new file mode 100644

@@ -0,0 +1,48 @@

+diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c

+index 48ad0d2..482481d 100644

+--- a/crypto/engine/eng_all.c

+@@ -64,6 +64,7 @@ void ENGINE_load_builtin_engines(void)

+ {

+     /* Some ENGINEs need this */

+     OPENSSL_cpuid_setup();

++ OPENSSL_init(); 

+ #if 0

+     /*

+      * There's no longer any need for an "openssl" ENGINE unless, one day, it

+diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c

+index 280e584..f177b65 100644

+--- a/crypto/evp/c_allc.c

+@@ -64,6 +64,7 @@

+ 

+ void OpenSSL_add_all_ciphers(void)

+ {

++ OPENSSL_init(); 

+ 

+ #ifndef OPENSSL_NO_DES

+     EVP_add_cipher(EVP_des_cfb());

+diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c

+index fdbe3ee..d7f9357 100644

+--- a/crypto/evp/c_alld.c

+@@ -64,6 +64,7 @@

+ 

+ void OpenSSL_add_all_digests(void)

+ {

++ OPENSSL_init(); 

+ #ifndef OPENSSL_NO_MD4

+     EVP_add_digest(EVP_md4());

+ #endif

+diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c

+index e6f515f..64914ad 100644

+--- a/ssl/ssl_algs.c

+@@ -63,6 +63,7 @@

+ 

+ int SSL_library_init(void)

+ {

++ OPENSSL_init(); 

+ 

+ #ifndef OPENSSL_NO_DES

+     EVP_add_cipher(EVP_des_cbc());

new file mode 100644

@@ -0,0 +1,26 @@

+diff -aur openssl-1.0.2h/crypto/o_init.c openssl-1.0.2h-1/crypto/o_init.c

+--- openssl-1.0.2h/crypto/o_init.c	2016-05-03 06:44:42.000000000 -0700

+@@ -57,6 +57,7 @@

+ #include <openssl/err.h>

+ #ifdef OPENSSL_FIPS

+ # include <openssl/fips.h>

++# include <openssl/fips_rand.h>

+ # include <openssl/rand.h>

+ #endif

+ 

+@@ -76,6 +77,14 @@

+     FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);

+     FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);

+     RAND_init_fips();

++/*

++* Calling RAND_init_fips() followed by

++* RAND_set_rand_method(FIPS_rand_get_method()) will

++* cause OpenSSL to use the FIPS default DRBG

++* in lieu of the non-compliant OpenSSL default RAND. This 

++* requires FIPS-capable OpenSSL.

++*/

++    RAND_set_rand_method(FIPS_rand_get_method());

+ #endif

+ #if 0

+     fprintf(stderr, "Called OPENSSL_init\n");

@@ -1,7 +1,7 @@

 Summary:	Management tools and libraries relating to cryptography

 Name:		openssl

 Version:	1.0.2h

-Release:	2%{?dist}

+Release:	3%{?dist}

 License:	OpenSSL

 URL:		http://www.openssl.org

 Group:		System Environment/Security

@@ -10,7 +10,9 @@ Distribution:	Photon

 Source0:	http://www.openssl.org/source/%{name}-%{version}.tar.gz

 %define sha1 openssl=577585f5f5d299c44dd3c993d3c0ac7a219e4949

 Patch0:		c_rehash.patch

-Patch1:     openssl-1.0.2f-ipv6apps.patch

+Patch1:         openssl-1.0.2f-ipv6apps.patch

+Patch2:         openssl-init-conslidate.patch

+Patch3:         openssl-use-fips-drbg-by-default.patch

 Requires:	bash glibc libgcc 

 %description

@@ -49,6 +51,8 @@ Perl scripts that convert certificates and keys to various formats.

 %setup -q

 %patch0 -p1

 %patch1 -p1

+%patch2 -p1

+%patch3 -p1

 %build

 export CFLAGS="%{optflags}"

@@ -108,8 +112,10 @@ rm -rf %{buildroot}/*

 /%{_bindir}/c_rehash

 %changelog

-*	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.0.2h-2

--	GA - Bump release of all rpms

+*   Fri Jun 22 2016 Anish Swaminathan <anishs@vmware.com> 1.0.2h-3

+-   Add patches for using openssl_init under all initialization and changing default RAND

+*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.0.2h-2

+-   GA - Bump release of all rpms

 *   Fri May 20 2016 Divya Thaluru <dthaluru@vmware.com> 1.0.2h-1

 -   Upgrade to 1.0.2h

 *   Mon Mar 07 2016 Anish Swaminathan <anishs@vmware.com> 1.0.2g-1