diff -Nru openssl-ibmca-2.2.0/ChangeLog openssl-ibmca-2.2.1/ChangeLog
--- openssl-ibmca-2.2.0/ChangeLog	2021-05-19 16:07:11.000000000 +0200
+++ openssl-ibmca-2.2.1/ChangeLog	2021-09-13 15:48:07.000000000 +0200
@@ -1,3 +1,6 @@
+* openssl-ibmca 2.2.1
+- Bug fixes
+
 * openssl-ibmca 2.2.0
 - Implement fallbacks based on OpenSSL
 - Disable software fallbacks from libica
diff -Nru openssl-ibmca-2.2.0/configure.ac openssl-ibmca-2.2.1/configure.ac
--- openssl-ibmca-2.2.0/configure.ac	2021-05-19 16:07:11.000000000 +0200
+++ openssl-ibmca-2.2.1/configure.ac	2021-09-13 15:48:07.000000000 +0200
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 # See autoconf and autoscan online documentation for details.
 
-AC_INIT([openssl-ibmca], [2.2.0], [opencryptoki-users@lists.sf.net])
+AC_INIT([openssl-ibmca], [2.2.1], [opencryptoki-users@lists.sf.net])
 AC_CONFIG_SRCDIR([src/e_ibmca.c]) # sanity check
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_AUX_DIR([build-aux])
diff -Nru openssl-ibmca-2.2.0/debian/changelog openssl-ibmca-2.2.1/debian/changelog
--- openssl-ibmca-2.2.0/debian/changelog	2021-12-07 15:45:01.000000000 +0100
+++ openssl-ibmca-2.2.1/debian/changelog	2022-01-20 15:44:47.000000000 +0100
@@ -1,3 +1,9 @@
+openssl-ibmca (2.2.1-0ubuntu1) jammy; urgency=medium
+
+  * New upstream release. LP: #1958419 
+
+ -- Frank Heimes <frank.heimes@canonical.com>  Thu, 20 Jan 2022 15:44:47 +0100
+
 openssl-ibmca (2.2.0-0ubuntu2) jammy; urgency=medium
 
   * No-change rebuild against openssl3
diff -Nru openssl-ibmca-2.2.0/openssl-ibmca.spec openssl-ibmca-2.2.1/openssl-ibmca.spec
--- openssl-ibmca-2.2.0/openssl-ibmca.spec	2021-05-19 16:07:11.000000000 +0200
+++ openssl-ibmca-2.2.1/openssl-ibmca.spec	2021-09-13 15:48:07.000000000 +0200
@@ -1,7 +1,7 @@
 %global enginesdir %(pkg-config --variable=enginesdir libcrypto)
 
 Name:       openssl-ibmca
-Version:    2.2.0
+Version:    2.2.1
 Release:    1%{?dist}
 Summary:    An IBMCA OpenSSL dynamic engine
 
@@ -44,6 +44,9 @@
 %{_mandir}/man5/ibmca.5*
 
 %changelog
+* Mon Sep 13 2021 Juergen Christ <jchrist@linux.ibm.com> 2.2.1
+- Update Version
+
 * Wed May 19 2021 Juergen Christ <jchrist@linux.ibm.com> 2.2.0
 - Update Version
 
diff -Nru openssl-ibmca-2.2.0/src/ibmca_dh.c openssl-ibmca-2.2.1/src/ibmca_dh.c
--- openssl-ibmca-2.2.0/src/ibmca_dh.c	2021-05-19 16:07:11.000000000 +0200
+++ openssl-ibmca-2.2.1/src/ibmca_dh.c	2021-09-13 15:48:07.000000000 +0200
@@ -72,7 +72,7 @@
 
     if ((method = DH_meth_new("Ibmca DH method", 0)) == NULL
         || (meth1 = DH_OpenSSL()) == NULL
-	    || (ibmca_mod_exp_dh_backup = DH_meth_get_bn_mod_exp(method)) == NULL
+	    || (ibmca_mod_exp_dh_backup = DH_meth_get_bn_mod_exp(meth1)) == NULL
         || !DH_meth_set_generate_key(method, DH_meth_get_generate_key(meth1))
         || !DH_meth_set_compute_key(method, DH_meth_get_compute_key(meth1))
         || !DH_meth_set_bn_mod_exp(method, ibmca_mod_exp_dh)
diff -Nru openssl-ibmca-2.2.0/src/ibmca_dsa.c openssl-ibmca-2.2.1/src/ibmca_dsa.c
--- openssl-ibmca-2.2.0/src/ibmca_dsa.c	2021-05-19 16:07:11.000000000 +0200
+++ openssl-ibmca-2.2.1/src/ibmca_dsa.c	2021-09-13 15:48:07.000000000 +0200
@@ -28,18 +28,10 @@
  * RSA. Just check out the "signs" statistics from the RSA and DSA parts
  * of "openssl speed -engine ibmca dsa1024 rsa1024". */
 #ifdef OLDER_OPENSSL
-static int (*ibmca_dsa_mod_exp_backup)(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                                       BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
-                                       BIGNUM *m, BN_CTX *ctx,
-                                       BN_MONT_CTX *in_mont);
 static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
                              BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
                              BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 #else
-static int (*ibmca_dsa_mod_exp_backup)(DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
-                                       const BIGNUM *p1, const BIGNUM *a2,
-                                       const BIGNUM *p2, const BIGNUM *m,
-                                       BN_CTX *ctx, BN_MONT_CTX *in_mont);
 static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
                              const BIGNUM *p1, const BIGNUM *a2,
                              const BIGNUM *p2, const BIGNUM *m,
@@ -65,31 +57,25 @@
 end:
     BN_free(t);
 
-    if (!to_return && ibmca_dsa_mod_exp_backup)
-        return ibmca_dsa_mod_exp_backup(dsa, rr, a1, p1, a2, p2, m, ctx, in_mont);
+    if (!to_return)
+        return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
     return to_return;
 }
 
 #ifdef OLDER_OPENSSL
-static int (*ibmca_mod_exp_dsa_backup)(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                       const BIGNUM *p, const BIGNUM *m,
-                       BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 
 static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
                              const BIGNUM *p, const BIGNUM *m,
                              BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 #else
-static int (*ibmca_mod_exp_dsa_backup)(DSA *dsa, BIGNUM *r, const BIGNUM *a,
-                       const BIGNUM *p, const BIGNUM *m,
-                       BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 
 static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, const BIGNUM *a,
                              const BIGNUM *p, const BIGNUM *m,
                              BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 #endif
 {
-    if (!ibmca_mod_exp(r, a, p, m, ctx) && ibmca_mod_exp_dsa_backup)
-        return ibmca_mod_exp_dsa_backup(dsa, r, a, p, m, ctx, m_ctx);
+    if (!ibmca_mod_exp(r, a, p, m, ctx))
+        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
     return 1;
 }
 
@@ -112,8 +98,6 @@
 {
     const DSA_METHOD *meth1 = DSA_OpenSSL();
 
-    ibmca_dsa_mod_exp_backup = dsa->dsa_mod_exp;
-    ibmca_mod_exp_dsa_backup = dsa->bn_mod_exp;
     dsa_m.dsa_do_sign = meth1->dsa_do_sign;
     dsa_m.dsa_sign_setup = meth1->dsa_sign_setup;
     dsa_m.dsa_do_verify = meth1->dsa_do_verify;
@@ -133,8 +117,6 @@
 
     if ((method = DSA_meth_new("Ibmca DSA method", 0)) == NULL
         || (meth1 = DSA_OpenSSL()) == NULL
-        || (ibmca_dsa_mod_exp_backup = DSA_meth_get_mod_exp(meth1)) == NULL
-        || (ibmca_mod_exp_dsa_backup = DSA_meth_get_bn_mod_exp(meth1)) == NULL
         || !DSA_meth_set_sign(method, DSA_meth_get_sign(meth1))
         || !DSA_meth_set_sign_setup(method, DSA_meth_get_sign_setup(meth1))
         || !DSA_meth_set_verify(method, DSA_meth_get_verify(meth1))
diff -Nru openssl-ibmca-2.2.0/src/Makefile.am openssl-ibmca-2.2.1/src/Makefile.am
--- openssl-ibmca-2.2.0/src/Makefile.am	2021-05-19 16:07:11.000000000 +0200
+++ openssl-ibmca-2.2.1/src/Makefile.am	2021-09-13 15:48:07.000000000 +0200
@@ -1,4 +1,4 @@
-VERSION = 2:2:0
+VERSION = 2:2:1
 
 lib_LTLIBRARIES=ibmca.la
 
diff -Nru openssl-ibmca-2.2.0/test/eckey.c openssl-ibmca-2.2.1/test/eckey.c
--- openssl-ibmca-2.2.0/test/eckey.c	2021-05-19 16:07:11.000000000 +0200
+++ openssl-ibmca-2.2.1/test/eckey.c	2021-09-13 15:48:07.000000000 +0200
@@ -44,6 +44,10 @@
         fprintf(stderr, "ibmca engine not loaded\n");
         goto out;
     }
+    if (ENGINE_get_EC(engine) == NULL) {
+        fprintf(stderr, "ibmca does not support EC_KEY.  Skipping...\n");
+        exit(77);
+    }
     eckey = EC_KEY_new_by_curve_name(nid);
     if (eckey == NULL) {
         /* curve not supported => test passed */