From 7df4966cc98d58df99d23d41b6de918b817b5c2e Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Fri, 7 May 2021 09:14:44 -0300
Subject: [PATCH] Port to OpenSSL 3

Backport of upstream commit (ee1dfedb)
---
 ...e-BN_set_word-x-0-instead-of-BN_zero.patch | 47 +++++++++++++++++++
 clevis.spec                                   |  8 +++-
 2 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch

diff --git a/0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch b/0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch
new file mode 100644
index 0000000..6c865e2
--- /dev/null
+++ b/0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch
@@ -0,0 +1,47 @@
+From 95f25c355fc13727410ccacaa618caf6af5d5eba Mon Sep 17 00:00:00 2001
+From: Sergio Correia <scorreia@redhat.com>
+Date: Mon, 3 May 2021 22:36:36 -0300
+Subject: [PATCH] sss: use BN_set_word(x, 0) instead of BN_zero()
+
+Different OpenSSL versions define BN_zero() differently -- sometimes
+returning an integer, sometimes as void --, so let's use instead
+BN_set_word() instead, not to have issues when building with these
+different versions.
+---
+ src/pins/sss/sss.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/pins/sss/sss.c b/src/pins/sss/sss.c
+index a37215d..7486d6c 100644
+--- a/src/pins/sss/sss.c
++++ b/src/pins/sss/sss.c
+@@ -214,7 +214,7 @@ sss_point(const json_t *sss, size_t *len)
+     if (BN_rand_range(xx, pp) <= 0)
+         return NULL;
+ 
+-    if (BN_zero(yy) <= 0)
++    if (BN_set_word(yy, 0) <= 0)
+         return NULL;
+ 
+     for (size_t i = 0; i < json_array_size(e); i++) {
+@@ -272,7 +272,7 @@ sss_recover(const json_t *p, size_t npnts, const uint8_t *pnts[])
+     if (!ctx || !pp || !acc || !tmp || !k)
+         return NULL;
+ 
+-    if (BN_zero(k) <= 0)
++    if (BN_set_word(k, 0) <= 0)
+         return NULL;
+ 
+     len = jose_b64_dec(p, NULL, 0);
+@@ -303,7 +303,7 @@ sss_recover(const json_t *p, size_t npnts, const uint8_t *pnts[])
+ 
+             /* acc *= (0 - xi) / (xo - xi) */
+ 
+-            if (BN_zero(tmp) <= 0)
++            if (BN_set_word(tmp, 0) <= 0)
+                 return NULL;
+ 
+             if (BN_mod_sub(tmp, tmp, xi, pp, ctx) <= 0)
+-- 
+2.31.1
+
diff --git a/clevis.spec b/clevis.spec
index 0459089..f29a365 100644
--- a/clevis.spec
+++ b/clevis.spec
@@ -1,6 +1,6 @@
 Name:           clevis
 Version:        18
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Automated decryption framework
 
 License:        GPLv3+
@@ -8,6 +8,8 @@ URL:            https://github.com/latchset/%{name}
 Source0:        https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
 Source1:        clevis.sysusers
 
+Patch0001: 0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch
+
 BuildRequires:  git-core
 BuildRequires:  gcc
 BuildRequires:  meson
@@ -192,6 +194,10 @@ exit 0
 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
 
 %changelog
+* Fri May 07 2021 Sergio Correia <scorreia@redhat.com> - 18-2
+- Port to OpenSSL 3
+  Backport of upstream commit (ee1dfedb)
+
 * Thu Apr 15 2021 Sergio Correia <scorreia@redhat.com> - 18-1
 - Update to new clevis upstream release, v18.