diff --git a/mozilla-nss.changes b/mozilla-nss.changes
index 96f5e75..eefe421 100644
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Mon Dec  5 13:32:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- update to NSS 3.85
+  * bmo#1792821 - Modification of the primes.c and dhe-params.c in
+                  order to have better looking tables
+  * bmo#1796815 - Update zlib in NSS to 1.2.13
+  * bmo#1796504 - Skip building modutil and shlibsign when building
+                  in Firefox
+  * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
+  * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
+  * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
+                  and -Wtype-limits warnings
+  * bmo#1796281 - Followup: add missing stdint.h include
+  * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
+  * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
+                  warnings on Windows
+  * bmo#1796079 - Fix -Wstring-conversion warnings
+  * bmo#1796075 - Fix -Wempty-body warnings
+  * bmo#1795242 - Fix unused-but-set-parameter warning
+  * bmo#1795241 - Fix unreachable-code warnings
+  * bmo#1795222 - Mark _nss_version_c unused on clang-cl
+  * bmo#1795668 - Remove redundant variable definitions in lowhashtest
+  * Add note about python executable to build instructions.
+
 -------------------------------------------------------------------
 Fri Nov 11 14:06:58 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
 
diff --git a/mozilla-nss.spec b/mozilla-nss.spec
index ca0fdfd..c34b680 100644
--- a/mozilla-nss.spec
+++ b/mozilla-nss.spec
@@ -17,14 +17,14 @@
 #
 
 
-%global nss_softokn_fips_version 3.84
+%global nss_softokn_fips_version 3.85
 %define NSPR_min_version 4.35
 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
 %define nssdbdir %{_sysconfdir}/pki/nssdb
 Name:           mozilla-nss
-Version:        3.84
+Version:        3.85
 Release:        0
-%define underscore_version 3_84
+%define underscore_version 3_85
 Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
diff --git a/nss-3.84.tar.gz b/nss-3.84.tar.gz
deleted file mode 100644
index b079946..0000000
--- a/nss-3.84.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9a387ffe350ff14f001d943f96cc0c064891551d71e1a97a5ddbffe7f1207a25
-size 84851235
diff --git a/nss-3.85.tar.gz b/nss-3.85.tar.gz
new file mode 100644
index 0000000..b8b7ed0
--- /dev/null
+++ b/nss-3.85.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:afd9d64510b1154debbd6cab3571e9ff64a3373898e03483e4c85cdada13d297
+size 84717969
diff --git a/nss-fips-aes-keywrap-post.patch b/nss-fips-aes-keywrap-post.patch
index ec4bab3..fcd782b 100644
--- a/nss-fips-aes-keywrap-post.patch
+++ b/nss-fips-aes-keywrap-post.patch
@@ -8,15 +8,12 @@ commit e78f5a6a2124ce88002796d6aaefc6232f132526
 Author: Hans Petter Jansson <hpj@cl.no>
     AES Keywrap POST.
 
-diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
---- a/lib/freebl/fipsfreebl.c
-+++ b/lib/freebl/fipsfreebl.c
-@@ -107,16 +107,19 @@ BOOL WINAPI DllMain(
- #define FIPS_AES_BLOCK_SIZE 16     /* 128-bits */
- #define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
- #define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
- #define FIPS_AES_CMAC_LENGTH 16    /* 128-bits */
- #define FIPS_AES_128_KEY_SIZE 16   /* 128-bits */
+
+diff --git nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c
+index ecbe9e0..3fec612 100644
+--- nss/lib/freebl/fipsfreebl.c
++++ nss/lib/freebl/fipsfreebl.c
+@@ -113,6 +113,9 @@ DllMain(
  #define FIPS_AES_192_KEY_SIZE 24   /* 192-bits */
  #define FIPS_AES_256_KEY_SIZE 32   /* 256-bits */
  
@@ -26,17 +23,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
  /* FIPS preprocessor directives for message digests             */
  #define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
  
- /* FIPS preprocessor directives for RSA.                         */
- #define FIPS_RSA_TYPE siBuffer
- #define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3    /*   24-bits */
- #define FIPS_RSA_PRIVATE_VERSION_LENGTH 1    /*    8-bits */
- #define FIPS_RSA_MESSAGE_LENGTH 256          /* 2048-bits */
-@@ -296,16 +299,19 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
-     static const PRUint8 aes_cbc_known_initialization_vector[] =
-         { "SecurityytiruceS" };
- 
-     /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
-     static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
+@@ -300,6 +303,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
  
      static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" };
  
@@ -46,17 +33,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
      /* AES Known Ciphertext (128-bit key). */
      static const PRUint8 aes_ecb128_known_ciphertext[] = {
          0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1,
-         0x03, 0x88, 0x16, 0x7b, 0x20, 0xbf, 0x35, 0x47
-     };
- 
-     static const PRUint8 aes_cbc128_known_ciphertext[] = {
-         0xcf, 0x15, 0x1d, 0x4f, 0x96, 0xe4, 0x4f, 0x63,
-@@ -366,33 +372,56 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
-     };
- 
-     static const PRUint8 aes_cmac256_known_ciphertext[] = {
-         0xc1, 0x26, 0x69, 0x32, 0x51, 0x13, 0x65, 0xac,
-         0x71, 0x23, 0xe4, 0xe7, 0xb9, 0x0c, 0x88, 0x9f
+@@ -370,6 +376,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
  
      };
  
@@ -82,12 +59,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
      const PRUint8 *aes_ecb_known_ciphertext =
          (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext;
  
-     const PRUint8 *aes_cbc_known_ciphertext =
-         (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext : aes_cbc256_known_ciphertext;
- 
-     const PRUint8 *aes_gcm_known_ciphertext =
-         (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_gcm128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_gcm192_known_ciphertext : aes_gcm256_known_ciphertext;
- 
+@@ -382,11 +407,15 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
      const PRUint8 *aes_cmac_known_ciphertext =
          (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cmac128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cmac192_known_ciphertext : aes_cmac256_known_ciphertext;
  
@@ -103,17 +75,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
      unsigned int aes_bytes_encrypted;
      unsigned int aes_bytes_decrypted;
      CK_NSS_GCM_PARAMS gcmParams;
-     SECStatus aes_status;
- 
-     /*check if aes_key_size is 128, 192, or 256 bits */
-     if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
-         (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
-@@ -609,16 +638,62 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
-     if ((aes_status != SECSuccess) ||
-         (aes_bytes_encrypted != FIPS_AES_CMAC_LENGTH) ||
-         (PORT_Memcmp(aes_computed_ciphertext, aes_cmac_known_ciphertext,
-                      FIPS_AES_CMAC_LENGTH) != 0)) {
-         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+@@ -613,6 +642,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
          return (SECFailure);
      }
  
@@ -166,8 +128,3 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
      return (SECSuccess);
  }
  
- /* Known Hash Message (512-bits).  Used for all hashes (incl. SHA-N [N>1]). */
- static const PRUint8 known_hash_message[] = {
-     "The test message for the MD2, MD5, and SHA-1 hashing algorithms."
- };
- 
diff --git a/nss-fips-pbkdf-kat-compliance.patch b/nss-fips-pbkdf-kat-compliance.patch
index e09155b..a134813 100644
--- a/nss-fips-pbkdf-kat-compliance.patch
+++ b/nss-fips-pbkdf-kat-compliance.patch
@@ -1,8 +1,8 @@
-Index: nss/lib/softoken/lowpbe.c
-===================================================================
---- nss.orig/lib/softoken/lowpbe.c
+diff --git nss/lib/softoken/lowpbe.c b/nss/lib/softoken/lowpbe.c
+index fae9e18..1c55642 100644
+--- nss/lib/softoken/lowpbe.c
 +++ nss/lib/softoken/lowpbe.c
-@@ -1745,7 +1745,7 @@ loser:
+@@ -1756,7 +1756,7 @@ loser:
      return ret_algid;
  }
  
@@ -11,19 +11,17 @@ Index: nss/lib/softoken/lowpbe.c
  SECStatus
  sftk_fips_pbkdf_PowerUpSelfTests(void)
  {
-@@ -1755,17 +1755,22 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
+@@ -1766,16 +1766,21 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
      unsigned char iteration_count = 5;
      unsigned char keyLen = 64;
      char *inKeyData = TEST_KEY;
--    static const unsigned char saltData[] =
--        { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
+-    static const unsigned char saltData[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
 +    static const unsigned char saltData[] = {
 +        0x11, 0x39, 0x93, 0x54, 0x1C, 0xDD, 0xD7, 0x18,
 +        0x2F, 0x4A, 0xC1, 0x14, 0x03, 0x7A, 0x0B, 0x64,
 +        0x48, 0x99, 0xF4, 0x6D, 0xB7, 0x48, 0xE3, 0x3B,
 +        0x91, 0xBF, 0x65, 0xA9, 0x26, 0x83, 0xE8, 0x22
 +    };
-+
      static const unsigned char pbkdf_known_answer[] = {
 -        0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29,
 -        0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c,
@@ -44,7 +42,7 @@ Index: nss/lib/softoken/lowpbe.c
      };
  
      sftk_PBELockInit();
-@@ -1794,11 +1799,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
+@@ -1804,11 +1809,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
       * for NSSPKCS5_PBKDF2 */
      pbe_params.iter = iteration_count;
      pbe_params.keyLen = keyLen;