diff --git a/backport-ASN1-Reset-the-content-dump-flag-after-dumping.patch b/backport-ASN1-Reset-the-content-dump-flag-after-dumping.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ae5c0decc2adf5a656a533908cf6bc610c408338
--- /dev/null
+++ b/backport-ASN1-Reset-the-content-dump-flag-after-dumping.patch
@@ -0,0 +1,39 @@
+From ffefffa000437da5703dd8a173386623304b055d Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Sat, 20 Mar 2021 09:09:40 +0100
+Subject: [PATCH] ASN1: Reset the content dump flag after dumping
+
+When encountering a badly coded item, the DER printer (ASN1_print_dump())
+sets a flag to ensure that an additional hex dump of the offending content
+is printed as part of the output.  Unfortunately, this flag is never reset,
+which means that all following items are printed with the extra hex dump,
+whether they are faulty or not.
+
+Resetting the flag after hex dumping ensures that only the faulty contents
+are printed with the additional hex dump.
+
+Fixes #14626
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/14627)
+
+(cherry picked from commit 6e34a1048ce4871371eac224b995c3b4338f6166)
+---
+ crypto/asn1/asn1_par.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
+index 3f10c7cb94..d45f810bce 100644
+--- a/crypto/asn1/asn1_par.c
++++ b/crypto/asn1/asn1_par.c
+@@ -325,6 +325,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                 }
+                 if (BIO_puts(bp, "]") <= 0)
+                     goto end;
++                dump_cont = 0;
+             }
+ 
+             if (!nl) {
+-- 
+2.33.0
+
diff --git a/backport-Don-t-reset-the-packet-pointer-in-ssl3_setup_read_bu.patch b/backport-Don-t-reset-the-packet-pointer-in-ssl3_setup_read_bu.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5b51fdf46e79df05cc2a0ad3c6967f19c62d0499
--- /dev/null
+++ b/backport-Don-t-reset-the-packet-pointer-in-ssl3_setup_read_bu.patch
@@ -0,0 +1,35 @@
+From 97664088f3b332cfd462e3d209983115ef88cfc9 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 13 Jul 2021 17:19:12 +0100
+Subject: [PATCH] Don't reset the packet pointer in ssl3_setup_read_buffer
+
+Sometimes this function gets called when the buffers have already been
+set up. If there is already a partial packet in the read buffer then the
+packet pointer will be set to an incorrect value. The packet pointer already
+gets reset to the correct value when we first read a packet anyway, so we
+don't also need to do it in ssl3_setup_read_buffer.
+
+Fixes #13729
+
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/16098)
+---
+ ssl/record/ssl3_buffer.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
+index 9b2a6964c6..c99f5bd249 100644
+--- a/ssl/record/ssl3_buffer.c
++++ b/ssl/record/ssl3_buffer.c
+@@ -74,7 +74,6 @@ int ssl3_setup_read_buffer(SSL *s)
+         b->len = len;
+     }
+ 
+-    RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
+     return 1;
+ }
+ 
+-- 
+2.33.0
+
diff --git a/backport-bn-procduce-correct-sign-for-result-of-BN_mod.patch b/backport-bn-procduce-correct-sign-for-result-of-BN_mod.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4ca6f6035f7888f1bfcc5395f44103ec2a3860c0
--- /dev/null
+++ b/backport-bn-procduce-correct-sign-for-result-of-BN_mod.patch
@@ -0,0 +1,157 @@
+From f8fc0e35e0b1813af15887d42e17b7d5537bb86c Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Mon, 5 Jul 2021 11:01:59 +1000
+Subject: [PATCH] bn: procduce correct sign for result of BN_mod()
+
+There is a problem that appears when calling BN_div(a, c, a, b) with negative b.
+In this case, the sign of the remainder c is incorrect.  The problem only
+occurs if the dividend and the quotient are the same BIGNUM.
+
+Fixes #15982
+
+Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/15991)
+
+(cherry picked from commit 105c83150f15af3f78ea0758859062842bdbe30e)
+---
+ crypto/bn/bn_div.c |  7 +++--
+ test/bntest.c      | 77 ++++++++++++++++++++++++++++++++++++++++++++--
+ 2 files changed, 79 insertions(+), 5 deletions(-)
+
+diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
+index 286d69c895..4a6889900e 100644
+--- a/crypto/bn/bn_div.c
++++ b/crypto/bn/bn_div.c
+@@ -268,7 +268,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+     BIGNUM *tmp, *snum, *sdiv, *res;
+     BN_ULONG *resp, *wnum, *wnumtop;
+     BN_ULONG d0, d1;
+-    int num_n, div_n;
++    int num_n, div_n, num_neg;
+ 
+     assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
+ 
+@@ -326,7 +326,8 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+     /* Setup quotient */
+     if (!bn_wexpand(res, loop))
+         goto err;
+-    res->neg = (num->neg ^ divisor->neg);
++    num_neg = num->neg;
++    res->neg = (num_neg ^ divisor->neg);
+     res->top = loop;
+     res->flags |= BN_FLG_FIXED_TOP;
+     resp = &(res->d[loop]);
+@@ -442,7 +443,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+         *--resp = q;
+     }
+     /* snum holds remainder, it's as wide as divisor */
+-    snum->neg = num->neg;
++    snum->neg = num_neg;
+     snum->top = div_n;
+     snum->flags |= BN_FLG_FIXED_TOP;
+     if (rm != NULL)
+diff --git a/test/bntest.c b/test/bntest.c
+index 97d08ac0be..8bccfc4171 100644
+--- a/test/bntest.c
++++ b/test/bntest.c
+@@ -305,6 +305,75 @@ static int test_div_recip(void)
+     return st;
+ }
+ 
++static struct {
++    int n, divisor, result, remainder;
++} signed_mod_tests[] = {
++    {  10,   3,   3,   1 },
++    { -10,   3,  -3,  -1 },
++    {  10,  -3,  -3,   1 },
++    { -10,  -3,   3,  -1 },
++};
++
++static BIGNUM *set_signed_bn(int value)
++{
++    BIGNUM *bn = BN_new();
++
++    if (bn == NULL)
++        return NULL;
++    if (!BN_set_word(bn, value < 0 ? -value : value)) {
++        BN_free(bn);
++        return NULL;
++    }
++    BN_set_negative(bn, value < 0);
++    return bn;
++}
++
++static int test_signed_mod_replace_ab(int n)
++{
++    BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL;
++    int st = 0;
++
++    if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n))
++            || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor))
++            || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result))
++            || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder)))
++        goto err;
++
++    if (TEST_true(BN_div(a, b, a, b, ctx))
++            && TEST_BN_eq(a, c)
++            && TEST_BN_eq(b, d))
++        st = 1;
++ err:
++    BN_free(a);
++    BN_free(b);
++    BN_free(c);
++    BN_free(d);
++    return st;
++}
++
++static int test_signed_mod_replace_ba(int n)
++{
++    BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL;
++    int st = 0;
++
++    if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n))
++            || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor))
++            || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result))
++            || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder)))
++        goto err;
++
++    if (TEST_true(BN_div(b, a, a, b, ctx))
++            && TEST_BN_eq(b, c)
++            && TEST_BN_eq(a, d))
++        st = 1;
++ err:
++    BN_free(a);
++    BN_free(b);
++    BN_free(c);
++    BN_free(d);
++    return st;
++}
++
+ static int test_mod(void)
+ {
+     BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL;
+@@ -326,8 +395,10 @@ static int test_mod(void)
+         BN_set_negative(b, rand_neg());
+         if (!(TEST_true(BN_mod(c, a, b, ctx))
+                 && TEST_true(BN_div(d, e, a, b, ctx))
+-                && TEST_true(BN_sub(e, e, c))
+-                && TEST_BN_eq_zero(e)))
++                && TEST_BN_eq(e, c)
++                && TEST_true(BN_mul(c, d, b, ctx))
++                && TEST_true(BN_add(d, c, e))
++                && TEST_BN_eq(d, a)))
+             goto err;
+     }
+     st = 1;
+@@ -2759,6 +2830,8 @@ int setup_tests(void)
+     if (n == 0) {
+         ADD_TEST(test_sub);
+         ADD_TEST(test_div_recip);
++        ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests));
++        ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests));
+         ADD_TEST(test_mod);
+         ADD_TEST(test_modexp_mont5);
+         ADD_TEST(test_kronecker);
+-- 
+2.33.0
+
diff --git a/openssl.spec b/openssl.spec
index ebf0dce4227332ac54a988bd01e69e3566a3d69f..f1d0c3a2eaed8fc715266d360a9203b072b67e1f 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1f
-Release:     30
+Release:     31
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay and GPLv2+
 URL:         https://www.openssl.org/
@@ -130,6 +130,9 @@ Patch119:    backport-Add-test-for-empty-supported-groups-extension.patch
 Patch120:    backport-Do-not-send-an-empty-supported-groups-extension.patch
 Patch121:    backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch
 Patch122:    backport-Fix-a-memory-leak-in-crl_set_issuers.patch
+Patch123:    backport-ASN1-Reset-the-content-dump-flag-after-dumping.patch
+Patch124:    backport-Don-t-reset-the-packet-pointer-in-ssl3_setup_read_bu.patch
+Patch125:    backport-bn-procduce-correct-sign-for-result-of-BN_mod.patch
 
 BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel
 
@@ -313,6 +316,9 @@ make test || :
 %{_pkgdocdir}/html/
 
 %changelog
+* Fri Dec 08 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-31
+- backport some upstream patches
+
 * Mon Nov 27 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-30
 - backport some upstream patches