Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openssl.git#b023ffe39f798981219604746432376b15169c79
2021-03-11 19:58:41 +00:00 · 2021-03-11 19:58:41 +00:00 · efa5f39ef0
commit efa5f39ef0
parent f731f488ac
9 changed files with 611 additions and 759 deletions
--- a/.gitignore
+++ b/.gitignore
@ -50,3 +50,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-1.1.1g-hobbled.tar.xz
 /openssl-1.1.1h-hobbled.tar.xz
 /openssl-1.1.1i-hobbled.tar.xz
+/openssl-1.1.1j-hobbled.tar.xz
--- a/openssl-1.1.0-issuer-hash.patch
+++ b/openssl-1.1.0-issuer-hash.patch
@ -1,11 +0,0 @@
-diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
--- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash	2016-07-18 15:16:32.788881100 +0200
-+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c	2016-07-18 15:17:16.671871840 +0200
-@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
- 
-     if (ctx == NULL)
-         goto err;
-+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-     f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
-     if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
-         goto err;
--- a/openssl-1.1.1-evp-kdf.patch
+++ b/openssl-1.1.1-evp-kdf.patch
@ -1,7 +1,7 @@
-diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err/openssl.txt
--- openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/err/openssl.txt	2020-03-19 16:04:11.299063517 +0100
-@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
+diff -up openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf openssl-1.1.1j/crypto/err/openssl.txt
+--- openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/err/openssl.txt	2021-03-03 14:10:13.729466935 +0100
+@@ -748,6 +748,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
 EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
 EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
 EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
@ -11,7 +11,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
 EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
 EVP_F_EVP_MD_SIZE:162:EVP_MD_size
 EVP_F_EVP_OPENINIT:102:EVP_OpenInit
-@@ -809,12 +812,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
+@@ -810,12 +813,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
 EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
 EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
 EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
@ -43,7 +43,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
 KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
 KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
 KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
-@@ -826,6 +848,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
+@@ -827,6 +849,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
 KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
 KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
 KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
@ -51,15 +51,15 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
 KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
 OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
 OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
-@@ -2277,6 +2300,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
- EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
+@@ -2284,6 +2307,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_K
 	operation not supported for this keytype
 EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+ EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
 +EVP_R_PARAMETER_TOO_LARGE:187:parameter too large
 EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
 EVP_R_PBKDF2_ERROR:181:pbkdf2 error
 EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
-@@ -2313,6 +2337,7 @@ KDF_R_MISSING_SEED:106:missing seed
+@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed
 KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
 KDF_R_VALUE_ERROR:108:value error
 KDF_R_VALUE_MISSING:102:value missing
@ -67,9 +67,9 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
 OBJ_R_OID_EXISTS:102:oid exists
 OBJ_R_UNKNOWN_NID:101:unknown nid
 OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
-diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/build.info
--- openssl-1.1.1e/crypto/evp/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/build.info	2020-03-19 16:04:11.300063500 +0100
+diff -up openssl-1.1.1j/crypto/evp/build.info.evp-kdf openssl-1.1.1j/crypto/evp/build.info
+--- openssl-1.1.1j/crypto/evp/build.info.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/evp/build.info	2021-03-03 14:08:02.490294839 +0100
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
         p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
         bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@ -80,9 +80,9 @@ diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/
         e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
         e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
         e_chacha20_poly1305.c cmeth_lib.c
-diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c
--- openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf	2020-03-19 16:04:11.300063500 +0100
-+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c	2020-03-19 16:16:46.497967633 +0100
+diff -up openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c
+--- openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c	2021-03-03 14:08:02.490294839 +0100
@@ -14,9 +14,9 @@
 
 # include <openssl/evp.h>
@ -94,9 +94,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/
 
 typedef struct {
     union {
-diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/encode.c
--- openssl-1.1.1e/crypto/evp/encode.c.evp-kdf	2020-03-19 16:04:11.301063483 +0100
-+++ openssl-1.1.1e/crypto/evp/encode.c	2020-03-19 16:14:13.147628683 +0100
+diff -up openssl-1.1.1j/crypto/evp/encode.c.evp-kdf openssl-1.1.1j/crypto/evp/encode.c
+--- openssl-1.1.1j/crypto/evp/encode.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/evp/encode.c	2021-03-03 14:08:02.491294847 +0100
@@ -11,8 +11,8 @@
 #include <limits.h>
 #include "internal/cryptlib.h"
@ -107,9 +107,9 @@ diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/en
 
 static unsigned char conv_ascii2bin(unsigned char a,
                                     const unsigned char *table);
-diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_err.c
--- openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf	2020-03-19 16:04:11.218064919 +0100
-+++ openssl-1.1.1e/crypto/evp/evp_err.c	2020-03-19 16:04:11.302063465 +0100
+diff -up openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_err.c
+--- openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf	2021-03-03 14:08:02.469294651 +0100
+++ openssl-1.1.1j/crypto/evp/evp_err.c	2021-03-03 14:12:08.272351600 +0100
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
      "EVP_EncryptFinal_ex"},
@ -135,18 +135,18 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/e
     {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
     {0, NULL}
 };
-@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea
-     "operation not supported for this keytype"},
-     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
+@@ -243,6 +248,8 @@ static const ERR_STRING_DATA EVP_str_rea
     "operaton not initialized"},
+     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
+     "output would overflow"},
 +    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE),
 +    "parameter too large"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
     "partially overlapping buffers"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
-diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp/evp_local.h
--- openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf	2020-03-19 16:04:10.657074629 +0100
-+++ openssl-1.1.1e/crypto/evp/evp_local.h	2020-03-19 16:04:20.722900404 +0100
+diff -up openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1j/crypto/evp/evp_local.h
+--- openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf	2021-03-03 14:08:02.362293695 +0100
+++ openssl-1.1.1j/crypto/evp/evp_local.h	2021-03-03 14:08:02.491294847 +0100
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
     unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
 } /* EVP_CIPHER_CTX */ ;
@ -159,9 +159,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
                              int passlen, ASN1_TYPE *param,
                              const EVP_CIPHER *c, const EVP_MD *md,
-diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_pbe.c
--- openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf	2020-03-19 16:04:20.723900386 +0100
-+++ openssl-1.1.1e/crypto/evp/evp_pbe.c	2020-03-19 16:11:56.425001210 +0100
+diff -up openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_pbe.c
+--- openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/evp/evp_pbe.c	2021-03-03 14:08:02.491294847 +0100
@@ -12,6 +12,7 @@
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
@ -170,9 +170,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/e
 #include "evp_local.h"
 
 /* Password based encryption (PBE) functions */
-diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/kdf_lib.c
--- openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf	2020-03-19 16:04:20.723900386 +0100
-+++ openssl-1.1.1e/crypto/evp/kdf_lib.c	2020-03-19 16:04:20.723900386 +0100
+diff -up openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1j/crypto/evp/kdf_lib.c
+--- openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf	2021-03-03 14:08:02.491294847 +0100
+++ openssl-1.1.1j/crypto/evp/kdf_lib.c	2021-03-03 14:08:02.491294847 +0100
@@ -0,0 +1,165 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -339,9 +339,9 @@ diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/k
 +    return ctx->kmeth->derive(ctx->impl, key, keylen);
 +}
 +
-diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/p5_crpt2.c
--- openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c	2020-03-19 16:17:48.822886126 +0100
+diff -up openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1j/crypto/evp/p5_crpt2.c
+--- openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/evp/p5_crpt2.c	2021-03-03 14:08:02.491294847 +0100
@@ -1,5 +1,5 @@
 /*
 - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -490,9 +490,9 @@ diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/
 }
 
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/evp/pbe_scrypt.c
--- openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c	2020-03-19 16:04:20.725900352 +0100
+diff -up openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1j/crypto/evp/pbe_scrypt.c
+--- openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/evp/pbe_scrypt.c	2021-03-03 14:08:02.491294847 +0100
@@ -7,135 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
@ -763,9 +763,9 @@ diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/ev
 }
 +
 #endif
-diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/pkey_kdf.c
--- openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf	2020-03-19 16:04:20.726900334 +0100
-+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c	2020-03-19 16:04:20.725900352 +0100
+diff -up openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1j/crypto/evp/pkey_kdf.c
+--- openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf	2021-03-03 14:08:02.491294847 +0100
+++ openssl-1.1.1j/crypto/evp/pkey_kdf.c	2021-03-03 14:08:02.491294847 +0100
@@ -0,0 +1,255 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1022,17 +1022,17 @@ diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/
 +    pkey_kdf_ctrl_str
 +};
 +
-diff -up openssl-1.1.1e/crypto/kdf/build.info.evp-kdf openssl-1.1.1e/crypto/kdf/build.info
--- openssl-1.1.1e/crypto/kdf/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/build.info	2020-03-19 16:04:32.347699194 +0100
+diff -up openssl-1.1.1j/crypto/kdf/build.info.evp-kdf openssl-1.1.1j/crypto/kdf/build.info
+--- openssl-1.1.1j/crypto/kdf/build.info.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/kdf/build.info	2021-03-03 14:08:02.491294847 +0100
@@ -1,3 +1,3 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
 -        tls1_prf.c kdf_err.c hkdf.c scrypt.c
 +        tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
-diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf.c
--- openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/hkdf.c	2020-03-19 16:06:59.757147720 +0100
+diff -up openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1j/crypto/kdf/hkdf.c
+--- openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/kdf/hkdf.c	2021-03-03 14:08:02.492294856 +0100
@@ -8,32 +8,33 @@
  */
 
@ -1498,9 +1498,9 @@ diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf
 
  err:
     OPENSSL_cleanse(prev, sizeof(prev));
-diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_err.c
--- openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/kdf_err.c	2020-03-19 16:04:32.349699159 +0100
+diff -up openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_err.c
+--- openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/kdf/kdf_err.c	2021-03-03 14:08:02.492294856 +0100
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
@ -1556,9 +1556,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/k
     {0, NULL}
 };
 
-diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_local.h
--- openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf	2020-03-19 16:04:32.349699159 +0100
-+++ openssl-1.1.1e/crypto/kdf/kdf_local.h	2020-03-19 16:04:32.349699159 +0100
+diff -up openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_local.h
+--- openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf	2021-03-03 14:08:02.492294856 +0100
+++ openssl-1.1.1j/crypto/kdf/kdf_local.h	2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,22 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1582,9 +1582,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf
 +                int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
 +                int cmd, const char *md_name);
 +
-diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_util.c
--- openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf	2020-03-19 16:04:32.350699142 +0100
-+++ openssl-1.1.1e/crypto/kdf/kdf_util.c	2020-03-19 16:04:32.350699142 +0100
+diff -up openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_util.c
+--- openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf	2021-03-03 14:08:02.492294856 +0100
+++ openssl-1.1.1j/crypto/kdf/kdf_util.c	2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,73 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1659,9 +1659,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/
 +    return call_ctrl(ctrl, impl, cmd, md);
 +}
 +
-diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pbkdf2.c
--- openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf	2020-03-19 16:04:32.374698727 +0100
-+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c	2020-03-19 16:04:32.374698727 +0100
+diff -up openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1j/crypto/kdf/pbkdf2.c
+--- openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf	2021-03-03 14:08:02.492294856 +0100
+++ openssl-1.1.1j/crypto/kdf/pbkdf2.c	2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,264 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1927,9 +1927,9 @@ diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pb
 +    HMAC_CTX_free(hctx_tpl);
 +    return ret;
 +}
-diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/scrypt.c
--- openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/scrypt.c	2020-03-19 16:11:06.215872475 +0100
+diff -up openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1j/crypto/kdf/scrypt.c
+--- openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/kdf/scrypt.c	2021-03-03 14:08:02.492294856 +0100
@@ -8,25 +8,35 @@
  */
 
@ -2517,9 +2517,9 @@ diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/sc
 +}
 
 #endif
-diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/tls1_prf.c
--- openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c	2020-03-19 16:10:32.317460707 +0100
+diff -up openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1j/crypto/kdf/tls1_prf.c
+--- openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/kdf/tls1_prf.c	2021-03-03 14:08:02.492294856 +0100
@@ -8,11 +8,15 @@
  */
 
@ -2802,9 +2802,9 @@ diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/
             OPENSSL_clear_free(tmp, olen);
             return 0;
         }
-diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod
--- openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf	2020-03-19 16:04:32.377698675 +0100
-+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod	2020-03-19 16:04:32.377698675 +0100
+diff -up openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod
+--- openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf	2021-03-03 14:08:02.492294856 +0100
+++ openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod	2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,217 @@
 +=pod
 +
@ -3023,9 +3023,9 @@ diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf	2020-03-19 16:04:32.377698675 +0100
-+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod	2020-03-19 16:04:32.377698675 +0100
+diff -up openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod
+--- openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf	2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod	2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,180 @@
 +=pod
 +
@ -3207,9 +3207,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
-+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod	2020-03-19 16:04:32.378698658 +0100
+diff -up openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod
+--- openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf	2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod	2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,78 @@
 +=pod
 +
@ -3289,9 +3289,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/m
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
-+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod	2020-03-19 16:04:32.378698658 +0100
+diff -up openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod
+--- openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf	2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod	2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,149 @@
 +=pod
 +
@ -3442,9 +3442,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/m
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
-+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod	2020-03-19 16:04:32.378698658 +0100
+diff -up openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod
+--- openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf	2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod	2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,142 @@
 +=pod
 +
@ -3588,9 +3588,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/crypto/evp.h
--- openssl-1.1.1e/include/crypto/evp.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/include/crypto/evp.h	2020-03-19 16:04:32.347699194 +0100
+diff -up openssl-1.1.1j/include/crypto/evp.h.evp-kdf openssl-1.1.1j/include/crypto/evp.h
+--- openssl-1.1.1j/include/crypto/evp.h.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/include/crypto/evp.h	2021-03-03 14:08:02.493294865 +0100
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
 extern const EVP_PKEY_METHOD poly1305_pkey_meth;
 extern const EVP_PKEY_METHOD siphash_pkey_meth;
@ -3616,10 +3616,10 @@ diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/cryp
 struct evp_md_st {
     int type;
     int pkey_type;
-diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/openssl/evperr.h
--- openssl-1.1.1e/include/openssl/evperr.h.evp-kdf	2020-03-19 16:04:11.250064365 +0100
-+++ openssl-1.1.1e/include/openssl/evperr.h	2020-03-19 16:04:32.379698640 +0100
-@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void);
+diff -up openssl-1.1.1j/include/openssl/evperr.h.evp-kdf openssl-1.1.1j/include/openssl/evperr.h
+--- openssl-1.1.1j/include/openssl/evperr.h.evp-kdf	2021-03-03 14:08:02.477294722 +0100
+++ openssl-1.1.1j/include/openssl/evperr.h	2021-03-03 14:13:37.587003722 +0100
+@@ -56,6 +56,9 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE                   219
 # define EVP_F_EVP_ENCRYPTFINAL_EX                        127
 # define EVP_F_EVP_ENCRYPTUPDATE                          167
@ -3629,7 +3629,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/
 # define EVP_F_EVP_MD_CTX_COPY_EX                         110
 # define EVP_F_EVP_MD_SIZE                                162
 # define EVP_F_EVP_OPENINIT                               102
-@@ -120,11 +123,13 @@ int ERR_load_EVP_strings(void);
+@@ -118,11 +121,13 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
@ -3643,17 +3643,17 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/
 # define EVP_F_UPDATE                                     173
 
 /*
-@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void);
+@@ -179,6 +184,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 # define EVP_R_OPERATON_NOT_INITIALIZED                   151
 +# define EVP_R_PARAMETER_TOO_LARGE                        187
+ # define EVP_R_OUTPUT_WOULD_OVERFLOW                      184
 # define EVP_R_PARTIALLY_OVERLAPPING                      162
 # define EVP_R_PBKDF2_ERROR                               181
- # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
-diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/openssl/kdferr.h
--- openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/include/openssl/kdferr.h	2020-03-19 16:04:32.379698640 +0100
+diff -up openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf openssl-1.1.1j/include/openssl/kdferr.h
+--- openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/include/openssl/kdferr.h	2021-03-03 14:08:02.493294865 +0100
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
 /*
  * KDF function codes.
@ -3693,9 +3693,9 @@ diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/
 +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE                   112
 
 #endif
-diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/openssl/kdf.h
--- openssl-1.1.1e/include/openssl/kdf.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/include/openssl/kdf.h	2020-03-19 16:04:32.380698623 +0100
+diff -up openssl-1.1.1j/include/openssl/kdf.h.evp-kdf openssl-1.1.1j/include/openssl/kdf.h
+--- openssl-1.1.1j/include/openssl/kdf.h.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/include/openssl/kdf.h	2021-03-03 14:08:02.493294865 +0100
@@ -10,10 +10,50 @@
 #ifndef HEADER_KDF_H
 # define HEADER_KDF_H
@ -3774,9 +3774,9 @@ diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/ope
 }
 # endif
 #endif
-diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/include/openssl/ossl_typ.h
--- openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/include/openssl/ossl_typ.h	2020-03-19 16:04:32.381698606 +0100
+diff -up openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1j/include/openssl/ossl_typ.h
+--- openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/include/openssl/ossl_typ.h	2021-03-03 14:08:02.493294865 +0100
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
 typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
@ -3786,9 +3786,9 @@ diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/includ
 typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
 
 typedef struct hmac_ctx_st HMAC_CTX;
-diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
--- openssl-1.1.1e/test/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/test/build.info	2020-03-19 16:04:32.381698606 +0100
+diff -up openssl-1.1.1j/test/build.info.evp-kdf openssl-1.1.1j/test/build.info
+--- openssl-1.1.1j/test/build.info.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/test/build.info	2021-03-03 14:08:02.493294865 +0100
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
           ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
           bio_callback_test bio_memleak_test \
@ -3810,9 +3810,9 @@ diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
   SOURCE[x509_time_test]=x509_time_test.c
   INCLUDE[x509_time_test]=../include
   DEPEND[x509_time_test]=../libcrypto libtestutil.a
-diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_test.c
--- openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf	2020-03-19 16:04:32.382698588 +0100
-+++ openssl-1.1.1e/test/evp_kdf_test.c	2020-03-19 16:04:32.382698588 +0100
+diff -up openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf openssl-1.1.1j/test/evp_kdf_test.c
+--- openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf	2021-03-03 14:08:02.494294874 +0100
+++ openssl-1.1.1j/test/evp_kdf_test.c	2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,237 @@
 +/*
 + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
@ -4051,9 +4051,9 @@ diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_
 +#endif
 +    return 1;
 +}
-diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
--- openssl-1.1.1e/test/evp_test.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/test/evp_test.c	2020-03-19 16:04:32.383698571 +0100
+diff -up openssl-1.1.1j/test/evp_test.c.evp-kdf openssl-1.1.1j/test/evp_test.c
+--- openssl-1.1.1j/test/evp_test.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/test/evp_test.c	2021-03-03 14:08:02.494294874 +0100
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
     encode_test_run,
 };
@ -4265,9 +4265,9 @@ diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
     &keypair_test_method,
     &keygen_test_method,
     &mac_test_method,
-diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pkey_meth_kdf_test.c
--- openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c	2020-03-19 16:04:32.386698519 +0100
+diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pkey_meth_kdf_test.c
+--- openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/test/pkey_meth_kdf_test.c	2021-03-03 14:08:02.494294874 +0100
@@ -1,5 +1,5 @@
 /*
 - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -4471,9 +4471,9 @@ diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pk
 }
 #endif
 
-diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt	2020-03-19 16:04:32.388698484 +0100
+diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
+--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt	2021-03-03 14:08:02.494294874 +0100
@@ -1,5 +1,5 @@
 #
 -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -4872,9 +4872,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
 +Ctrl.digest = digest:sha512
 +Output = 00ef42cdbfc98d29db20976608e455567fdddf14
 +
-diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf	2020-03-19 16:04:32.389698467 +0100
-+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt	2020-03-19 16:04:32.389698467 +0100
+diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt
+--- openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf	2021-03-03 14:08:02.494294874 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt	2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,305 @@
 +#
 +# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5181,9 +5181,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op
 +Ctrl.p = p:1
 +Result = INTERNAL_ERROR
 +
-diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_kdf.t
--- openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf	2020-03-19 16:04:32.390698450 +0100
-+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t	2020-03-19 16:04:32.390698450 +0100
+diff -up openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_kdf.t
+--- openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf	2021-03-03 14:08:02.494294874 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp_kdf.t	2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,13 @@
 +#! /usr/bin/env perl
 +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5198,9 +5198,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/te
 +use OpenSSL::Test::Simple;
 +
 +simple_test("test_evp_kdf", "evp_kdf_test");
-diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp.t
--- openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/test/recipes/30-test_evp.t	2020-03-19 16:04:32.390698450 +0100
+diff -up openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp.t
+--- openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp.t	2021-03-03 14:08:02.495294883 +0100
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
 setup("test_evp");
 
@ -5210,10 +5210,10 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/r
     "evpcase.txt", "evpccmcavs.txt" );
 
 plan tests => scalar(@files);
-diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto.num
--- openssl-1.1.1e/util/libcrypto.num.evp-kdf	2020-03-19 16:04:11.263064140 +0100
-+++ openssl-1.1.1e/util/libcrypto.num	2020-03-19 16:04:32.392698415 +0100
-@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength
+diff -up openssl-1.1.1j/util/libcrypto.num.evp-kdf openssl-1.1.1j/util/libcrypto.num
+--- openssl-1.1.1j/util/libcrypto.num.evp-kdf	2021-03-03 14:08:02.481294758 +0100
+++ openssl-1.1.1j/util/libcrypto.num	2021-03-03 14:08:02.495294883 +0100
+@@ -4626,3 +4626,11 @@ FIPS_drbg_get_strength
 FIPS_rand_strength                      6380	1_1_0g	EXIST::FUNCTION:
 FIPS_drbg_get_blocklength               6381	1_1_0g	EXIST::FUNCTION:
 FIPS_drbg_init                          6382	1_1_0g	EXIST::FUNCTION:
@ -5225,9 +5225,9 @@ diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto
 +EVP_KDF_ctrl_str                        6595	1_1_1b	EXIST::FUNCTION:
 +EVP_KDF_size                            6596	1_1_1b	EXIST::FUNCTION:
 +EVP_KDF_derive                          6597	1_1_1b	EXIST::FUNCTION:
-diff -up openssl-1.1.1e/util/private.num.evp-kdf openssl-1.1.1e/util/private.num
--- openssl-1.1.1e/util/private.num.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/util/private.num	2020-03-19 16:04:32.393698398 +0100
+diff -up openssl-1.1.1j/util/private.num.evp-kdf openssl-1.1.1j/util/private.num
+--- openssl-1.1.1j/util/private.num.evp-kdf	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/util/private.num	2021-03-03 14:08:02.495294883 +0100
@@ -21,6 +21,7 @@ CRYPTO_EX_dup
 CRYPTO_EX_free                          datatype
 CRYPTO_EX_new                           datatype
--- a/openssl-1.1.1-fips-dh.patch
+++ b/openssl-1.1.1-fips-dh.patch
@ -1,6 +1,6 @@
-diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c
--- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-07-17 10:36:29.245788441 +0200
+diff -up openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh openssl-1.1.1j/crypto/bn/bn_const.c
+--- openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/bn/bn_const.c	2021-03-03 14:23:27.403092418 +0100
@@ -1,13 +1,17 @@
 /*
 - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -477,9 +477,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
 -    return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
 +    return COPY_BN(bn, _bignum_modp_8192_p);
 }
-diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c
--- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-07-17 10:36:29.246788449 +0200
+diff -up openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1j/crypto/bn/bn_dh.c
+--- openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/bn/bn_dh.c	2021-03-03 14:23:27.404092427 +0100
@@ -1,7 +1,7 @@
 /*
 - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -1956,9 +1956,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
 
 -#endif
 +#endif /* OPENSSL_NO_DH */
-diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c
--- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-07-17 10:36:29.246788449 +0200
+diff -up openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh openssl-1.1.1j/crypto/dh/dh_check.c
+--- openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/dh/dh_check.c	2021-03-03 14:23:27.404092427 +0100
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
@ -2043,9 +2043,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
 +    return dh_check_pub_key_int(dh, q, pub_key, ret);
 +}
 +
-diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c
--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-07-17 10:36:29.182787923 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-07-17 10:36:29.246788449 +0200
+diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1j/crypto/dh/dh_gen.c
+--- openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh	2021-03-03 14:23:27.338091859 +0100
+++ openssl-1.1.1j/crypto/dh/dh_gen.c	2021-03-03 14:23:27.404092427 +0100
@@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
                               BN_GENCB *cb)
 {
@ -2075,10 +2075,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
-diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c
--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-07-17 10:36:29.182787923 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-07-17 11:00:07.783777846 +0200
-@@ -100,10 +100,18 @@ static int generate_key(DH *dh)
+diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh openssl-1.1.1j/crypto/dh/dh_key.c
+--- openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh	2021-03-03 14:23:27.338091859 +0100
+++ openssl-1.1.1j/crypto/dh/dh_key.c	2021-03-03 14:51:36.235296236 +0100
+@@ -120,10 +120,18 @@ static int generate_key(DH *dh)
     BIGNUM *pub_key = NULL, *priv_key = NULL;
 
 #ifdef OPENSSL_FIPS
@ -2101,7 +2101,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
     }
 #endif
 
-@@ -139,7 +147,15 @@ static int generate_key(DH *dh)
+@@ -159,7 +167,15 @@ static int generate_key(DH *dh)
     }
 
     if (generate_new_key) {
@ -2118,7 +2118,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
             do {
                 if (!BN_priv_rand_range(priv_key, dh->q))
                     goto err;
-@@ -175,6 +191,15 @@ static int generate_key(DH *dh)
+@@ -195,6 +211,15 @@ static int generate_key(DH *dh)
         }
         /* We MUST free prk before any further use of priv_key */
         BN_clear_free(prk);
@ -2134,7 +2134,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
     }
 
     dh->pub_key = pub_key;
-@@ -197,6 +222,7 @@ static int compute_key(unsigned char *ke
+@@ -217,6 +242,7 @@ static int compute_key(unsigned char *ke
     BN_CTX *ctx = NULL;
     BN_MONT_CTX *mont = NULL;
     BIGNUM *tmp;
@ -2142,7 +2142,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
     int ret = -1;
     int check_result;
 
-@@ -243,6 +269,18 @@ static int compute_key(unsigned char *ke
+@@ -263,6 +289,18 @@ static int compute_key(unsigned char *ke
         DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
         goto err;
     }
@ -2159,11 +2159,11 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
 +        goto err;
 +    }
 
-     ret = BN_bn2bin(tmp, key);
+     ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
  err:
-diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c
--- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-07-17 10:36:29.246788449 +0200
+diff -up openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1j/crypto/dh/dh_lib.c
+--- openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/dh/dh_lib.c	2021-03-03 14:23:27.405092436 +0100
@@ -8,6 +8,7 @@
  */
 
@ -2193,9 +2193,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
         dh->length = BN_num_bits(q);
     }
 
-diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h
--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-07-17 10:36:28.968786163 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-07-17 10:36:29.246788449 +0200
+diff -up openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh openssl-1.1.1j/crypto/dh/dh_local.h
+--- openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh	2021-03-03 14:23:27.202090689 +0100
+++ openssl-1.1.1j/crypto/dh/dh_local.h	2021-03-03 14:23:27.405092436 +0100
@@ -35,6 +35,7 @@ struct dh_st {
     const DH_METHOD *meth;
     ENGINE *engine;
@ -2215,9 +2215,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
 +/* FIPS mode only check which requires nid set and looks up q based on it. */
 +int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret);
 +
-diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c
--- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-07-17 10:36:29.246788449 +0200
+diff -up openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1j/crypto/dh/dh_rfc7919.c
+--- openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/dh/dh_rfc7919.c	2021-03-03 14:23:27.405092436 +0100
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
@ -2387,10 +2387,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
 +    return dh_match_group(dh, q, NULL) != NID_undef;
 +}
 +
-diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_key.c
--- openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh	2020-07-17 11:00:53.958175227 +0200
-+++ openssl-1.1.1g/crypto/ec/ec_key.c	2020-07-20 13:24:03.941107320 +0200
-@@ -280,9 +280,18 @@ int ec_key_simple_generate_key(EC_KEY *e
+diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh openssl-1.1.1j/crypto/ec/ec_key.c
+--- openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh	2021-03-03 14:23:27.339091868 +0100
+++ openssl-1.1.1j/crypto/ec/ec_key.c	2021-03-03 14:23:27.405092436 +0100
+@@ -281,9 +281,18 @@ int ec_key_simple_generate_key(EC_KEY *e
     if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
         goto err;
 
@ -2410,7 +2410,7 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k
     ok = 1;
 
  err:
-@@ -296,8 +305,23 @@ int ec_key_simple_generate_key(EC_KEY *e
+@@ -297,8 +306,23 @@ int ec_key_simple_generate_key(EC_KEY *e
 
 int ec_key_simple_generate_public_key(EC_KEY *eckey)
 {
@ -2435,9 +2435,9 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k
 }
 
 int EC_KEY_check_key(const EC_KEY *eckey)
-diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c
--- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/evp/p_lib.c	2020-07-17 10:36:29.247788458 +0200
+diff -up openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh openssl-1.1.1j/crypto/evp/p_lib.c
+--- openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/crypto/evp/p_lib.c	2021-03-03 14:23:27.405092436 +0100
@@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p
 
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@ -2448,9 +2448,9 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l
     int ret = EVP_PKEY_assign(pkey, type, key);
 
     if (ret)
-diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h
--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-07-17 10:36:29.239788392 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-07-17 10:36:29.247788458 +0200
+diff -up openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1j/crypto/objects/obj_dat.h
+--- openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh	2021-03-03 14:23:27.394092341 +0100
+++ openssl-1.1.1j/crypto/objects/obj_dat.h	2021-03-03 14:23:27.406092444 +0100
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
 };
@ -2512,9 +2512,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
      481,    /* "nSRecord" */
      173,    /* "name" */
      681,    /* "onBasis" */
-diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt
--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-07-17 10:36:29.239788392 +0200
-+++ openssl-1.1.1g/crypto/objects/objects.txt	2020-07-17 10:36:29.247788458 +0200
+diff -up openssl-1.1.1j/crypto/objects/objects.txt.fips-dh openssl-1.1.1j/crypto/objects/objects.txt
+--- openssl-1.1.1j/crypto/objects/objects.txt.fips-dh	2021-03-03 14:23:27.395092350 +0100
+++ openssl-1.1.1j/crypto/objects/objects.txt	2021-03-03 14:23:27.406092444 +0100
@@ -1657,6 +1657,13 @@ id-pkinit 5                     : pkInit
                             : ffdhe4096
                             : ffdhe6144
@ -2529,9 +2529,9 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
 
 # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
 
-diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num
--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-07-17 10:36:29.239788392 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-07-17 10:36:29.248788466 +0200
+diff -up openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1j/crypto/objects/obj_mac.num
+--- openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh	2021-03-03 14:23:27.395092350 +0100
+++ openssl-1.1.1j/crypto/objects/obj_mac.num	2021-03-03 14:23:27.406092444 +0100
@@ -1196,3 +1196,9 @@ sshkdf		1195
 kbkdf		1196
 krb5kdf		1197
@ -2542,9 +2542,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
 +modp_4096		1202
 +modp_6144		1203
 +modp_8192		1204
-diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod
--- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-07-17 10:36:29.248788466 +0200
+diff -up openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1j/doc/man3/DH_new_by_nid.pod
+--- openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/doc/man3/DH_new_by_nid.pod	2021-03-03 14:23:27.406092444 +0100
@@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
 
  #include <openssl/dh.h>
@ -2563,9 +2563,9 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
 
 DH_get_nid() determines if the parameters contained in B<dh> match
 any named set. It returns the NID corresponding to the matching parameters or
-diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod
--- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-07-17 10:36:29.248788466 +0200
+diff -up openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod
+--- openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod	2021-03-03 14:23:27.406092444 +0100
@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
 If B<pad> is zero (the default) then no padding is performed.
 
@ -2582,9 +2582,9 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
 The nid parameter and the rfc5114 parameter are mutually exclusive.
 
 The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
-diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h
--- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-07-17 10:36:29.248788466 +0200
+diff -up openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh openssl-1.1.1j/include/crypto/bn_dh.h
+--- openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh	2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/include/crypto/bn_dh.h	2021-03-03 14:23:27.406092444 +0100
@@ -1,7 +1,7 @@
 /*
 - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -2633,9 +2633,9 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
 +extern const BIGNUM _bignum_modp_4096_q;
 +extern const BIGNUM _bignum_modp_6144_q;
 +extern const BIGNUM _bignum_modp_8192_q;
-diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h
--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-07-17 10:36:29.240788400 +0200
-+++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-07-17 10:36:29.248788466 +0200
+diff -up openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh openssl-1.1.1j/include/openssl/obj_mac.h
+--- openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh	2021-03-03 14:23:27.396092358 +0100
+++ openssl-1.1.1j/include/openssl/obj_mac.h	2021-03-03 14:23:27.407092453 +0100
@@ -5115,6 +5115,24 @@
 #define SN_ffdhe8192            "ffdhe8192"
 #define NID_ffdhe8192           1130
@ -2661,10 +2661,10 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
 #define SN_ISO_UA               "ISO-UA"
 #define NID_ISO_UA              1150
 #define OBJ_ISO_UA              OBJ_member_body,804L
-diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-07-17 10:36:29.199788063 +0200
-+++ openssl-1.1.1g/ssl/s3_lib.c	2020-07-17 10:36:29.248788466 +0200
-@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
+diff -up openssl-1.1.1j/ssl/s3_lib.c.fips-dh openssl-1.1.1j/ssl/s3_lib.c
+--- openssl-1.1.1j/ssl/s3_lib.c.fips-dh	2021-03-03 14:23:27.354091997 +0100
+++ openssl-1.1.1j/ssl/s3_lib.c	2021-03-03 14:23:27.407092453 +0100
+@@ -4849,13 +4849,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
 {
     EVP_PKEY *ret;
@ -2716,11 +2716,10 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
     return ret;
 }
 #endif
- 
-diff -up openssl-1.1.1h/ssl/t1_lib.c.fips-dh openssl-1.1.1h/ssl/t1_lib.c
--- openssl-1.1.1h/ssl/t1_lib.c.fips-dh	2020-11-04 14:04:41.851711629 +0100
-+++ openssl-1.1.1h/ssl/t1_lib.c	2020-11-04 14:06:06.506431652 +0100
-@@ -2470,7 +2470,7 @@
+diff -up openssl-1.1.1j/ssl/t1_lib.c.fips-dh openssl-1.1.1j/ssl/t1_lib.c
+--- openssl-1.1.1j/ssl/t1_lib.c.fips-dh	2021-03-03 14:23:27.401092401 +0100
+++ openssl-1.1.1j/ssl/t1_lib.c	2021-03-03 14:23:27.407092453 +0100
+@@ -2542,7 +2542,7 @@ DH *ssl_get_auto_dh(SSL *s)
         p = BN_get_rfc3526_prime_4096(NULL);
     else if (dh_secbits >= 128)
         p = BN_get_rfc3526_prime_3072(NULL);
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
--- a/openssl-1.1.1-verify-cert.patch
+++ b/openssl-1.1.1-verify-cert.patch
@ -1,113 +0,0 @@
-diff -up openssl-1.1.1i/crypto/x509/x509_vfy.c.verify-cert openssl-1.1.1i/crypto/x509/x509_vfy.c
--- openssl-1.1.1i/crypto/x509/x509_vfy.c.verify-cert	2021-01-20 17:24:53.100175663 +0100
-+++ openssl-1.1.1i/crypto/x509/x509_vfy.c	2021-01-20 17:24:53.156176315 +0100
-@@ -323,9 +323,10 @@ static int sk_X509_contains(STACK_OF(X50
- }
- 
- /*
- * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x.
- * The issuer must not be the same as x and must not yet be in ctx->chain, where the
- * exceptional case x is self-issued and ctx->chain has just one element is allowed.
-+ * Find in given STACK_OF(X509) sk an issuer cert of given cert x.
-+ * The issuer must not yet be in ctx->chain, where the exceptional case
-+ * that x is self-issued and ctx->chain has just one element is allowed.
-+ * Prefer the first one that is not expired, else take the last expired one.
-  */
- static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
- {
-@@ -338,7 +339,7 @@ static X509 *find_issuer(X509_STORE_CTX
-          * Below check 'issuer != x' is an optimization and safety precaution:
-          * Candidate issuer cert cannot be the same as the subject cert 'x'.
-          */
-        if (issuer != x && ctx->check_issued(ctx, x, issuer)
-+        if (ctx->check_issued(ctx, x, issuer)
-             && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
-                 || !sk_X509_contains(ctx->chain, issuer))) {
-             rv = issuer;
- 
-diff -up openssl-1.1.1i/test/recipes/70-test_verify_extra.t.verify-cert openssl-1.1.1i/test/recipes/70-test_verify_extra.t
--- openssl-1.1.1i/test/recipes/70-test_verify_extra.t.verify-cert	2020-12-08 14:20:59.000000000 +0100
-+++ openssl-1.1.1i/test/recipes/70-test_verify_extra.t	2021-01-20 17:24:53.156176315 +0100
-@@ -16,4 +16,5 @@ plan tests => 1;
- ok(run(test(["verify_extra_test",
-              srctop_file("test", "certs", "roots.pem"),
-              srctop_file("test", "certs", "untrusted.pem"),
-             srctop_file("test", "certs", "bad.pem")])));
-+             srctop_file("test", "certs", "bad.pem"),
-+             srctop_file("test", "certs", "rootCA.pem")])));
-diff -up openssl-1.1.1i/test/verify_extra_test.c.verify-cert openssl-1.1.1i/test/verify_extra_test.c
--- openssl-1.1.1i/test/verify_extra_test.c.verify-cert	2020-12-08 14:20:59.000000000 +0100
-+++ openssl-1.1.1i/test/verify_extra_test.c	2021-01-20 17:24:53.156176315 +0100
-@@ -18,6 +18,21 @@
- static const char *roots_f;
- static const char *untrusted_f;
- static const char *bad_f;
-+static const char *good_f;
-+
-+static X509 *load_cert_pem(const char *file)
-+{
-+    X509 *cert = NULL;
-+    BIO *bio = NULL;
-+
-+    if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
-+        return NULL;
-+    if (TEST_int_gt(BIO_read_filename(bio, file), 0))
-+        (void)TEST_ptr(cert = PEM_read_bio_X509(bio, NULL, NULL, NULL));
-+
-+    BIO_free(bio);
-+    return cert;
-+}
- 
- static STACK_OF(X509) *load_certs_from_file(const char *filename)
- {
-@@ -175,16 +190,48 @@ static int test_store_ctx(void)
-     return testresult;
- }
- 
-+static int test_self_signed(const char *filename, int expected)
-+{
-+    X509 *cert = load_cert_pem(filename);
-+    STACK_OF(X509) *trusted = sk_X509_new_null();
-+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
-+    int ret;
-+
-+    ret = TEST_ptr(cert)
-+        && TEST_true(sk_X509_push(trusted, cert))
-+        && TEST_true(X509_STORE_CTX_init(ctx, NULL, cert, NULL));
-+    X509_STORE_CTX_trusted_stack(ctx, trusted);
-+    ret = ret && TEST_int_eq(X509_verify_cert(ctx), expected);
-+
-+    X509_STORE_CTX_free(ctx);
-+    sk_X509_free(trusted);
-+    X509_free(cert);
-+    return ret;
-+}
-+
-+static int test_self_signed_good(void)
-+{
-+    return test_self_signed(good_f, 1);
-+}
-+
-+static int test_self_signed_bad(void)
-+{
-+    return test_self_signed(bad_f, 0);
-+}
-+
- int setup_tests(void)
- {
-     if (!TEST_ptr(roots_f = test_get_argument(0))
-             || !TEST_ptr(untrusted_f = test_get_argument(1))
-            || !TEST_ptr(bad_f = test_get_argument(2))) {
-        TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
-+            || !TEST_ptr(bad_f = test_get_argument(2))
-+            || !TEST_ptr(good_f = test_get_argument(3))) {
-+        TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem good.pem\n");
-         return 0;
-     }
- 
-     ADD_TEST(test_alt_chains_cert_forgery);
-     ADD_TEST(test_store_ctx);
-+    ADD_TEST(test_self_signed_good);
-+    ADD_TEST(test_self_signed_bad);
-     return 1;
- }
--- a/openssl-1.1.1-version-override.patch
+++ b/openssl-1.1.1-version-override.patch
@ -4,9 +4,9 @@ diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.
@@ -40,7 +40,7 @@ extern "C" {
  *  major minor fix final patch/beta)
  */
- # define OPENSSL_VERSION_NUMBER  0x1010109fL
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1i  8 Dec 2020"
-+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1i FIPS  8 Dec 2020"
+ # define OPENSSL_VERSION_NUMBER  0x101010afL
+-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1j  16 Feb 2021"
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1j  FIPS 16 Feb 2021"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
--- a/openssl.spec
+++ b/openssl.spec
@ -21,8 +21,8 @@

 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 1.1.1i
-Release: 3%{?dist}
+Version: 1.1.1j
+Release: 1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -42,10 +42,6 @@ Patch1: openssl-1.1.1-build.patch
 Patch2: openssl-1.1.1-defaults.patch
 Patch3: openssl-1.1.1-no-html.patch
 Patch4: openssl-1.1.1-man-rename.patch
-# Bug fixes
-Patch21: openssl-1.1.0-issuer-hash.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1916594
-Patch71: openssl-1.1.1-verify-cert.patch

 # Functionality changes
 Patch31: openssl-1.1.1-conf-paths.patch
@ -158,8 +154,6 @@ cp %{SOURCE13} test/
 %patch3 -p1 -b .no-html  %{?_rawbuild}
 %patch4 -p1 -b .man-rename

-%patch21 -p1 -b .issuer-hash
-
 %patch31 -p1 -b .conf-paths
 %patch32 -p1 -b .version-add-engines
 %patch33 -p1 -b .dgst
@ -189,7 +183,6 @@ cp %{SOURCE13} test/
 %patch67 -p1 -b .kdf-selftest
 %patch69 -p1 -b .alpn-cb
 %patch70 -p1 -b .rewire-fips-drbg
-%patch71 -p1 -b .verify-cert


 %build
@ -478,6 +471,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs

 %changelog
+* Tue Feb 23 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1j-1
+- Upgrade to version 1.1.1.j
+
 * Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1i-3
 - Fix regression in X509_verify_cert() (bz1916594)

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-1.1.1i-hobbled.tar.xz) = e131a05e88690a7be7c3d74cbb26620130498ced2ce3d7fd55979aab5ea736ec8b268ba92268bd5bc347989325a3950a066883007cb20c2dd9739fd1eafc513f
+SHA512 (openssl-1.1.1j-hobbled.tar.xz) = ad7387f11043b46873f5cb484a83822a1e11aae3fd09cab699192034be7f6e7a8fcaa1960df8bf96871e6268b63cf7046ebb75c4df72de67bb4b3d2aa94f77e7