update to the 1.1.1e release

add selftest of the RAND_DRBG implementation fix incorrect error return value from FIPS_selftest_dsa
2020-03-19 17:44:25 +01:00 · 2020-03-19 17:44:25 +01:00 · c11b71fd2f
commit c11b71fd2f
parent c77593a912
17 changed files with 1438 additions and 1354 deletions
--- a/.gitignore
+++ b/.gitignore
@ -45,3 +45,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-1.1.1b-hobbled.tar.xz
 /openssl-1.1.1c-hobbled.tar.xz
 /openssl-1.1.1d-hobbled.tar.xz
 /openssl-1.1.1e-hobbled.tar.xz
--- a/ec_curve.c
+++ b/ec_curve.c
@ -9,7 +9,7 @@
 */
 #include <string.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
 #include <openssl/opensslconf.h>
--- a/ectest.c
+++ b/ectest.c
@ -1116,7 +1116,8 @@ static int parameter_test(void)
    unsigned char *buf = NULL;
    int r = 0, len;
-    if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1))
+    /* must use a curve without a special group method */
    if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp256k1))
        || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL))
        || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters))
        || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0))
@ -1324,7 +1325,107 @@ static int cardinality_test(int n)
    BN_CTX_free(ctx);
    return ret;
 }
-#endif
+
 /*
 * Helper for ec_point_hex2point_test
 *
 * Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given
 * (group,P) pair.
 *
 * If P is NULL use point at infinity.
 */
 static ossl_inline
 int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P,
                                   point_conversion_form_t form,
                                   BN_CTX *bnctx)
 {
    int ret = 0;
    EC_POINT *Q = NULL, *Pinf = NULL;
    char *hex = NULL;
    if (P == NULL) {
        /* If P is NULL use point at infinity. */
        if (!TEST_ptr(Pinf = EC_POINT_new(group))
                || !TEST_true(EC_POINT_set_to_infinity(group, Pinf)))
            goto err;
        P = Pinf;
    }
    if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx))
            || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx))
            || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx)))
        goto err;
    /*
     * The next check is most likely superfluous, as EC_POINT_cmp should already
     * cover this.
     * Nonetheless it increases the test coverage for EC_POINT_is_at_infinity,
     * so we include it anyway!
     */
    if (Pinf != NULL
            && !TEST_true(EC_POINT_is_at_infinity(group, Q)))
        goto err;
    ret = 1;
 err:
    EC_POINT_free(Pinf);
    OPENSSL_free(hex);
    EC_POINT_free(Q);
    return ret;
 }
 /*
 * This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex()
 */
 static int ec_point_hex2point_test(int id)
 {
    int ret = 0, nid;
    EC_GROUP *group = NULL;
    const EC_POINT *G = NULL;
    EC_POINT *P = NULL;
    BN_CTX * bnctx = NULL;
    /* Do some setup */
    nid = curves[id].nid;
    if (!TEST_ptr(bnctx = BN_CTX_new())
            || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
            || !TEST_ptr(G = EC_GROUP_get0_generator(group))
            || !TEST_ptr(P = EC_POINT_dup(G, group)))
        goto err;
    if (!TEST_true(ec_point_hex2point_test_helper(group, P,
                                                  POINT_CONVERSION_COMPRESSED,
                                                  bnctx))
            || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
                                                         POINT_CONVERSION_COMPRESSED,
                                                         bnctx))
            || !TEST_true(ec_point_hex2point_test_helper(group, P,
                                                         POINT_CONVERSION_UNCOMPRESSED,
                                                         bnctx))
            || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
                                                         POINT_CONVERSION_UNCOMPRESSED,
                                                         bnctx))
            || !TEST_true(ec_point_hex2point_test_helper(group, P,
                                                         POINT_CONVERSION_HYBRID,
                                                         bnctx))
            || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
                                                         POINT_CONVERSION_HYBRID,
                                                         bnctx)))
        goto err;
    ret = 1;
 err:
    EC_POINT_free(P);
    EC_GROUP_free(group);
    BN_CTX_free(bnctx);
    return ret;
 }
 #endif /* OPENSSL_NO_EC */
 int setup_tests(void)
 {
@ -1350,6 +1451,7 @@ int setup_tests(void)
    ADD_ALL_TESTS(internal_curve_test_method, crv_len);
    ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len);
    ADD_ALL_TESTS(ec_point_hex2point_test, crv_len);
 #endif /* OPENSSL_NO_EC */
    return 1;
 }
--- a/openssl-1.1.1-aes-asm.patch
+++ b/openssl-1.1.1-aes-asm.patch
@ -1,58 +0,0 @@
 commit 61cc715240d2d3f9511ca88043a3e9797c11482f
 Author: Richard Levitte <levitte@openssl.org>
 Date:   Thu Oct 3 08:28:31 2019 +0200
    Define AESNI_ASM if AESNI assembler is included, and use it
    Because we have cases where basic assembler support isn't present, but
    AESNI asssembler support is, we need a separate macro that indicates
    that, and use it.
    Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/10080)
 diff --git a/Configure b/Configure
 index 811bee81f5..f498ac2f81 100755
 --- a/Configure
 +++ b/Configure
@@ -1376,6 +1376,7 @@ unless ($disabled{asm}) {
     }
     if ($target{aes_asm_src}) {
         push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
 +        push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);;
         # aes-ctr.fake is not a real file, only indication that assembler
         # module implements AES_ctr32_encrypt...
         push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
 diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
 index c9f5969162..27c36b46e7 100644
 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c
 +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -33,7 +33,7 @@ typedef struct {
 #define NO_PAYLOAD_LENGTH       ((size_t)-1)
 -#if     defined(AES_ASM) &&     ( \
 +#if     defined(AESNI_ASM) &&     ( \
         defined(__x86_64)       || defined(__x86_64__)  || \
         defined(_M_AMD64)       || defined(_M_X64)      )
 diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
 index d5178313ae..cc622b6faa 100644
 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c
 +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -34,7 +34,7 @@ typedef struct {
 # define NO_PAYLOAD_LENGTH       ((size_t)-1)
 -#if     defined(AES_ASM) &&     ( \
 +#if     defined(AESNI_ASM) &&   ( \
         defined(__x86_64)       || defined(__x86_64__)  || \
         defined(_M_AMD64)       || defined(_M_X64)      )
@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
 {
     return NULL;
 }
 -#endif
 +#endif  /* AESNI_ASM */
--- a/openssl-1.1.1-evp-kdf.patch
+++ b/openssl-1.1.1-evp-kdf.patch
@ -1,6 +1,6 @@
-diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err/openssl.txt
+diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err/openssl.txt
--- openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/err/openssl.txt	2019-09-13 15:45:01.723001323 +0200
+++ openssl-1.1.1e/crypto/err/openssl.txt	2020-03-19 16:04:11.299063517 +0100
@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
 EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
 EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
@ -51,7 +51,7 @@ diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err
 KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
 OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
 OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
-@@ -2273,6 +2296,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
+@@ -2277,6 +2300,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
 	operation not supported for this keytype
 EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
@ -59,7 +59,7 @@ diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err
 EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
 EVP_R_PBKDF2_ERROR:181:pbkdf2 error
 EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
-@@ -2309,6 +2333,7 @@ KDF_R_MISSING_SEED:106:missing seed
+@@ -2313,6 +2337,7 @@ KDF_R_MISSING_SEED:106:missing seed
 KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
 KDF_R_VALUE_ERROR:108:value error
 KDF_R_VALUE_MISSING:102:value missing
@ -67,9 +67,9 @@ diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err
 OBJ_R_OID_EXISTS:102:oid exists
 OBJ_R_UNKNOWN_NID:101:unknown nid
 OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
-diff -up openssl-1.1.1d/crypto/evp/build.info.evp-kdf openssl-1.1.1d/crypto/evp/build.info
+diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/build.info
--- openssl-1.1.1d/crypto/evp/build.info.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/evp/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/evp/build.info	2019-09-13 15:39:20.268982830 +0200
+++ openssl-1.1.1e/crypto/evp/build.info	2020-03-19 16:04:11.300063500 +0100
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
         p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
         bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@ -80,35 +80,36 @@ diff -up openssl-1.1.1d/crypto/evp/build.info.evp-kdf openssl-1.1.1d/crypto/evp/
         e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
         e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
         e_chacha20_poly1305.c cmeth_lib.c
-diff -up openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c
+diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c
--- openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf	2020-03-19 16:04:11.300063500 +0100
-+++ openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c	2019-09-13 15:39:20.268982830 +0200
+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c	2020-03-19 16:16:46.497967633 +0100
-@@ -14,8 +14,8 @@
+@@ -14,9 +14,9 @@
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "evp_locl.h"
+-# include "evp_local.h"
- # include "internal/evp_int.h"
+ # include "crypto/evp.h"
-+# include "evp_locl.h"
+ # include "crypto/chacha.h"
- # include "internal/chacha.h"
+# include "evp_local.h"
 typedef struct {
-diff -up openssl-1.1.1d/crypto/evp/encode.c.evp-kdf openssl-1.1.1d/crypto/evp/encode.c
+     union {
--- openssl-1.1.1d/crypto/evp/encode.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/encode.c
-+++ openssl-1.1.1d/crypto/evp/encode.c	2019-09-13 15:39:20.268982830 +0200
+--- openssl-1.1.1e/crypto/evp/encode.c.evp-kdf	2020-03-19 16:04:11.301063483 +0100
 +++ openssl-1.1.1e/crypto/evp/encode.c	2020-03-19 16:14:13.147628683 +0100
@@ -11,8 +11,8 @@
 #include <limits.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "evp_locl.h"
+-#include "evp_local.h"
- #include "internal/evp_int.h"
+ #include "crypto/evp.h"
-+#include "evp_locl.h"
+#include "evp_local.h"
 static unsigned char conv_ascii2bin(unsigned char a,
                                     const unsigned char *table);
-diff -up openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1d/crypto/evp/evp_err.c
+diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_err.c
--- openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf	2019-09-13 15:39:20.226983569 +0200
+--- openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf	2020-03-19 16:04:11.218064919 +0100
-+++ openssl-1.1.1d/crypto/evp/evp_err.c	2019-09-13 15:44:00.070076961 +0200
+++ openssl-1.1.1e/crypto/evp/evp_err.c	2020-03-19 16:04:11.302063465 +0100
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
      "EVP_EncryptFinal_ex"},
@ -134,7 +135,7 @@ diff -up openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1d/crypto/evp/e
     {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
     {0, NULL}
 };
-@@ -240,6 +245,8 @@ static const ERR_STRING_DATA EVP_str_rea
+@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea
     "operation not supported for this keytype"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
     "operaton not initialized"},
@ -143,9 +144,9 @@ diff -up openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1d/crypto/evp/e
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
     "partially overlapping buffers"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
-diff -up openssl-1.1.1d/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1d/crypto/evp/evp_locl.h
+diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp/evp_local.h
--- openssl-1.1.1d/crypto/evp/evp_locl.h.evp-kdf	2019-09-13 15:39:19.820990718 +0200
+--- openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf	2020-03-19 16:04:10.657074629 +0100
-+++ openssl-1.1.1d/crypto/evp/evp_locl.h	2019-09-13 15:39:24.144914578 +0200
+++ openssl-1.1.1e/crypto/evp/evp_local.h	2020-03-19 16:04:20.722900404 +0100
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
     unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
 } /* EVP_CIPHER_CTX */ ;
@ -158,20 +159,20 @@ diff -up openssl-1.1.1d/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1d/crypto/evp/
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
                              int passlen, ASN1_TYPE *param,
                              const EVP_CIPHER *c, const EVP_MD *md,
-diff -up openssl-1.1.1d/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1d/crypto/evp/evp_pbe.c
+diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_pbe.c
--- openssl-1.1.1d/crypto/evp/evp_pbe.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf	2020-03-19 16:04:20.723900386 +0100
-+++ openssl-1.1.1d/crypto/evp/evp_pbe.c	2019-09-13 15:39:24.145914561 +0200
+++ openssl-1.1.1e/crypto/evp/evp_pbe.c	2020-03-19 16:11:56.425001210 +0100
@@ -12,6 +12,7 @@
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
- #include "evp_locl.h"
+ #include "evp_local.h"
 /* Password based encryption (PBE) functions */
-diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1d/crypto/evp/kdf_lib.c
+diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/kdf_lib.c
--- openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf	2019-09-13 15:39:24.146914543 +0200
+--- openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf	2020-03-19 16:04:20.723900386 +0100
-+++ openssl-1.1.1d/crypto/evp/kdf_lib.c	2019-09-13 15:39:24.146914543 +0200
+++ openssl-1.1.1e/crypto/evp/kdf_lib.c	2020-03-19 16:04:20.723900386 +0100
@@ -0,0 +1,165 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -190,10 +191,10 @@ diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1d/crypto/evp/k
 +#include <openssl/evp.h>
 +#include <openssl/x509v3.h>
 +#include <openssl/kdf.h>
-+#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
 +#include "internal/numbers.h"
-+#include "evp_locl.h"
+#include "evp_local.h"
 +
 +typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
 +
@ -338,9 +339,9 @@ diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1d/crypto/evp/k
 +    return ctx->kmeth->derive(ctx->impl, key, keylen);
 +}
 +
-diff -up openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1d/crypto/evp/p5_crpt2.c
+diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/p5_crpt2.c
--- openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/evp/p5_crpt2.c	2019-09-13 15:39:24.147914525 +0200
+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c	2020-03-19 16:17:48.822886126 +0100
@@ -1,5 +1,5 @@
 /*
 - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -355,13 +356,13 @@ diff -up openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1d/crypto/evp/
 -# include <openssl/x509.h>
 -# include <openssl/evp.h>
 -# include <openssl/hmac.h>
-# include "evp_locl.h"
+-# include "evp_local.h"
 +#include <openssl/x509.h>
 +#include <openssl/evp.h>
 +#include <openssl/kdf.h>
 +#include <openssl/hmac.h>
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
-+#include "evp_locl.h"
+#include "evp_local.h"
 /* set this to print out info about the keygen algorithm */
 /* #define OPENSSL_DEBUG_PKCS5V2 */
@ -489,9 +490,9 @@ diff -up openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1d/crypto/evp/
 }
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-diff -up openssl-1.1.1d/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1d/crypto/evp/pbe_scrypt.c
+diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/evp/pbe_scrypt.c
--- openssl-1.1.1d/crypto/evp/pbe_scrypt.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/evp/pbe_scrypt.c	2019-09-13 15:39:24.150914473 +0200
+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c	2020-03-19 16:04:20.725900352 +0100
@@ -7,135 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
@ -762,9 +763,9 @@ diff -up openssl-1.1.1d/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1d/crypto/ev
 }
 +
 #endif
-diff -up openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1d/crypto/evp/pkey_kdf.c
+diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/pkey_kdf.c
--- openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf	2019-09-13 15:39:24.154914402 +0200
+--- openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf	2020-03-19 16:04:20.726900334 +0100
-+++ openssl-1.1.1d/crypto/evp/pkey_kdf.c	2019-09-13 15:39:24.154914402 +0200
+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c	2020-03-19 16:04:20.725900352 +0100
@@ -0,0 +1,255 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -780,7 +781,7 @@ diff -up openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1d/crypto/evp/
 +#include <openssl/evp.h>
 +#include <openssl/err.h>
 +#include <openssl/kdf.h>
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
 +
 +static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
 +{
@ -1021,45 +1022,17 @@ diff -up openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1d/crypto/evp/
 +    pkey_kdf_ctrl_str
 +};
 +
-diff -up openssl-1.1.1d/crypto/include/internal/evp_int.h.evp-kdf openssl-1.1.1d/crypto/include/internal/evp_int.h
+diff -up openssl-1.1.1e/crypto/kdf/build.info.evp-kdf openssl-1.1.1e/crypto/kdf/build.info
--- openssl-1.1.1d/crypto/include/internal/evp_int.h.evp-kdf	2019-09-13 15:39:19.873989785 +0200
+--- openssl-1.1.1e/crypto/kdf/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/include/internal/evp_int.h	2019-09-13 15:39:24.155914384 +0200
+++ openssl-1.1.1e/crypto/kdf/build.info	2020-03-19 16:04:32.347699194 +0100
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
 extern const EVP_PKEY_METHOD poly1305_pkey_meth;
 extern const EVP_PKEY_METHOD siphash_pkey_meth;
 +/* struct evp_kdf_impl_st is defined by the implementation */
 +typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
 +typedef struct {
 +    int type;
 +    EVP_KDF_IMPL *(*new) (void);
 +    void (*free) (EVP_KDF_IMPL *impl);
 +    void (*reset) (EVP_KDF_IMPL *impl);
 +    int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args);
 +    int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value);
 +    size_t (*size) (EVP_KDF_IMPL *impl);
 +    int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen);
 +} EVP_KDF_METHOD;
 +
 +extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
 +extern const EVP_KDF_METHOD scrypt_kdf_meth;
 +extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
 +extern const EVP_KDF_METHOD hkdf_kdf_meth;
 +
 struct evp_md_st {
     int type;
     int pkey_type;
 diff -up openssl-1.1.1d/crypto/kdf/build.info.evp-kdf openssl-1.1.1d/crypto/kdf/build.info
 --- openssl-1.1.1d/crypto/kdf/build.info.evp-kdf	2019-09-10 15:13:07.000000000 +0200
 +++ openssl-1.1.1d/crypto/kdf/build.info	2019-09-13 15:39:24.156914367 +0200
@@ -1,3 +1,3 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
 -        tls1_prf.c kdf_err.c hkdf.c scrypt.c
 +        tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
-diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf.c
+diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf.c
--- openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/kdf/hkdf.c	2019-09-13 15:39:24.158914332 +0200
+++ openssl-1.1.1e/crypto/kdf/hkdf.c	2020-03-19 16:06:59.757147720 +0100
@@ -8,32 +8,33 @@
  */
@ -1067,11 +1040,10 @@ diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf
 +#include <stdarg.h>
 #include <string.h>
 #include <openssl/hmac.h>
-#include <openssl/kdf.h>
+ #include <openssl/kdf.h>
 #include <openssl/evp.h>
 +#include <openssl/kdf.h>
 #include "internal/cryptlib.h"
- #include "internal/evp_int.h"
+ #include "crypto/evp.h"
 +#include "kdf_local.h"
 #define HKDF_MAXBUF 1024
@ -1192,18 +1164,18 @@ diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf
             return 1;
 -        if (p1 < 0)
 -            return 0;
 -
 -        if (kctx->salt != NULL)
 -            OPENSSL_clear_free(kctx->salt, kctx->salt_len);
 -
 -        kctx->salt = OPENSSL_memdup(p2, p1);
 -        if (kctx->salt == NULL)
 +        OPENSSL_free(impl->salt);
 +        impl->salt = OPENSSL_memdup(p, len);
 +        if (impl->salt == NULL)
             return 0;
 -        if (kctx->salt != NULL)
 -            OPENSSL_clear_free(kctx->salt, kctx->salt_len);
 -
 -        kctx->salt = OPENSSL_memdup(p2, p1);
 -        if (kctx->salt == NULL)
 -            return 0;
 -
 -        kctx->salt_len = p1;
 +        impl->salt_len = len;
         return 1;
@ -1321,14 +1293,14 @@ diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf
 +static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl)
 {
 -    HKDF_PKEY_CTX *kctx = ctx->data;
-
+    if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY)
 +        return SIZE_MAX;
 -    OPENSSL_clear_free(kctx->key, kctx->key_len);
 -    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
 -    OPENSSL_cleanse(kctx->info, kctx->info_len);
 -    memset(kctx, 0, sizeof(*kctx));
-+    if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY)
+-
 +        return SIZE_MAX;
 -    return 1;
 +    if (impl->md == NULL) {
 +        KDFerr(KDF_F_KDF_HKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST);
@ -1526,9 +1498,9 @@ diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf
  err:
     OPENSSL_cleanse(prev, sizeof(prev));
-diff -up openssl-1.1.1d/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_err.c
+diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_err.c
--- openssl-1.1.1d/crypto/kdf/kdf_err.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/kdf/kdf_err.c	2019-09-13 15:39:24.159914314 +0200
+++ openssl-1.1.1e/crypto/kdf/kdf_err.c	2020-03-19 16:04:32.349699159 +0100
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
@ -1584,9 +1556,9 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1d/crypto/kdf/k
     {0, NULL}
 };
-diff -up openssl-1.1.1d/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_local.h
+diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_local.h
--- openssl-1.1.1d/crypto/kdf/kdf_local.h.evp-kdf	2019-09-13 15:39:24.160914297 +0200
+--- openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf	2020-03-19 16:04:32.349699159 +0100
-+++ openssl-1.1.1d/crypto/kdf/kdf_local.h	2019-09-13 15:39:24.160914297 +0200
+++ openssl-1.1.1e/crypto/kdf/kdf_local.h	2020-03-19 16:04:32.349699159 +0100
@@ -0,0 +1,22 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1610,9 +1582,9 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1d/crypto/kdf
 +                int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
 +                int cmd, const char *md_name);
 +
-diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_util.c
+diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_util.c
--- openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf	2019-09-13 15:39:24.161914279 +0200
+--- openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf	2020-03-19 16:04:32.350699142 +0100
-+++ openssl-1.1.1d/crypto/kdf/kdf_util.c	2019-09-13 15:39:24.160914297 +0200
+++ openssl-1.1.1e/crypto/kdf/kdf_util.c	2020-03-19 16:04:32.350699142 +0100
@@ -0,0 +1,73 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1629,7 +1601,7 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1d/crypto/kdf/
 +#include <openssl/kdf.h>
 +#include <openssl/evp.h>
 +#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
 +#include "internal/numbers.h"
 +#include "kdf_local.h"
 +
@ -1687,9 +1659,9 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1d/crypto/kdf/
 +    return call_ctrl(ctrl, impl, cmd, md);
 +}
 +
-diff -up openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1d/crypto/kdf/pbkdf2.c
+diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pbkdf2.c
--- openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf	2019-09-13 15:39:24.162914261 +0200
+--- openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf	2020-03-19 16:04:32.374698727 +0100
-+++ openssl-1.1.1d/crypto/kdf/pbkdf2.c	2019-09-13 15:39:24.162914261 +0200
+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c	2020-03-19 16:04:32.374698727 +0100
@@ -0,0 +1,264 @@
 +/*
 + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1707,7 +1679,7 @@ diff -up openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1d/crypto/kdf/pb
 +#include <openssl/evp.h>
 +#include <openssl/kdf.h>
 +#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
 +#include "kdf_local.h"
 +
 +static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl);
@ -1955,22 +1927,21 @@ diff -up openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1d/crypto/kdf/pb
 +    HMAC_CTX_free(hctx_tpl);
 +    return ret;
 +}
-diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/scrypt.c
+diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/scrypt.c
--- openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/kdf/scrypt.c	2019-09-13 15:39:24.164914226 +0200
+++ openssl-1.1.1e/crypto/kdf/scrypt.c	2020-03-19 16:11:06.215872475 +0100
-@@ -8,25 +8,34 @@
+@@ -8,25 +8,35 @@
  */
 #include <stdlib.h>
 +#include <stdarg.h>
 #include <string.h>
-#include <openssl/hmac.h>
+ #include <openssl/hmac.h>
-#include <openssl/kdf.h>
+ #include <openssl/kdf.h>
 #include <openssl/evp.h>
 -#include "internal/cryptlib.h"
 +#include <openssl/kdf.h>
 +#include <openssl/err.h>
- #include "internal/evp_int.h"
+ #include "crypto/evp.h"
 +#include "internal/numbers.h"
 +#include "kdf_local.h"
@ -1999,7 +1970,7 @@ diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/sc
 /* Custom uint64_t parser since we do not have strtoull */
 static int atou64(const char *nptr, uint64_t *result)
-@@ -53,51 +62,53 @@ static int atou64(const char *nptr, uint
+@@ -53,51 +63,53 @@ static int atou64(const char *nptr, uint
     return 1;
 }
@ -2084,7 +2055,7 @@ diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/sc
     if (new_buflen > 0) {
         *buffer = OPENSSL_memdup(new_buffer, new_buflen);
-@@ -105,7 +116,7 @@ static int pkey_scrypt_set_membuf(unsign
+@@ -105,7 +117,7 @@ static int pkey_scrypt_set_membuf(unsign
         *buffer = OPENSSL_malloc(1);
     }
     if (*buffer == NULL) {
@ -2093,7 +2064,7 @@ diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/sc
         return 0;
     }
-@@ -118,149 +129,378 @@ static int is_power_of_two(uint64_t valu
+@@ -118,149 +130,378 @@ static int is_power_of_two(uint64_t valu
     return (value != 0) && ((value & (value - 1)) == 0);
 }
@ -2546,9 +2517,9 @@ diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/sc
 +}
 #endif
-diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/tls1_prf.c
+diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/tls1_prf.c
--- openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/kdf/tls1_prf.c	2019-09-13 15:39:24.167914173 +0200
+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c	2020-03-19 16:10:32.317460707 +0100
@@ -8,11 +8,15 @@
  */
@ -2556,10 +2527,9 @@ diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/
 +#include <stdarg.h>
 +#include <string.h>
 #include "internal/cryptlib.h"
-#include <openssl/kdf.h>
+ #include <openssl/kdf.h>
 #include <openssl/evp.h>
-+#include <openssl/kdf.h>
+ #include "crypto/evp.h"
 #include "internal/evp_int.h"
 +#include "kdf_local.h"
 +static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl);
@ -2659,15 +2629,15 @@ diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/
 -        kctx->seclen  = p1;
 +
 +        impl->seclen  = len;
 +        return 1;
 +
 +    case EVP_KDF_CTRL_RESET_TLS_SEED:
 +        OPENSSL_cleanse(impl->seed, impl->seedlen);
 +        impl->seedlen = 0;
         return 1;
 -    case EVP_PKEY_CTRL_TLS_SEED:
 -        if (p1 == 0 || p2 == NULL)
 +    case EVP_KDF_CTRL_RESET_TLS_SEED:
 +        OPENSSL_cleanse(impl->seed, impl->seedlen);
 +        impl->seedlen = 0;
 +        return 1;
 +
 +    case EVP_KDF_CTRL_ADD_TLS_SEED:
 +        p = va_arg(args, const unsigned char *);
 +        len = va_arg(args, size_t);
@ -2832,9 +2802,9 @@ diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/
             OPENSSL_clear_free(tmp, olen);
             return 0;
         }
-diff -up openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod
+diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod
--- openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.evp-kdf	2019-09-13 15:39:24.169914138 +0200
+--- openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf	2020-03-19 16:04:32.377698675 +0100
-+++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod	2019-09-13 15:39:24.169914138 +0200
+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod	2020-03-19 16:04:32.377698675 +0100
@@ -0,0 +1,217 @@
 +=pod
 +
@ -3053,9 +3023,9 @@ diff -up openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1d/doc/man3
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod
+diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod
--- openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod.evp-kdf	2019-09-13 15:39:24.171914103 +0200
+--- openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf	2020-03-19 16:04:32.377698675 +0100
-+++ openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod	2019-09-13 15:39:24.171914103 +0200
+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod	2020-03-19 16:04:32.377698675 +0100
@@ -0,0 +1,180 @@
 +=pod
 +
@ -3237,9 +3207,9 @@ diff -up openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1d/doc/man
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod
+diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod
--- openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf	2019-09-13 15:39:24.172914085 +0200
+--- openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
-+++ openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod	2019-09-13 15:39:24.172914085 +0200
+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod	2020-03-19 16:04:32.378698658 +0100
@@ -0,0 +1,78 @@
 +=pod
 +
@ -3319,9 +3289,9 @@ diff -up openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1d/doc/m
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod
+diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod
--- openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf	2019-09-13 15:39:24.173914068 +0200
+--- openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
-+++ openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod	2019-09-13 15:39:24.173914068 +0200
+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod	2020-03-19 16:04:32.378698658 +0100
@@ -0,0 +1,149 @@
 +=pod
 +
@ -3472,9 +3442,9 @@ diff -up openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1d/doc/m
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod
+diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod
--- openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf	2019-09-13 15:39:24.174914050 +0200
+--- openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf	2020-03-19 16:04:32.378698658 +0100
-+++ openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod	2019-09-13 15:39:24.174914050 +0200
+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod	2020-03-19 16:04:32.378698658 +0100
@@ -0,0 +1,142 @@
 +=pod
 +
@ -3618,9 +3588,37 @@ diff -up openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1d/doc
 +L<https://www.openssl.org/source/license.html>.
 +
 +=cut
-diff -up openssl-1.1.1d/include/openssl/evperr.h.evp-kdf openssl-1.1.1d/include/openssl/evperr.h
+diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/crypto/evp.h
--- openssl-1.1.1d/include/openssl/evperr.h.evp-kdf	2019-09-13 15:39:20.242983287 +0200
+--- openssl-1.1.1e/include/crypto/evp.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/include/openssl/evperr.h	2019-09-13 15:42:42.818424742 +0200
+++ openssl-1.1.1e/include/crypto/evp.h	2020-03-19 16:04:32.347699194 +0100
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
 extern const EVP_PKEY_METHOD poly1305_pkey_meth;
 extern const EVP_PKEY_METHOD siphash_pkey_meth;
 +/* struct evp_kdf_impl_st is defined by the implementation */
 +typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
 +typedef struct {
 +    int type;
 +    EVP_KDF_IMPL *(*new) (void);
 +    void (*free) (EVP_KDF_IMPL *impl);
 +    void (*reset) (EVP_KDF_IMPL *impl);
 +    int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args);
 +    int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value);
 +    size_t (*size) (EVP_KDF_IMPL *impl);
 +    int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen);
 +} EVP_KDF_METHOD;
 +
 +extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
 +extern const EVP_KDF_METHOD scrypt_kdf_meth;
 +extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
 +extern const EVP_KDF_METHOD hkdf_kdf_meth;
 +
 struct evp_md_st {
     int type;
     int pkey_type;
 diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/openssl/evperr.h
 --- openssl-1.1.1e/include/openssl/evperr.h.evp-kdf	2020-03-19 16:04:11.250064365 +0100
 +++ openssl-1.1.1e/include/openssl/evperr.h	2020-03-19 16:04:32.379698640 +0100
@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE                   219
 # define EVP_F_EVP_ENCRYPTFINAL_EX                        127
@ -3645,7 +3643,7 @@ diff -up openssl-1.1.1d/include/openssl/evperr.h.evp-kdf openssl-1.1.1d/include/
 # define EVP_F_UPDATE                                     173
 /*
-@@ -180,6 +185,7 @@ int ERR_load_EVP_strings(void);
+@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 # define EVP_R_OPERATON_NOT_INITIALIZED                   151
@ -3653,9 +3651,9 @@ diff -up openssl-1.1.1d/include/openssl/evperr.h.evp-kdf openssl-1.1.1d/include/
 # define EVP_R_PARTIALLY_OVERLAPPING                      162
 # define EVP_R_PBKDF2_ERROR                               181
 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
-diff -up openssl-1.1.1d/include/openssl/kdferr.h.evp-kdf openssl-1.1.1d/include/openssl/kdferr.h
+diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/openssl/kdferr.h
--- openssl-1.1.1d/include/openssl/kdferr.h.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/include/openssl/kdferr.h	2019-09-13 15:39:34.856725957 +0200
+++ openssl-1.1.1e/include/openssl/kdferr.h	2020-03-19 16:04:32.379698640 +0100
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
 /*
  * KDF function codes.
@ -3695,9 +3693,9 @@ diff -up openssl-1.1.1d/include/openssl/kdferr.h.evp-kdf openssl-1.1.1d/include/
 +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE                   112
 #endif
-diff -up openssl-1.1.1d/include/openssl/kdf.h.evp-kdf openssl-1.1.1d/include/openssl/kdf.h
+diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/openssl/kdf.h
--- openssl-1.1.1d/include/openssl/kdf.h.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/include/openssl/kdf.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/include/openssl/kdf.h	2019-09-13 15:39:34.857725939 +0200
+++ openssl-1.1.1e/include/openssl/kdf.h	2020-03-19 16:04:32.380698623 +0100
@@ -10,10 +10,50 @@
 #ifndef HEADER_KDF_H
 # define HEADER_KDF_H
@ -3776,9 +3774,9 @@ diff -up openssl-1.1.1d/include/openssl/kdf.h.evp-kdf openssl-1.1.1d/include/ope
 }
 # endif
 #endif
-diff -up openssl-1.1.1d/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1d/include/openssl/ossl_typ.h
+diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/include/openssl/ossl_typ.h
--- openssl-1.1.1d/include/openssl/ossl_typ.h.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/include/openssl/ossl_typ.h	2019-09-13 15:39:34.858725922 +0200
+++ openssl-1.1.1e/include/openssl/ossl_typ.h	2020-03-19 16:04:32.381698606 +0100
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
 typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
@ -3788,9 +3786,9 @@ diff -up openssl-1.1.1d/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1d/includ
 typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
 typedef struct hmac_ctx_st HMAC_CTX;
-diff -up openssl-1.1.1d/test/build.info.evp-kdf openssl-1.1.1d/test/build.info
+diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
--- openssl-1.1.1d/test/build.info.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/test/build.info.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/test/build.info	2019-09-13 15:39:34.861725869 +0200
+++ openssl-1.1.1e/test/build.info	2020-03-19 16:04:32.381698606 +0100
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
           ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
           bio_callback_test bio_memleak_test \
@ -3812,9 +3810,9 @@ diff -up openssl-1.1.1d/test/build.info.evp-kdf openssl-1.1.1d/test/build.info
   SOURCE[x509_time_test]=x509_time_test.c
   INCLUDE[x509_time_test]=../include
   DEPEND[x509_time_test]=../libcrypto libtestutil.a
-diff -up openssl-1.1.1d/test/evp_kdf_test.c.evp-kdf openssl-1.1.1d/test/evp_kdf_test.c
+diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_test.c
--- openssl-1.1.1d/test/evp_kdf_test.c.evp-kdf	2019-09-13 15:39:34.862725851 +0200
+--- openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf	2020-03-19 16:04:32.382698588 +0100
-+++ openssl-1.1.1d/test/evp_kdf_test.c	2019-09-13 15:39:34.862725851 +0200
+++ openssl-1.1.1e/test/evp_kdf_test.c	2020-03-19 16:04:32.382698588 +0100
@@ -0,0 +1,237 @@
 +/*
 + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
@ -4053,9 +4051,9 @@ diff -up openssl-1.1.1d/test/evp_kdf_test.c.evp-kdf openssl-1.1.1d/test/evp_kdf_
 +#endif
 +    return 1;
 +}
-diff -up openssl-1.1.1d/test/evp_test.c.evp-kdf openssl-1.1.1d/test/evp_test.c
+diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
--- openssl-1.1.1d/test/evp_test.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/test/evp_test.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/test/evp_test.c	2019-09-13 15:39:34.865725798 +0200
+++ openssl-1.1.1e/test/evp_test.c	2020-03-19 16:04:32.383698571 +0100
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
     encode_test_run,
 };
@ -4267,9 +4265,9 @@ diff -up openssl-1.1.1d/test/evp_test.c.evp-kdf openssl-1.1.1d/test/evp_test.c
     &keypair_test_method,
     &keygen_test_method,
     &mac_test_method,
-diff -up openssl-1.1.1d/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1d/test/pkey_meth_kdf_test.c
+diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pkey_meth_kdf_test.c
--- openssl-1.1.1d/test/pkey_meth_kdf_test.c.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/test/pkey_meth_kdf_test.c	2019-09-13 15:39:34.867725763 +0200
+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c	2020-03-19 16:04:32.386698519 +0100
@@ -1,5 +1,5 @@
 /*
 - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -4473,9 +4471,9 @@ diff -up openssl-1.1.1d/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1d/test/pk
 }
 #endif
-diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt
+diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt
--- openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt	2019-09-13 15:39:34.870725710 +0200
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt	2020-03-19 16:04:32.388698484 +0100
@@ -1,5 +1,5 @@
 #
 -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -4874,9 +4872,9 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
 +Ctrl.digest = digest:sha512
 +Output = 00ef42cdbfc98d29db20976608e455567fdddf14
 +
-diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt
+diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt
--- openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf	2019-09-13 15:39:34.873725658 +0200
+--- openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf	2020-03-19 16:04:32.389698467 +0100
-+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt	2019-09-13 15:39:34.872725675 +0200
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt	2020-03-19 16:04:32.389698467 +0100
@@ -0,0 +1,305 @@
 +#
 +# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5183,9 +5181,9 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op
 +Ctrl.p = p:1
 +Result = INTERNAL_ERROR
 +
-diff -up openssl-1.1.1d/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_kdf.t
+diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_kdf.t
--- openssl-1.1.1d/test/recipes/30-test_evp_kdf.t.evp-kdf	2019-09-13 15:39:34.875725622 +0200
+--- openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf	2020-03-19 16:04:32.390698450 +0100
-+++ openssl-1.1.1d/test/recipes/30-test_evp_kdf.t	2019-09-13 15:39:34.875725622 +0200
+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t	2020-03-19 16:04:32.390698450 +0100
@@ -0,0 +1,13 @@
 +#! /usr/bin/env perl
 +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5200,9 +5198,9 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1d/te
 +use OpenSSL::Test::Simple;
 +
 +simple_test("test_evp_kdf", "evp_kdf_test");
-diff -up openssl-1.1.1d/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp.t
+diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp.t
--- openssl-1.1.1d/test/recipes/30-test_evp.t.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/test/recipes/30-test_evp.t	2019-09-13 15:39:34.876725605 +0200
+++ openssl-1.1.1e/test/recipes/30-test_evp.t	2020-03-19 16:04:32.390698450 +0100
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
 setup("test_evp");
@ -5212,10 +5210,10 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1d/test/r
     "evpcase.txt", "evpccmcavs.txt" );
 plan tests => scalar(@files);
-diff -up openssl-1.1.1d/util/libcrypto.num.evp-kdf openssl-1.1.1d/util/libcrypto.num
+diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto.num
--- openssl-1.1.1d/util/libcrypto.num.evp-kdf	2019-09-13 15:39:20.248983182 +0200
+--- openssl-1.1.1e/util/libcrypto.num.evp-kdf	2020-03-19 16:04:11.263064140 +0100
-+++ openssl-1.1.1d/util/libcrypto.num	2019-09-13 15:39:34.881725517 +0200
+++ openssl-1.1.1e/util/libcrypto.num	2020-03-19 16:04:32.392698415 +0100
-@@ -4617,3 +4617,11 @@ FIPS_drbg_get_strength
+@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength
 FIPS_rand_strength                      6380	1_1_0g	EXIST::FUNCTION:
 FIPS_drbg_get_blocklength               6381	1_1_0g	EXIST::FUNCTION:
 FIPS_drbg_init                          6382	1_1_0g	EXIST::FUNCTION:
@ -5227,9 +5225,9 @@ diff -up openssl-1.1.1d/util/libcrypto.num.evp-kdf openssl-1.1.1d/util/libcrypto
 +EVP_KDF_ctrl_str                        6595	1_1_1b	EXIST::FUNCTION:
 +EVP_KDF_size                            6596	1_1_1b	EXIST::FUNCTION:
 +EVP_KDF_derive                          6597	1_1_1b	EXIST::FUNCTION:
-diff -up openssl-1.1.1d/util/private.num.evp-kdf openssl-1.1.1d/util/private.num
+diff -up openssl-1.1.1e/util/private.num.evp-kdf openssl-1.1.1e/util/private.num
--- openssl-1.1.1d/util/private.num.evp-kdf	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/util/private.num.evp-kdf	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/util/private.num	2019-09-13 15:39:34.883725481 +0200
+++ openssl-1.1.1e/util/private.num	2020-03-19 16:04:32.393698398 +0100
@@ -21,6 +21,7 @@ CRYPTO_EX_dup
 CRYPTO_EX_free                          datatype
 CRYPTO_EX_new                           datatype
--- a/openssl-1.1.1-fips-crng-test.patch
+++ b/openssl-1.1.1-fips-crng-test.patch
@ -1,33 +1,15 @@
-diff -up openssl-1.1.1d/crypto/include/internal/rand_int.h.crng-test openssl-1.1.1d/crypto/include/internal/rand_int.h
+diff -up openssl-1.1.1e/crypto/rand/build.info.crng-test openssl-1.1.1e/crypto/rand/build.info
--- openssl-1.1.1d/crypto/include/internal/rand_int.h.crng-test	2019-09-13 16:03:54.572238927 +0200
+--- openssl-1.1.1e/crypto/rand/build.info.crng-test	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/include/internal/rand_int.h	2019-09-13 16:03:54.966232056 +0200
+++ openssl-1.1.1e/crypto/rand/build.info	2020-03-19 16:45:52.286627241 +0100
@@ -48,6 +48,14 @@ size_t rand_drbg_get_additional_data(RAN
 void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
 +/* CRNG test entropy filter callbacks. */
 +size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
 +                              unsigned char **pout,
 +                              int entropy, size_t min_len, size_t max_len,
 +                              int prediction_resistance);
 +void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
 +                                unsigned char *out, size_t outlen);
 +
 /*
  * RAND_POOL functions
  */
 diff -up openssl-1.1.1d/crypto/rand/build.info.crng-test openssl-1.1.1d/crypto/rand/build.info
 --- openssl-1.1.1d/crypto/rand/build.info.crng-test	2019-09-10 15:13:07.000000000 +0200
 +++ openssl-1.1.1d/crypto/rand/build.info	2019-09-13 16:03:54.968232021 +0200
@@ -1,4 +1,4 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
 -        randfile.c rand_lib.c rand_err.c rand_egd.c \
 +        randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
         rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
-diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1d/crypto/rand/drbg_lib.c
+diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1e/crypto/rand/drbg_lib.c
--- openssl-1.1.1d/crypto/rand/drbg_lib.c.crng-test	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/rand/drbg_lib.c.crng-test	2020-03-19 16:45:52.246627936 +0100
-+++ openssl-1.1.1d/crypto/rand/drbg_lib.c	2019-09-13 16:03:54.969232004 +0200
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c	2020-03-19 16:45:52.286627241 +0100
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
@ -51,9 +33,9 @@ diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1d/crypto/r
 #ifndef RAND_DRBG_GET_RANDOM_NONCE
         drbg->get_nonce = rand_drbg_get_nonce;
         drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
-diff -up openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1d/crypto/rand/rand_crng_test.c
+diff -up openssl-1.1.1e/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1e/crypto/rand/rand_crng_test.c
--- openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test	2019-09-13 16:03:54.969232004 +0200
+--- openssl-1.1.1e/crypto/rand/rand_crng_test.c.crng-test	2020-03-19 16:45:52.286627241 +0100
-+++ openssl-1.1.1d/crypto/rand/rand_crng_test.c	2019-09-13 16:15:20.834271063 +0200
+++ openssl-1.1.1e/crypto/rand/rand_crng_test.c	2020-03-19 16:45:52.286627241 +0100
@@ -0,0 +1,118 @@
 +/*
 + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
@ -71,9 +53,9 @@ diff -up openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1d/cr
 +
 +#include <string.h>
 +#include <openssl/evp.h>
-+#include "internal/rand_int.h"
+#include "crypto/rand.h"
 +#include "internal/thread_once.h"
-+#include "rand_lcl.h"
+#include "rand_local.h"
 +
 +static RAND_POOL *crngt_pool;
 +static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
@ -173,9 +155,9 @@ diff -up openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1d/cr
 +{
 +    OPENSSL_secure_clear_free(out, outlen);
 +}
-diff -up openssl-1.1.1d/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1d/crypto/rand/rand_lcl.h
+diff -up openssl-1.1.1e/crypto/rand/rand_local.h.crng-test openssl-1.1.1e/crypto/rand/rand_local.h
--- openssl-1.1.1d/crypto/rand/rand_lcl.h.crng-test	2019-09-13 16:03:54.653237514 +0200
+--- openssl-1.1.1e/crypto/rand/rand_local.h.crng-test	2020-03-19 16:45:51.930633424 +0100
-+++ openssl-1.1.1d/crypto/rand/rand_lcl.h	2019-09-13 16:03:54.969232004 +0200
+++ openssl-1.1.1e/crypto/rand/rand_local.h	2020-03-19 16:46:03.601430727 +0100
@@ -33,7 +33,15 @@
 # define MASTER_RESEED_TIME_INTERVAL             (60*60)   /* 1 hour */
 # define SLAVE_RESEED_TIME_INTERVAL              (7*60)    /* 7 minutes */
@ -225,9 +207,27 @@ diff -up openssl-1.1.1d/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1d/crypto/r
 +int rand_crngt_single_init(void);
 +
 #endif
-diff -up openssl-1.1.1d/test/drbgtest.c.crng-test openssl-1.1.1d/test/drbgtest.c
+diff -up openssl-1.1.1e/include/crypto/rand.h.crng-test openssl-1.1.1e/include/crypto/rand.h
--- openssl-1.1.1d/test/drbgtest.c.crng-test	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/include/crypto/rand.h.crng-test	2020-03-19 16:45:52.250627866 +0100
-+++ openssl-1.1.1d/test/drbgtest.c	2019-09-13 16:03:54.969232004 +0200
+++ openssl-1.1.1e/include/crypto/rand.h	2020-03-19 16:45:52.285627258 +0100
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
 void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
 +/* CRNG test entropy filter callbacks. */
 +size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
 +                              unsigned char **pout,
 +                              int entropy, size_t min_len, size_t max_len,
 +                              int prediction_resistance);
 +void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
 +                                unsigned char *out, size_t outlen);
 +
 /*
  * RAND_POOL functions
  */
 diff -up openssl-1.1.1e/test/drbgtest.c.crng-test openssl-1.1.1e/test/drbgtest.c
 --- openssl-1.1.1e/test/drbgtest.c.crng-test	2020-03-17 15:31:17.000000000 +0100
 +++ openssl-1.1.1e/test/drbgtest.c	2020-03-19 16:46:03.604430675 +0100
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
     return t->noncelen;
 }
--- a/openssl-1.1.1-fips-drbg-selftest.patch
+++ b/openssl-1.1.1-fips-drbg-selftest.patch
@ -0,0 +1,585 @@
 diff -up openssl-1.1.1e/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1e/crypto/fips/fips_post.c
 --- openssl-1.1.1e/crypto/fips/fips_post.c.drbg-selftest	2020-03-19 17:07:51.096676537 +0100
 +++ openssl-1.1.1e/crypto/fips/fips_post.c	2020-03-19 17:07:51.209674565 +0100
@@ -67,12 +67,18 @@
 # include <openssl/fips.h>
 # include "crypto/fips.h"
 +# include "crypto/rand.h"
 # include "fips_locl.h"
 /* Run all selftests */
 int FIPS_selftest(void)
 {
     int rv = 1;
 +    if (!rand_drbg_selftest()) {
 +        FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
 +        ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
 +        rv = 0;
 +    }
     if (!FIPS_selftest_drbg())
         rv = 0;
     if (!FIPS_selftest_sha1())
 diff -up openssl-1.1.1e/crypto/rand/build.info.drbg-selftest openssl-1.1.1e/crypto/rand/build.info
 --- openssl-1.1.1e/crypto/rand/build.info.drbg-selftest	2020-03-19 17:07:51.179675088 +0100
 +++ openssl-1.1.1e/crypto/rand/build.info	2020-03-19 17:08:14.005276610 +0100
@@ -1,4 +1,4 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
 -        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
 +        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
 diff -up openssl-1.1.1e/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1e/crypto/rand/drbg_selftest.c
 --- openssl-1.1.1e/crypto/rand/drbg_selftest.c.drbg-selftest	2020-03-19 17:08:14.011276505 +0100
 +++ openssl-1.1.1e/crypto/rand/drbg_selftest.c	2020-03-19 17:08:14.011276505 +0100
@@ -0,0 +1,537 @@
 +/*
 + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
 + *
 + * Licensed under the OpenSSL license (the "License").  You may not use
 + * this file except in compliance with the License.  You can obtain a copy
 + * in the file LICENSE in the source distribution or at
 + * https://www.openssl.org/source/license.html
 + */
 +
 +#include <string.h>
 +#include <stddef.h>
 +#include "internal/nelem.h"
 +#include <openssl/crypto.h>
 +#include <openssl/err.h>
 +#include <openssl/rand_drbg.h>
 +#include <openssl/obj_mac.h>
 +#include "internal/thread_once.h"
 +#include "crypto/rand.h"
 +
 +typedef struct test_ctx_st {
 +    const unsigned char *entropy;
 +    size_t entropylen;
 +    int entropycnt;
 +    const unsigned char *nonce;
 +    size_t noncelen;
 +    int noncecnt;
 +} TEST_CTX;
 +
 +static int app_data_index = -1;
 +static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
 +DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
 +{
 +    app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
 +
 +    return 1;
 +}
 +
 +enum drbg_kat_type {
 +    NO_RESEED,
 +    PR_FALSE,
 +    PR_TRUE
 +};
 +
 +enum drbg_df {
 +    USE_DF,
 +    NO_DF,
 +    NA
 +};
 +
 +struct drbg_kat_no_reseed {
 +    size_t count;
 +    const unsigned char *entropyin;
 +    const unsigned char *nonce;
 +    const unsigned char *persstr;
 +    const unsigned char *addin1;
 +    const unsigned char *addin2;
 +    const unsigned char *retbytes;
 +};
 +
 +struct drbg_kat_pr_false {
 +    size_t count;
 +    const unsigned char *entropyin;
 +    const unsigned char *nonce;
 +    const unsigned char *persstr;
 +    const unsigned char *entropyinreseed;
 +    const unsigned char *addinreseed;
 +    const unsigned char *addin1;
 +    const unsigned char *addin2;
 +    const unsigned char *retbytes;
 +};
 +
 +struct drbg_kat_pr_true {
 +    size_t count;
 +    const unsigned char *entropyin;
 +    const unsigned char *nonce;
 +    const unsigned char *persstr;
 +    const unsigned char *entropyinpr1;
 +    const unsigned char *addin1;
 +    const unsigned char *entropyinpr2;
 +    const unsigned char *addin2;
 +    const unsigned char *retbytes;
 +};
 +
 +struct drbg_kat {
 +    enum drbg_kat_type type;
 +    enum drbg_df df;
 +    int nid;
 +
 +    size_t entropyinlen;
 +    size_t noncelen;
 +    size_t persstrlen;
 +    size_t addinlen;
 +    size_t retbyteslen;
 +
 +    const void *t;
 +};
 +
 +/*
 + * Excerpt from test/drbg_cavs_data.c
 + * DRBG test vectors from:
 + * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
 + */
 +
 +static const unsigned char kat1308_entropyin[] = {
 +    0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
 +    0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
 +    0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
 +    0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
 +};
 +static const unsigned char kat1308_nonce[] = {0};
 +static const unsigned char kat1308_persstr[] = {
 +    0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
 +    0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
 +    0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
 +    0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
 +};
 +static const unsigned char kat1308_addin0[] = {
 +    0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
 +    0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
 +    0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
 +    0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
 +};
 +static const unsigned char kat1308_addin1[] = {
 +    0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
 +    0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
 +    0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
 +    0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
 +};
 +static const unsigned char kat1308_retbits[] = {
 +    0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
 +    0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
 +    0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
 +    0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
 +    0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
 +    0x26, 0x32, 0xd0, 0xb8,
 +};
 +static const struct drbg_kat_no_reseed kat1308_t = {
 +    2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
 +    kat1308_addin0, kat1308_addin1, kat1308_retbits
 +};
 +static const struct drbg_kat kat1308 = {
 +    NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
 +};
 +
 +static const unsigned char kat1465_entropyin[] = {
 +    0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
 +    0x87, 0xbe, 0xaa, 0xc0,
 +};
 +static const unsigned char kat1465_nonce[] = {
 +    0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
 +};
 +static const unsigned char kat1465_persstr[] = {0};
 +static const unsigned char kat1465_entropyinreseed[] = {
 +    0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
 +    0x1f, 0x4b, 0x7b, 0x51,
 +};
 +static const unsigned char kat1465_addinreseed[] = {
 +    0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
 +    0x61, 0x9f, 0x26, 0x5f,
 +};
 +static const unsigned char kat1465_addin0[] = {
 +    0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
 +    0x10, 0x5a, 0x73, 0x9c,
 +};
 +static const unsigned char kat1465_addin1[] = {
 +    0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
 +    0x47, 0x99, 0x1f, 0xeb,
 +};
 +static const unsigned char kat1465_retbits[] = {
 +    0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
 +    0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
 +    0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
 +    0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
 +    0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
 +    0x58, 0xdb, 0x27, 0xba,
 +};
 +static const struct drbg_kat_pr_false kat1465_t = {
 +    9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
 +    kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
 +    kat1465_addin1, kat1465_retbits
 +};
 +static const struct drbg_kat kat1465 = {
 +    PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
 +};
 +
 +static const unsigned char kat3146_entropyin[] = {
 +    0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
 +    0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
 +};
 +static const unsigned char kat3146_nonce[] = {
 +    0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
 +    0x50, 0x86, 0xca, 0xca,
 +};
 +static const unsigned char kat3146_persstr[] = {0};
 +static const unsigned char kat3146_entropyinpr1[] = {
 +    0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
 +    0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
 +};
 +static const unsigned char kat3146_addinpr1[] = {
 +    0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
 +    0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
 +    0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
 +};
 +static const unsigned char kat3146_entropyinpr2[] = {
 +    0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
 +    0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
 +};
 +static const unsigned char kat3146_addinpr2[] = {
 +    0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
 +    0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
 +    0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
 +};
 +static const unsigned char kat3146_retbits[] = {
 +    0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
 +    0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
 +    0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
 +    0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
 +    0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
 +    0xd4, 0x30, 0x73, 0xbb,
 +};
 +static const struct drbg_kat_pr_true kat3146_t = {
 +    10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
 +    kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
 +    kat3146_addinpr2, kat3146_retbits
 +};
 +static const struct drbg_kat kat3146 = {
 +    PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
 +};
 +
 +static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
 +
 +static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
 +
 +static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
 +                          int entropy, size_t min_len, size_t max_len,
 +                          int prediction_resistance)
 +{
 +    TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
 +
 +    t->entropycnt++;
 +    *pout = (unsigned char *)t->entropy;
 +    return t->entropylen;
 +}
 +
 +static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
 +                        int entropy, size_t min_len, size_t max_len)
 +{
 +    TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
 +
 +    t->noncecnt++;
 +    *pout = (unsigned char *)t->nonce;
 +    return t->noncelen;
 +}
 +
 +/*
 + * Do a single NO_RESEED KAT:
 + *
 + * Instantiate
 + * Generate Random Bits (pr=false)
 + * Generate Random Bits (pr=false)
 + * Uninstantiate
 + *
 + * Return 0 on failure.
 + */
 +static int single_kat_no_reseed(const struct drbg_kat *td)
 +{
 +    struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
 +    RAND_DRBG *drbg = NULL;
 +    unsigned char *buff = NULL;
 +    unsigned int flags = 0;
 +    int failures = 0;
 +    TEST_CTX t;
 +
 +    if (td->df != USE_DF)
 +        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
 +
 +    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
 +        return 0;
 +
 +    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
 +                                 kat_nonce, NULL)) {
 +        failures++;
 +        goto err;
 +    }
 +    memset(&t, 0, sizeof(t));
 +    t.entropy = data->entropyin;
 +    t.entropylen = td->entropyinlen;
 +    t.nonce = data->nonce;
 +    t.noncelen = td->noncelen;
 +    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
 +
 +    buff = OPENSSL_malloc(td->retbyteslen);
 +    if (buff == NULL) {
 +        failures++;
 +        goto err;
 +    }
 +
 +    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
 +        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
 +                               data->addin1, td->addinlen)
 +        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
 +                               data->addin2, td->addinlen)
 +        || memcmp(data->retbytes, buff,
 +                  td->retbyteslen) != 0)
 +        failures++;
 +
 +err:
 +    OPENSSL_free(buff);
 +    RAND_DRBG_uninstantiate(drbg);
 +    RAND_DRBG_free(drbg);
 +    return failures == 0;
 +}
 +
 +/*-
 + * Do a single PR_FALSE KAT:
 + *
 + * Instantiate
 + * Reseed
 + * Generate Random Bits (pr=false)
 + * Generate Random Bits (pr=false)
 + * Uninstantiate
 + *
 + * Return 0 on failure.
 + */
 +static int single_kat_pr_false(const struct drbg_kat *td)
 +{
 +    struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
 +    RAND_DRBG *drbg = NULL;
 +    unsigned char *buff = NULL;
 +    unsigned int flags = 0;
 +    int failures = 0;
 +    TEST_CTX t;
 +
 +    if (td->df != USE_DF)
 +        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
 +
 +    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
 +        return 0;
 +
 +    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
 +                                 kat_nonce, NULL)) {
 +        failures++;
 +        goto err;
 +    }
 +    memset(&t, 0, sizeof(t));
 +    t.entropy = data->entropyin;
 +    t.entropylen = td->entropyinlen;
 +    t.nonce = data->nonce;
 +    t.noncelen = td->noncelen;
 +    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
 +
 +    buff = OPENSSL_malloc(td->retbyteslen);
 +    if (buff == NULL) {
 +        failures++;
 +        goto err;
 +    }
 +
 +    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
 +        failures++;
 +
 +    t.entropy = data->entropyinreseed;
 +    t.entropylen = td->entropyinlen;
 +
 +    if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
 +        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
 +                               data->addin1, td->addinlen)
 +        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
 +                               data->addin2, td->addinlen)
 +        || memcmp(data->retbytes, buff,
 +                  td->retbyteslen) != 0)
 +        failures++;
 +
 +err:
 +    OPENSSL_free(buff);
 +    RAND_DRBG_uninstantiate(drbg);
 +    RAND_DRBG_free(drbg);
 +    return failures == 0;
 +}
 +
 +/*-
 + * Do a single PR_TRUE KAT:
 + *
 + * Instantiate
 + * Generate Random Bits (pr=true)
 + * Generate Random Bits (pr=true)
 + * Uninstantiate
 + *
 + * Return 0 on failure.
 + */
 +static int single_kat_pr_true(const struct drbg_kat *td)
 +{
 +    struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
 +    RAND_DRBG *drbg = NULL;
 +    unsigned char *buff = NULL;
 +    unsigned int flags = 0;
 +    int failures = 0;
 +    TEST_CTX t;
 +
 +    if (td->df != USE_DF)
 +        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
 +
 +    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
 +        return 0;
 +
 +    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
 +                                 kat_nonce, NULL)) {
 +        failures++;
 +        goto err;
 +    }
 +    memset(&t, 0, sizeof(t));
 +    t.nonce = data->nonce;
 +    t.noncelen = td->noncelen;
 +    t.entropy = data->entropyin;
 +    t.entropylen = td->entropyinlen;
 +    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
 +
 +    buff = OPENSSL_malloc(td->retbyteslen);
 +    if (buff == NULL) {
 +        failures++;
 +        goto err;
 +    }
 +
 +    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
 +        failures++;
 +
 +    t.entropy = data->entropyinpr1;
 +    t.entropylen = td->entropyinlen;
 +
 +    if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
 +                            data->addin1, td->addinlen))
 +        failures++;
 +
 +    t.entropy = data->entropyinpr2;
 +    t.entropylen = td->entropyinlen;
 +
 +    if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
 +                            data->addin2, td->addinlen)
 +        || memcmp(data->retbytes, buff,
 +                  td->retbyteslen) != 0)
 +        failures++;
 +
 +err:
 +    OPENSSL_free(buff);
 +    RAND_DRBG_uninstantiate(drbg);
 +    RAND_DRBG_free(drbg);
 +    return failures == 0;
 +}
 +
 +static int test_kats(int i)
 +{
 +    const struct drbg_kat *td = drbg_test[i];
 +    int rv = 0;
 +
 +    switch (td->type) {
 +    case NO_RESEED:
 +        if (!single_kat_no_reseed(td))
 +            goto err;
 +        break;
 +    case PR_FALSE:
 +        if (!single_kat_pr_false(td))
 +            goto err;
 +        break;
 +    case PR_TRUE:
 +        if (!single_kat_pr_true(td))
 +            goto err;
 +        break;
 +    default:	/* cant happen */
 +        goto err;
 +    }
 +    rv = 1;
 +err:
 +    return rv;
 +}
 +
 +/*-
 + * Do one expected-error test:
 + *
 + * Instantiate with no entropy supplied
 + *
 + * Return 0 on failure.
 + */
 +static int test_drbg_sanity(const struct drbg_kat *td)
 +{
 +    struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
 +    RAND_DRBG *drbg = NULL;
 +    unsigned int flags = 0;
 +    int failures = 0;
 +    TEST_CTX t;
 +
 +    if (td->df != USE_DF)
 +        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
 +
 +    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
 +        return 0;
 +
 +    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
 +                                 kat_nonce, NULL)) {
 +        failures++;
 +        goto err;
 +    }
 +    memset(&t, 0, sizeof(t));
 +    t.entropy = data->entropyin;
 +    t.entropylen = 0;     /* No entropy */
 +    t.nonce = data->nonce;
 +    t.noncelen = td->noncelen;
 +    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
 +
 +    ERR_set_mark();
 +    /* This must fail. */
 +    if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
 +        failures++;
 +    RAND_DRBG_uninstantiate(drbg);
 +    ERR_pop_to_mark();
 +
 +err:
 +    RAND_DRBG_free(drbg);
 +    return failures == 0;
 +}
 +
 +
 +int rand_drbg_selftest(void)
 +{
 +    int i;
 +
 +    if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
 +        return 0;
 +
 +    for (i = 0; i < drbg_test_nelem; i++) {
 +        if (test_kats(i) <= 0)
 +            return 0;
 +    }
 +
 +    if (test_drbg_sanity(&kat1465) <= 0)
 +        return 0;
 +
 +    return 1;
 +}
 diff -up openssl-1.1.1e/include/crypto/rand.h.drbg-selftest openssl-1.1.1e/include/crypto/rand.h
 --- openssl-1.1.1e/include/crypto/rand.h.drbg-selftest	2020-03-19 17:07:51.182675036 +0100
 +++ openssl-1.1.1e/include/crypto/rand.h	2020-03-19 17:08:14.004276627 +0100
@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
  */
 void rand_pool_keep_random_devices_open(int keep);
 +/*
 + * Perform the DRBG KAT selftests
 + */
 +int rand_drbg_selftest(void);
 +
 #endif
--- a/openssl-1.1.1-fips-post-rand.patch
+++ b/openssl-1.1.1-fips-post-rand.patch
@ -1,11 +1,11 @@
-diff -up openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand openssl-1.1.1d/crypto/fips/fips.c
+diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
--- openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand	2019-09-13 16:15:52.656716089 +0200
+--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand	2020-03-17 18:06:16.822418854 +0100
-+++ openssl-1.1.1d/crypto/fips/fips.c	2019-09-13 16:44:33.217852364 +0200
+++ openssl-1.1.1e/crypto/fips/fips.c	2020-03-17 18:06:16.861418172 +0100
@@ -68,6 +68,7 @@
 # include <openssl/fips.h>
 # include "internal/thread_once.h"
-+# include "internal/rand_int.h"
+# include "crypto/rand.h"
 # ifndef PATH_MAX
 #  define PATH_MAX 1024
@ -51,32 +51,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand openssl-1.1.1d/crypto/
         ret = 1;
         goto end;
     }
-diff -up openssl-1.1.1d/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1d/crypto/include/internal/fips_int.h
+diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
--- openssl-1.1.1d/crypto/include/internal/fips_int.h.fips-post-rand	2019-09-13 16:15:52.666715914 +0200
+--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/include/internal/fips_int.h	2019-09-13 16:15:52.690715496 +0200
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c	2020-03-17 18:07:35.305045521 +0100
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
 int FIPS_selftest_drbg(void);
 int FIPS_selftest_cmac(void);
 +int fips_in_post(void);
 +
 int fips_pkey_signature_test(EVP_PKEY *pkey,
                                  const unsigned char *tbs, int tbslen,
                                  const unsigned char *kat,
 diff -up openssl-1.1.1d/crypto/include/internal/rand_int.h.fips-post-rand openssl-1.1.1d/crypto/include/internal/rand_int.h
 --- openssl-1.1.1d/crypto/include/internal/rand_int.h.fips-post-rand	2019-09-13 16:15:52.307722175 +0200
 +++ openssl-1.1.1d/crypto/include/internal/rand_int.h	2019-09-13 16:41:47.133736023 +0200
@@ -24,6 +24,7 @@
 typedef struct rand_pool_st RAND_POOL;
 void rand_cleanup_int(void);
 +void rand_force_reseed(void);
 void rand_drbg_cleanup_int(void);
 void drbg_delete_thread_state(void);
 diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1d/crypto/rand/drbg_lib.c
 --- openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand	2019-09-10 15:13:07.000000000 +0200
 +++ openssl-1.1.1d/crypto/rand/drbg_lib.c	2019-09-13 16:44:04.808345620 +0200
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
     return min_entropy > min_entropylen ? min_entropy : min_entropylen;
 }
@ -98,14 +75,14 @@ diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1d/cry
 /* Implements the default OpenSSL RAND_add() method */
 static int drbg_add(const void *buf, int num, double randomness)
 {
-diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/crypto/rand/rand_unix.c
+diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
--- openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/rand/rand_unix.c	2019-09-13 16:15:52.690715496 +0200
+++ openssl-1.1.1e/crypto/rand/rand_unix.c	2020-03-17 18:09:01.503537189 +0100
@@ -17,10 +17,12 @@
 #include <openssl/crypto.h>
- #include "rand_lcl.h"
+ #include "rand_local.h"
- #include "internal/rand_int.h"
+ #include "crypto/rand.h"
-+#include "internal/fips_int.h"
+#include "crypto/fips.h"
 #include <stdio.h>
 #include "internal/dso.h"
 #ifdef __linux
@ -114,7 +91,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
 # ifdef DEVRANDOM_WAIT
 #  include <sys/shm.h>
 #  include <sys/utsname.h>
-@@ -295,7 +297,7 @@ static ssize_t sysctl_random(char *buf,
+@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
  * syscall_random(): Try to get random data using a system call
  * returns the number of bytes returned in buf, or < 0 on error.
  */
@ -123,7 +100,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
 {
     /*
      * Note: 'buflen' equals the size of the buffer which is used by the
-@@ -317,6 +319,7 @@ static ssize_t syscall_random(void *buf,
+@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
      * - Linux since 3.17 with glibc 2.25
      * - FreeBSD since 12.0 (1200061)
      */
@ -131,7 +108,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
 #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
-@@ -338,10 +341,10 @@ static ssize_t syscall_random(void *buf,
+@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
     if (p_getentropy.p != NULL)
         return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
 #  endif
@ -145,7 +122,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
 #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
     return sysctl_random(buf, buflen);
 #  else
-@@ -576,6 +579,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
     size_t entropy_available;
 #   if defined(OPENSSL_RAND_SEED_GETRANDOM)
@ -155,7 +132,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
     {
         size_t bytes_needed;
         unsigned char *buffer;
-@@ -586,7 +592,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
         bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
         while (bytes_needed != 0 && attempts-- > 0) {
             buffer = rand_pool_add_begin(pool, bytes_needed);
@ -164,7 +141,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
             if (bytes > 0) {
                 rand_pool_add_end(pool, bytes, 8 * bytes);
                 bytes_needed -= bytes;
-@@ -621,8 +627,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
             int attempts = 3;
             const int fd = get_random_device(i);
@ -176,7 +153,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
             while (bytes_needed != 0 && attempts-- > 0) {
                 buffer = rand_pool_add_begin(pool, bytes_needed);
-@@ -685,7 +693,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
             return entropy_available;
     }
 #   endif
@ -187,3 +164,26 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
     return rand_pool_entropy_available(pool);
 #  endif
 }
 diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
 --- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand	2020-03-17 18:06:16.831418696 +0100
 +++ openssl-1.1.1e/include/crypto/fips.h	2020-03-17 18:06:16.861418172 +0100
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
 int FIPS_selftest_drbg(void);
 int FIPS_selftest_cmac(void);
 +int fips_in_post(void);
 +
 int fips_pkey_signature_test(EVP_PKEY *pkey,
                                  const unsigned char *tbs, int tbslen,
                                  const unsigned char *kat,
 diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
 --- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
 +++ openssl-1.1.1e/include/crypto/rand.h	2020-03-17 18:07:35.303045555 +0100
@@ -24,6 +24,7 @@
 typedef struct rand_pool_st RAND_POOL;
 void rand_cleanup_int(void);
 +void rand_force_reseed(void);
 void rand_drbg_cleanup_int(void);
 void drbg_delete_thread_state(void);
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
--- a/openssl-1.1.1-intel-cet.patch
+++ b/openssl-1.1.1-intel-cet.patch
@ -1,6 +1,6 @@
-diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl
+diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl
--- openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl	2020-02-17 12:00:19.011235601 +0100
+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl	2020-03-19 17:07:02.626522694 +0100
@@ -275,6 +275,7 @@ $code.=<<___;
 .align	16
 ${PREFIX}_encrypt:
@ -25,41 +25,23 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
 ___
 $code.=<<___ if ($win64);
 	lea	-0x58(%rsp),%rsp
-@@ -984,6 +987,8 @@ $code.=<<___;
+@@ -985,6 +988,7 @@ $code.=<<___;
 .type	aesni_ccm64_encrypt_blocks,\@function,6
 .align	16
 aesni_ccm64_encrypt_blocks:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 ___
 $code.=<<___ if ($win64);
 	lea	-0x58(%rsp),%rsp
-@@ -1066,6 +1071,7 @@ $code.=<<___ if ($win64);
+@@ -1077,6 +1081,7 @@ $code.=<<___;
 ___
 $code.=<<___;
 	ret
 +.cfi_endproc
 .size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
 ___
 ######################################################################
@@ -1074,6 +1080,8 @@ $code.=<<___;
 .type	aesni_ccm64_decrypt_blocks,\@function,6
 .align	16
 aesni_ccm64_decrypt_blocks:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 ___
 $code.=<<___ if ($win64);
 	lea	-0x58(%rsp),%rsp
-@@ -1173,6 +1181,7 @@ $code.=<<___ if ($win64);
+@@ -1203,6 +1208,7 @@ $code.=<<___;
 ___
 $code.=<<___;
 	ret
 +.cfi_endproc
 .size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
 ___
 }
@@ -1199,6 +1208,7 @@ $code.=<<___;
 .align	16
 aesni_ctr32_encrypt_blocks:
 .cfi_startproc
@ -67,7 +49,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
 	cmp	\$1,$len
 	jne	.Lctr32_bulk
-@@ -1771,6 +1781,7 @@ $code.=<<___;
+@@ -1775,6 +1781,7 @@ $code.=<<___;
 .align	16
 aesni_xts_encrypt:
 .cfi_startproc
@ -75,7 +57,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
 	lea	(%rsp),%r11			# frame pointer
 .cfi_def_cfa_register	%r11
 	push	%rbp
-@@ -2254,6 +2265,7 @@ $code.=<<___;
+@@ -2258,6 +2265,7 @@ $code.=<<___;
 .align	16
 aesni_xts_decrypt:
 .cfi_startproc
@ -83,7 +65,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
 	lea	(%rsp),%r11			# frame pointer
 .cfi_def_cfa_register	%r11
 	push	%rbp
-@@ -2779,6 +2791,7 @@ $code.=<<___;
+@@ -2783,6 +2791,7 @@ $code.=<<___;
 .align	32
 aesni_ocb_encrypt:
 .cfi_startproc
@ -91,51 +73,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
 	lea	(%rsp),%rax
 	push	%rbx
 .cfi_push	%rbx
-@@ -3031,6 +3044,7 @@ $code.=<<___;
+@@ -3249,6 +3258,7 @@ __ocb_encrypt1:
 .type	__ocb_encrypt6,\@abi-omnipotent
 .align	32
 __ocb_encrypt6:
 +.cfi_startproc
 	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
 	 movdqu		($L_p,$i1),@offset[1]
 	 movdqa		@offset[0],@offset[2]
@@ -3128,11 +3142,13 @@ __ocb_encrypt6:
 	aesenclast	@offset[4],$inout4
 	aesenclast	@offset[5],$inout5
 	ret
 +.cfi_endproc
 .size	__ocb_encrypt6,.-__ocb_encrypt6
 .type	__ocb_encrypt4,\@abi-omnipotent
 .align	32
 __ocb_encrypt4:
 +.cfi_startproc
 	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
 	 movdqu		($L_p,$i1),@offset[1]
 	 movdqa		@offset[0],@offset[2]
@@ -3197,11 +3213,13 @@ __ocb_encrypt4:
 	aesenclast	@offset[2],$inout2
 	aesenclast	@offset[3],$inout3
 	ret
 +.cfi_endproc
 .size	__ocb_encrypt4,.-__ocb_encrypt4
 .type	__ocb_encrypt1,\@abi-omnipotent
 .align	32
 __ocb_encrypt1:
 +.cfi_startproc
 	 pxor		@offset[5],$inout5	# offset_i
 	 pxor		$rndkey0l,$inout5	# offset_i ^ round[0]
 	pxor		$inout0,$checksum	# accumulate checksum
@@ -3232,6 +3250,7 @@ __ocb_encrypt1:
 	aesenclast	$inout5,$inout0
 	ret
 +.cfi_endproc
 .size	__ocb_encrypt1,.-__ocb_encrypt1
 .globl	aesni_ocb_decrypt
@@ -3239,6 +3258,7 @@ __ocb_encrypt1:
 .align	32
 aesni_ocb_decrypt:
 .cfi_startproc
@ -143,51 +81,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
 	lea	(%rsp),%rax
 	push	%rbx
 .cfi_push	%rbx
-@@ -3513,6 +3533,7 @@ $code.=<<___;
+@@ -3737,6 +3747,7 @@ $code.=<<___;
 .type	__ocb_decrypt6,\@abi-omnipotent
 .align	32
 __ocb_decrypt6:
 +.cfi_startproc
 	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
 	 movdqu		($L_p,$i1),@offset[1]
 	 movdqa		@offset[0],@offset[2]
@@ -3604,11 +3625,13 @@ __ocb_decrypt6:
 	aesdeclast	@offset[4],$inout4
 	aesdeclast	@offset[5],$inout5
 	ret
 +.cfi_endproc
 .size	__ocb_decrypt6,.-__ocb_decrypt6
 .type	__ocb_decrypt4,\@abi-omnipotent
 .align	32
 __ocb_decrypt4:
 +.cfi_startproc
 	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
 	 movdqu		($L_p,$i1),@offset[1]
 	 movdqa		@offset[0],@offset[2]
@@ -3669,11 +3692,13 @@ __ocb_decrypt4:
 	aesdeclast	@offset[2],$inout2
 	aesdeclast	@offset[3],$inout3
 	ret
 +.cfi_endproc
 .size	__ocb_decrypt4,.-__ocb_decrypt4
 .type	__ocb_decrypt1,\@abi-omnipotent
 .align	32
 __ocb_decrypt1:
 +.cfi_startproc
 	 pxor		@offset[5],$inout5	# offset_i
 	 pxor		$rndkey0l,$inout5	# offset_i ^ round[0]
 	pxor		$inout5,$inout0		# input ^ round[0] ^ offset_i
@@ -3703,6 +3728,7 @@ __ocb_decrypt1:
 	aesdeclast	$inout5,$inout0
 	ret
 +.cfi_endproc
 .size	__ocb_decrypt1,.-__ocb_decrypt1
 ___
 } }}
@@ -3721,6 +3747,7 @@ $code.=<<___;
 .align	16
 ${PREFIX}_cbc_encrypt:
 .cfi_startproc
@ -195,25 +89,9 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
 	test	$len,$len		# check length
 	jz	.Lcbc_ret
-@@ -4637,7 +4664,6 @@ __aesni_set_encrypt_key:
+diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl
- 	add	\$8,%rsp
+--- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
- .cfi_adjust_cfa_offset	-8
+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl	2020-03-19 17:00:15.974621757 +0100
 	ret
 -.cfi_endproc
 .LSEH_end_set_encrypt_key:
 .align	16
@@ -4708,6 +4734,7 @@ __aesni_set_encrypt_key:
 	shufps	\$0b10101010,%xmm1,%xmm1	# critical path
 	xorps	%xmm1,%xmm2
 	ret
 +.cfi_endproc
 .size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
 .size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
 ___
 diff -up openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl
 --- openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl.intel-cet	2019-09-10 15:13:07.000000000 +0200
 +++ openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl	2020-02-17 11:55:07.374557249 +0100
@@ -696,6 +696,7 @@ _vpaes_schedule_mangle:
 .align	16
 ${PREFIX}_set_encrypt_key:
@ -254,9 +132,9 @@ diff -up openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1d/
 	xchg	$key,$len
 ___
 ($len,$key)=($key,$len);
-diff -up openssl-1.1.1d/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1d/crypto/async/arch/async_posix.c
+diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c
--- openssl-1.1.1d/crypto/async/arch/async_posix.c.intel-cet	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/async/arch/async_posix.c	2020-02-17 11:55:07.374557249 +0100
+++ openssl-1.1.1e/crypto/async/arch/async_posix.c	2020-03-19 17:00:15.974621757 +0100
@@ -34,7 +34,9 @@ void async_local_cleanup(void)
 int async_fibre_makecontext(async_fibre *fibre)
@ -267,9 +145,9 @@ diff -up openssl-1.1.1d/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1d
     if (getcontext(&fibre->fibre) == 0) {
         fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
         if (fibre->fibre.uc_stack.ss_sp != NULL) {
-diff -up openssl-1.1.1d/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1d/crypto/async/arch/async_posix.h
+diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h
--- openssl-1.1.1d/crypto/async/arch/async_posix.h.intel-cet	2020-02-17 11:55:06.600570492 +0100
+--- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet	2020-03-19 17:00:15.435631166 +0100
-+++ openssl-1.1.1d/crypto/async/arch/async_posix.h	2020-02-17 11:55:07.374557249 +0100
+++ openssl-1.1.1e/crypto/async/arch/async_posix.h	2020-03-19 17:00:15.975621739 +0100
@@ -25,17 +25,33 @@
 #  define ASYNC_POSIX
 #  define ASYNC_ARCH
@ -313,10 +191,10 @@ diff -up openssl-1.1.1d/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1d
     return 1;
 }
-diff -up openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl
+diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl
--- openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl.intel-cet	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl	2020-02-17 11:55:07.375557232 +0100
+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl	2020-03-19 17:00:15.975621739 +0100
-@@ -677,6 +677,7 @@ $code.=<<___;
+@@ -685,6 +685,7 @@ $code.=<<___;
 .align	16
 Camellia_cbc_encrypt:
 .cfi_startproc
@ -324,9 +202,9 @@ diff -up openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1
 	cmp	\$0,%rdx
 	je	.Lcbc_abort
 	push	%rbx
-diff -up openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl
+diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl
--- openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl.intel-cet	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl	2020-02-17 11:55:07.375557232 +0100
+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl	2020-03-19 17:00:15.975621739 +0100
@@ -239,6 +239,7 @@ $code=<<___;
 .align	16
 gcm_gmult_4bit:
@ -375,9 +253,9 @@ diff -up openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1
 ___
 if ($avx) {
 my ($Xip,$Htbl,$inp,$len)=@_4args;
-diff -up openssl-1.1.1d/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1d/crypto/perlasm/cbc.pl
+diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl
--- openssl-1.1.1d/crypto/perlasm/cbc.pl.intel-cet	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/perlasm/cbc.pl	2020-02-17 11:55:07.375557232 +0100
+++ openssl-1.1.1e/crypto/perlasm/cbc.pl	2020-03-19 17:00:15.976621722 +0100
@@ -165,21 +165,28 @@ sub cbc
 	&jmp_ptr($count);
@ -407,9 +285,9 @@ diff -up openssl-1.1.1d/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1d/crypto/pe
 	&movb(&LB("ecx"),	&BP(0,$in,"",0));
 &set_label("ejend");
-diff -up openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl
+diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl
--- openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl.intel-cet	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl	2020-02-17 11:55:07.375557232 +0100
+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl	2020-03-19 17:00:15.984621582 +0100
@@ -101,6 +101,33 @@ elsif (!$gas)
     $decor="\$L\$";
 }
@ -452,9 +330,9 @@ diff -up openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1d/
 print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
 print "END\n"				if ($masm);
-diff -up openssl-1.1.1d/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1d/crypto/perlasm/x86gas.pl
+diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl
--- openssl-1.1.1d/crypto/perlasm/x86gas.pl.intel-cet	2019-09-10 15:13:07.000000000 +0200
+--- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1d/crypto/perlasm/x86gas.pl	2020-02-17 11:55:07.376557215 +0100
+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl	2020-03-19 17:00:15.985621565 +0100
@@ -124,6 +124,7 @@ sub ::function_begin_B
     push(@out,".align\t$align\n");
     push(@out,"$func:\n");
@ -490,292 +368,72 @@ diff -up openssl-1.1.1d/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1d/crypto
 }
 sub ::data_byte	{   push(@out,".byte\t".join(',',@_)."\n");   }
-diff -up openssl-1.1.1d/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1d/crypto/poly1305/asm/poly1305-x86_64.pl
+diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl
--- openssl-1.1.1d/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet	2020-02-17 11:55:07.376557215 +0100
+--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet	2020-03-19 17:00:38.185234015 +0100
-+++ openssl-1.1.1d/crypto/poly1305/asm/poly1305-x86_64.pl	2020-02-17 12:02:12.295308065 +0100
+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl	2020-03-19 17:05:46.575850341 +0100
-@@ -90,7 +90,7 @@ if (!$avx && $win64 && ($flavour =~ /mas
+@@ -2806,6 +2806,7 @@ $code.=<<___;
 	$avx = ($1>=10) + ($1>=12);
 }
 -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
 +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
@@ -168,6 +168,7 @@ $code.=<<___;
 .type	poly1305_init,\@function,3
 .align	32
 poly1305_init:
 +.cfi_startproc
 	xor	%rax,%rax
 	mov	%rax,0($ctx)		# initialize hash value
 	mov	%rax,8($ctx)
@@ -219,6 +220,7 @@ $code.=<<___;
 	mov	\$1,%eax
 .Lno_key:
 	ret
 +.cfi_endproc
 .size	poly1305_init,.-poly1305_init
 .type	poly1305_blocks,\@function,4
@@ -298,6 +300,7 @@ $code.=<<___;
 .type	poly1305_emit,\@function,3
 .align	32
 poly1305_emit:
 +.cfi_startproc
 .Lemit:
 	mov	0($ctx),%r8	# load hash value
 	mov	8($ctx),%r9
@@ -318,6 +321,7 @@ poly1305_emit:
 	mov	%rcx,8($mac)
 	ret
 +.cfi_endproc
 .size	poly1305_emit,.-poly1305_emit
 ___
 if ($avx) {
@@ -342,15 +346,18 @@ $code.=<<___;
 .type	__poly1305_block,\@abi-omnipotent
 .align	32
 __poly1305_block:
 +.cfi_startproc
 ___
 	&poly1305_iteration();
 $code.=<<___;
 	ret
 +.cfi_endproc
 .size	__poly1305_block,.-__poly1305_block
 .type	__poly1305_init_avx,\@abi-omnipotent
 .align	32
 __poly1305_init_avx:
 +.cfi_startproc
 	mov	$r0,$h0
 	mov	$r1,$h1
 	xor	$h2,$h2
@@ -508,6 +515,7 @@ __poly1305_init_avx:
 	lea	-48-64($ctx),$ctx	# size [de-]optimization
 	ret
 +.cfi_endproc
 .size	__poly1305_init_avx,.-__poly1305_init_avx
 .type	poly1305_blocks_avx,\@function,4
@@ -1373,6 +1381,7 @@ $code.=<<___;
 .type	poly1305_emit_avx,\@function,3
 .align	32
 poly1305_emit_avx:
 +.cfi_startproc
 	cmpl	\$0,20($ctx)	# is_base2_26?
 	je	.Lemit
@@ -1423,6 +1432,7 @@ poly1305_emit_avx:
 	mov	%rcx,8($mac)
 	ret
 +.cfi_endproc
 .size	poly1305_emit_avx,.-poly1305_emit_avx
 ___
@@ -2741,6 +2751,7 @@ $code.=<<___;
 .type	poly1305_init_base2_44,\@function,3
 .align	32
 poly1305_init_base2_44:
 +.cfi_startproc
 	xor	%rax,%rax
 	mov	%rax,0($ctx)		# initialize hash value
 	mov	%rax,8($ctx)
@@ -2782,6 +2793,7 @@ ___
 $code.=<<___;
 	mov	\$1,%eax
 	ret
 +.cfi_endproc
 .size	poly1305_init_base2_44,.-poly1305_init_base2_44
 ___
 {
@@ -2793,6 +2805,8 @@ $code.=<<___;
 .type	poly1305_blocks_vpmadd52,\@function,4
 .align	32
 poly1305_blocks_vpmadd52:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	shr	\$4,$len
 	jz	.Lno_data_vpmadd52		# too short
-@@ -2899,6 +2913,7 @@ poly1305_blocks_vpmadd52:
+@@ -3739,6 +3740,7 @@ $code.=<<___;
 .Lno_data_vpmadd52:
 	ret
 +.cfi_endproc
 .size	poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52
 ___
 }
@@ -2916,6 +2931,7 @@ $code.=<<___;
 .type	poly1305_blocks_vpmadd52_4x,\@function,4
 .align	32
 poly1305_blocks_vpmadd52_4x:
 +.cfi_startproc
 	shr	\$4,$len
 	jz	.Lno_data_vpmadd52_4x		# too short
@@ -3340,6 +3356,7 @@ poly1305_blocks_vpmadd52_4x:
 .Lno_data_vpmadd52_4x:
 	ret
 +.cfi_endproc
 .size	poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x
 ___
 }
@@ -3358,6 +3375,7 @@ $code.=<<___;
 .type	poly1305_blocks_vpmadd52_8x,\@function,4
 .align	32
 poly1305_blocks_vpmadd52_8x:
 +.cfi_startproc
 	shr	\$4,$len
 	jz	.Lno_data_vpmadd52_8x		# too short
@@ -3713,6 +3731,7 @@ $code.=<<___;
 .Lno_data_vpmadd52_8x:
 	ret
 +.cfi_endproc
 .size	poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x
 ___
 }
@@ -3720,6 +3739,8 @@ $code.=<<___;
 .type	poly1305_emit_base2_44,\@function,3
 .align	32
 poly1305_emit_base2_44:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	mov	0($ctx),%r8	# load hash value
 	mov	8($ctx),%r9
 	mov	16($ctx),%r10
-@@ -3750,6 +3771,7 @@ poly1305_emit_base2_44:
+diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl
- 	mov	%rcx,8($mac)
+--- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet	2020-03-19 17:00:38.190233928 +0100
- 
+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl	2020-03-19 17:05:02.598618064 +0100
- 	ret
+@@ -140,6 +140,7 @@ $code=<<___;
 +.cfi_endproc
 .size	poly1305_emit_base2_44,.-poly1305_emit_base2_44
 ___
 }	}	}
@@ -3800,6 +3822,7 @@ $code.=<<___;
 .type	xor128_encrypt_n_pad,\@abi-omnipotent
 .align	16
- xor128_encrypt_n_pad:
+ RC4:
-+.cfi_startproc
+ .cfi_startproc
 	sub	$otp,$inp
 	sub	$otp,$out
 	mov	$len,%r10		# put len aside
@@ -3841,12 +3864,14 @@ xor128_encrypt_n_pad:
 .Ldone_enc:
 	mov	$otp,%rax
 	ret
 +.cfi_endproc
 .size	xor128_encrypt_n_pad,.-xor128_encrypt_n_pad
 .globl	xor128_decrypt_n_pad
 .type	xor128_decrypt_n_pad,\@abi-omnipotent
 .align	16
 xor128_decrypt_n_pad:
 +.cfi_startproc
 	sub	$otp,$inp
 	sub	$otp,$out
 	mov	$len,%r10		# put len aside
@@ -3892,6 +3917,7 @@ xor128_decrypt_n_pad:
 .Ldone_dec:
 	mov	$otp,%rax
 	ret
 +.cfi_endproc
 .size	xor128_decrypt_n_pad,.-xor128_decrypt_n_pad
 ___
 }
 diff -up openssl-1.1.1d/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1d/crypto/rc4/asm/rc4-x86_64.pl
 --- openssl-1.1.1d/crypto/rc4/asm/rc4-x86_64.pl.intel-cet	2020-02-17 11:55:07.377557198 +0100
 +++ openssl-1.1.1d/crypto/rc4/asm/rc4-x86_64.pl	2020-02-17 12:03:09.117341235 +0100
@@ -138,11 +138,13 @@ $code=<<___;
 .globl	RC4
 .type	RC4,\@function,4
 .align	16
 -RC4:	or	$len,$len
 +RC4:
 +.cfi_startproc
 +	endbranch
-+	or	$len,$len
+ 	or	$len,$len
 	jne	.Lentry
 	ret
- .Lentry:
+@@ -455,6 +456,7 @@ $code.=<<___;
 -.cfi_startproc
 	push	%rbx
 .cfi_push	%rbx
 	push	%r12
@@ -453,6 +455,8 @@ $code.=<<___;
 .type	RC4_set_key,\@function,3
 .align	16
 RC4_set_key:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	lea	8($dat),$dat
 	lea	($inp,$len),$inp
 	neg	$len
-@@ -519,12 +523,15 @@ RC4_set_key:
+@@ -529,6 +531,7 @@ RC4_set_key:
 	mov	%eax,-8($dat)
 	mov	%eax,-4($dat)
 	ret
 +.cfi_endproc
 .size	RC4_set_key,.-RC4_set_key
 .globl	RC4_options
 .type	RC4_options,\@abi-omnipotent
 .align	16
 RC4_options:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	lea	.Lopts(%rip),%rax
 	mov	OPENSSL_ia32cap_P(%rip),%edx
 	bt	\$20,%edx
-@@ -537,6 +544,7 @@ RC4_options:
+diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl
- 	add	\$12,%rax
+--- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
- .Ldone:
+++ openssl-1.1.1e/crypto/x86_64cpuid.pl	2020-03-19 17:03:58.172742775 +0100
- 	ret
+@@ -40,6 +40,7 @@ print<<___;
 +.cfi_endproc
 .align	64
 .Lopts:
 .asciz	"rc4(8x,int)"
 diff -up openssl-1.1.1d/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1d/crypto/x86_64cpuid.pl
 --- openssl-1.1.1d/crypto/x86_64cpuid.pl.intel-cet	2019-09-10 15:13:07.000000000 +0200
 +++ openssl-1.1.1d/crypto/x86_64cpuid.pl	2020-02-17 12:04:04.921391729 +0100
@@ -39,6 +39,8 @@ print<<___;
 .type	OPENSSL_atomic_add,\@abi-omnipotent
 .align	16
 OPENSSL_atomic_add:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	movl	($arg1),%eax
 .Lspin:	leaq	($arg2,%rax),%r8
 	.byte	0xf0		# lock
-@@ -47,16 +49,20 @@ OPENSSL_atomic_add:
+@@ -56,6 +57,7 @@ OPENSSL_atomic_add:
 	movl	%r8d,%eax
 	.byte	0x48,0x98	# cltq/cdqe
 	ret
 +.cfi_endproc
 .size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
 .globl	OPENSSL_rdtsc
 .type	OPENSSL_rdtsc,\@abi-omnipotent
 .align	16
 OPENSSL_rdtsc:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	rdtsc
 	shl	\$32,%rdx
 	or	%rdx,%rax
- 	ret
+@@ -68,6 +70,7 @@ OPENSSL_rdtsc:
 +.cfi_endproc
 .size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
 .globl	OPENSSL_ia32_cpuid
@@ -64,6 +70,7 @@ OPENSSL_rdtsc:
 .align	16
 OPENSSL_ia32_cpuid:
 .cfi_startproc
@ -783,40 +441,31 @@ diff -up openssl-1.1.1d/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1d/crypto/x8
 	mov	%rbx,%r8		# save %rbx
 .cfi_register	%rbx,%r8
-@@ -232,6 +239,8 @@ OPENSSL_ia32_cpuid:
+@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid:
 .type   OPENSSL_cleanse,\@abi-omnipotent
 .align  16
 OPENSSL_cleanse:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	xor	%rax,%rax
 	cmp	\$15,$arg2
 	jae	.Lot
-@@ -261,12 +270,15 @@ OPENSSL_cleanse:
+@@ -274,6 +278,7 @@ OPENSSL_cleanse:
 	cmp	\$0,$arg2
 	jne	.Little
 	ret
 +.cfi_endproc
 .size	OPENSSL_cleanse,.-OPENSSL_cleanse
 .globl  CRYPTO_memcmp
 .type   CRYPTO_memcmp,\@abi-omnipotent
 .align  16
 CRYPTO_memcmp:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	xor	%rax,%rax
 	xor	%r10,%r10
 	cmp	\$0,$arg3
-@@ -295,6 +307,7 @@ CRYPTO_memcmp:
+@@ -312,6 +317,7 @@ print<<___ if (!$win64);
- 	shr	\$63,%rax
+ .align	16
- .Lno_data:
+ OPENSSL_wipe_cpu:
- 	ret
+ .cfi_startproc
-+.cfi_endproc
+	endbranch
- .size	CRYPTO_memcmp,.-CRYPTO_memcmp
+ 	pxor	%xmm0,%xmm0
- ___
+ 	pxor	%xmm1,%xmm1
- 
+ 	pxor	%xmm2,%xmm2
-@@ -303,6 +316,8 @@ print<<___ if (!$win64);
+@@ -346,6 +352,8 @@ print<<___ if ($win64);
 .type	OPENSSL_wipe_cpu,\@abi-omnipotent
 .align	16
 OPENSSL_wipe_cpu:
@ -825,61 +474,27 @@ diff -up openssl-1.1.1d/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1d/crypto/x8
 	pxor	%xmm0,%xmm0
 	pxor	%xmm1,%xmm1
 	pxor	%xmm2,%xmm2
-@@ -329,6 +344,7 @@ OPENSSL_wipe_cpu:
+@@ -376,6 +384,7 @@ print<<___;
 	xorq	%r11,%r11
 	leaq	8(%rsp),%rax
 	ret
 +.cfi_endproc
 .size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
 ___
 print<<___ if ($win64);
@@ -365,6 +381,8 @@ print<<___;
 .type	OPENSSL_instrument_bus,\@abi-omnipotent
 .align	16
 OPENSSL_instrument_bus:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	mov	$arg1,$out	# tribute to Win64
 	mov	$arg2,$cnt
 	mov	$arg2,$max
-@@ -391,12 +409,15 @@ OPENSSL_instrument_bus:
+@@ -410,6 +419,7 @@ OPENSSL_instrument_bus:
 	mov	$max,%rax
 	ret
 +.cfi_endproc
 .size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
 .globl	OPENSSL_instrument_bus2
 .type	OPENSSL_instrument_bus2,\@abi-omnipotent
 .align	16
 OPENSSL_instrument_bus2:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	mov	$arg1,$out	# tribute to Win64
 	mov	$arg2,$cnt
 	mov	$arg3,$max
-@@ -439,6 +460,7 @@ OPENSSL_instrument_bus2:
+@@ -465,6 +475,7 @@ print<<___;
 	mov	$redzone(%rsp),%rax
 	sub	$cnt,%rax
 	ret
 +.cfi_endproc
 .size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
 ___
 }
@@ -450,6 +472,8 @@ print<<___;
 .type	OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
 .align	16
 OPENSSL_ia32_${rdop}_bytes:
-+.cfi_startproc
+ .cfi_startproc
 +	endbranch
 	xor	%rax, %rax	# return value
 	cmp	\$0,$arg2
 	je	.Ldone_${rdop}_bytes
@@ -486,6 +510,7 @@ OPENSSL_ia32_${rdop}_bytes:
 .Ldone_${rdop}_bytes:
 	xor	%r10,%r10	# Clear sensitive data from register
 	ret
 +.cfi_endproc
 .size	OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes
 ___
 }
--- a/openssl-1.1.1-krb5-kdf.patch
+++ b/openssl-1.1.1-krb5-kdf.patch
@ -67,9 +67,9 @@ diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.krb5-kdf openssl-1.1.1d/crypto/evp/
 };
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
-diff -up openssl-1.1.1d/crypto/include/internal/evp_int.h.krb5-kdf openssl-1.1.1d/crypto/include/internal/evp_int.h
+diff -up openssl-1.1.1d/include/crypto/evp.h.krb5-kdf openssl-1.1.1d/include/crypto/evp.h
--- openssl-1.1.1d/crypto/include/internal/evp_int.h.krb5-kdf	2019-11-14 15:07:05.320094521 +0100
+--- openssl-1.1.1d/include/crypto/evp.h.krb5-kdf	2019-11-14 15:07:05.320094521 +0100
-+++ openssl-1.1.1d/crypto/include/internal/evp_int.h	2019-11-14 15:07:05.342094129 +0100
+++ openssl-1.1.1d/include/crypto/evp.h	2019-11-14 15:07:05.342094129 +0100
@@ -130,6 +130,9 @@ extern const EVP_KDF_METHOD scrypt_kdf_m
 extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
 extern const EVP_KDF_METHOD hkdf_kdf_meth;
@ -129,7 +129,7 @@ diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kb
 +
 +#include "internal/numbers.h"
 +#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
 +#include "kdf_local.h"
 +
 +#include "e_os.h"
@ -741,7 +741,7 @@ diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/
 +#include <openssl/kdf.h>
 +
 +#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
 +#include "kdf_local.h"
 +
 +/* KRB5 KDF defined in RFC 3961, Section 5.1 */
@ -1155,7 +1155,7 @@ diff -up openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/s
 #include <openssl/kdf.h>
 +#include "internal/numbers.h"
 #include "internal/cryptlib.h"
- #include "internal/evp_int.h"
+ #include "crypto/evp.h"
 #include "kdf_local.h"
@@ -68,6 +69,12 @@ static int kdf_sshkdf_parse_buffer_arg(u
     p = va_arg(args, const unsigned char *);
@ -1218,7 +1218,7 @@ diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/ss
 +#include <openssl/evp.h>
 +#include <openssl/kdf.h>
 +#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
 +#include "kdf_local.h"
 +
 +struct evp_kdf_impl_st {
--- a/openssl-1.1.1-s390x-update.patch
+++ b/openssl-1.1.1-s390x-update.patch
@ -1,13 +1,6 @@
-diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl
+diff -up openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl
--- openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update	2019-02-26 15:15:30.000000000 +0100
+--- openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl.s390x-update	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl	2019-05-06 10:54:00.035367605 +0200
+++ openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl	2020-03-19 16:45:05.483440129 +0100
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
 -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -20,41 +20,53 @@
 #
 # 3 times faster than compiler-generated code.
@ -472,7 +465,7 @@ diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1
 +	vsldb		(@b[$_],@b[$_],@b[$_],$odd?12:4) for (0..5);
 +	vsldb		(@d[$_],@d[$_],@d[$_],$odd?4:12) for (0..5);
 }
-close STDOUT;
+-close STDOUT or die "error closing STDOUT: $!";
 +
 +PERLASM_BEGIN($output);
 +
@ -1290,9 +1283,9 @@ diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1
 +ALIGN	(4);
 +
 +PERLASM_END();
-diff -up openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1b/crypto/perlasm/s390x.pm
+diff -up openssl-1.1.1e/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1e/crypto/perlasm/s390x.pm
--- openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update	2019-05-06 10:54:00.037367571 +0200
+--- openssl-1.1.1e/crypto/perlasm/s390x.pm.s390x-update	2020-03-19 16:20:22.039227394 +0100
-+++ openssl-1.1.1b/crypto/perlasm/s390x.pm	2019-05-06 10:54:00.038367554 +0200
+++ openssl-1.1.1e/crypto/perlasm/s390x.pm	2020-03-19 16:20:22.039227394 +0100
@@ -0,0 +1,3060 @@
 +#!/usr/bin/env perl
 +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -4354,9 +4347,9 @@ diff -up openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1b/cryp
 +}
 +
 +1;
-diff -up openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl
+diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl
--- openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update	2019-02-26 15:15:30.000000000 +0100
+--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update	2020-03-19 16:20:22.041227359 +0100
-+++ openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl	2019-05-06 10:54:00.036367588 +0200
+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl	2020-03-19 16:23:22.364098257 +0100
@@ -24,204 +24,961 @@
 #
 # On side note, z13 enables vector base 2^26 implementation...
@ -5494,11 +5487,11 @@ diff -up openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update opens
 +STRING	("\"Poly1305 for s390x, CRYPTOGAMS by <appro\@openssl.org>\"");
 -print $code;
-close STDOUT;
+-close STDOUT or die "error closing STDOUT: $!";
 +PERLASM_END();
-diff -up openssl-1.1.1b/crypto/poly1305/build.info.s390x-update openssl-1.1.1b/crypto/poly1305/build.info
+diff -up openssl-1.1.1e/crypto/poly1305/build.info.s390x-update openssl-1.1.1e/crypto/poly1305/build.info
--- openssl-1.1.1b/crypto/poly1305/build.info.s390x-update	2019-05-06 10:54:00.036367588 +0200
+--- openssl-1.1.1e/crypto/poly1305/build.info.s390x-update	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1b/crypto/poly1305/build.info	2019-05-06 10:56:14.964105164 +0200
+++ openssl-1.1.1e/crypto/poly1305/build.info	2020-03-19 16:20:22.042227342 +0100
@@ -18,6 +18,7 @@ INCLUDE[poly1305-armv8.o]=..
 GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
 INCLUDE[poly1305-mips.o]=..
--- a/openssl-1.1.1-ssh-kdf.patch
+++ b/openssl-1.1.1-ssh-kdf.patch
@ -51,10 +51,10 @@ index 05f5cec3a9..811fe727f6 100644
 };
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
-diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
+diff --git a/include/crypto/evp.h b/include/crypto/evp.h
 index a109e561b3..8c313c65ac 100644
--- a/crypto/include/internal/evp_int.h
+--- a/include/crypto/evp.h
-+++ b/crypto/include/internal/evp_int.h
+++ b/include/crypto/evp.h
@@ -129,6 +129,7 @@ extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
 extern const EVP_KDF_METHOD scrypt_kdf_meth;
 extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
@ -119,7 +119,7 @@ index 0000000000..24f37cbed4
 +#include <openssl/evp.h>
 +#include <openssl/kdf.h>
 +#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
+#include "crypto/evp.h"
 +#include "kdf_local.h"
 +
 +/* See RFC 4253, Section 7.2 */
--- a/openssl-1.1.1-upstream-sync.patch
+++ b/openssl-1.1.1-upstream-sync.patch
@ -1,153 +0,0 @@
 commit 515c728dbaa92211d2eafb0041ab9fcd258fdc41
 Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
 Date:   Mon Sep 9 19:12:25 2019 +0200
    Fix potential memory leaks with BN_to_ASN1_INTEGER
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9833)
    (cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09)
 diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
 index 1ce1181fc1..7cbf8de981 100644
 --- a/crypto/ec/ec_asn1.c
 +++ b/crypto/ec/ec_asn1.c
@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
     unsigned char *buffer = NULL;
     const EC_POINT *point = NULL;
     point_conversion_form_t form;
 +    ASN1_INTEGER *orig;
     if (params == NULL) {
         if ((ret = ECPARAMETERS_new()) == NULL) {
@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
         ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
 -    ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
 +    ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
     if (ret->order == NULL) {
 +        ret->order = orig;
         ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
         goto err;
     }
@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
     /* set the cofactor (optional) */
     tmp = EC_GROUP_get0_cofactor(group);
     if (tmp != NULL) {
 -        ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
 +        ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
         if (ret->cofactor == NULL) {
 +            ret->cofactor = orig;
             ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
             goto err;
         }
 diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
 index 089f2ae29f..ef2d64826f 100644
 --- a/crypto/x509v3/v3_asid.c
 +++ b/crypto/x509v3/v3_asid.c
@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,
 static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 {
     ASN1_INTEGER *a_max_plus_one = NULL;
 +    ASN1_INTEGER *orig;
     BIGNUM *bn = NULL;
     int i, ret = 0;
@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
          */
         if ((bn == NULL && (bn = BN_new()) == NULL) ||
             ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
 -            !BN_add_word(bn, 1) ||
 -            (a_max_plus_one =
 -             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
 +            !BN_add_word(bn, 1)) {
 +            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
 +                      ERR_R_MALLOC_FAILURE);
 +            goto done;
 +        }
 +
 +        if ((a_max_plus_one =
 +                BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
 +            a_max_plus_one = orig;
             X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
                       ERR_R_MALLOC_FAILURE);
             goto done;
@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)
 static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
 {
     ASN1_INTEGER *a_max_plus_one = NULL;
 +    ASN1_INTEGER *orig;
     BIGNUM *bn = NULL;
     int i, ret = 0;
@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
          */
         if ((bn == NULL && (bn = BN_new()) == NULL) ||
             ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
 -            !BN_add_word(bn, 1) ||
 -            (a_max_plus_one =
 -             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
 +            !BN_add_word(bn, 1)) {
 +            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
 +                      ERR_R_MALLOC_FAILURE);
 +            goto done;
 +        }
 +
 +        if ((a_max_plus_one =
 +                 BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
 +            a_max_plus_one = orig;
             X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
                       ERR_R_MALLOC_FAILURE);
             goto done;
 commit 86ed78676c660b553696cc10c682962522dfeb6c
 Author: Tomas Mraz <tmraz@fedoraproject.org>
 Date:   Thu Sep 12 12:27:36 2019 +0200
    BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
    There can be data to write in output buffer and data to read that were
    not yet read in the input stream.
    Fixes #9866
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9877)
    (cherry picked from commit 6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95)
 diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
 index d688deee5f..7c1be358fd 100644
 --- a/crypto/comp/c_zlib.c
 +++ b/crypto/comp/c_zlib.c
@@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
         BIO_copy_next_retry(b);
         break;
 +    case BIO_CTRL_WPENDING:
 +        if (ctx->obuf == NULL)
 +            return 0;
 +
 +        if (ctx->odone) {
 +            ret = ctx->ocount;
 +        } else {
 +            ret = ctx->ocount;
 +            if (ret == 0)
 +                /* Unknown amount pending but we are not finished */
 +                ret = 1;
 +        }
 +        if (ret == 0)
 +            ret = BIO_ctrl(next, cmd, num, ptr);
 +        break;
 +
 +    case BIO_CTRL_PENDING:
 +        ret = ctx->zin.avail_in;
 +        if (ret == 0)
 +            ret = BIO_ctrl(next, cmd, num, ptr);
 +        break;
 +
     default:
         ret = BIO_ctrl(next, cmd, num, ptr);
         break;
--- a/openssl-1.1.1-version-override.patch
+++ b/openssl-1.1.1-version-override.patch
@ -1,12 +1,12 @@
-diff -up openssl-1.1.1d/include/openssl/opensslv.h.version-override openssl-1.1.1d/include/openssl/opensslv.h
+diff -up openssl-1.1.1e/include/openssl/opensslv.h.version-override openssl-1.1.1e/include/openssl/opensslv.h
--- openssl-1.1.1d/include/openssl/opensslv.h.version-override	2019-09-13 15:26:32.606500244 +0200
+--- openssl-1.1.1e/include/openssl/opensslv.h.version-override	2020-03-17 18:05:00.750749987 +0100
-+++ openssl-1.1.1d/include/openssl/opensslv.h	2019-09-13 15:27:03.805950866 +0200
+++ openssl-1.1.1e/include/openssl/opensslv.h	2020-03-17 18:05:41.404038619 +0100
@@ -40,7 +40,7 @@ extern "C" {
  *  major minor fix final patch/beta)
  */
- # define OPENSSL_VERSION_NUMBER  0x1010104fL
+ # define OPENSSL_VERSION_NUMBER  0x1010105fL
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1d  10 Sep 2019"
+-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1e  17 Mar 2020"
-+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1d FIPS  10 Sep 2019"
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1e FIPS  17 Mar 2020"
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
--- a/openssl.spec
+++ b/openssl.spec
@ -21,8 +21,8 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 1.1.1d
+Version: 1.1.1e
-Release: 7%{?dist}
+Release: 1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -64,12 +64,11 @@ Patch49: openssl-1.1.1-evp-kdf.patch
 Patch50: openssl-1.1.1-ssh-kdf.patch
 Patch60: openssl-1.1.1-krb5-kdf.patch
 Patch61: openssl-1.1.1-intel-cet.patch
 Patch65: openssl-1.1.1-fips-drbg-selftest.patch
 # Backported fixes including security fixes
 Patch51: openssl-1.1.1-upstream-sync.patch
 Patch52: openssl-1.1.1-s390x-update.patch
 Patch53: openssl-1.1.1-fips-crng-test.patch
 Patch54: openssl-1.1.1-regression-fixes.patch
 Patch55: openssl-1.1.1-aes-asm.patch
 License: OpenSSL
 URL: http://www.openssl.org/
@ -167,13 +166,12 @@ cp %{SOURCE13} test/
 %patch48 -p1 -b .fips-post-rand
 %patch49 -p1 -b .evp-kdf
 %patch50 -p1 -b .ssh-kdf
 %patch51 -p1 -b .upstream-sync
 %patch52 -p1 -b .s390x-update
 %patch53 -p1 -b .crng-test
 %patch54 -p1 -b .regression
 %patch55 -p1 -b .aes-asm
 %patch60 -p1 -b .krb5-kdf
 %patch61 -p1 -b .intel-cet
 %patch65 -p1 -b .drbg-selftest
 %build
@ -460,6 +458,11 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 %changelog
 * Wed Mar 18 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1e-1
 - update to the 1.1.1e release
 - add selftest of the RAND_DRBG implementation
 - fix incorrect error return value from FIPS_selftest_dsa
 * Mon Feb 17 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-7
 - apply Intel CET support patches by hjl (#1788699)
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-1.1.1d-hobbled.tar.xz) = c350e4669b82dcbc7fcc997726e376392e2ee0c92c37a952eb02369f05780a8d1b0c265f6264ce0e7619e44200d2d057e3fdcb0fe22c168dfb28e9381841fc00
+SHA512 (openssl-1.1.1e-hobbled.tar.xz) = b0b415b376e12d7a74eeb915315741a9d4d3cef953969edb632d4683ea088e607ebeba37c4be0c781ca839ec20c108166faf5e228d7642217f86f7ab1a3ef15a
`@ -1 +1 @@`
	`SHA512 (openssl-1.1.1d-hobbled.tar.xz) = c350e4669b82dcbc7fcc997726e376392e2ee0c92c37a952eb02369f05780a8d1b0c265f6264ce0e7619e44200d2d057e3fdcb0fe22c168dfb28e9381841fc00`	`SHA512 (openssl-1.1.1e-hobbled.tar.xz) = b0b415b376e12d7a74eeb915315741a9d4d3cef953969edb632d4683ea088e607ebeba37c4be0c781ca839ec20c108166faf5e228d7642217f86f7ab1a3ef15a`