diff --git a/crypto-aesni-intel-fix-wrong-kfree-pointer.patch b/crypto-aesni-intel-fix-wrong-kfree-pointer.patch
new file mode 100644
index 0000000..e9942c0
--- /dev/null
+++ b/crypto-aesni-intel-fix-wrong-kfree-pointer.patch
@@ -0,0 +1,45 @@
+From bf084d8f6eb4ded3f90a6ab79bb682db00ebfbd4 Mon Sep 17 00:00:00 2001
+From: Milan Broz <mbroz@redhat.com>
+Date: Thu, 28 Jun 2012 17:26:02 +0200
+Subject: [PATCH] crypto: aesni-intel - fix wrong kfree pointer
+
+kfree(new_key_mem) in rfc4106_set_key() should be called on malloced pointer,
+not on aligned one, otherwise it can cause invalid pointer on free.
+
+(Seen at least once when running tcrypt tests with debug kernel.)
+
+Signed-off-by: Milan Broz <mbroz@redhat.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ arch/x86/crypto/aesni-intel_glue.c |    8 ++++----
+ 1 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
+index d662615..34fdcff 100644
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -529,7 +529,7 @@ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
+ 	struct crypto_aead *cryptd_child = cryptd_aead_child(ctx->cryptd_tfm);
+ 	struct aesni_rfc4106_gcm_ctx *child_ctx =
+                                  aesni_rfc4106_gcm_ctx_get(cryptd_child);
+-	u8 *new_key_mem = NULL;
++	u8 *new_key_align, *new_key_mem = NULL;
+ 
+ 	if (key_len < 4) {
+ 		crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+@@ -553,9 +553,9 @@ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
+ 		if (!new_key_mem)
+ 			return -ENOMEM;
+ 
+-		new_key_mem = PTR_ALIGN(new_key_mem, AESNI_ALIGN);
+-		memcpy(new_key_mem, key, key_len);
+-		key = new_key_mem;
++		new_key_align = PTR_ALIGN(new_key_mem, AESNI_ALIGN);
++		memcpy(new_key_align, key, key_len);
++		key = new_key_align;
+ 	}
+ 
+ 	if (!irq_fpu_usable())
+-- 
+1.7.6.5
+
diff --git a/crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch b/crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
new file mode 100644
index 0000000..9aef14c
--- /dev/null
+++ b/crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
@@ -0,0 +1,122 @@
+From 6c79294f44fd7d1122cbaabff3b9815b074c0dd0 Mon Sep 17 00:00:00 2001
+From: Milan Broz <mbroz@redhat.com>
+Date: Fri, 29 Jun 2012 22:08:09 +0200
+Subject: [PATCH] crypto: testmgr - allow aesni-intel and ghash_clmulni-intel
+ in fips mode
+
+Patch 863b557a88f8c033f7419fabafef4712a5055f85 added NULL entries
+for intel accelerated drivers but did not marked these fips allowed.
+This cause panic if running tests with fips=1.
+
+For ghash, fips_allowed flag was added in patch
+18c0ebd2d8194cce4b3f67e2903fa01bea892cbc.
+
+Without patch, "modprobe tcrypt" fails with
+  alg: skcipher: Failed to load transform for cbc-aes-aesni: -2
+  cbc-aes-aesni: cbc(aes) alg self test failed in fips mode!
+  (panic)
+
+Also add missing cryptd(__driver-cbc-aes-aesni) and
+cryptd(__driver-gcm-aes-aesni) test to complement
+null tests above, otherwise system complains with
+  alg: No test for __cbc-aes-aesni (cryptd(__driver-cbc-aes-aesni))
+  alg: No test for __gcm-aes-aesni (cryptd(__driver-gcm-aes-aesni))
+
+Signed-off-by: Milan Broz <mbroz@redhat.com>
+Signed-off-by: Paul Wouters <pwouters@redhat.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ crypto/testmgr.c |   38 ++++++++++++++++++++++++++++++++++++++
+ 1 files changed, 38 insertions(+), 0 deletions(-)
+
+diff --git a/crypto/testmgr.c b/crypto/testmgr.c
+index 36748a5..4308a11 100644
+--- a/crypto/testmgr.c
++++ b/crypto/testmgr.c
+@@ -1581,6 +1581,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 	}, {
+ 		.alg = "__driver-cbc-aes-aesni",
+ 		.test = alg_test_null,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.cipher = {
+ 				.enc = {
+@@ -1641,6 +1642,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 	}, {
+ 		.alg = "__driver-ecb-aes-aesni",
+ 		.test = alg_test_null,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.cipher = {
+ 				.enc = {
+@@ -1701,6 +1703,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 	}, {
+ 		.alg = "__ghash-pclmulqdqni",
+ 		.test = alg_test_null,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.hash = {
+ 				.vecs = NULL,
+@@ -1866,8 +1869,25 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 			}
+ 		}
+ 	}, {
++		.alg = "cryptd(__driver-cbc-aes-aesni)",
++		.test = alg_test_null,
++		.fips_allowed = 1,
++		.suite = {
++			.cipher = {
++				.enc = {
++					.vecs = NULL,
++					.count = 0
++				},
++				.dec = {
++					.vecs = NULL,
++					.count = 0
++				}
++			}
++		}
++	}, {
+ 		.alg = "cryptd(__driver-ecb-aes-aesni)",
+ 		.test = alg_test_null,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.cipher = {
+ 				.enc = {
+@@ -1926,8 +1946,25 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 			}
+ 		}
+ 	}, {
++		.alg = "cryptd(__driver-gcm-aes-aesni)",
++		.test = alg_test_null,
++		.fips_allowed = 1,
++		.suite = {
++			.cipher = {
++				.enc = {
++					.vecs = NULL,
++					.count = 0
++				},
++				.dec = {
++					.vecs = NULL,
++					.count = 0
++				}
++			}
++		}
++	}, {
+ 		.alg = "cryptd(__ghash-pclmulqdqni)",
+ 		.test = alg_test_null,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.hash = {
+ 				.vecs = NULL,
+@@ -2043,6 +2080,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 	}, {
+ 		.alg = "ecb(__aes-aesni)",
+ 		.test = alg_test_null,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.cipher = {
+ 				.enc = {
+-- 
+1.7.6.5
+
diff --git a/kernel.spec b/kernel.spec
index d96d48c..14a8ddb 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -95,7 +95,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 6
 # The git snapshot level
-%define gitrev 1
+%define gitrev 2
 # Set rpm version accordingly
 %define rpmversion 3.%{upstream_sublevel}.0
 %endif
@@ -745,6 +745,10 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
 #rhbz 828824
 Patch22043: rt2x00usb-fix-indexes-ordering-on-RX-queue-kick.patch
 
+#Fix FIPS for aesni hardare
+Patch22050: crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
+Patch22051: crypto-aesni-intel-fix-wrong-kfree-pointer.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1436,6 +1440,10 @@ ApplyPatch highbank-export-clock-functions.patch
 #rhbz 828824
 ApplyPatch rt2x00usb-fix-indexes-ordering-on-RX-queue-kick.patch
 
+#Fix FIPS for aesni hardare
+ApplyPatch crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
+ApplyPatch crypto-aesni-intel-fix-wrong-kfree-pointer.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2292,6 +2300,10 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Wed Jul 11 2012 Justin M. Forbes <jforbes@redhat.com> - 3.5.0-0.rc6.git2.1
+- Linux v3.5-rc6-40-g055c9fa
+- Fix FIPS for aesni hardware (rhbz 839239)
+
 * Tue Jul 10 2012 Justin M. Forbes <jforbes@redhat.com> - 3.5.0-0.rc6.git1.1
 - Linux v3.5-rc6-22-g2437fcc
 
diff --git a/sources b/sources
index 7a8d34e..164a654 100644
--- a/sources
+++ b/sources
@@ -1,3 +1 @@
-967f72983655e2479f951195953e8480  linux-3.4.tar.xz
-0244539cf9a397a2a8c9e56f38cb9fc2  patch-3.5-rc6.xz
-a58312153ebe36f649a65be44dd0b0c7  patch-3.5-rc6-git1.xz
+a2da7c5f454195df6b6f5677fd7fb997  patch-3.5-rc6-git2.xz