:02.785294819 +0100
+diff -up openssl-1.0.1a/crypto/evp/e_aes.c.fips openssl-1.0.1a/crypto/evp/e_aes.c
+--- openssl-1.0.1a/crypto/evp/e_aes.c.fips	2011-11-15 13:19:56.000000000 +0100
++++ openssl-1.0.1a/crypto/evp/e_aes.c	2012-04-20 09:07:06.243785249 +0200
 @@ -56,7 +56,6 @@
  #include <assert.h>
  #include <openssl/aes.h>
@@ -1563,9 +1563,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/e_aes.c.fips openssl-1.0.1-beta3/crypto/
  
  #endif
 -#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/e_des3.c.fips openssl-1.0.1-beta3/crypto/evp/e_des3.c
---- openssl-1.0.1-beta3/crypto/evp/e_des3.c.fips	2011-05-29 01:01:26.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/e_des3.c	2012-02-29 10:33:02.785294819 +0100
+diff -up openssl-1.0.1a/crypto/evp/e_des3.c.fips openssl-1.0.1a/crypto/evp/e_des3.c
+--- openssl-1.0.1a/crypto/evp/e_des3.c.fips	2011-05-29 01:01:26.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/e_des3.c	2012-04-20 09:07:06.244785270 +0200
 @@ -65,8 +65,6 @@
  #include <openssl/des.h>
  #include <openssl/rand.h>
@@ -1624,9 +1624,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/e_des3.c.fips openssl-1.0.1-beta3/crypto
  }
  #endif
 -#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/e_null.c.fips openssl-1.0.1-beta3/crypto/evp/e_null.c
---- openssl-1.0.1-beta3/crypto/evp/e_null.c.fips	2011-06-20 22:00:10.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/e_null.c	2012-02-29 10:33:02.785294819 +0100
+diff -up openssl-1.0.1a/crypto/evp/e_null.c.fips openssl-1.0.1a/crypto/evp/e_null.c
+--- openssl-1.0.1a/crypto/evp/e_null.c.fips	2011-06-20 22:00:10.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/e_null.c	2012-04-20 09:07:06.244785270 +0200
 @@ -61,8 +61,6 @@
  #include <openssl/evp.h>
  #include <openssl/objects.h>
@@ -1650,9 +1650,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/e_null.c.fips openssl-1.0.1-beta3/crypto
  	return 1;
  	}
 -#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypto/evp/evp_enc.c
---- openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips	2012-02-10 17:54:56.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/evp_enc.c	2012-02-29 10:33:02.786294827 +0100
+diff -up openssl-1.0.1a/crypto/evp/evp_enc.c.fips openssl-1.0.1a/crypto/evp/evp_enc.c
+--- openssl-1.0.1a/crypto/evp/evp_enc.c.fips	2012-04-19 00:41:50.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/evp_enc.c	2012-04-20 09:08:03.696017043 +0200
 @@ -69,17 +69,58 @@
  #endif
  #include "evp_locl.h"
@@ -1731,17 +1731,18 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
  #ifndef OPENSSL_NO_ENGINE
  	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
  	 * so this context may already have an ENGINE! Try to avoid releasing
-@@ -169,9 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
  			ctx->engine = NULL;
  #endif
  
 -#ifdef OPENSSL_FIPS
--		return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+-		if (FIPS_mode())
+-			return FIPS_cipherinit(ctx, cipher, key, iv, enc);
 -#else
  		ctx->cipher=cipher;
  		if (ctx->cipher->ctx_size)
  			{
-@@ -196,7 +242,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -197,7 +242,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
  				return 0;
  				}
  			}
@@ -1749,17 +1750,18 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
  		}
  	else if(!ctx->cipher)
  		{
-@@ -206,9 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -207,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
  #ifndef OPENSSL_NO_ENGINE
  skip_to_init:
  #endif
 -#ifdef OPENSSL_FIPS
--	return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+-	if (FIPS_mode())
+-		return FIPS_cipherinit(ctx, cipher, key, iv, enc);
 -#else
  	/* we assume block size is a power of 2 in *cryptUpdate */
  	OPENSSL_assert(ctx->cipher->block_size == 1
  	    || ctx->cipher->block_size == 8
-@@ -248,6 +290,22 @@ skip_to_init:
+@@ -250,6 +290,22 @@ skip_to_init:
  		}
  	}
  
@@ -1782,7 +1784,7 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
  	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
  		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
  	}
-@@ -255,7 +313,6 @@ skip_to_init:
+@@ -257,7 +313,6 @@ skip_to_init:
  	ctx->final_used=0;
  	ctx->block_mask=ctx->cipher->block_size-1;
  	return 1;
@@ -1790,7 +1792,7 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
  	}
  
  int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
+@@ -570,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
  
  int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
  	{
@@ -1798,7 +1800,7 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
  	if (c->cipher != NULL)
  		{
  		if(c->cipher->cleanup && !c->cipher->cleanup(c))
-@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
+@@ -581,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
  		}
  	if (c->cipher_data)
  		OPENSSL_free(c->cipher_data);
@@ -1815,9 +1817,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
  	memset(c,0,sizeof(EVP_CIPHER_CTX));
  	return 1;
  	}
-diff -up openssl-1.0.1-beta3/crypto/evp/evp.h.fips openssl-1.0.1-beta3/crypto/evp/evp.h
---- openssl-1.0.1-beta3/crypto/evp/evp.h.fips	2012-02-29 10:33:02.567292944 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/evp.h	2012-02-29 10:33:02.787294835 +0100
+diff -up openssl-1.0.1a/crypto/evp/evp.h.fips openssl-1.0.1a/crypto/evp/evp.h
+--- openssl-1.0.1a/crypto/evp/evp.h.fips	2012-04-20 09:07:05.990779824 +0200
++++ openssl-1.0.1a/crypto/evp/evp.h	2012-04-20 09:07:06.246785312 +0200
 @@ -75,6 +75,10 @@
  #include <openssl/bio.h>
  #endif
@@ -1870,9 +1872,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp.h.fips openssl-1.0.1-beta3/crypto/ev
  /* Cipher handles any and all padding logic as well
   * as finalisation.
   */
-diff -up openssl-1.0.1-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.1-beta3/crypto/evp/evp_lib.c
---- openssl-1.0.1-beta3/crypto/evp/evp_lib.c.fips	2011-05-29 04:32:05.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/evp_lib.c	2012-02-29 10:33:02.787294835 +0100
+diff -up openssl-1.0.1a/crypto/evp/evp_lib.c.fips openssl-1.0.1a/crypto/evp/evp_lib.c
+--- openssl-1.0.1a/crypto/evp/evp_lib.c.fips	2011-05-29 04:32:05.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/evp_lib.c	2012-04-20 09:07:06.246785312 +0200
 @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
  
  int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
@@ -1883,9 +1885,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.1-beta3/crypt
  	return ctx->cipher->do_cipher(ctx,out,in,inl);
  	}
  
-diff -up openssl-1.0.1-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.1-beta3/crypto/evp/evp_locl.h
---- openssl-1.0.1-beta3/crypto/evp/evp_locl.h.fips	2012-02-29 10:33:02.558292867 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/evp_locl.h	2012-02-29 10:33:02.787294835 +0100
+diff -up openssl-1.0.1a/crypto/evp/evp_locl.h.fips openssl-1.0.1a/crypto/evp/evp_locl.h
+--- openssl-1.0.1a/crypto/evp/evp_locl.h.fips	2012-04-20 09:07:05.980779609 +0200
++++ openssl-1.0.1a/crypto/evp/evp_locl.h	2012-04-20 09:07:06.247785333 +0200
 @@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
  	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
  	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
@@ -1920,9 +1922,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.1-beta3/cryp
  #define Camellia_set_key	private_Camellia_set_key
  
  #endif
-diff -up openssl-1.0.1-beta3/crypto/evp/Makefile.fips openssl-1.0.1-beta3/crypto/evp/Makefile
---- openssl-1.0.1-beta3/crypto/evp/Makefile.fips	2011-12-27 15:38:27.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/Makefile	2012-02-29 10:33:02.788294844 +0100
+diff -up openssl-1.0.1a/crypto/evp/Makefile.fips openssl-1.0.1a/crypto/evp/Makefile
+--- openssl-1.0.1a/crypto/evp/Makefile.fips	2011-12-27 15:38:27.000000000 +0100
++++ openssl-1.0.1a/crypto/evp/Makefile	2012-04-20 09:07:06.248785354 +0200
 @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
  	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
  	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
@@ -2738,9 +2740,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/Makefile.fips openssl-1.0.1-beta3/crypto
  pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
  pmeth_lib.o: ../../include/openssl/objects.h
  pmeth_lib.o: ../../include/openssl/opensslconf.h
-diff -up openssl-1.0.1-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.1-beta3/crypto/evp/m_dss1.c
---- openssl-1.0.1-beta3/crypto/evp/m_dss1.c.fips	2011-06-01 17:11:00.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/m_dss1.c	2012-02-29 10:33:02.788294844 +0100
+diff -up openssl-1.0.1a/crypto/evp/m_dss1.c.fips openssl-1.0.1a/crypto/evp/m_dss1.c
+--- openssl-1.0.1a/crypto/evp/m_dss1.c.fips	2011-06-01 17:11:00.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/m_dss1.c	2012-04-20 09:07:06.249785376 +0200
 @@ -68,8 +68,6 @@
  #include <openssl/dsa.h>
  #endif
@@ -2764,9 +2766,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.1-beta3/crypto
  	}
  #endif
 -#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/m_dss.c.fips openssl-1.0.1-beta3/crypto/evp/m_dss.c
---- openssl-1.0.1-beta3/crypto/evp/m_dss.c.fips	2011-06-01 17:11:00.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/m_dss.c	2012-02-29 10:33:02.788294844 +0100
+diff -up openssl-1.0.1a/crypto/evp/m_dss.c.fips openssl-1.0.1a/crypto/evp/m_dss.c
+--- openssl-1.0.1a/crypto/evp/m_dss.c.fips	2011-06-01 17:11:00.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/m_dss.c	2012-04-20 09:07:06.249785376 +0200
 @@ -66,7 +66,6 @@
  #endif
  
@@ -2789,9 +2791,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/m_dss.c.fips openssl-1.0.1-beta3/crypto/
  	}
  #endif
 -#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/m_md2.c.fips openssl-1.0.1-beta3/crypto/evp/m_md2.c
---- openssl-1.0.1-beta3/crypto/evp/m_md2.c.fips	2005-07-16 14:37:32.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/m_md2.c	2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/evp/m_md2.c.fips openssl-1.0.1a/crypto/evp/m_md2.c
+--- openssl-1.0.1a/crypto/evp/m_md2.c.fips	2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/m_md2.c	2012-04-20 09:07:06.249785376 +0200
 @@ -68,6 +68,7 @@
  #ifndef OPENSSL_NO_RSA
  #include <openssl/rsa.h>
@@ -2800,9 +2802,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/m_md2.c.fips openssl-1.0.1-beta3/crypto/
  
  static int init(EVP_MD_CTX *ctx)
  	{ return MD2_Init(ctx->md_data); }
-diff -up openssl-1.0.1-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.1-beta3/crypto/evp/m_sha1.c
---- openssl-1.0.1-beta3/crypto/evp/m_sha1.c.fips	2011-05-29 01:01:26.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/m_sha1.c	2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/evp/m_sha1.c.fips openssl-1.0.1a/crypto/evp/m_sha1.c
+--- openssl-1.0.1a/crypto/evp/m_sha1.c.fips	2011-05-29 01:01:26.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/m_sha1.c	2012-04-20 09:07:06.250785398 +0200
 @@ -59,8 +59,6 @@
  #include <stdio.h>
  #include "cryptlib.h"
@@ -2867,9 +2869,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.1-beta3/crypto
  #endif	/* ifndef OPENSSL_NO_SHA512 */
  
 -#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/p_sign.c.fips openssl-1.0.1-beta3/crypto/evp/p_sign.c
---- openssl-1.0.1-beta3/crypto/evp/p_sign.c.fips	2011-06-09 18:02:39.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/p_sign.c	2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/evp/p_sign.c.fips openssl-1.0.1a/crypto/evp/p_sign.c
+--- openssl-1.0.1a/crypto/evp/p_sign.c.fips	2011-06-09 18:02:39.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/p_sign.c	2012-04-20 09:07:06.250785398 +0200
 @@ -61,6 +61,7 @@
  #include <openssl/evp.h>
  #include <openssl/objects.h>
@@ -2901,9 +2903,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/p_sign.c.fips openssl-1.0.1-beta3/crypto
  		if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
  			goto err;
  		*siglen = sltmp;
-diff -up openssl-1.0.1-beta3/crypto/evp/p_verify.c.fips openssl-1.0.1-beta3/crypto/evp/p_verify.c
---- openssl-1.0.1-beta3/crypto/evp/p_verify.c.fips	2011-06-09 18:02:39.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/p_verify.c	2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/evp/p_verify.c.fips openssl-1.0.1a/crypto/evp/p_verify.c
+--- openssl-1.0.1a/crypto/evp/p_verify.c.fips	2011-06-09 18:02:39.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/p_verify.c	2012-04-20 09:07:06.250785398 +0200
 @@ -61,6 +61,7 @@
  #include <openssl/evp.h>
  #include <openssl/objects.h>
@@ -2935,9 +2937,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/p_verify.c.fips openssl-1.0.1-beta3/cryp
  		i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
  		err:
  		EVP_PKEY_CTX_free(pkctx);
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c.fips	2012-02-29 10:33:02.789294853 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c	2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_aesavs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_aesavs.c.fips	2012-04-20 09:07:06.251785420 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_aesavs.c	2012-04-20 09:07:06.251785420 +0200
 @@ -0,0 +1,939 @@
 +/* ====================================================================
 + * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -3878,9 +3880,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1-b
 +    }
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c.fips	2012-02-29 10:33:02.790294862 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c	2012-02-29 10:33:02.790294862 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_cmactest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_cmactest.c.fips	2012-04-20 09:07:06.252785442 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_cmactest.c	2012-04-20 09:07:06.252785442 +0200
 @@ -0,0 +1,517 @@
 +/* fips_cmactest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4399,9 +4401,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c.fips	2012-02-29 10:33:02.790294862 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c	2012-02-29 10:33:02.790294862 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_desmovs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_desmovs.c.fips	2012-04-20 09:07:06.252785442 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_desmovs.c	2012-04-20 09:07:06.252785442 +0200
 @@ -0,0 +1,702 @@
 +/* ====================================================================
 + * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -5105,9 +5107,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1-
 +    }
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c.fips	2012-02-29 10:33:02.790294862 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c	2012-02-29 10:33:02.790294862 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_dhvs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_dhvs.c.fips	2012-04-20 09:07:06.253785463 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_dhvs.c	2012-04-20 09:07:06.253785463 +0200
 @@ -0,0 +1,292 @@
 +/* fips/dh/fips_dhvs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5401,9 +5403,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1-bet
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c.fips	2012-02-29 10:33:02.790294862 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c	2012-02-29 10:33:02.790294862 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_drbgvs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_drbgvs.c.fips	2012-04-20 09:07:06.253785463 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_drbgvs.c	2012-04-20 09:07:06.253785463 +0200
 @@ -0,0 +1,416 @@
 +/* fips/rand/fips_drbgvs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5821,9 +5823,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1-b
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c.fips	2012-02-29 10:33:02.791294871 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c	2012-02-29 10:33:02.791294871 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_dssvs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_dssvs.c.fips	2012-04-20 09:07:06.254785484 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_dssvs.c	2012-04-20 09:07:06.254785484 +0200
 @@ -0,0 +1,537 @@
 +#include <openssl/opensslconf.h>
 +
@@ -6362,9 +6364,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1-be
 +    }
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c.fips	2012-02-29 10:33:02.791294871 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c	2012-02-29 10:33:02.791294871 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_gcmtest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_gcmtest.c.fips	2012-04-20 09:07:06.254785484 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_gcmtest.c	2012-04-20 09:07:06.254785484 +0200
 @@ -0,0 +1,571 @@
 +/* fips/aes/fips_gcmtest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -6937,9 +6939,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1-
 +}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c.fips	2012-02-29 10:33:02.791294871 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c	2012-02-29 10:33:02.791294871 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_rngvs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_rngvs.c.fips	2012-04-20 09:07:06.255785505 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_rngvs.c	2012-04-20 09:07:06.255785505 +0200
 @@ -0,0 +1,230 @@
 +/*
 + * Crude test driver for processing the VST and MCT testvector files
@@ -7171,9 +7173,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1-be
 +    return 0;
 +    }
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c.fips	2012-02-29 10:33:02.791294871 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c	2012-02-29 10:33:02.791294871 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_rsagtest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_rsagtest.c.fips	2012-04-20 09:07:06.255785505 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_rsagtest.c	2012-04-20 09:07:06.255785505 +0200
 @@ -0,0 +1,390 @@
 +/* fips_rsagtest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7565,9 +7567,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c.fips	2012-02-29 10:33:02.792294880 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c	2012-02-29 10:33:02.792294880 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_rsastest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_rsastest.c.fips	2012-04-20 09:07:06.256785526 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_rsastest.c	2012-04-20 09:07:06.256785526 +0200
 @@ -0,0 +1,370 @@
 +/* fips_rsastest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7939,9 +7941,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1
 +	return ret;
 +	}
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c.fips	2012-02-29 10:33:02.792294880 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c	2012-02-29 10:33:02.792294880 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_rsavtest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_rsavtest.c.fips	2012-04-20 09:07:06.256785526 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_rsavtest.c	2012-04-20 09:07:06.256785526 +0200
 @@ -0,0 +1,377 @@
 +/* fips_rsavtest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -8320,9 +8322,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1
 +	return ret;
 +	}
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c.fips	2012-02-29 10:33:02.792294880 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c	2012-02-29 10:33:02.792294880 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_shatest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_shatest.c.fips	2012-04-20 09:07:06.257785547 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_shatest.c	2012-04-20 09:07:06.257785547 +0200
 @@ -0,0 +1,388 @@
 +/* fips_shatest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -8712,9 +8714,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1-
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h.fips	2012-02-29 10:33:02.792294880 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h	2012-02-29 10:33:02.792294880 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1a/crypto/fips/cavs/fips_utl.h
+--- openssl-1.0.1a/crypto/fips/cavs/fips_utl.h.fips	2012-04-20 09:07:06.257785547 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_utl.h	2012-04-20 09:07:06.257785547 +0200
 @@ -0,0 +1,343 @@
 +/* ====================================================================
 + * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
@@ -9059,9 +9061,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1-beta
 +#endif
 +    }
 +
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c.fips	2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c	2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_aes_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_aes_selftest.c.fips	2012-04-20 09:07:06.258785569 +0200
++++ openssl-1.0.1a/crypto/fips/fips_aes_selftest.c	2012-04-20 09:07:06.258785569 +0200
 @@ -0,0 +1,359 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -9422,9 +9424,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1-
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips.c.fips openssl-1.0.1-beta3/crypto/fips/fips.c
---- openssl-1.0.1-beta3/crypto/fips/fips.c.fips	2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips.c	2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips.c.fips openssl-1.0.1a/crypto/fips/fips.c
+--- openssl-1.0.1a/crypto/fips/fips.c.fips	2012-04-20 09:07:06.258785569 +0200
++++ openssl-1.0.1a/crypto/fips/fips.c	2012-04-20 09:07:06.258785569 +0200
 @@ -0,0 +1,489 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -9915,9 +9917,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips.c.fips openssl-1.0.1-beta3/crypto/
 +
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c.fips	2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c	2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_cmac_selftest.c.fips	2012-04-20 09:07:06.259785591 +0200
++++ openssl-1.0.1a/crypto/fips/fips_cmac_selftest.c	2012-04-20 09:07:06.259785591 +0200
 @@ -0,0 +1,161 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -10080,9 +10082,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1
 +	return rv;
 +	}
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c.fips	2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c	2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_des_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_des_selftest.c.fips	2012-04-20 09:07:06.259785591 +0200
++++ openssl-1.0.1a/crypto/fips/fips_des_selftest.c	2012-04-20 09:07:06.259785591 +0200
 @@ -0,0 +1,147 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -10231,9 +10233,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1-
 +    return ret;
 +    }
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c.fips	2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c	2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_ctr.c.fips	2012-04-20 09:07:06.260785613 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_ctr.c	2012-04-20 09:07:06.260785613 +0200
 @@ -0,0 +1,436 @@
 +/* fips/rand/fips_drbg_ctr.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -10671,9 +10673,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1-beta
 +
 +	return 1;
 +	}
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c.fips	2012-02-29 10:33:02.794294898 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c	2012-02-29 10:33:02.794294898 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_hash.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_hash.c.fips	2012-04-20 09:07:06.260785613 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_hash.c	2012-04-20 09:07:06.261785635 +0200
 @@ -0,0 +1,378 @@
 +/* fips/rand/fips_drbg_hash.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -11053,9 +11055,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1-bet
 +
 +	return 1;
 +	}
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c.fips	2012-02-29 10:33:02.794294898 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c	2012-02-29 10:33:02.794294898 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_hmac.c.fips	2012-04-20 09:07:06.261785635 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_hmac.c	2012-04-20 09:07:06.261785635 +0200
 @@ -0,0 +1,281 @@
 +/* fips/rand/fips_drbg_hmac.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -11338,9 +11340,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1-bet
 +
 +	return 1;
 +	}
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips	2012-02-29 10:33:02.794294898 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c	2012-02-29 10:33:02.794294898 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_lib.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_lib.c.fips	2012-04-20 09:07:06.262785656 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_lib.c	2012-04-20 09:07:06.262785656 +0200
 @@ -0,0 +1,578 @@
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 + * project.
@@ -11920,9 +11922,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1-beta
 +	memcpy(dctx->lb, out, dctx->blocklength);
 +	return 1;
 +	}
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c.fips	2012-02-29 10:33:02.794294898 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c	2012-02-29 10:33:02.794294898 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_rand.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_rand.c.fips	2012-04-20 09:07:06.263785677 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_rand.c	2012-04-20 09:07:06.263785677 +0200
 @@ -0,0 +1,172 @@
 +/* fips/rand/fips_drbg_rand.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -12096,9 +12098,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1-bet
 +	return &rand_drbg_meth;
 +	}
 +
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c.fips	2012-02-29 10:33:02.795294907 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c	2012-02-29 10:33:02.795294907 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_selftest.c.fips	2012-04-20 09:07:06.264785698 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_selftest.c	2012-04-20 09:07:06.264785698 +0200
 @@ -0,0 +1,862 @@
 +/* fips/rand/fips_drbg_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -12962,9 +12964,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1
 +	return rv;
 +	}
 +
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h.fips	2012-02-29 10:33:02.796294915 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h	2012-02-29 10:33:02.796294915 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1a/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.0.1a/crypto/fips/fips_drbg_selftest.h.fips	2012-04-20 09:07:06.266785740 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_selftest.h	2012-04-20 09:07:06.266785740 +0200
 @@ -0,0 +1,2335 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -15301,9 +15303,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1
 +	0xc2,0xd6,0xfd,0xa5
 +	};
 +
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c.fips	2012-02-29 10:33:02.796294915 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c	2012-02-29 10:33:02.796294915 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_dsa_selftest.c.fips	2012-04-20 09:07:06.267785762 +0200
++++ openssl-1.0.1a/crypto/fips/fips_dsa_selftest.c	2012-04-20 09:07:06.267785762 +0200
 @@ -0,0 +1,193 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -15498,9 +15500,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1-
 +	return ret;
 +	}
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_enc.c.fips openssl-1.0.1-beta3/crypto/fips/fips_enc.c
---- openssl-1.0.1-beta3/crypto/fips/fips_enc.c.fips	2012-02-29 10:33:02.796294915 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_enc.c	2012-02-29 10:33:02.796294915 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_enc.c.fips openssl-1.0.1a/crypto/fips/fips_enc.c
+--- openssl-1.0.1a/crypto/fips/fips_enc.c.fips	2012-04-20 09:07:06.267785762 +0200
++++ openssl-1.0.1a/crypto/fips/fips_enc.c	2012-04-20 09:07:06.267785762 +0200
 @@ -0,0 +1,191 @@
 +/* fipe/evp/fips_enc.c */
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -15693,9 +15695,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_enc.c.fips openssl-1.0.1-beta3/cry
 +		}
 +	}
 +
-diff -up openssl-1.0.1-beta3/crypto/fips/fips.h.fips openssl-1.0.1-beta3/crypto/fips/fips.h
---- openssl-1.0.1-beta3/crypto/fips/fips.h.fips	2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips.h	2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips.h.fips openssl-1.0.1a/crypto/fips/fips.h
+--- openssl-1.0.1a/crypto/fips/fips.h.fips	2012-04-20 09:07:06.268785784 +0200
++++ openssl-1.0.1a/crypto/fips/fips.h	2012-04-20 09:07:06.268785784 +0200
 @@ -0,0 +1,279 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -15976,9 +15978,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips.h.fips openssl-1.0.1-beta3/crypto/
 +}
 +#endif
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c.fips	2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c	2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_hmac_selftest.c.fips	2012-04-20 09:07:06.268785784 +0200
++++ openssl-1.0.1a/crypto/fips/fips_hmac_selftest.c	2012-04-20 09:07:06.268785784 +0200
 @@ -0,0 +1,137 @@
 +/* ====================================================================
 + * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
@@ -16117,9 +16119,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1
 +    return 1;
 +    }
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_locl.h.fips openssl-1.0.1-beta3/crypto/fips/fips_locl.h
---- openssl-1.0.1-beta3/crypto/fips/fips_locl.h.fips	2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_locl.h	2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_locl.h.fips openssl-1.0.1a/crypto/fips/fips_locl.h
+--- openssl-1.0.1a/crypto/fips/fips_locl.h.fips	2012-04-20 09:07:06.268785784 +0200
++++ openssl-1.0.1a/crypto/fips/fips_locl.h	2012-04-20 09:07:06.268785784 +0200
 @@ -0,0 +1,71 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -16192,9 +16194,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_locl.h.fips openssl-1.0.1-beta3/cr
 +}
 +#endif
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_md.c.fips openssl-1.0.1-beta3/crypto/fips/fips_md.c
---- openssl-1.0.1-beta3/crypto/fips/fips_md.c.fips	2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_md.c	2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_md.c.fips openssl-1.0.1a/crypto/fips/fips_md.c
+--- openssl-1.0.1a/crypto/fips/fips_md.c.fips	2012-04-20 09:07:06.268785784 +0200
++++ openssl-1.0.1a/crypto/fips/fips_md.c	2012-04-20 09:07:06.268785784 +0200
 @@ -0,0 +1,145 @@
 +/* fips/evp/fips_md.c */
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -16341,9 +16343,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_md.c.fips openssl-1.0.1-beta3/cryp
 +		return NULL;
 +		}
 +	}
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_post.c.fips openssl-1.0.1-beta3/crypto/fips/fips_post.c
---- openssl-1.0.1-beta3/crypto/fips/fips_post.c.fips	2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_post.c	2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_post.c.fips openssl-1.0.1a/crypto/fips/fips_post.c
+--- openssl-1.0.1a/crypto/fips/fips_post.c.fips	2012-04-20 09:07:06.269785806 +0200
++++ openssl-1.0.1a/crypto/fips/fips_post.c	2012-04-20 09:07:06.269785806 +0200
 @@ -0,0 +1,205 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -16550,9 +16552,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_post.c.fips openssl-1.0.1-beta3/cr
 +	return 1;
 +	}
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rand.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rand.c.fips	2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand.c	2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand.c.fips openssl-1.0.1a/crypto/fips/fips_rand.c
+--- openssl-1.0.1a/crypto/fips/fips_rand.c.fips	2012-04-20 09:07:06.269785806 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand.c	2012-04-20 09:07:06.269785806 +0200
 @@ -0,0 +1,457 @@
 +/* ====================================================================
 + * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
@@ -17011,9 +17013,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand.c.fips openssl-1.0.1-beta3/cr
 +}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand.h.fips openssl-1.0.1-beta3/crypto/fips/fips_rand.h
---- openssl-1.0.1-beta3/crypto/fips/fips_rand.h.fips	2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand.h	2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand.h.fips openssl-1.0.1a/crypto/fips/fips_rand.h
+--- openssl-1.0.1a/crypto/fips/fips_rand.h.fips	2012-04-20 09:07:06.269785806 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand.h	2012-04-20 09:07:06.269785806 +0200
 @@ -0,0 +1,145 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -17160,9 +17162,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand.h.fips openssl-1.0.1-beta3/cr
 +#endif
 +#endif
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h
---- openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h.fips	2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h	2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1a/crypto/fips/fips_rand_lcl.h
+--- openssl-1.0.1a/crypto/fips/fips_rand_lcl.h.fips	2012-04-20 09:07:06.269785806 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand_lcl.h	2012-04-20 09:07:06.269785806 +0200
 @@ -0,0 +1,219 @@
 +/* fips/rand/fips_rand_lcl.h */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -17383,9 +17385,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1-beta
 +#define FIPS_digestupdate EVP_DigestUpdate
 +#define FIPS_digestfinal EVP_DigestFinal
 +#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c.fips	2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c	2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1a/crypto/fips/fips_rand_lib.c
+--- openssl-1.0.1a/crypto/fips/fips_rand_lib.c.fips	2012-04-20 09:07:06.270785828 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand_lib.c	2012-04-20 09:07:06.270785828 +0200
 @@ -0,0 +1,191 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -17578,9 +17580,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1-beta
 +		}
 +	return 0;
 +	}
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c.fips	2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c	2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_rand_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_rand_selftest.c.fips	2012-04-20 09:07:06.270785828 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand_selftest.c	2012-04-20 09:07:06.270785828 +0200
 @@ -0,0 +1,183 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -17765,9 +17767,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_randtest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_randtest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_randtest.c.fips	2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_randtest.c	2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_randtest.c.fips openssl-1.0.1a/crypto/fips/fips_randtest.c
+--- openssl-1.0.1a/crypto/fips/fips_randtest.c.fips	2012-04-20 09:07:06.270785828 +0200
++++ openssl-1.0.1a/crypto/fips/fips_randtest.c	2012-04-20 09:07:06.270785828 +0200
 @@ -0,0 +1,250 @@
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 + * All rights reserved.
@@ -18019,9 +18021,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_randtest.c.fips openssl-1.0.1-beta
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c.fips	2012-02-29 10:33:02.799294939 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c	2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_rsa_selftest.c.fips	2012-04-20 09:07:06.270785828 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rsa_selftest.c	2012-04-20 09:07:06.270785828 +0200
 @@ -0,0 +1,444 @@
 +/* ====================================================================
 + * Copyright (c) 2003-2007 The OpenSSL Project.  All rights reserved.
@@ -18467,9 +18469,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1-
 +	}
 +
 +#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c.fips	2012-02-29 10:33:02.799294939 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c	2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1a/crypto/fips/fips_rsa_x931g.c
+--- openssl-1.0.1a/crypto/fips/fips_rsa_x931g.c.fips	2012-04-20 09:07:06.271785849 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rsa_x931g.c	2012-04-20 09:07:06.271785849 +0200
 @@ -0,0 +1,282 @@
 +/* crypto/rsa/rsa_gen.c */
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -18753,9 +18755,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1-bet
 +	return 0;
 +
 +	}
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c.fips	2012-02-29 10:33:02.799294939 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c	2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_sha_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_sha_selftest.c.fips	2012-04-20 09:07:06.271785849 +0200
++++ openssl-1.0.1a/crypto/fips/fips_sha_selftest.c	2012-04-20 09:07:06.271785849 +0200
 @@ -0,0 +1,140 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -18897,9 +18899,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1-
 +	}
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c
---- openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c.fips	2012-02-29 10:33:02.799294939 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c	2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1a/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.0.1a/crypto/fips/fips_standalone_hmac.c.fips	2012-04-20 09:07:06.271785849 +0200
++++ openssl-1.0.1a/crypto/fips/fips_standalone_hmac.c	2012-04-20 09:07:06.271785849 +0200
 @@ -0,0 +1,180 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -19081,9 +19083,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0
 +    }
 +
 +
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c.fips openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c
---- openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c.fips	2012-02-29 10:33:02.800294947 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c	2012-02-29 10:33:02.800294947 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_test_suite.c.fips openssl-1.0.1a/crypto/fips/fips_test_suite.c
+--- openssl-1.0.1a/crypto/fips/fips_test_suite.c.fips	2012-04-20 09:07:06.272785870 +0200
++++ openssl-1.0.1a/crypto/fips/fips_test_suite.c	2012-04-20 09:07:06.272785870 +0200
 @@ -0,0 +1,588 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -19673,9 +19675,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c.fips openssl-1.0.1-be
 +    }
 +
 +#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/Makefile.fips openssl-1.0.1-beta3/crypto/fips/Makefile
---- openssl-1.0.1-beta3/crypto/fips/Makefile.fips	2012-02-29 10:33:02.800294947 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/Makefile	2012-02-29 10:33:02.800294947 +0100
+diff -up openssl-1.0.1a/crypto/fips/Makefile.fips openssl-1.0.1a/crypto/fips/Makefile
+--- openssl-1.0.1a/crypto/fips/Makefile.fips	2012-04-20 09:07:06.272785870 +0200
++++ openssl-1.0.1a/crypto/fips/Makefile	2012-04-20 09:07:06.272785870 +0200
 @@ -0,0 +1,340 @@
 +#
 +# OpenSSL/crypto/fips/Makefile
@@ -20017,9 +20019,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/Makefile.fips openssl-1.0.1-beta3/crypt
 +fips_sha_selftest.o: ../../include/openssl/safestack.h
 +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
-diff -up openssl-1.0.1-beta3/crypto/hmac/hmac.c.fips openssl-1.0.1-beta3/crypto/hmac/hmac.c
---- openssl-1.0.1-beta3/crypto/hmac/hmac.c.fips	2011-06-12 17:07:26.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/hmac/hmac.c	2012-02-29 10:33:02.800294947 +0100
+diff -up openssl-1.0.1a/crypto/hmac/hmac.c.fips openssl-1.0.1a/crypto/hmac/hmac.c
+--- openssl-1.0.1a/crypto/hmac/hmac.c.fips	2011-06-12 17:07:26.000000000 +0200
++++ openssl-1.0.1a/crypto/hmac/hmac.c	2012-04-20 09:07:06.273785891 +0200
 @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
  			EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
  			return 0;
@@ -20082,9 +20084,9 @@ diff -up openssl-1.0.1-beta3/crypto/hmac/hmac.c.fips openssl-1.0.1-beta3/crypto/
  	EVP_MD_CTX_cleanup(&ctx->i_ctx);
  	EVP_MD_CTX_cleanup(&ctx->o_ctx);
  	EVP_MD_CTX_cleanup(&ctx->md_ctx);
-diff -up openssl-1.0.1-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.1-beta3/crypto/md2/md2_dgst.c
---- openssl-1.0.1-beta3/crypto/md2/md2_dgst.c.fips	2011-06-01 15:39:43.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/md2/md2_dgst.c	2012-02-29 10:33:02.800294947 +0100
+diff -up openssl-1.0.1a/crypto/md2/md2_dgst.c.fips openssl-1.0.1a/crypto/md2/md2_dgst.c
+--- openssl-1.0.1a/crypto/md2/md2_dgst.c.fips	2011-06-01 15:39:43.000000000 +0200
++++ openssl-1.0.1a/crypto/md2/md2_dgst.c	2012-04-20 09:07:06.274785912 +0200
 @@ -62,6 +62,11 @@
  #include <openssl/md2.h>
  #include <openssl/opensslv.h>
@@ -20106,9 +20108,9 @@ diff -up openssl-1.0.1-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.1-beta3/cryp
  	{
  	c->num=0;
  	memset(c->state,0,sizeof c->state);
-diff -up openssl-1.0.1-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.1-beta3/crypto/md4/md4_dgst.c
---- openssl-1.0.1-beta3/crypto/md4/md4_dgst.c.fips	2011-06-01 15:39:43.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/md4/md4_dgst.c	2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/md4/md4_dgst.c.fips openssl-1.0.1a/crypto/md4/md4_dgst.c
+--- openssl-1.0.1a/crypto/md4/md4_dgst.c.fips	2011-06-01 15:39:43.000000000 +0200
++++ openssl-1.0.1a/crypto/md4/md4_dgst.c	2012-04-20 09:07:06.274785912 +0200
 @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
  #define INIT_DATA_C (unsigned long)0x98badcfeL
  #define INIT_DATA_D (unsigned long)0x10325476L
@@ -20118,9 +20120,9 @@ diff -up openssl-1.0.1-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.1-beta3/cryp
  	{
  	memset (c,0,sizeof(*c));
  	c->A=INIT_DATA_A;
-diff -up openssl-1.0.1-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.1-beta3/crypto/md5/md5_dgst.c
---- openssl-1.0.1-beta3/crypto/md5/md5_dgst.c.fips	2011-06-01 15:39:43.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/md5/md5_dgst.c	2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/md5/md5_dgst.c.fips openssl-1.0.1a/crypto/md5/md5_dgst.c
+--- openssl-1.0.1a/crypto/md5/md5_dgst.c.fips	2011-06-01 15:39:43.000000000 +0200
++++ openssl-1.0.1a/crypto/md5/md5_dgst.c	2012-04-20 09:07:06.274785912 +0200
 @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
  #define INIT_DATA_C (unsigned long)0x98badcfeL
  #define INIT_DATA_D (unsigned long)0x10325476L
@@ -20130,9 +20132,9 @@ diff -up openssl-1.0.1-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.1-beta3/cryp
  	{
  	memset (c,0,sizeof(*c));
  	c->A=INIT_DATA_A;
-diff -up openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c.fips	2011-06-01 15:39:44.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c	2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1a/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.1a/crypto/mdc2/mdc2dgst.c.fips	2011-06-01 15:39:44.000000000 +0200
++++ openssl-1.0.1a/crypto/mdc2/mdc2dgst.c	2012-04-20 09:07:06.275785934 +0200
 @@ -76,7 +76,7 @@
  			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
  
@@ -20142,9 +20144,9 @@ diff -up openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1-beta3/cry
  	{
  	c->num=0;
  	c->pad_type=1;
-diff -up openssl-1.0.1-beta3/crypto/o_init.c.fips openssl-1.0.1-beta3/crypto/o_init.c
---- openssl-1.0.1-beta3/crypto/o_init.c.fips	2011-05-26 16:19:19.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/o_init.c	2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/o_init.c.fips openssl-1.0.1a/crypto/o_init.c
+--- openssl-1.0.1a/crypto/o_init.c.fips	2011-05-26 16:19:19.000000000 +0200
++++ openssl-1.0.1a/crypto/o_init.c	2012-04-20 09:07:06.275785934 +0200
 @@ -55,28 +55,63 @@
  #include <e_os.h>
  #include <openssl/err.h>
@@ -20213,9 +20215,9 @@ diff -up openssl-1.0.1-beta3/crypto/o_init.c.fips openssl-1.0.1-beta3/crypto/o_i
 +	{
 +	OPENSSL_init_library();
 +	}
-diff -up openssl-1.0.1-beta3/crypto/opensslconf.h.in.fips openssl-1.0.1-beta3/crypto/opensslconf.h.in
---- openssl-1.0.1-beta3/crypto/opensslconf.h.in.fips	2005-12-16 11:37:23.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/opensslconf.h.in	2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/opensslconf.h.in.fips openssl-1.0.1a/crypto/opensslconf.h.in
+--- openssl-1.0.1a/crypto/opensslconf.h.in.fips	2005-12-16 11:37:23.000000000 +0100
++++ openssl-1.0.1a/crypto/opensslconf.h.in	2012-04-20 09:07:06.276785956 +0200
 @@ -1,5 +1,20 @@
  /* crypto/opensslconf.h.in */
  
@@ -20237,9 +20239,9 @@ diff -up openssl-1.0.1-beta3/crypto/opensslconf.h.in.fips openssl-1.0.1-beta3/cr
  /* Generate 80386 code? */
  #undef I386_ONLY
  
-diff -up openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c
---- openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c.fips	2009-03-09 14:08:04.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c	2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1a/crypto/pkcs12/p12_crt.c
+--- openssl-1.0.1a/crypto/pkcs12/p12_crt.c.fips	2009-03-09 14:08:04.000000000 +0100
++++ openssl-1.0.1a/crypto/pkcs12/p12_crt.c	2012-04-20 09:07:06.277785978 +0200
 @@ -59,6 +59,10 @@
  #include <stdio.h>
  #include "cryptlib.h"
@@ -20266,9 +20268,9 @@ diff -up openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1-beta3/cr
  	if (!nid_key)
  		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
  	if (!iter)
-diff -up openssl-1.0.1-beta3/crypto/rand/md_rand.c.fips openssl-1.0.1-beta3/crypto/rand/md_rand.c
---- openssl-1.0.1-beta3/crypto/rand/md_rand.c.fips	2011-01-26 15:55:23.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/rand/md_rand.c	2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/rand/md_rand.c.fips openssl-1.0.1a/crypto/rand/md_rand.c
+--- openssl-1.0.1a/crypto/rand/md_rand.c.fips	2011-01-26 15:55:23.000000000 +0100
++++ openssl-1.0.1a/crypto/rand/md_rand.c	2012-04-20 09:07:06.277785978 +0200
 @@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch
  	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
  	crypto_lock_rand = 1;
@@ -20281,9 +20283,9 @@ diff -up openssl-1.0.1-beta3/crypto/rand/md_rand.c.fips openssl-1.0.1-beta3/cryp
  		{
  		RAND_poll();
  		initialized = 1;
-diff -up openssl-1.0.1-beta3/crypto/rand/rand.h.fips openssl-1.0.1-beta3/crypto/rand/rand.h
---- openssl-1.0.1-beta3/crypto/rand/rand.h.fips	2012-02-29 10:33:02.283290504 +0100
-+++ openssl-1.0.1-beta3/crypto/rand/rand.h	2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/rand/rand.h.fips openssl-1.0.1a/crypto/rand/rand.h
+--- openssl-1.0.1a/crypto/rand/rand.h.fips	2012-04-20 09:07:05.681773198 +0200
++++ openssl-1.0.1a/crypto/rand/rand.h	2012-04-20 09:07:06.278785999 +0200
 @@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void);
  /* Error codes for the RAND functions. */
  
@@ -20322,9 +20324,9 @@ diff -up openssl-1.0.1-beta3/crypto/rand/rand.h.fips openssl-1.0.1-beta3/crypto/
  
  #ifdef  __cplusplus
  }
-diff -up openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c
---- openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c.fips	2011-06-01 15:39:44.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c	2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1a/crypto/ripemd/rmd_dgst.c
+--- openssl-1.0.1a/crypto/ripemd/rmd_dgst.c.fips	2011-06-01 15:39:44.000000000 +0200
++++ openssl-1.0.1a/crypto/ripemd/rmd_dgst.c	2012-04-20 09:07:06.278785999 +0200
 @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
       void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
  #  endif
@@ -20334,9 +20336,9 @@ diff -up openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1-beta3/c
  	{
  	memset (c,0,sizeof(*c));
  	c->A=RIPEMD160_A;
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c.fips	2011-06-02 20:22:42.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c	2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1a/crypto/rsa/rsa_crpt.c
+--- openssl-1.0.1a/crypto/rsa/rsa_crpt.c.fips	2011-06-02 20:22:42.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_crpt.c	2012-04-20 09:07:06.279786020 +0200
 @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
  	     RSA *rsa, int padding)
  	{
@@ -20363,9 +20365,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1-beta3/cryp
  		return -1;
  		}
  #endif
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c.fips	2011-10-19 16:58:59.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c	2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_eay.c.fips openssl-1.0.1a/crypto/rsa/rsa_eay.c
+--- openssl-1.0.1a/crypto/rsa/rsa_eay.c.fips	2011-10-19 16:58:59.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_eay.c	2012-04-20 09:07:06.279786020 +0200
 @@ -114,6 +114,10 @@
  #include <openssl/bn.h>
  #include <openssl/rsa.h>
@@ -20512,9 +20514,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.1-beta3/crypt
  	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
  	return(1);
  	}
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_err.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_err.c.fips	2011-10-10 01:13:50.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_err.c	2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_err.c.fips openssl-1.0.1a/crypto/rsa/rsa_err.c
+--- openssl-1.0.1a/crypto/rsa/rsa_err.c.fips	2011-10-10 01:13:50.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_err.c	2012-04-20 09:07:06.280786041 +0200
 @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
  {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),	"RSA_public_encrypt"},
  {ERR_FUNC(RSA_F_RSA_PUB_DECODE),	"RSA_PUB_DECODE"},
@@ -20524,9 +20526,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.1-beta3/crypt
  {ERR_FUNC(RSA_F_RSA_SIGN),	"RSA_sign"},
  {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),	"RSA_sign_ASN1_OCTET_STRING"},
  {ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c.fips	2011-06-09 15:18:07.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c	2012-02-29 10:33:02.803294974 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_gen.c.fips openssl-1.0.1a/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1a/crypto/rsa/rsa_gen.c.fips	2011-06-09 15:18:07.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_gen.c	2012-04-20 09:07:06.281786062 +0200
 @@ -69,6 +69,78 @@
  #include <openssl/rsa.h>
  #ifdef OPENSSL_FIPS
@@ -20668,9 +20670,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.1-beta3/crypt
  	ok=1;
  err:
  	if (ok == -1)
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa.h.fips openssl-1.0.1-beta3/crypto/rsa/rsa.h
---- openssl-1.0.1-beta3/crypto/rsa/rsa.h.fips	2012-02-29 10:33:02.577293030 +0100
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa.h	2012-02-29 10:33:02.803294974 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa.h.fips openssl-1.0.1a/crypto/rsa/rsa.h
+--- openssl-1.0.1a/crypto/rsa/rsa.h.fips	2012-04-20 09:07:06.000780038 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa.h	2012-04-20 09:07:06.281786062 +0200
 @@ -164,6 +164,8 @@ struct rsa_st
  # define OPENSSL_RSA_MAX_MODULUS_BITS	16384
  #endif
@@ -20755,9 +20757,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa.h.fips openssl-1.0.1-beta3/crypto/rs
  #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
  #define RSA_R_PADDING_CHECK_FAILED			 114
  #define RSA_R_P_NOT_PRIME				 128
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c.fips	2011-06-20 21:41:13.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c	2012-02-29 10:33:02.803294974 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_lib.c.fips openssl-1.0.1a/crypto/rsa/rsa_lib.c
+--- openssl-1.0.1a/crypto/rsa/rsa_lib.c.fips	2011-06-20 21:41:13.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_lib.c	2012-04-20 09:07:06.282786083 +0200
 @@ -84,6 +84,13 @@ RSA *RSA_new(void)
  
  void RSA_set_default_method(const RSA_METHOD *meth)
@@ -20833,9 +20835,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.1-beta3/crypt
  	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
  		{
  #ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c.fips	2012-02-15 15:14:01.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c	2012-02-29 10:34:56.290320046 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1a/crypto/rsa/rsa_pmeth.c
+--- openssl-1.0.1a/crypto/rsa/rsa_pmeth.c.fips	2012-02-15 15:14:01.000000000 +0100
++++ openssl-1.0.1a/crypto/rsa/rsa_pmeth.c	2012-04-20 09:07:06.282786083 +0200
 @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
  					RSA_R_INVALID_DIGEST_LENGTH);
  			return -1;
@@ -20879,9 +20881,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1-beta3/cry
  		if (rctx->pad_mode == RSA_PKCS1_PADDING)
  			return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
  					sig, siglen, rsa);
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c.fips	2012-02-15 15:00:09.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c	2012-02-29 10:37:54.916857424 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_sign.c.fips openssl-1.0.1a/crypto/rsa/rsa_sign.c
+--- openssl-1.0.1a/crypto/rsa/rsa_sign.c.fips	2012-02-15 15:00:09.000000000 +0100
++++ openssl-1.0.1a/crypto/rsa/rsa_sign.c	2012-04-20 09:07:06.283786105 +0200
 @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
  		i2d_X509_SIG(&sig,&p);
  		s=tmps;
@@ -20913,9 +20915,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.1-beta3/cryp
  
  	if (i <= 0) goto err;
  	/* Oddball MDC2 case: signature can be OCTET STRING.
-diff -up openssl-1.0.1-beta3/crypto/sha/sha256.c.fips openssl-1.0.1-beta3/crypto/sha/sha256.c
---- openssl-1.0.1-beta3/crypto/sha/sha256.c.fips	2011-06-01 15:39:44.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/sha/sha256.c	2012-02-29 10:33:02.804294983 +0100
+diff -up openssl-1.0.1a/crypto/sha/sha256.c.fips openssl-1.0.1a/crypto/sha/sha256.c
+--- openssl-1.0.1a/crypto/sha/sha256.c.fips	2011-06-01 15:39:44.000000000 +0200
++++ openssl-1.0.1a/crypto/sha/sha256.c	2012-04-20 09:07:06.283786105 +0200
 @@ -12,12 +12,19 @@
  
  #include <openssl/crypto.h>
@@ -20946,9 +20948,9 @@ diff -up openssl-1.0.1-beta3/crypto/sha/sha256.c.fips openssl-1.0.1-beta3/crypto
  	memset (c,0,sizeof(*c));
  	c->h[0]=0x6a09e667UL;	c->h[1]=0xbb67ae85UL;
  	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;
-diff -up openssl-1.0.1-beta3/crypto/sha/sha512.c.fips openssl-1.0.1-beta3/crypto/sha/sha512.c
---- openssl-1.0.1-beta3/crypto/sha/sha512.c.fips	2011-11-14 21:58:01.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/sha/sha512.c	2012-02-29 10:33:02.804294983 +0100
+diff -up openssl-1.0.1a/crypto/sha/sha512.c.fips openssl-1.0.1a/crypto/sha/sha512.c
+--- openssl-1.0.1a/crypto/sha/sha512.c.fips	2011-11-14 21:58:01.000000000 +0100
++++ openssl-1.0.1a/crypto/sha/sha512.c	2012-04-20 09:07:06.284786127 +0200
 @@ -5,6 +5,10 @@
   * ====================================================================
   */
@@ -20980,9 +20982,9 @@ diff -up openssl-1.0.1-beta3/crypto/sha/sha512.c.fips openssl-1.0.1-beta3/crypto
  	c->h[0]=U64(0x6a09e667f3bcc908);
  	c->h[1]=U64(0xbb67ae8584caa73b);
  	c->h[2]=U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.0.1-beta3/crypto/sha/sha.h.fips openssl-1.0.1-beta3/crypto/sha/sha.h
---- openssl-1.0.1-beta3/crypto/sha/sha.h.fips	2012-02-29 10:33:02.108288997 +0100
-+++ openssl-1.0.1-beta3/crypto/sha/sha.h	2012-02-29 10:33:02.804294983 +0100
+diff -up openssl-1.0.1a/crypto/sha/sha.h.fips openssl-1.0.1a/crypto/sha/sha.h
+--- openssl-1.0.1a/crypto/sha/sha.h.fips	2012-04-20 09:07:05.493769168 +0200
++++ openssl-1.0.1a/crypto/sha/sha.h	2012-04-20 09:07:06.285786149 +0200
 @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
  void SHA_Transform(SHA_CTX *c, const unsigned char *data);
  #endif
@@ -21015,9 +21017,9 @@ diff -up openssl-1.0.1-beta3/crypto/sha/sha.h.fips openssl-1.0.1-beta3/crypto/sh
  int SHA384_Init(SHA512_CTX *c);
  int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
  int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-diff -up openssl-1.0.1-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.1-beta3/crypto/sha/sha_locl.h
---- openssl-1.0.1-beta3/crypto/sha/sha_locl.h.fips	2012-02-29 10:33:02.114289051 +0100
-+++ openssl-1.0.1-beta3/crypto/sha/sha_locl.h	2012-02-29 10:33:02.804294983 +0100
+diff -up openssl-1.0.1a/crypto/sha/sha_locl.h.fips openssl-1.0.1a/crypto/sha/sha_locl.h
+--- openssl-1.0.1a/crypto/sha/sha_locl.h.fips	2012-04-20 09:07:05.499769296 +0200
++++ openssl-1.0.1a/crypto/sha/sha_locl.h	2012-04-20 09:07:06.285786149 +0200
 @@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
  #define INIT_DATA_h4 0xc3d2e1f0UL
  
@@ -21034,9 +21036,9 @@ diff -up openssl-1.0.1-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.1-beta3/cryp
  	memset (c,0,sizeof(*c));
  	c->h0=INIT_DATA_h0;
  	c->h1=INIT_DATA_h1;
-diff -up openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c
---- openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c.fips	2011-06-01 15:39:45.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c	2012-02-29 10:33:02.805294992 +0100
+diff -up openssl-1.0.1a/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1a/crypto/whrlpool/wp_dgst.c
+--- openssl-1.0.1a/crypto/whrlpool/wp_dgst.c.fips	2011-06-01 15:39:45.000000000 +0200
++++ openssl-1.0.1a/crypto/whrlpool/wp_dgst.c	2012-04-20 09:07:06.286786171 +0200
 @@ -55,7 +55,7 @@
  #include <openssl/crypto.h>
  #include <string.h>
@@ -21046,9 +21048,9 @@ diff -up openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1-beta3/
  	{
  	memset (c,0,sizeof(*c));
  	return(1);
-diff -up openssl-1.0.1-beta3/Makefile.org.fips openssl-1.0.1-beta3/Makefile.org
---- openssl-1.0.1-beta3/Makefile.org.fips	2012-02-29 10:33:02.746294484 +0100
-+++ openssl-1.0.1-beta3/Makefile.org	2012-02-29 10:33:02.805294992 +0100
+diff -up openssl-1.0.1a/Makefile.org.fips openssl-1.0.1a/Makefile.org
+--- openssl-1.0.1a/Makefile.org.fips	2012-04-20 09:07:06.199784304 +0200
++++ openssl-1.0.1a/Makefile.org	2012-04-20 09:07:06.286786171 +0200
 @@ -136,6 +136,9 @@ FIPSCANLIB=
  
  BASEADDR=
@@ -21076,9 +21078,9 @@ diff -up openssl-1.0.1-beta3/Makefile.org.fips openssl-1.0.1-beta3/Makefile.org
  		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
  # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
  # which in turn eliminates ambiguities in variable treatment with -e.
-diff -up openssl-1.0.1-beta3/ssl/ssl_algs.c.fips openssl-1.0.1-beta3/ssl/ssl_algs.c
---- openssl-1.0.1-beta3/ssl/ssl_algs.c.fips	2012-01-15 14:42:50.000000000 +0100
-+++ openssl-1.0.1-beta3/ssl/ssl_algs.c	2012-02-29 10:33:02.805294992 +0100
+diff -up openssl-1.0.1a/ssl/ssl_algs.c.fips openssl-1.0.1a/ssl/ssl_algs.c
+--- openssl-1.0.1a/ssl/ssl_algs.c.fips	2012-01-15 14:42:50.000000000 +0100
++++ openssl-1.0.1a/ssl/ssl_algs.c	2012-04-20 09:07:06.287786192 +0200
 @@ -64,6 +64,12 @@
  int SSL_library_init(void)
  	{
diff --git a/openssl.spec b/openssl.spec
index d821b7e..7893312 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -20,8 +20,8 @@
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 1.0.1
-Release: 3%{?dist}
+Version: 1.0.1a
+Release: 1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -43,7 +43,6 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch
 Patch7: openssl-1.0.0-timezone.patch
 # Bug fixes
 Patch23: openssl-1.0.0-beta4-default-paths.patch
-Patch24: openssl-1.0.1-beta3-s390xbuild.patch
 # Functionality changes
 Patch33: openssl-1.0.0-beta4-ca-dir.patch
 Patch34: openssl-0.9.6-x509.patch
@@ -51,10 +50,10 @@ Patch35: openssl-0.9.8j-version-add-engines.patch
 Patch36: openssl-1.0.0e-doc-noeof.patch
 Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
 Patch39: openssl-1.0.1-beta2-ipv6-apps.patch
-Patch40: openssl-1.0.1-beta3-fips.patch
+Patch40: openssl-1.0.1a-fips.patch
 Patch45: openssl-0.9.8j-env-nozlib.patch
 Patch47: openssl-1.0.0-beta5-readme-warning.patch
-Patch49: openssl-1.0.0-beta4-algo-doc.patch
+Patch49: openssl-1.0.1a-algo-doc.patch
 Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
 Patch51: openssl-1.0.1-version.patch
 Patch56: openssl-1.0.0c-rsa-x931.patch
@@ -65,7 +64,7 @@ Patch65: openssl-1.0.0e-chil-fixes.patch
 Patch66: openssl-1.0.1-pkgconfig-krb5.patch
 # Backported fixes including security fixes
 Patch81: openssl-1.0.1-beta2-padlock64.patch
-Patch82: openssl-1.0.1-backport.patch
+Patch82: openssl-1.0.1a-backport.patch
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -142,7 +141,6 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch7 -p1 -b .timezone
 
 %patch23 -p1 -b .default-paths
-%patch24 -p1 -b .s390xbuild
 
 %patch33 -p1 -b .ca-dir
 %patch34 -p1 -b .x509
@@ -165,6 +163,7 @@ from other formats to the formats used by the OpenSSL toolkit.
 
 %patch81 -p1 -b .padlock64
 %patch82 -p1 -b .backport
+
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
 
@@ -419,6 +418,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Fri Apr 20 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1a-1
+- new upstream version fixing CVE-2012-2110
+
 * Wed Apr 11 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-3
 - add Kerberos 5 libraries to pkgconfig for static linking (#807050)
 
diff --git a/sources b/sources
index 39eb7fd..1eb7727 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-7df6ebc8dfe463b7af7ce4c4b86341e2  openssl-1.0.1-usa.tar.xz
+21a3b8bee1fdb7e60ca2e4aa50529f81  openssl-1.0.1a-usa.tar.xz