Merge remote-tracking branch 'up/f33' into f33-riscv64

Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
Provide and obsolete openssl1.1 to allow using openssl1.1-devel on Fedora < 36
2021-10-07 09:49:55 +03:00 · 2021-09-15 14:13:27 +02:00 · 2021-08-25 18:10:10 +02:00 · 2021-07-22 17:20:55 +00:00 · 2021-05-06 09:44:13 +03:00 · 2021-03-26 07:37:03 +01:00
10 changed files with 3011 additions and 731 deletions
--- a/.gitignore
+++ b/.gitignore
@ -49,3 +49,7 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-1.1.1f-hobbled.tar.xz
 /openssl-1.1.1g-hobbled.tar.xz
 /openssl-1.1.1h-hobbled.tar.xz
 /openssl-1.1.1i-hobbled.tar.xz
 /openssl-1.1.1j-hobbled.tar.xz
 /openssl-1.1.1k-hobbled.tar.xz
 /openssl-1.1.1l-hobbled.tar.xz
--- a/openssl-1.1.0-issuer-hash.patch
+++ b/openssl-1.1.0-issuer-hash.patch
@ -1,11 +0,0 @@
 diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
 --- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash	2016-07-18 15:16:32.788881100 +0200
 +++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c	2016-07-18 15:17:16.671871840 +0200
@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
     if (ctx == NULL)
         goto err;
 +    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
     f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
     if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
         goto err;
--- a/openssl-1.1.1-arm-update.patch
+++ b/openssl-1.1.1-arm-update.patch
--- a/openssl-1.1.1-evp-kdf.patch
+++ b/openssl-1.1.1-evp-kdf.patch
@ -1,7 +1,7 @@
-diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err/openssl.txt
+diff -up openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf openssl-1.1.1j/crypto/err/openssl.txt
--- openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/err/openssl.txt	2020-03-19 16:04:11.299063517 +0100
+++ openssl-1.1.1j/crypto/err/openssl.txt	2021-03-03 14:10:13.729466935 +0100
-@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
+@@ -748,6 +748,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
 EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
 EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
 EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
@ -11,7 +11,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
 EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
 EVP_F_EVP_MD_SIZE:162:EVP_MD_size
 EVP_F_EVP_OPENINIT:102:EVP_OpenInit
-@@ -809,12 +812,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
+@@ -810,12 +813,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
 EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
 EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
 EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
@ -43,7 +43,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
 KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
 KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
 KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
-@@ -826,6 +848,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
+@@ -827,6 +849,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
 KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
 KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
 KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
@ -51,15 +51,15 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
 KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
 OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
 OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
-@@ -2277,6 +2300,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
+@@ -2284,6 +2307,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_K
 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
 	operation not supported for this keytype
 EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
 EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
 +EVP_R_PARAMETER_TOO_LARGE:187:parameter too large
 EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
 EVP_R_PBKDF2_ERROR:181:pbkdf2 error
 EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
-@@ -2313,6 +2337,7 @@ KDF_R_MISSING_SEED:106:missing seed
+@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed
 KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
 KDF_R_VALUE_ERROR:108:value error
 KDF_R_VALUE_MISSING:102:value missing
@ -67,9 +67,9 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
 OBJ_R_OID_EXISTS:102:oid exists
 OBJ_R_UNKNOWN_NID:101:unknown nid
 OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
-diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/build.info
+diff -up openssl-1.1.1j/crypto/evp/build.info.evp-kdf openssl-1.1.1j/crypto/evp/build.info
--- openssl-1.1.1e/crypto/evp/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/evp/build.info.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/build.info	2020-03-19 16:04:11.300063500 +0100
+++ openssl-1.1.1j/crypto/evp/build.info	2021-03-03 14:08:02.490294839 +0100
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
         p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
         bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@ -80,9 +80,9 @@ diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/
         e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
         e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
         e_chacha20_poly1305.c cmeth_lib.c
-diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c
+diff -up openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c
--- openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf	2020-03-19 16:04:11.300063500 +0100
+--- openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c	2020-03-19 16:16:46.497967633 +0100
+++ openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c	2021-03-03 14:08:02.490294839 +0100
@@ -14,9 +14,9 @@
 # include <openssl/evp.h>
@ -94,9 +94,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/
 typedef struct {
     union {
-diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/encode.c
+diff -up openssl-1.1.1j/crypto/evp/encode.c.evp-kdf openssl-1.1.1j/crypto/evp/encode.c
--- openssl-1.1.1e/crypto/evp/encode.c.evp-kdf	2020-03-19 16:04:11.301063483 +0100
+--- openssl-1.1.1j/crypto/evp/encode.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/encode.c	2020-03-19 16:14:13.147628683 +0100
+++ openssl-1.1.1j/crypto/evp/encode.c	2021-03-03 14:08:02.491294847 +0100
@@ -11,8 +11,8 @@
 #include <limits.h>
 #include "internal/cryptlib.h"
@ -107,9 +107,9 @@ diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/en
 static unsigned char conv_ascii2bin(unsigned char a,
                                     const unsigned char *table);
-diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_err.c
+diff -up openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_err.c
--- openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf	2020-03-19 16:04:11.218064919 +0100
+--- openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf	2021-03-03 14:08:02.469294651 +0100
-+++ openssl-1.1.1e/crypto/evp/evp_err.c	2020-03-19 16:04:11.302063465 +0100
+++ openssl-1.1.1j/crypto/evp/evp_err.c	2021-03-03 14:12:08.272351600 +0100
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
      "EVP_EncryptFinal_ex"},
@ -135,18 +135,18 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/e
     {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
     {0, NULL}
 };
-@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea
+@@ -243,6 +248,8 @@ static const ERR_STRING_DATA EVP_str_rea
     "operation not supported for this keytype"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
     "operaton not initialized"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
     "output would overflow"},
 +    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE),
 +    "parameter too large"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
     "partially overlapping buffers"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
-diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp/evp_local.h
+diff -up openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1j/crypto/evp/evp_local.h
--- openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf	2020-03-19 16:04:10.657074629 +0100
+--- openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf	2021-03-03 14:08:02.362293695 +0100
-+++ openssl-1.1.1e/crypto/evp/evp_local.h	2020-03-19 16:04:20.722900404 +0100
+++ openssl-1.1.1j/crypto/evp/evp_local.h	2021-03-03 14:08:02.491294847 +0100
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
     unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
 } /* EVP_CIPHER_CTX */ ;
@ -159,9 +159,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
                              int passlen, ASN1_TYPE *param,
                              const EVP_CIPHER *c, const EVP_MD *md,
-diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_pbe.c
+diff -up openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_pbe.c
--- openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf	2020-03-19 16:04:20.723900386 +0100
+--- openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/evp_pbe.c	2020-03-19 16:11:56.425001210 +0100
+++ openssl-1.1.1j/crypto/evp/evp_pbe.c	2021-03-03 14:08:02.491294847 +0100
@@ -12,6 +12,7 @@
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
@ -170,9 +170,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/e
 #include "evp_local.h"
 /* Password based encryption (PBE) functions */
-diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/kdf_lib.c
+diff -up openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1j/crypto/evp/kdf_lib.c
--- openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf	2020-03-19 16:04:20.723900386 +0100
+--- openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf	2021-03-03 14:08:02.491294847 +0100
-+++ openssl-1.1.1e/crypto/evp/kdf_lib.c	2020-03-19 16:04:20.723900386 +0100
+++ openssl-1.1.1j/crypto/evp/kdf_lib.c	2021-03-03 14:08:02.491294847 +0100
@@ -0,0 +1,165 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -339,9 +339,9 @@ diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/k
 +    return ctx->kmeth->derive(ctx->impl, key, keylen);
 +}
 +
-diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/p5_crpt2.c
+diff -up openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1j/crypto/evp/p5_crpt2.c
--- openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c	2020-03-19 16:17:48.822886126 +0100
+++ openssl-1.1.1j/crypto/evp/p5_crpt2.c	2021-03-03 14:08:02.491294847 +0100
@@ -1,5 +1,5 @@
 /*
 - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -490,9 +490,9 @@ diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/
 }
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/evp/pbe_scrypt.c
+diff -up openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1j/crypto/evp/pbe_scrypt.c
--- openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c	2020-03-19 16:04:20.725900352 +0100
+++ openssl-1.1.1j/crypto/evp/pbe_scrypt.c	2021-03-03 14:08:02.491294847 +0100
@@ -7,135 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
@ -763,9 +763,9 @@ diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/ev
 }
 +
 #endif
-diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/pkey_kdf.c
+diff -up openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1j/crypto/evp/pkey_kdf.c
--- openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf	2020-03-19 16:04:20.726900334 +0100
+--- openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf	2021-03-03 14:08:02.491294847 +0100
-+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c	2020-03-19 16:04:20.725900352 +0100
+++ openssl-1.1.1j/crypto/evp/pkey_kdf.c	2021-03-03 14:08:02.491294847 +0100
@@ -0,0 +1,255 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1022,17 +1022,17 @@ diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/
 +    pkey_kdf_ctrl_str
 +};
 +
-diff -up openssl-1.1.1e/crypto/kdf/build.info.evp-kdf openssl-1.1.1e/crypto/kdf/build.info
+diff -up openssl-1.1.1j/crypto/kdf/build.info.evp-kdf openssl-1.1.1j/crypto/kdf/build.info
--- openssl-1.1.1e/crypto/kdf/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/kdf/build.info.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/build.info	2020-03-19 16:04:32.347699194 +0100
+++ openssl-1.1.1j/crypto/kdf/build.info	2021-03-03 14:08:02.491294847 +0100
@@ -1,3 +1,3 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
 -        tls1_prf.c kdf_err.c hkdf.c scrypt.c
 +        tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
-diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf.c
+diff -up openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1j/crypto/kdf/hkdf.c
--- openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/hkdf.c	2020-03-19 16:06:59.757147720 +0100
+++ openssl-1.1.1j/crypto/kdf/hkdf.c	2021-03-03 14:08:02.492294856 +0100
@@ -8,32 +8,33 @@
  */
@ -1498,9 +1498,9 @@ diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf
  err:
     OPENSSL_cleanse(prev, sizeof(prev));
-diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_err.c
+diff -up openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_err.c
--- openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/kdf_err.c	2020-03-19 16:04:32.349699159 +0100
+++ openssl-1.1.1j/crypto/kdf/kdf_err.c	2021-03-03 14:08:02.492294856 +0100
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
@ -1556,9 +1556,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/k
     {0, NULL}
 };
-diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_local.h
+diff -up openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_local.h
--- openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf	2020-03-19 16:04:32.349699159 +0100
+--- openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf	2021-03-03 14:08:02.492294856 +0100
-+++ openssl-1.1.1e/crypto/kdf/kdf_local.h	2020-03-19 16:04:32.349699159 +0100
+++ openssl-1.1.1j/crypto/kdf/kdf_local.h	2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,22 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1582,9 +1582,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf
 +                int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
 +                int cmd, const char *md_name);
 +
-diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_util.c
+diff -up openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_util.c
--- openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf	2020-03-19 16:04:32.350699142 +0100
+--- openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf	2021-03-03 14:08:02.492294856 +0100
-+++ openssl-1.1.1e/crypto/kdf/kdf_util.c	2020-03-19 16:04:32.350699142 +0100
+++ openssl-1.1.1j/crypto/kdf/kdf_util.c	2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,73 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1659,9 +1659,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/
 +    return call_ctrl(ctrl, impl, cmd, md);
 +}
 +
-diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pbkdf2.c
+diff -up openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1j/crypto/kdf/pbkdf2.c
--- openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf	2020-03-19 16:04:32.374698727 +0100
+--- openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf	2021-03-03 14:08:02.492294856 +0100
-+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c	2020-03-19 16:04:32.374698727 +0100
+++ openssl-1.1.1j/crypto/kdf/pbkdf2.c	2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,264 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1927,9 +1927,9 @@ diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pb
 +    HMAC_CTX_free(hctx_tpl);
 +    return ret;
 +}
-diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/scrypt.c
+diff -up openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1j/crypto/kdf/scrypt.c
--- openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/scrypt.c	2020-03-19 16:11:06.215872475 +0100
+++ openssl-1.1.1j/crypto/kdf/scrypt.c	2021-03-03 14:08:02.492294856 +0100
@@ -8,25 +8,35 @@
  */
@ -2517,9 +2517,9 @@ diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/sc
 +}
 #endif
-diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/tls1_prf.c
+diff -up openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1j/crypto/kdf/tls1_prf.c
--- openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c	2020-03-19 16:10:32.317460707 +0100
+++ openssl-1.1.1j/crypto/kdf/tls1_prf.c	2021-03-03 14:08:02.492294856 +0100
@@ -8,11 +8,15 @@
  */
@ -2802,9 +2802,9 @@ diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/
             OPENSSL_clear_free(tmp, olen);
             return 0;
         }
-diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod
+diff -up openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod
--- openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf	2020-03-19 16:04:32.377698675 +0100
+--- openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf	2021-03-03 14:08:02.492294856 +0100
-+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod	2020-03-19 16:04:32.377698675 +0100
+++ openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod	2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,217 @@
 +=pod
 +
@ -3023,9 +3023,9 @@ diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod
+diff -up openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf	2020-03-19 16:04:32.377698675 +0100
+--- openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf	2021-03-03 14:08:02.493294865 +0100
-+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod	2020-03-19 16:04:32.377698675 +0100
+++ openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod	2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,180 @@
 +=pod
 +
@ -3207,9 +3207,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod
+diff -up openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
+--- openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf	2021-03-03 14:08:02.493294865 +0100
-+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod	2020-03-19 16:04:32.378698658 +0100
+++ openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod	2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,78 @@
 +=pod
 +
@ -3289,9 +3289,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/m
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod
+diff -up openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
+--- openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf	2021-03-03 14:08:02.493294865 +0100
-+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod	2020-03-19 16:04:32.378698658 +0100
+++ openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod	2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,149 @@
 +=pod
 +
@ -3442,9 +3442,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/m
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod
+diff -up openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
+--- openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf	2021-03-03 14:08:02.493294865 +0100
-+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod	2020-03-19 16:04:32.378698658 +0100
+++ openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod	2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,142 @@
 +=pod
 +
@ -3588,9 +3588,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/crypto/evp.h
+diff -up openssl-1.1.1j/include/crypto/evp.h.evp-kdf openssl-1.1.1j/include/crypto/evp.h
--- openssl-1.1.1e/include/crypto/evp.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/include/crypto/evp.h.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/include/crypto/evp.h	2020-03-19 16:04:32.347699194 +0100
+++ openssl-1.1.1j/include/crypto/evp.h	2021-03-03 14:08:02.493294865 +0100
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
 extern const EVP_PKEY_METHOD poly1305_pkey_meth;
 extern const EVP_PKEY_METHOD siphash_pkey_meth;
@ -3616,10 +3616,10 @@ diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/cryp
 struct evp_md_st {
     int type;
     int pkey_type;
-diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/openssl/evperr.h
+diff -up openssl-1.1.1j/include/openssl/evperr.h.evp-kdf openssl-1.1.1j/include/openssl/evperr.h
--- openssl-1.1.1e/include/openssl/evperr.h.evp-kdf	2020-03-19 16:04:11.250064365 +0100
+--- openssl-1.1.1j/include/openssl/evperr.h.evp-kdf	2021-03-03 14:08:02.477294722 +0100
-+++ openssl-1.1.1e/include/openssl/evperr.h	2020-03-19 16:04:32.379698640 +0100
+++ openssl-1.1.1j/include/openssl/evperr.h	2021-03-03 14:13:37.587003722 +0100
-@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void);
+@@ -56,6 +56,9 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE                   219
 # define EVP_F_EVP_ENCRYPTFINAL_EX                        127
 # define EVP_F_EVP_ENCRYPTUPDATE                          167
@ -3629,7 +3629,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/
 # define EVP_F_EVP_MD_CTX_COPY_EX                         110
 # define EVP_F_EVP_MD_SIZE                                162
 # define EVP_F_EVP_OPENINIT                               102
-@@ -120,11 +123,13 @@ int ERR_load_EVP_strings(void);
+@@ -118,11 +121,13 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
@ -3643,17 +3643,17 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/
 # define EVP_F_UPDATE                                     173
 /*
-@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void);
+@@ -179,6 +184,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 # define EVP_R_OPERATON_NOT_INITIALIZED                   151
 +# define EVP_R_PARAMETER_TOO_LARGE                        187
 # define EVP_R_OUTPUT_WOULD_OVERFLOW                      184
 # define EVP_R_PARTIALLY_OVERLAPPING                      162
 # define EVP_R_PBKDF2_ERROR                               181
- # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
+diff -up openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf openssl-1.1.1j/include/openssl/kdferr.h
-diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/openssl/kdferr.h
+--- openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf	2021-02-16 16:24:01.000000000 +0100
--- openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1j/include/openssl/kdferr.h	2021-03-03 14:08:02.493294865 +0100
 +++ openssl-1.1.1e/include/openssl/kdferr.h	2020-03-19 16:04:32.379698640 +0100
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
 /*
  * KDF function codes.
@ -3693,9 +3693,9 @@ diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/
 +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE                   112
 #endif
-diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/openssl/kdf.h
+diff -up openssl-1.1.1j/include/openssl/kdf.h.evp-kdf openssl-1.1.1j/include/openssl/kdf.h
--- openssl-1.1.1e/include/openssl/kdf.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/include/openssl/kdf.h.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/include/openssl/kdf.h	2020-03-19 16:04:32.380698623 +0100
+++ openssl-1.1.1j/include/openssl/kdf.h	2021-03-03 14:08:02.493294865 +0100
@@ -10,10 +10,50 @@
 #ifndef HEADER_KDF_H
 # define HEADER_KDF_H
@ -3774,9 +3774,9 @@ diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/ope
 }
 # endif
 #endif
-diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/include/openssl/ossl_typ.h
+diff -up openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1j/include/openssl/ossl_typ.h
--- openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/include/openssl/ossl_typ.h	2020-03-19 16:04:32.381698606 +0100
+++ openssl-1.1.1j/include/openssl/ossl_typ.h	2021-03-03 14:08:02.493294865 +0100
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
 typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
@ -3786,9 +3786,9 @@ diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/includ
 typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
 typedef struct hmac_ctx_st HMAC_CTX;
-diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
+diff -up openssl-1.1.1j/test/build.info.evp-kdf openssl-1.1.1j/test/build.info
--- openssl-1.1.1e/test/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/test/build.info.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/test/build.info	2020-03-19 16:04:32.381698606 +0100
+++ openssl-1.1.1j/test/build.info	2021-03-03 14:08:02.493294865 +0100
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
           ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
           bio_callback_test bio_memleak_test \
@ -3810,9 +3810,9 @@ diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
   SOURCE[x509_time_test]=x509_time_test.c
   INCLUDE[x509_time_test]=../include
   DEPEND[x509_time_test]=../libcrypto libtestutil.a
-diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_test.c
+diff -up openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf openssl-1.1.1j/test/evp_kdf_test.c
--- openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf	2020-03-19 16:04:32.382698588 +0100
+--- openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf	2021-03-03 14:08:02.494294874 +0100
-+++ openssl-1.1.1e/test/evp_kdf_test.c	2020-03-19 16:04:32.382698588 +0100
+++ openssl-1.1.1j/test/evp_kdf_test.c	2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,237 @@
 +/*
 + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
@ -4051,9 +4051,9 @@ diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_
 +#endif
 +    return 1;
 +}
-diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
+diff -up openssl-1.1.1j/test/evp_test.c.evp-kdf openssl-1.1.1j/test/evp_test.c
--- openssl-1.1.1e/test/evp_test.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/test/evp_test.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/test/evp_test.c	2020-03-19 16:04:32.383698571 +0100
+++ openssl-1.1.1j/test/evp_test.c	2021-03-03 14:08:02.494294874 +0100
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
     encode_test_run,
 };
@ -4265,9 +4265,9 @@ diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
     &keypair_test_method,
     &keygen_test_method,
     &mac_test_method,
-diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pkey_meth_kdf_test.c
+diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pkey_meth_kdf_test.c
--- openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c	2020-03-19 16:04:32.386698519 +0100
+++ openssl-1.1.1j/test/pkey_meth_kdf_test.c	2021-03-03 14:08:02.494294874 +0100
@@ -1,5 +1,5 @@
 /*
 - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -4471,9 +4471,9 @@ diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pk
 }
 #endif
-diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt
+diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt	2020-03-19 16:04:32.388698484 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt	2021-03-03 14:08:02.494294874 +0100
@@ -1,5 +1,5 @@
 #
 -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -4872,9 +4872,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
 +Ctrl.digest = digest:sha512
 +Output = 00ef42cdbfc98d29db20976608e455567fdddf14
 +
-diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt
+diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf	2020-03-19 16:04:32.389698467 +0100
+--- openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf	2021-03-03 14:08:02.494294874 +0100
-+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt	2020-03-19 16:04:32.389698467 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt	2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,305 @@
 +#
 +# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5181,9 +5181,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op
 +Ctrl.p = p:1
 +Result = INTERNAL_ERROR
 +
-diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_kdf.t
+diff -up openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_kdf.t
--- openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf	2020-03-19 16:04:32.390698450 +0100
+--- openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf	2021-03-03 14:08:02.494294874 +0100
-+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t	2020-03-19 16:04:32.390698450 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp_kdf.t	2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,13 @@
 +#! /usr/bin/env perl
 +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5198,9 +5198,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/te
 +use OpenSSL::Test::Simple;
 +
 +simple_test("test_evp_kdf", "evp_kdf_test");
-diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp.t
+diff -up openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp.t
--- openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/test/recipes/30-test_evp.t	2020-03-19 16:04:32.390698450 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp.t	2021-03-03 14:08:02.495294883 +0100
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
 setup("test_evp");
@ -5210,10 +5210,10 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/r
     "evpcase.txt", "evpccmcavs.txt" );
 plan tests => scalar(@files);
-diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto.num
+diff -up openssl-1.1.1j/util/libcrypto.num.evp-kdf openssl-1.1.1j/util/libcrypto.num
--- openssl-1.1.1e/util/libcrypto.num.evp-kdf	2020-03-19 16:04:11.263064140 +0100
+--- openssl-1.1.1j/util/libcrypto.num.evp-kdf	2021-03-03 14:08:02.481294758 +0100
-+++ openssl-1.1.1e/util/libcrypto.num	2020-03-19 16:04:32.392698415 +0100
+++ openssl-1.1.1j/util/libcrypto.num	2021-03-03 14:08:02.495294883 +0100
-@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength
+@@ -4626,3 +4626,11 @@ FIPS_drbg_get_strength
 FIPS_rand_strength                      6380	1_1_0g	EXIST::FUNCTION:
 FIPS_drbg_get_blocklength               6381	1_1_0g	EXIST::FUNCTION:
 FIPS_drbg_init                          6382	1_1_0g	EXIST::FUNCTION:
@ -5225,9 +5225,9 @@ diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto
 +EVP_KDF_ctrl_str                        6595	1_1_1b	EXIST::FUNCTION:
 +EVP_KDF_size                            6596	1_1_1b	EXIST::FUNCTION:
 +EVP_KDF_derive                          6597	1_1_1b	EXIST::FUNCTION:
-diff -up openssl-1.1.1e/util/private.num.evp-kdf openssl-1.1.1e/util/private.num
+diff -up openssl-1.1.1j/util/private.num.evp-kdf openssl-1.1.1j/util/private.num
--- openssl-1.1.1e/util/private.num.evp-kdf	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1j/util/private.num.evp-kdf	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1e/util/private.num	2020-03-19 16:04:32.393698398 +0100
+++ openssl-1.1.1j/util/private.num	2021-03-03 14:08:02.495294883 +0100
@@ -21,6 +21,7 @@ CRYPTO_EX_dup
 CRYPTO_EX_free                          datatype
 CRYPTO_EX_new                           datatype
--- a/openssl-1.1.1-fips-dh.patch
+++ b/openssl-1.1.1-fips-dh.patch
@ -1,6 +1,6 @@
-diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c
+diff -up openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh openssl-1.1.1j/crypto/bn/bn_const.c
--- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-07-17 10:36:29.245788441 +0200
+++ openssl-1.1.1j/crypto/bn/bn_const.c	2021-03-03 14:23:27.403092418 +0100
@@ -1,13 +1,17 @@
 /*
 - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -477,9 +477,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
 -    return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
 +    return COPY_BN(bn, _bignum_modp_8192_p);
 }
-diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c
+diff -up openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1j/crypto/bn/bn_dh.c
--- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-07-17 10:36:29.246788449 +0200
+++ openssl-1.1.1j/crypto/bn/bn_dh.c	2021-03-03 14:23:27.404092427 +0100
@@ -1,7 +1,7 @@
 /*
 - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -1956,9 +1956,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
 -#endif
 +#endif /* OPENSSL_NO_DH */
-diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c
+diff -up openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh openssl-1.1.1j/crypto/dh/dh_check.c
--- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-07-17 10:36:29.246788449 +0200
+++ openssl-1.1.1j/crypto/dh/dh_check.c	2021-03-03 14:23:27.404092427 +0100
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
@ -2043,9 +2043,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
 +    return dh_check_pub_key_int(dh, q, pub_key, ret);
 +}
 +
-diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c
+diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1j/crypto/dh/dh_gen.c
--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-07-17 10:36:29.182787923 +0200
+--- openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh	2021-03-03 14:23:27.338091859 +0100
-+++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-07-17 10:36:29.246788449 +0200
+++ openssl-1.1.1j/crypto/dh/dh_gen.c	2021-03-03 14:23:27.404092427 +0100
@@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
                               BN_GENCB *cb)
 {
@ -2075,10 +2075,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
-diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c
+diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh openssl-1.1.1j/crypto/dh/dh_key.c
--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-07-17 10:36:29.182787923 +0200
+--- openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh	2021-03-03 14:23:27.338091859 +0100
-+++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-07-17 11:00:07.783777846 +0200
+++ openssl-1.1.1j/crypto/dh/dh_key.c	2021-03-03 14:51:36.235296236 +0100
-@@ -100,10 +100,18 @@ static int generate_key(DH *dh)
+@@ -120,10 +120,18 @@ static int generate_key(DH *dh)
     BIGNUM *pub_key = NULL, *priv_key = NULL;
 #ifdef OPENSSL_FIPS
@ -2101,7 +2101,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
     }
 #endif
-@@ -139,7 +147,15 @@ static int generate_key(DH *dh)
+@@ -159,7 +167,15 @@ static int generate_key(DH *dh)
     }
     if (generate_new_key) {
@ -2118,7 +2118,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
             do {
                 if (!BN_priv_rand_range(priv_key, dh->q))
                     goto err;
-@@ -175,6 +191,15 @@ static int generate_key(DH *dh)
+@@ -195,6 +211,15 @@ static int generate_key(DH *dh)
         }
         /* We MUST free prk before any further use of priv_key */
         BN_clear_free(prk);
@ -2134,7 +2134,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
     }
     dh->pub_key = pub_key;
-@@ -197,6 +222,7 @@ static int compute_key(unsigned char *ke
+@@ -217,6 +242,7 @@ static int compute_key(unsigned char *ke
     BN_CTX *ctx = NULL;
     BN_MONT_CTX *mont = NULL;
     BIGNUM *tmp;
@ -2142,7 +2142,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
     int ret = -1;
     int check_result;
-@@ -243,6 +269,18 @@ static int compute_key(unsigned char *ke
+@@ -263,6 +289,18 @@ static int compute_key(unsigned char *ke
         DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
         goto err;
     }
@ -2159,11 +2159,11 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
 +        goto err;
 +    }
-     ret = BN_bn2bin(tmp, key);
+     ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
  err:
-diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c
+diff -up openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1j/crypto/dh/dh_lib.c
--- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-07-17 10:36:29.246788449 +0200
+++ openssl-1.1.1j/crypto/dh/dh_lib.c	2021-03-03 14:23:27.405092436 +0100
@@ -8,6 +8,7 @@
  */
@ -2193,9 +2193,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
         dh->length = BN_num_bits(q);
     }
-diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h
+diff -up openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh openssl-1.1.1j/crypto/dh/dh_local.h
--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-07-17 10:36:28.968786163 +0200
+--- openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh	2021-03-03 14:23:27.202090689 +0100
-+++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-07-17 10:36:29.246788449 +0200
+++ openssl-1.1.1j/crypto/dh/dh_local.h	2021-03-03 14:23:27.405092436 +0100
@@ -35,6 +35,7 @@ struct dh_st {
     const DH_METHOD *meth;
     ENGINE *engine;
@ -2215,9 +2215,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
 +/* FIPS mode only check which requires nid set and looks up q based on it. */
 +int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret);
 +
-diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c
+diff -up openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1j/crypto/dh/dh_rfc7919.c
--- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-07-17 10:36:29.246788449 +0200
+++ openssl-1.1.1j/crypto/dh/dh_rfc7919.c	2021-03-03 14:23:27.405092436 +0100
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
@ -2387,10 +2387,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
 +    return dh_match_group(dh, q, NULL) != NID_undef;
 +}
 +
-diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_key.c
+diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh openssl-1.1.1j/crypto/ec/ec_key.c
--- openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh	2020-07-17 11:00:53.958175227 +0200
+--- openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh	2021-03-03 14:23:27.339091868 +0100
-+++ openssl-1.1.1g/crypto/ec/ec_key.c	2020-07-20 13:24:03.941107320 +0200
+++ openssl-1.1.1j/crypto/ec/ec_key.c	2021-03-03 14:23:27.405092436 +0100
-@@ -280,9 +280,18 @@ int ec_key_simple_generate_key(EC_KEY *e
+@@ -281,9 +281,18 @@ int ec_key_simple_generate_key(EC_KEY *e
     if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
         goto err;
@ -2410,7 +2410,7 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k
     ok = 1;
  err:
-@@ -296,8 +305,23 @@ int ec_key_simple_generate_key(EC_KEY *e
+@@ -297,8 +306,23 @@ int ec_key_simple_generate_key(EC_KEY *e
 int ec_key_simple_generate_public_key(EC_KEY *eckey)
 {
@ -2435,9 +2435,9 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k
 }
 int EC_KEY_check_key(const EC_KEY *eckey)
-diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c
+diff -up openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh openssl-1.1.1j/crypto/evp/p_lib.c
--- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/crypto/evp/p_lib.c	2020-07-17 10:36:29.247788458 +0200
+++ openssl-1.1.1j/crypto/evp/p_lib.c	2021-03-03 14:23:27.405092436 +0100
@@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@ -2448,9 +2448,9 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l
     int ret = EVP_PKEY_assign(pkey, type, key);
     if (ret)
-diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h
+diff -up openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1j/crypto/objects/obj_dat.h
--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-07-17 10:36:29.239788392 +0200
+--- openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh	2021-03-03 14:23:27.394092341 +0100
-+++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-07-17 10:36:29.247788458 +0200
+++ openssl-1.1.1j/crypto/objects/obj_dat.h	2021-03-03 14:23:27.406092444 +0100
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
 };
@ -2512,9 +2512,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
      481,    /* "nSRecord" */
      173,    /* "name" */
      681,    /* "onBasis" */
-diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt
+diff -up openssl-1.1.1j/crypto/objects/objects.txt.fips-dh openssl-1.1.1j/crypto/objects/objects.txt
--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-07-17 10:36:29.239788392 +0200
+--- openssl-1.1.1j/crypto/objects/objects.txt.fips-dh	2021-03-03 14:23:27.395092350 +0100
-+++ openssl-1.1.1g/crypto/objects/objects.txt	2020-07-17 10:36:29.247788458 +0200
+++ openssl-1.1.1j/crypto/objects/objects.txt	2021-03-03 14:23:27.406092444 +0100
@@ -1657,6 +1657,13 @@ id-pkinit 5                     : pkInit
                             : ffdhe4096
                             : ffdhe6144
@ -2529,9 +2529,9 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
 # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
-diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num
+diff -up openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1j/crypto/objects/obj_mac.num
--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-07-17 10:36:29.239788392 +0200
+--- openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh	2021-03-03 14:23:27.395092350 +0100
-+++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-07-17 10:36:29.248788466 +0200
+++ openssl-1.1.1j/crypto/objects/obj_mac.num	2021-03-03 14:23:27.406092444 +0100
@@ -1196,3 +1196,9 @@ sshkdf		1195
 kbkdf		1196
 krb5kdf		1197
@ -2542,9 +2542,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
 +modp_4096		1202
 +modp_6144		1203
 +modp_8192		1204
-diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod
+diff -up openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1j/doc/man3/DH_new_by_nid.pod
--- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-07-17 10:36:29.248788466 +0200
+++ openssl-1.1.1j/doc/man3/DH_new_by_nid.pod	2021-03-03 14:23:27.406092444 +0100
@@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
  #include <openssl/dh.h>
@ -2563,9 +2563,9 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
 DH_get_nid() determines if the parameters contained in B<dh> match
 any named set. It returns the NID corresponding to the matching parameters or
-diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod
+diff -up openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod
--- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-07-17 10:36:29.248788466 +0200
+++ openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod	2021-03-03 14:23:27.406092444 +0100
@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
 If B<pad> is zero (the default) then no padding is performed.
@ -2582,9 +2582,9 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
 The nid parameter and the rfc5114 parameter are mutually exclusive.
 The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
-diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h
+diff -up openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh openssl-1.1.1j/include/crypto/bn_dh.h
--- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh	2020-04-21 14:22:39.000000000 +0200
+--- openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh	2021-02-16 16:24:01.000000000 +0100
-+++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-07-17 10:36:29.248788466 +0200
+++ openssl-1.1.1j/include/crypto/bn_dh.h	2021-03-03 14:23:27.406092444 +0100
@@ -1,7 +1,7 @@
 /*
 - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -2633,9 +2633,9 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
 +extern const BIGNUM _bignum_modp_4096_q;
 +extern const BIGNUM _bignum_modp_6144_q;
 +extern const BIGNUM _bignum_modp_8192_q;
-diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h
+diff -up openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh openssl-1.1.1j/include/openssl/obj_mac.h
--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-07-17 10:36:29.240788400 +0200
+--- openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh	2021-03-03 14:23:27.396092358 +0100
-+++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-07-17 10:36:29.248788466 +0200
+++ openssl-1.1.1j/include/openssl/obj_mac.h	2021-03-03 14:23:27.407092453 +0100
@@ -5115,6 +5115,24 @@
 #define SN_ffdhe8192            "ffdhe8192"
 #define NID_ffdhe8192           1130
@ -2661,10 +2661,10 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
 #define SN_ISO_UA               "ISO-UA"
 #define NID_ISO_UA              1150
 #define OBJ_ISO_UA              OBJ_member_body,804L
-diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
+diff -up openssl-1.1.1j/ssl/s3_lib.c.fips-dh openssl-1.1.1j/ssl/s3_lib.c
--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-07-17 10:36:29.199788063 +0200
+--- openssl-1.1.1j/ssl/s3_lib.c.fips-dh	2021-03-03 14:23:27.354091997 +0100
-+++ openssl-1.1.1g/ssl/s3_lib.c	2020-07-17 10:36:29.248788466 +0200
+++ openssl-1.1.1j/ssl/s3_lib.c	2021-03-03 14:23:27.407092453 +0100
-@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
+@@ -4849,13 +4849,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
 {
     EVP_PKEY *ret;
@ -2716,11 +2716,10 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
     return ret;
 }
 #endif
- 
+diff -up openssl-1.1.1j/ssl/t1_lib.c.fips-dh openssl-1.1.1j/ssl/t1_lib.c
-diff -up openssl-1.1.1h/ssl/t1_lib.c.fips-dh openssl-1.1.1h/ssl/t1_lib.c
+--- openssl-1.1.1j/ssl/t1_lib.c.fips-dh	2021-03-03 14:23:27.401092401 +0100
--- openssl-1.1.1h/ssl/t1_lib.c.fips-dh	2020-11-04 14:04:41.851711629 +0100
+++ openssl-1.1.1j/ssl/t1_lib.c	2021-03-03 14:23:27.407092453 +0100
-+++ openssl-1.1.1h/ssl/t1_lib.c	2020-11-04 14:06:06.506431652 +0100
+@@ -2542,7 +2542,7 @@ DH *ssl_get_auto_dh(SSL *s)
@@ -2470,7 +2470,7 @@
         p = BN_get_rfc3526_prime_4096(NULL);
     else if (dh_secbits >= 128)
         p = BN_get_rfc3526_prime_3072(NULL);
--- a/openssl-1.1.1-fips-post-rand.patch
+++ b/openssl-1.1.1-fips-post-rand.patch
@ -1,6 +1,6 @@
-diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
+diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c
--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand	2020-03-17 18:06:16.822418854 +0100
+--- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand	2020-12-09 10:26:41.634106328 +0100
-+++ openssl-1.1.1e/crypto/fips/fips.c	2020-03-17 18:06:16.861418172 +0100
+++ openssl-1.1.1i/crypto/fips/fips.c	2020-12-09 10:26:41.652106475 +0100
@@ -68,6 +68,7 @@
 # include <openssl/fips.h>
@ -51,10 +51,10 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/
         ret = 1;
         goto end;
     }
-diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
+diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c
--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand	2020-12-08 14:20:59.000000000 +0100
-+++ openssl-1.1.1e/crypto/rand/drbg_lib.c	2020-03-17 18:07:35.305045521 +0100
+++ openssl-1.1.1i/crypto/rand/drbg_lib.c	2020-12-09 10:26:41.652106475 +0100
-@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
+@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
     return min_entropy > min_entropylen ? min_entropy : min_entropylen;
 }
@ -75,9 +75,9 @@ diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/cry
 /* Implements the default OpenSSL RAND_add() method */
 static int drbg_add(const void *buf, int num, double randomness)
 {
-diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
+diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c
--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand	2020-12-08 14:20:59.000000000 +0100
-+++ openssl-1.1.1e/crypto/rand/rand_unix.c	2020-03-17 18:09:01.503537189 +0100
+++ openssl-1.1.1i/crypto/rand/rand_unix.c	2020-12-09 10:36:59.531221903 +0100
@@ -17,10 +17,12 @@
 #include <openssl/crypto.h>
 #include "rand_local.h"
@ -91,7 +91,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
 # ifdef DEVRANDOM_WAIT
 #  include <sys/shm.h>
 #  include <sys/utsname.h>
-@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
+@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf,
  * syscall_random(): Try to get random data using a system call
  * returns the number of bytes returned in buf, or < 0 on error.
  */
@ -100,15 +100,15 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
 {
     /*
      * Note: 'buflen' equals the size of the buffer which is used by the
-@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
+@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf,
-      * - Linux since 3.17 with glibc 2.25
+      * Note: Sometimes getentropy() can be provided but not implemented
-      * - FreeBSD since 12.0 (1200061)
+      * internally. So we need to check errno for ENOSYS
      */
 +#  if 0
 #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
-@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
+@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf,
     if (p_getentropy.p != NULL)
         return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
 #  endif
@ -122,7 +122,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
 #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
     return sysctl_random(buf, buflen);
 #  else
-@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
     size_t entropy_available;
 #   if defined(OPENSSL_RAND_SEED_GETRANDOM)
@ -132,7 +132,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
     {
         size_t bytes_needed;
         unsigned char *buffer;
-@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
         bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
         while (bytes_needed != 0 && attempts-- > 0) {
             buffer = rand_pool_add_begin(pool, bytes_needed);
@ -141,7 +141,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
             if (bytes > 0) {
                 rand_pool_add_end(pool, bytes, 8 * bytes);
                 bytes_needed -= bytes;
-@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
             int attempts = 3;
             const int fd = get_random_device(i);
@ -153,7 +153,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
             while (bytes_needed != 0 && attempts-- > 0) {
                 buffer = rand_pool_add_begin(pool, bytes_needed);
-@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
             return entropy_available;
     }
 #   endif
@ -164,9 +164,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
     return rand_pool_entropy_available(pool);
 #  endif
 }
-diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
+diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h
--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand	2020-03-17 18:06:16.831418696 +0100
+--- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand	2020-12-09 10:26:41.639106369 +0100
-+++ openssl-1.1.1e/include/crypto/fips.h	2020-03-17 18:06:16.861418172 +0100
+++ openssl-1.1.1i/include/crypto/fips.h	2020-12-09 10:26:41.657106516 +0100
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
 int FIPS_selftest_drbg(void);
 int FIPS_selftest_cmac(void);
@ -176,9 +176,9 @@ diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/incl
 int fips_pkey_signature_test(EVP_PKEY *pkey,
                                  const unsigned char *tbs, int tbslen,
                                  const unsigned char *kat,
-diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
+diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h
--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
+--- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand	2020-12-08 14:20:59.000000000 +0100
-+++ openssl-1.1.1e/include/crypto/rand.h	2020-03-17 18:07:35.303045555 +0100
+++ openssl-1.1.1i/include/crypto/rand.h	2020-12-09 10:26:41.657106516 +0100
@@ -24,6 +24,7 @@
 typedef struct rand_pool_st RAND_POOL;
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
--- a/openssl-1.1.1-version-override.patch
+++ b/openssl-1.1.1-version-override.patch
@ -1,12 +1,12 @@
-diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
+diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.1i/include/openssl/opensslv.h
--- openssl-1.1.1g/include/openssl/opensslv.h.version-override	2020-04-23 13:29:37.802673513 +0200
+--- openssl-1.1.1i/include/openssl/opensslv.h.version-override	2020-12-09 10:25:12.042374409 +0100
-+++ openssl-1.1.1g/include/openssl/opensslv.h	2020-04-23 13:30:13.064008458 +0200
+++ openssl-1.1.1i/include/openssl/opensslv.h	2020-12-09 10:26:00.362769170 +0100
@@ -40,7 +40,7 @@ extern "C" {
  *  major minor fix final patch/beta)
  */
- # define OPENSSL_VERSION_NUMBER  0x1010108fL
+ # define OPENSSL_VERSION_NUMBER  0x101010cfL
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1h  22 Sep 2020"
+-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1l  24 Aug 2021"
-+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1h FIPS 22 Sep 2020"
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1l  FIPS 24 Aug 2021"
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
--- a/openssl.spec
+++ b/openssl.spec
@ -21,8 +21,8 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 1.1.1h
+Version: 1.1.1l
-Release: 1%{?dist}
+Release: 2.0.riscv64%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -42,8 +42,7 @@ Patch1: openssl-1.1.1-build.patch
 Patch2: openssl-1.1.1-defaults.patch
 Patch3: openssl-1.1.1-no-html.patch
 Patch4: openssl-1.1.1-man-rename.patch
-# Bug fixes
+
 Patch21: openssl-1.1.0-issuer-hash.patch
 # Functionality changes
 Patch31: openssl-1.1.1-conf-paths.patch
 Patch32: openssl-1.1.1-version-add-engines.patch
@ -78,6 +77,7 @@ Patch56: openssl-1.1.1-s390x-ecc.patch
 License: OpenSSL and ASL 2.0
 URL: http://www.openssl.org/
 BuildRequires: make
 BuildRequires: gcc
 BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
 BuildRequires: lksctp-tools-devel
@ -90,6 +90,9 @@ BuildRequires: perl(Time::HiRes)
 BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy)
 Requires: coreutils
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
 Provides: openssl1.1 = %{epoch}:%{version}-%{release}
 Provides: openssl1.1%{?_isa} = %{epoch}:%{version}-%{release}
 Obsoletes: openssl1.1 < 1.1.1l-2
 %description
 The OpenSSL toolkit provides support for secure communications between
@ -103,6 +106,8 @@ Requires: ca-certificates >= 2008-5
 Requires: crypto-policies >= 20180730
 Recommends: openssl-pkcs11%{?_isa}
 Provides: openssl-fips = %{epoch}:%{version}-%{release}
 Provides: openssl1.1-libs = %{epoch}:%{version}-%{release}
 Provides: openssl1.1-libs%{?_isa} = %{epoch}:%{version}-%{release}
 %description libs
 OpenSSL is a toolkit for supporting cryptography. The openssl-libs
@ -113,6 +118,9 @@ support cryptographic algorithms and protocols.
 Summary: Files for development of applications which will use OpenSSL
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: pkgconfig
 Provides: openssl1.1-devel = %{epoch}:%{version}-%{release}
 Provides: openssl1.1-devel%{?_isa} = %{epoch}:%{version}-%{release}
 Obsoletes: openssl1.1-devel < 1.1.1l-2
 %description devel
 OpenSSL is a toolkit for supporting cryptography. The openssl-devel
@ -154,8 +162,6 @@ cp %{SOURCE13} test/
 %patch3 -p1 -b .no-html  %{?_rawbuild}
 %patch4 -p1 -b .man-rename
 %patch21 -p1 -b .issuer-hash
 %patch31 -p1 -b .conf-paths
 %patch32 -p1 -b .version-add-engines
 %patch33 -p1 -b .dgst
@ -261,6 +267,9 @@ export HASHBANGPERL=/usr/bin/perl
 # RPM_OPT_FLAGS, so we can skip specifiying them here.
 ./Configure \
 	--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
 %ifarch riscv64
 	--libdir=%{_lib} \
 %endif
 	--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
 	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
 	enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
@ -473,6 +482,33 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 %changelog
 * Thu Oct 07 2021 David Abdurachmanov <david.abdurachmanov@gmail.com> - 1:1.1.1l-2.0.riscv64
 - Add --libdir=%{_lib} for riscv64 (uses linux-generic64)
 * Wed Sep 15 2021 Miro Hrončok <mhroncok@redhat.com> - 1:1.1.1l-2
 - Provide and obsolete openssl1.1 to allow using openssl1.1-devel on Fedora < 36
 * Wed Aug 25 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1l-1
 - Upgrade to version 1.1.1.l
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1k-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Fri Mar 26 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-1
 - Upgrade to version 1.1.1.k
 * Tue Feb 23 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1j-1
 - Upgrade to version 1.1.1.j
 * Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1i-3
 - Fix regression in X509_verify_cert() (bz1916594)
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1i-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Wed Dec 9 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1i-1
 - Update to the 1.1.1i release fixing CVE-2020-1971
 * Mon Nov 9 2020 Sahana Prasad <sahana@redhat.com> - 1.1.1h-1
 - Upgrade to version 1.1.1.h
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-1.1.1h-hobbled.tar.xz) = 75e1d3f34f93462b97db92aa6538fd4f2f091ad717438e51d147508738be720d7d0bf4a9b1fda3a1943a4c13aae2a39da3add05f7da833b3c6de40a97bc97908
+SHA512 (openssl-1.1.1l-hobbled.tar.xz) = f0dfe3d3f4d1165173a0aeb50949792fef37069fc2b29de4845851fe0dbae8254f1d892b0ab8b23b75efc994742f3a57c30c78efa0702f6408d3a80442053d6f
Author	SHA1	Message	Date
David Abdurachmanov	02b3b28c04	Merge remote-tracking branch 'up/f33' into f33-riscv64 Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>	2021-10-07 09:49:55 +03:00
Miro Hrončok	2fc4e025c7	Provide and obsolete openssl1.1 to allow using openssl1.1-devel on Fedora < 36	2021-09-15 14:13:27 +02:00
Sahana Prasad	2002767b71	Upgrade to version 1.1.1.l Signed-off-by: Sahana Prasad <sahana@redhat.com>	2021-08-25 18:10:10 +02:00
Fedora Release Engineering	5de10d4810	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-22 17:20:55 +00:00
David Abdurachmanov	278731bcc5	Merge remote-tracking branch 'up/f33' into f33-riscv64 Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>	2021-05-06 09:44:13 +03:00
Sahana Prasad	0f5f931f9a	update to version 1.1.1k Signed-off-by: Sahana Prasad <sahana@redhat.com>	2021-03-26 07:37:03 +01:00
Sahana Prasad	b023ffe39f	Upgrade to version 1.1.1.j Signed-off-by: Sahana Prasad <sahana@redhat.com>	2021-03-03 15:08:11 +01:00
Sahana Prasad	fb8e66a58f	Fix regression in X509_verify_cert() #bz1916594 Signed-off-by: Sahana Prasad <sahana@redhat.com>	2021-02-10 14:56:08 +01:00
Fedora Release Engineering	d34c6392bf	- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-01-26 22:36:18 +00:00
Tom Stellard	c89aeae26c	Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot	2021-01-07 06:39:07 +00:00
Tomas Mraz	a07706cf0e	Update to the 1.1.1i release fixing CVE-2020-1971	2020-12-09 10:49:38 +01:00
David Abdurachmanov	d4908a5fbf	Add --libdir=%{_lib} for riscv64 We need this because there is no riscv64 specific configuration which would set multilib to 64. It should be easy to write one and send to the upstream. Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>	2020-12-01 15:27:49 +02:00
`@ -1 +1 @@`
	`SHA512 (openssl-1.1.1h-hobbled.tar.xz) = 75e1d3f34f93462b97db92aa6538fd4f2f091ad717438e51d147508738be720d7d0bf4a9b1fda3a1943a4c13aae2a39da3add05f7da833b3c6de40a97bc97908`	`SHA512 (openssl-1.1.1l-hobbled.tar.xz) = f0dfe3d3f4d1165173a0aeb50949792fef37069fc2b29de4845851fe0dbae8254f1d892b0ab8b23b75efc994742f3a57c30c78efa0702f6408d3a80442053d6f`