Update to 3.0.7

2022-11-28 16:02:01 +01:00 · 2022-11-28 16:02:01 +01:00 · 4084b84740
commit 4084b84740
parent f0b7b5007e
16 changed files with 171 additions and 167 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,3 +15,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-3.0.2-hobbled.tar.gz
 /openssl-3.0.3-hobbled.tar.gz
 /openssl-3.0.5-hobbled.tar.xz
 /openssl-3.0.7-hobbled.tar.xz
--- a/0001-Aarch64-and-ppc64le-use-lib64.patch
+++ b/0001-Aarch64-and-ppc64le-use-lib64.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/Configurations/10-main.conf openssl-3.0.5-new/Configurations/10-main.conf
+diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/10-main.conf openssl-3.0.7-hobbled-new/Configurations/10-main.conf
--- openssl-3.0.5/Configurations/10-main.conf	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/Configurations/10-main.conf	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/Configurations/10-main.conf	2022-07-08 10:09:52.290097943 +0200
+++ openssl-3.0.7-hobbled-new/Configurations/10-main.conf	2022-11-28 16:00:16.782820256 +0100
@@ -730,6 +730,7 @@ my %targets = (
         lib_cppflags     => add("-DL_ENDIAN"),
         asm_arch         => 'ppc64',
--- a/0002-Use-more-general-default-values-in-openssl.cnf.patch
+++ b/0002-Use-more-general-default-values-in-openssl.cnf.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf
+diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf
--- openssl-3.0.5/apps/openssl.cnf	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/apps/openssl.cnf	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/apps/openssl.cnf	2022-07-08 10:09:52.488097947 +0200
+++ openssl-3.0.7-hobbled-new/apps/openssl.cnf	2022-11-28 16:00:17.034822079 +0100
@@ -111,7 +111,7 @@ cert_opt 	= ca_default		# Certificate fi
 default_days	= 365			# how long to certify for
--- a/0003-Do-not-install-html-docs.patch
+++ b/0003-Do-not-install-html-docs.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/Configurations/unix-Makefile.tmpl openssl-3.0.5-new/Configurations/unix-Makefile.tmpl
+diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl
--- openssl-3.0.5/Configurations/unix-Makefile.tmpl	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/Configurations/unix-Makefile.tmpl	2022-07-08 10:09:52.683097951 +0200
+++ openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl	2022-11-28 16:00:17.274823815 +0100
@@ -611,7 +611,7 @@ install_sw: install_dev install_engines
 uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
--- a/0004-Override-default-paths-for-the-CA-directory-tree.patch
+++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/apps/CA.pl.in openssl-3.0.5-new/apps/CA.pl.in
+diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/CA.pl.in openssl-3.0.7-hobbled-new/apps/CA.pl.in
--- openssl-3.0.5/apps/CA.pl.in	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/apps/CA.pl.in	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/apps/CA.pl.in	2022-07-08 10:09:52.871097956 +0200
+++ openssl-3.0.7-hobbled-new/apps/CA.pl.in	2022-11-28 16:00:17.505825485 +0100
@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
 my $PKCS12 = "$openssl pkcs12";
@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.5/apps/CA.pl.in openssl-3.0.5-new/apps/C
 my $CAKEY = "cakey.pem";
 my $CAREQ = "careq.pem";
 my $CACERT = "cacert.pem";
-diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf
+diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf
--- openssl-3.0.5/apps/openssl.cnf	2022-07-08 10:09:52.679097951 +0200
+--- openssl-3.0.7-hobbled/apps/openssl.cnf	2022-11-28 16:00:17.270823786 +0100
-+++ openssl-3.0.5-new/apps/openssl.cnf	2022-07-08 10:09:52.871097956 +0200
+++ openssl-3.0.7-hobbled-new/apps/openssl.cnf	2022-11-28 16:00:17.505825485 +0100
@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7
 [openssl_init]
--- a/0005-apps-ca-fix-md-option-help-text.patch
+++ b/0005-apps-ca-fix-md-option-help-text.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/apps/ca.c openssl-3.0.5-new/apps/ca.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/ca.c openssl-3.0.7-hobbled-new/apps/ca.c
--- openssl-3.0.5/apps/ca.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/apps/ca.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/apps/ca.c	2022-07-08 10:09:53.057097960 +0200
+++ openssl-3.0.7-hobbled-new/apps/ca.c	2022-11-28 16:00:17.738827171 +0100
@@ -210,7 +210,7 @@ const OPTIONS ca_options[] = {
     {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
--- a/0006-Disable-signature-verification-with-totally-unsafe-h.patch
+++ b/0006-Disable-signature-verification-with-totally-unsafe-h.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/crypto/asn1/a_verify.c openssl-3.0.5-new/crypto/asn1/a_verify.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/asn1/a_verify.c openssl-3.0.7-hobbled-new/crypto/asn1/a_verify.c
--- openssl-3.0.5/crypto/asn1/a_verify.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/crypto/asn1/a_verify.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/crypto/asn1/a_verify.c	2022-07-08 10:09:53.250097964 +0200
+++ openssl-3.0.7-hobbled-new/crypto/asn1/a_verify.c	2022-11-28 16:00:17.971828856 +0100
@@ -153,6 +153,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM
             ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
         if (ret <= 1)
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/Configurations/unix-Makefile.tmpl openssl-3.0.5-new/Configurations/unix-Makefile.tmpl
+diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl
--- openssl-3.0.5/Configurations/unix-Makefile.tmpl	2022-07-08 10:09:52.868097956 +0200
+--- openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl	2022-11-28 16:00:17.501825456 +0100
-+++ openssl-3.0.5-new/Configurations/unix-Makefile.tmpl	2022-07-08 10:09:53.438097968 +0200
+++ openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl	2022-11-28 16:00:18.203830534 +0100
@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
 DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
 HTMLDIR=$(DOCDIR)/html
@ -20,10 +20,10 @@ diff -rupN --no-dereference openssl-3.0.5/Configurations/unix-Makefile.tmpl open
                                   (map { "-I".$_} @{$config{CPPINCLUDES}}),
                                   @{$config{CPPFLAGS}}) -}
 CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
-diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure
+diff -rupN --no-dereference openssl-3.0.7-hobbled/Configure openssl-3.0.7-hobbled-new/Configure
--- openssl-3.0.5/Configure	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/Configure	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/Configure	2022-07-08 10:09:53.439097968 +0200
+++ openssl-3.0.7-hobbled-new/Configure	2022-11-28 16:00:18.204830541 +0100
-@@ -28,7 +28,7 @@ use OpenSSL::config;
+@@ -27,7 +27,7 @@ use OpenSSL::config;
 my $orig_death_handler = $SIG{__DIE__};
 $SIG{__DIE__} = \&death_handler;
@ -32,7 +32,7 @@ diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure
 my $banner = <<"EOF";
-@@ -62,6 +62,10 @@ EOF
+@@ -61,6 +61,10 @@ EOF
 #               given with --prefix.
 #               This becomes the value of OPENSSLDIR in Makefile and in C.
 #               (Default: PREFIX/ssl)
@ -43,7 +43,7 @@ diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure
 # --banner=".." Output specified text instead of default completion banner
 #
 # -w            Don't wait after showing a Configure warning
-@@ -388,6 +392,7 @@ $config{prefix}="";
+@@ -387,6 +391,7 @@ $config{prefix}="";
 $config{openssldir}="";
 $config{processor}="";
 $config{libdir}="";
@ -51,7 +51,7 @@ diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure
 my $auto_threads=1;    # enable threads automatically? true by default
 my $default_ranlib;
-@@ -990,6 +995,10 @@ while (@argvcopy)
+@@ -989,6 +994,10 @@ while (@argvcopy)
                         die "FIPS key too long (64 bytes max)\n"
                            if length $1 > 64;
                         }
@ -62,9 +62,9 @@ diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure
                 elsif (/^--banner=(.*)$/)
                         {
                         $banner = $1 . "\n";
-diff -rupN --no-dereference openssl-3.0.5/doc/man1/openssl-ciphers.pod.in openssl-3.0.5-new/doc/man1/openssl-ciphers.pod.in
+diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man1/openssl-ciphers.pod.in openssl-3.0.7-hobbled-new/doc/man1/openssl-ciphers.pod.in
--- openssl-3.0.5/doc/man1/openssl-ciphers.pod.in	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/doc/man1/openssl-ciphers.pod.in	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/doc/man1/openssl-ciphers.pod.in	2022-07-08 10:09:53.439097968 +0200
+++ openssl-3.0.7-hobbled-new/doc/man1/openssl-ciphers.pod.in	2022-11-28 16:00:18.204830541 +0100
@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
 The cipher suites not enabled by B<ALL>, currently B<eNULL>.
@ -81,9 +81,9 @@ diff -rupN --no-dereference openssl-3.0.5/doc/man1/openssl-ciphers.pod.in openss
 =item B<HIGH>
 "High" encryption cipher suites. This currently means those with key lengths
-diff -rupN --no-dereference openssl-3.0.5/include/openssl/ssl.h.in openssl-3.0.5-new/include/openssl/ssl.h.in
+diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/ssl.h.in openssl-3.0.7-hobbled-new/include/openssl/ssl.h.in
--- openssl-3.0.5/include/openssl/ssl.h.in	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/include/openssl/ssl.h.in	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/include/openssl/ssl.h.in	2022-07-08 10:09:53.439097968 +0200
+++ openssl-3.0.7-hobbled-new/include/openssl/ssl.h.in	2022-11-28 16:00:18.205830548 +0100
@@ -205,6 +205,11 @@ extern "C" {
  * throwing out anonymous and unencrypted ciphersuites! (The latter are not
  * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
@ -96,10 +96,10 @@ diff -rupN --no-dereference openssl-3.0.5/include/openssl/ssl.h.in openssl-3.0.5
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 # define SSL_SENT_SHUTDOWN       1
-diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/ssl_ciph.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/ssl/ssl_ciph.c openssl-3.0.7-hobbled-new/ssl/ssl_ciph.c
--- openssl-3.0.5/ssl/ssl_ciph.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/ssl/ssl_ciph.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/ssl/ssl_ciph.c	2022-07-08 10:09:53.440097968 +0200
+++ openssl-3.0.7-hobbled-new/ssl/ssl_ciph.c	2022-11-28 16:00:18.206830555 +0100
-@@ -1436,6 +1436,53 @@ int SSL_set_ciphersuites(SSL *s, const c
+@@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c
     return ret;
 }
@ -153,7 +153,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
                                              STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
                                              STACK_OF(SSL_CIPHER) **cipher_list,
-@@ -1450,15 +1497,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1452,15 +1499,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
     CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
     const SSL_CIPHER **ca_list = NULL;
     const SSL_METHOD *ssl_method = ctx->method;
@ -181,7 +181,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s
     /*
      * To reduce the work to do we only want to process the compiled
-@@ -1480,7 +1537,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1482,7 +1539,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
     co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
     if (co_list == NULL) {
         ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
@ -190,7 +190,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s
     }
     ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1546,8 +1603,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1548,8 +1605,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
      * in force within each class
      */
     if (!ssl_cipher_strength_sort(&head, &tail)) {
@ -200,7 +200,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s
     }
     /*
-@@ -1591,9 +1647,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1593,9 +1649,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
     num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
     ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
     if (ca_list == NULL) {
@ -211,7 +211,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s
     }
     ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
                                disabled_mkey, disabled_auth, disabled_enc,
-@@ -1619,8 +1674,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1621,8 +1676,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
     OPENSSL_free(ca_list);      /* Not needed anymore */
     if (!ok) {                  /* Rule processing failure */
@ -221,7 +221,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s
     }
     /*
-@@ -1628,10 +1682,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1630,10 +1684,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
      * if we cannot get one.
      */
     if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@ -237,7 +237,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s
     /* Add TLSv1.3 ciphers first - we always prefer those if possible */
     for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
         const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
-@@ -1683,6 +1740,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1685,6 +1742,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
     *cipher_list = cipherstack;
     return cipherstack;
@ -252,9 +252,9 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s
 }
 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_lib.c openssl-3.0.5-new/ssl/ssl_lib.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/ssl/ssl_lib.c openssl-3.0.7-hobbled-new/ssl/ssl_lib.c
--- openssl-3.0.5/ssl/ssl_lib.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/ssl/ssl_lib.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/ssl/ssl_lib.c	2022-07-08 10:09:53.441097968 +0200
+++ openssl-3.0.7-hobbled-new/ssl/ssl_lib.c	2022-11-28 16:00:18.206830555 +0100
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
                                 ctx->tls13_ciphersuites,
                                 &(ctx->cipher_list),
@ -264,7 +264,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_lib.c openssl-3.0.5-new/ssl/ss
     if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
         ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
         return 0;
-@@ -3271,7 +3271,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li
+@@ -3285,7 +3285,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li
     if (!ssl_create_cipher_list(ret,
                                 ret->tls13_ciphersuites,
                                 &ret->cipher_list, &ret->cipher_list_by_id,
@ -273,9 +273,9 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_lib.c openssl-3.0.5-new/ssl/ss
         || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
         ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
         goto err2;
-diff -rupN --no-dereference openssl-3.0.5/test/cipherlist_test.c openssl-3.0.5-new/test/cipherlist_test.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/cipherlist_test.c openssl-3.0.7-hobbled-new/test/cipherlist_test.c
--- openssl-3.0.5/test/cipherlist_test.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/cipherlist_test.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/cipherlist_test.c	2022-07-08 10:09:53.441097968 +0200
+++ openssl-3.0.7-hobbled-new/test/cipherlist_test.c	2022-11-28 16:00:18.207830563 +0100
@@ -246,7 +246,9 @@ end:
 int setup_tests(void)
@ -286,9 +286,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/cipherlist_test.c openssl-3.0.5-n
     ADD_TEST(test_default_cipherlist_explicit);
     ADD_TEST(test_default_cipherlist_clear);
     return 1;
-diff -rupN --no-dereference openssl-3.0.5/util/libcrypto.num openssl-3.0.5-new/util/libcrypto.num
+diff -rupN --no-dereference openssl-3.0.7-hobbled/util/libcrypto.num openssl-3.0.7-hobbled-new/util/libcrypto.num
--- openssl-3.0.5/util/libcrypto.num	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/util/libcrypto.num	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/util/libcrypto.num	2022-07-08 10:09:53.442097968 +0200
+++ openssl-3.0.7-hobbled-new/util/libcrypto.num	2022-11-28 16:00:18.208830570 +0100
@@ -5427,3 +5427,4 @@ EVP_PKEY_get0_provider
 EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
 OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
--- a/0008-Add-FIPS_mode-compatibility-macro.patch
+++ b/0008-Add-FIPS_mode-compatibility-macro.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/include/openssl/crypto.h.in openssl-3.0.5-new/include/openssl/crypto.h.in
+diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/crypto.h.in openssl-3.0.7-hobbled-new/include/openssl/crypto.h.in
--- openssl-3.0.5/include/openssl/crypto.h.in	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/include/openssl/crypto.h.in	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/include/openssl/crypto.h.in	2022-07-08 10:09:53.638097973 +0200
+++ openssl-3.0.7-hobbled-new/include/openssl/crypto.h.in	2022-11-28 16:00:18.471832472 +0100
@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack
 # include <openssl/opensslconf.h>
 # include <openssl/cryptoerr.h>
@ -9,9 +9,9 @@ diff -rupN --no-dereference openssl-3.0.5/include/openssl/crypto.h.in openssl-3.
 # ifdef CHARSET_EBCDIC
 #  include <openssl/ebcdic.h>
-diff -rupN --no-dereference openssl-3.0.5/include/openssl/fips.h openssl-3.0.5-new/include/openssl/fips.h
+diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/fips.h openssl-3.0.7-hobbled-new/include/openssl/fips.h
--- openssl-3.0.5/include/openssl/fips.h	1970-01-01 01:00:00.000000000 +0100
+--- openssl-3.0.7-hobbled/include/openssl/fips.h	1970-01-01 01:00:00.000000000 +0100
-+++ openssl-3.0.5-new/include/openssl/fips.h	2022-07-08 10:09:53.638097973 +0200
+++ openssl-3.0.7-hobbled-new/include/openssl/fips.h	2022-11-28 16:00:18.472832479 +0100
@@ -0,0 +1,25 @@
 +/*
 + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
@ -38,9 +38,9 @@ diff -rupN --no-dereference openssl-3.0.5/include/openssl/fips.h openssl-3.0.5-n
 +}
 +# endif
 +#endif
-diff -rupN --no-dereference openssl-3.0.5/test/property_test.c openssl-3.0.5-new/test/property_test.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/property_test.c openssl-3.0.7-hobbled-new/test/property_test.c
--- openssl-3.0.5/test/property_test.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/property_test.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/property_test.c	2022-07-08 10:09:53.638097973 +0200
+++ openssl-3.0.7-hobbled-new/test/property_test.c	2022-11-28 16:00:18.472832479 +0100
@@ -624,6 +624,18 @@ static int test_property_list_to_string(
     return ret;
 }
--- a/0011-Remove-EC-curves.patch
+++ b/0011-Remove-EC-curves.patch
@ -1,7 +1,7 @@
-diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/speed.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/speed.c openssl-3.0.7-hobbled-new/apps/speed.c
--- openssl-3.0.5/apps/speed.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/apps/speed.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/apps/speed.c	2022-07-08 10:09:53.832097977 +0200
+++ openssl-3.0.7-hobbled-new/apps/speed.c	2022-11-28 16:00:18.706834172 +0100
-@@ -365,68 +365,23 @@ static double ffdh_results[FFDH_NUM][1];
+@@ -366,68 +366,23 @@ static double ffdh_results[FFDH_NUM][1];
 #endif /* OPENSSL_NO_DH */
 enum ec_curves_t {
@ -72,7 +72,7 @@ diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/sp
     {"ecdhx25519", R_EC_X25519},
     {"ecdhx448", R_EC_X448}
 };
-@@ -1418,31 +1373,10 @@ int speed_main(int argc, char **argv)
+@@ -1422,31 +1377,10 @@ int speed_main(int argc, char **argv)
      */
     static const EC_CURVE ec_curves[EC_NUM] = {
         /* Prime Curves */
@ -104,7 +104,7 @@ diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/sp
         /* Other and ECDH only ones */
         {"X25519", NID_X25519, 253},
         {"X448", NID_X448, 448}
-@@ -1470,8 +1404,8 @@ int speed_main(int argc, char **argv)
+@@ -1474,8 +1408,8 @@ int speed_main(int argc, char **argv)
     OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
     OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
@ -115,9 +115,9 @@ diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/sp
 #ifndef OPENSSL_NO_SM2
     OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
-diff -rupN --no-dereference openssl-3.0.5/crypto/evp/ec_support.c openssl-3.0.5-new/crypto/evp/ec_support.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/evp/ec_support.c openssl-3.0.7-hobbled-new/crypto/evp/ec_support.c
--- openssl-3.0.5/crypto/evp/ec_support.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/crypto/evp/ec_support.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/crypto/evp/ec_support.c	2022-07-08 10:09:53.832097977 +0200
+++ openssl-3.0.7-hobbled-new/crypto/evp/ec_support.c	2022-11-28 16:00:18.707834179 +0100
@@ -20,99 +20,12 @@ typedef struct ec_name2nid_st {
 static const EC_NAME2NID curve_list[] = {
     /* prime field curves */
@ -218,9 +218,9 @@ diff -rupN --no-dereference openssl-3.0.5/crypto/evp/ec_support.c openssl-3.0.5-
 };
 const char *OSSL_EC_curve_nid2name(int nid)
-diff -rupN --no-dereference openssl-3.0.5/test/acvp_test.inc openssl-3.0.5-new/test/acvp_test.inc
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/acvp_test.inc openssl-3.0.7-hobbled-new/test/acvp_test.inc
--- openssl-3.0.5/test/acvp_test.inc	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/acvp_test.inc	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/acvp_test.inc	2022-07-08 10:09:53.832097977 +0200
+++ openssl-3.0.7-hobbled-new/test/acvp_test.inc	2022-11-28 16:00:18.707834179 +0100
@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_
 };
 static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
@ -237,9 +237,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/acvp_test.inc openssl-3.0.5-new/t
         "SHA2-512",
         "P-521",
         ITM(ecdsa_sigver_msg1),
-diff -rupN --no-dereference openssl-3.0.5/test/ecdsatest.h openssl-3.0.5-new/test/ecdsatest.h
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ecdsatest.h openssl-3.0.7-hobbled-new/test/ecdsatest.h
--- openssl-3.0.5/test/ecdsatest.h	2022-07-05 13:32:40.000000000 +0200
+--- openssl-3.0.7-hobbled/test/ecdsatest.h	2022-11-28 15:56:54.042363693 +0100
-+++ openssl-3.0.5-new/test/ecdsatest.h	2022-07-08 10:09:53.833097977 +0200
+++ openssl-3.0.7-hobbled-new/test/ecdsatest.h	2022-11-28 16:00:18.708834186 +0100
@@ -32,23 +32,6 @@ typedef struct {
 } ecdsa_cavs_kat_t;
@ -264,10 +264,10 @@ diff -rupN --no-dereference openssl-3.0.5/test/ecdsatest.h openssl-3.0.5-new/tes
     /* prime KATs from NIST CAVP */
     {NID_secp224r1, NID_sha224,
      "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
-diff -rupN --no-dereference openssl-3.0.5/test/evp_extra_test.c openssl-3.0.5-new/test/evp_extra_test.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_extra_test.c openssl-3.0.7-hobbled-new/test/evp_extra_test.c
--- openssl-3.0.5/test/evp_extra_test.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/evp_extra_test.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/evp_extra_test.c	2022-07-08 10:09:53.834097977 +0200
+++ openssl-3.0.7-hobbled-new/test/evp_extra_test.c	2022-11-28 16:00:18.709834194 +0100
-@@ -3306,13 +3306,12 @@ err:
+@@ -3373,13 +3373,12 @@ err:
 #ifndef OPENSSL_NO_EC
 static int ecpub_nids[] = {
@ -282,9 +282,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/evp_extra_test.c openssl-3.0.5-ne
 };
 static int test_ecpub(int idx)
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/06-test_algorithmid.t openssl-3.0.5-new/test/recipes/06-test_algorithmid.t
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/06-test_algorithmid.t openssl-3.0.7-hobbled-new/test/recipes/06-test_algorithmid.t
--- openssl-3.0.5/test/recipes/06-test_algorithmid.t	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/recipes/06-test_algorithmid.t	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/06-test_algorithmid.t	2022-07-08 10:09:53.834097977 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/06-test_algorithmid.t	2022-11-28 16:00:18.709834194 +0100
@@ -33,7 +33,7 @@ my %certs_info =
          'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit',
          'ee-cert-ec-named-named' => 'ca-cert-ec-named',
@ -294,9 +294,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/06-test_algorithmid.t ope
         )
      )
     );
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/15-test_genec.t openssl-3.0.5-new/test/recipes/15-test_genec.t
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/15-test_genec.t openssl-3.0.7-hobbled-new/test/recipes/15-test_genec.t
--- openssl-3.0.5/test/recipes/15-test_genec.t	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/recipes/15-test_genec.t	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/15-test_genec.t	2022-07-08 10:09:53.834097977 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/15-test_genec.t	2022-11-28 16:00:18.709834194 +0100
@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport
     if disabled("ec");
@ -351,9 +351,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/15-test_genec.t openssl-3
     P-224
     P-256
     P-384
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/20-test_cli_fips.t openssl-3.0.5-new/test/recipes/20-test_cli_fips.t
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/20-test_cli_fips.t openssl-3.0.7-hobbled-new/test/recipes/20-test_cli_fips.t
--- openssl-3.0.5/test/recipes/20-test_cli_fips.t	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/recipes/20-test_cli_fips.t	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/20-test_cli_fips.t	2022-07-08 10:09:53.834097977 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/20-test_cli_fips.t	2022-11-28 16:00:18.709834194 +0100
@@ -26,7 +26,7 @@ use platform;
 my $no_check = disabled("fips") || disabled('fips-securitychecks');
 plan skip_all => "Test only supported in a fips build with security checks"
@ -363,7 +363,7 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/20-test_cli_fips.t openss
 my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
 my $fipsconf = srctop_file("test", "fips-and-base.cnf");
-@@ -158,60 +158,6 @@ sub tsignverify {
+@@ -170,60 +170,6 @@ sub tsignverify {
        $testtext);
 }
@ -424,9 +424,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/20-test_cli_fips.t openss
 SKIP: {
     skip "FIPS RSA tests because of no rsa in this build", 1
         if disabled("rsa");
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_ecc.txt
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_ecc.txt
--- openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ecc.txt	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_ecc.txt	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_ecc.txt	2022-07-08 10:09:53.836097977 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_ecc.txt	2022-11-28 16:00:18.711834208 +0100
@@ -1,3 +1,4 @@
 +
 #
@ -4731,9 +4731,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_
 -Ctrl=ecdh_cofactor_mode:1
 -Result=DERIVE_ERROR
 -Reason=point at infinity
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt
--- openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_mismatch.txt	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_mismatch.txt	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt	2022-07-08 10:09:53.836097977 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt	2022-11-28 16:00:18.711834208 +0100
@@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP
 x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
 -----END PUBLIC KEY-----
@ -4757,10 +4757,10 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_
 -
 -PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC
 -Result = KEYPAIR_TYPE_MISMATCH
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0.5-new/test/recipes/30-test_evp.t
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp.t openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t
--- openssl-3.0.5/test/recipes/30-test_evp.t	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/recipes/30-test_evp.t	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/30-test_evp.t	2022-07-08 10:09:53.836097977 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t	2022-11-28 16:00:18.711834208 +0100
-@@ -116,7 +116,6 @@ my @defltfiles = qw(
+@@ -117,7 +117,6 @@ my @defltfiles = qw(
                      evppkey_kdf_tls1_prf.txt
                      evppkey_rsa.txt
                     );
@ -4768,9 +4768,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0
 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
 plan tests =>
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_protect.t openssl-3.0.5-new/test/recipes/65-test_cmp_protect.t
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/65-test_cmp_protect.t openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_protect.t
--- openssl-3.0.5/test/recipes/65-test_cmp_protect.t	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/recipes/65-test_cmp_protect.t	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/65-test_cmp_protect.t	2022-07-08 10:09:53.836097977 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_protect.t	2022-11-28 16:00:18.711834208 +0100
@@ -7,7 +7,6 @@
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
@ -4788,9 +4788,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_protect.t ope
 my @basic_cmd = ("cmp_protect_test",
                  data_file("server.pem"),
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_vfy.t openssl-3.0.5-new/test/recipes/65-test_cmp_vfy.t
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/65-test_cmp_vfy.t openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_vfy.t
--- openssl-3.0.5/test/recipes/65-test_cmp_vfy.t	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/recipes/65-test_cmp_vfy.t	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/65-test_cmp_vfy.t	2022-07-08 10:09:53.836097977 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_vfy.t	2022-11-28 16:00:18.712834215 +0100
@@ -7,7 +7,6 @@
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
@ -4808,9 +4808,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_vfy.t openssl
 my @basic_cmd = ("cmp_vfy_test",
                  data_file("server.crt"),     data_file("client.crt"),
-diff -rupN --no-dereference openssl-3.0.5/test/ssl-tests/20-cert-select.cnf openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf
--- openssl-3.0.5/test/ssl-tests/20-cert-select.cnf	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf	2022-07-08 10:09:53.837097977 +0200
+++ openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf	2022-11-28 16:00:18.712834215 +0100
@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server
 client = 22-ECDSA with brainpool-client
@ -4883,9 +4883,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/ssl-tests/20-cert-select.cnf open
 # ===========================================================
-diff -rupN --no-dereference openssl-3.0.5/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf.in
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf.in
--- openssl-3.0.5/test/ssl-tests/20-cert-select.cnf.in	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf.in	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf.in	2022-07-08 10:09:53.837097977 +0200
+++ openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf.in	2022-11-28 16:00:18.712834215 +0100
@@ -428,21 +428,21 @@ my @tests_non_fips = (
     {
         name => "ECDSA with brainpool",
--- a/0012-Disable-explicit-ec.patch
+++ b/0012-Disable-explicit-ec.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/crypto/ec/ec_lib.c openssl-3.0.5-new/crypto/ec/ec_lib.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/ec/ec_lib.c openssl-3.0.7-hobbled-new/crypto/ec/ec_lib.c
--- openssl-3.0.5/crypto/ec/ec_lib.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/crypto/ec/ec_lib.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/crypto/ec/ec_lib.c	2022-07-08 10:09:54.040097982 +0200
+++ openssl-3.0.7-hobbled-new/crypto/ec/ec_lib.c	2022-11-28 16:00:18.970836081 +0100
@@ -1458,7 +1458,7 @@ static EC_GROUP *ec_group_explicit_to_na
                 goto err;
         }
@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.5/crypto/ec/ec_lib.c openssl-3.0.5-new/c
     }
     EC_GROUP_free(dup);
     return ret_group;
-diff -rupN --no-dereference openssl-3.0.5/providers/common/securitycheck.c openssl-3.0.5-new/providers/common/securitycheck.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/common/securitycheck.c openssl-3.0.7-hobbled-new/providers/common/securitycheck.c
--- openssl-3.0.5/providers/common/securitycheck.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/providers/common/securitycheck.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/providers/common/securitycheck.c	2022-07-08 10:09:54.041097982 +0200
+++ openssl-3.0.7-hobbled-new/providers/common/securitycheck.c	2022-11-28 16:00:18.970836081 +0100
@@ -92,22 +92,22 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx
 int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect)
 {
@ -50,10 +50,10 @@ diff -rupN --no-dereference openssl-3.0.5/providers/common/securitycheck.c opens
         curve_name = EC_curve_nid2nist(nid);
         if (curve_name == NULL) {
             ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
-diff -rupN --no-dereference openssl-3.0.5/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.5-new/providers/implementations/keymgmt/ec_kmgmt.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.7-hobbled-new/providers/implementations/keymgmt/ec_kmgmt.c
--- openssl-3.0.5/providers/implementations/keymgmt/ec_kmgmt.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/providers/implementations/keymgmt/ec_kmgmt.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/providers/implementations/keymgmt/ec_kmgmt.c	2022-07-08 10:09:54.041097982 +0200
+++ openssl-3.0.7-hobbled-new/providers/implementations/keymgmt/ec_kmgmt.c	2022-11-28 16:00:18.970836081 +0100
-@@ -937,11 +937,8 @@ int ec_validate(const void *keydata, int
+@@ -944,11 +944,8 @@ int ec_validate(const void *keydata, int
     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
         int flags = EC_KEY_get_flags(eck);
@ -67,7 +67,7 @@ diff -rupN --no-dereference openssl-3.0.5/providers/implementations/keymgmt/ec_k
     }
     if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
-@@ -1218,6 +1215,10 @@ static int ec_gen_assign_group(EC_KEY *e
+@@ -1225,6 +1222,10 @@ static int ec_gen_assign_group(EC_KEY *e
         ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET);
         return 0;
     }
--- a/0024-load-legacy-prov.patch
+++ b/0024-load-legacy-prov.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf
+diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf
--- openssl-3.0.5/apps/openssl.cnf	2022-07-08 10:09:53.054097960 +0200
+--- openssl-3.0.7-hobbled/apps/openssl.cnf	2022-11-28 16:00:17.734827142 +0100
-+++ openssl-3.0.5-new/apps/openssl.cnf	2022-07-08 10:09:54.234097986 +0200
+++ openssl-3.0.7-hobbled-new/apps/openssl.cnf	2022-11-28 16:00:19.202837759 +0100
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
 tsa_policy2 = 1.2.3.4.5.6
 tsa_policy3 = 1.2.3.4.5.7
@ -55,9 +55,9 @@ diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/app
 [ ssl_module ]
-diff -rupN --no-dereference openssl-3.0.5/doc/man5/config.pod openssl-3.0.5-new/doc/man5/config.pod
+diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man5/config.pod openssl-3.0.7-hobbled-new/doc/man5/config.pod
--- openssl-3.0.5/doc/man5/config.pod	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/doc/man5/config.pod	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/doc/man5/config.pod	2022-07-08 10:09:54.234097986 +0200
+++ openssl-3.0.7-hobbled-new/doc/man5/config.pod	2022-11-28 16:00:19.203837767 +0100
@@ -273,6 +273,14 @@ significant.
 All parameters in the section as well as sub-sections are made
 available to the provider.
--- a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
+++ b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
@ -1,6 +1,6 @@
-diff -rupN --no-dereference openssl-3.0.5/doc/man7/EVP_KDF-KB.pod openssl-3.0.5-new/doc/man7/EVP_KDF-KB.pod
+diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man7/EVP_KDF-KB.pod openssl-3.0.7-hobbled-new/doc/man7/EVP_KDF-KB.pod
--- openssl-3.0.5/doc/man7/EVP_KDF-KB.pod	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/doc/man7/EVP_KDF-KB.pod	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/doc/man7/EVP_KDF-KB.pod	2022-07-08 10:09:54.423097990 +0200
+++ openssl-3.0.7-hobbled-new/doc/man7/EVP_KDF-KB.pod	2022-11-28 16:00:19.435839445 +0100
@@ -58,6 +58,13 @@ Set to B<0> to disable use of the option
 (see SP800-108) that is placed between the Label and Context.
 The default value of B<1> will be used if unspecified.
@ -15,9 +15,9 @@ diff -rupN --no-dereference openssl-3.0.5/doc/man7/EVP_KDF-KB.pod openssl-3.0.5-
 =back
 Depending on whether mac is CMAC or HMAC, either digest or cipher is required
-diff -rupN --no-dereference openssl-3.0.5/include/openssl/core_names.h openssl-3.0.5-new/include/openssl/core_names.h
+diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/core_names.h openssl-3.0.7-hobbled-new/include/openssl/core_names.h
--- openssl-3.0.5/include/openssl/core_names.h	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/include/openssl/core_names.h	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/include/openssl/core_names.h	2022-07-08 10:09:54.423097990 +0200
+++ openssl-3.0.7-hobbled-new/include/openssl/core_names.h	2022-11-28 16:00:19.435839445 +0100
@@ -217,6 +217,7 @@ extern "C" {
 #define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
 #define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
@ -26,9 +26,9 @@ diff -rupN --no-dereference openssl-3.0.5/include/openssl/core_names.h openssl-3
 #define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
 #define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
 #define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-diff -rupN --no-dereference openssl-3.0.5/providers/implementations/kdfs/kbkdf.c openssl-3.0.5-new/providers/implementations/kdfs/kbkdf.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/implementations/kdfs/kbkdf.c openssl-3.0.7-hobbled-new/providers/implementations/kdfs/kbkdf.c
--- openssl-3.0.5/providers/implementations/kdfs/kbkdf.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/providers/implementations/kdfs/kbkdf.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/providers/implementations/kdfs/kbkdf.c	2022-07-08 10:09:54.424097990 +0200
+++ openssl-3.0.7-hobbled-new/providers/implementations/kdfs/kbkdf.c	2022-11-28 16:00:19.436839452 +0100
@@ -60,6 +60,7 @@ typedef struct {
     EVP_MAC_CTX *ctx_init;
@ -122,9 +122,9 @@ diff -rupN --no-dereference openssl-3.0.5/providers/implementations/kdfs/kbkdf.c
         OSSL_PARAM_END,
     };
     return known_settable_ctx_params;
-diff -rupN --no-dereference openssl-3.0.5/test/evp_kdf_test.c openssl-3.0.5-new/test/evp_kdf_test.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_kdf_test.c openssl-3.0.7-hobbled-new/test/evp_kdf_test.c
--- openssl-3.0.5/test/evp_kdf_test.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/evp_kdf_test.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/evp_kdf_test.c	2022-07-08 10:09:54.424097990 +0200
+++ openssl-3.0.7-hobbled-new/test/evp_kdf_test.c	2022-11-28 16:00:19.436839452 +0100
@@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void)
 #endif
@ -248,10 +248,10 @@ diff -rupN --no-dereference openssl-3.0.5/test/evp_kdf_test.c openssl-3.0.5-new/
     ADD_TEST(test_kdf_kbkdf_zero_output_size);
     ADD_TEST(test_kdf_kbkdf_empty_key);
     ADD_TEST(test_kdf_kbkdf_1byte_key);
-diff -rupN --no-dereference openssl-3.0.5/test/evp_test.c openssl-3.0.5-new/test/evp_test.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_test.c openssl-3.0.7-hobbled-new/test/evp_test.c
--- openssl-3.0.5/test/evp_test.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/test/evp_test.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/test/evp_test.c	2022-07-08 10:09:54.424097990 +0200
+++ openssl-3.0.7-hobbled-new/test/evp_test.c	2022-11-28 16:00:19.437839459 +0100
-@@ -2746,6 +2746,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV
+@@ -2761,6 +2761,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV
         TEST_info("skipping, '%s' is disabled", p);
         t->skip = 1;
     }
@ -264,9 +264,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/evp_test.c openssl-3.0.5-new/test
     OPENSSL_free(name);
     return 1;
 }
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
--- openssl-3.0.5/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt	1970-01-01 01:00:00.000000000 +0100
+--- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt	1970-01-01 01:00:00.000000000 +0100
-+++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt	2022-07-08 10:09:54.425097990 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt	2022-11-28 16:00:19.437839459 +0100
@@ -0,0 +1,1843 @@
 +#
 +# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved.
@ -2111,9 +2111,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evpkdf_k
 +Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f
 +Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81
 +
-diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0.5-new/test/recipes/30-test_evp.t
+diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp.t openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t
--- openssl-3.0.5/test/recipes/30-test_evp.t	2022-07-08 10:09:54.036097982 +0200
+--- openssl-3.0.7-hobbled/test/recipes/30-test_evp.t	2022-11-28 16:00:18.964836038 +0100
-+++ openssl-3.0.5-new/test/recipes/30-test_evp.t	2022-07-08 10:09:54.425097990 +0200
+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t	2022-11-28 16:00:19.438839466 +0100
@@ -45,6 +45,7 @@ my @files = qw(
                 evpciph_aes_stitched.txt
                 evpciph_des3_common.txt
--- a/mingw-openssl.spec
+++ b/mingw-openssl.spec
@ -14,8 +14,8 @@
 %global run_tests 0
 Name:           mingw-openssl
-Version:        3.0.5
+Version:        3.0.7
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        MinGW port of the OpenSSL toolkit
 License:        OpenSSL
@ -376,6 +376,9 @@ mkdir -m700 %{buildroot}%{mingw64_sysconfdir}/pki/CA/private
 %changelog
 * Mon Nov 28 2022 Sandro Mani <manisandro@gmail.com> - 3.0.7-1
 - Update to 3.0.7
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--- a/openssl_compute_moddir.patch
+++ b/openssl_compute_moddir.patch
@ -1,7 +1,7 @@
-diff -rupN --no-dereference openssl-3.0.5/Configurations/10-main.conf openssl-3.0.5-new/Configurations/10-main.conf
+diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/10-main.conf openssl-3.0.7-hobbled-new/Configurations/10-main.conf
--- openssl-3.0.5/Configurations/10-main.conf	2022-07-08 10:09:52.485097947 +0200
+--- openssl-3.0.7-hobbled/Configurations/10-main.conf	2022-11-28 16:00:17.030822050 +0100
-+++ openssl-3.0.5-new/Configurations/10-main.conf	2022-07-08 10:09:54.624097995 +0200
+++ openssl-3.0.7-hobbled-new/Configurations/10-main.conf	2022-11-28 16:00:19.679841210 +0100
-@@ -1487,7 +1487,7 @@ my %targets = (
+@@ -1494,7 +1494,7 @@ my %targets = (
         cppflags         => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN",
                                     threads("-D_MT")),
         lib_cppflags     => "-DL_ENDIAN",
@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.5/Configurations/10-main.conf openssl-3.
         thread_scheme    => "winthreads",
         dso_scheme       => "win32",
         shared_target    => "mingw-shared",
-diff -rupN --no-dereference openssl-3.0.5/crypto/provider_core.c openssl-3.0.5-new/crypto/provider_core.c
+diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/provider_core.c openssl-3.0.7-hobbled-new/crypto/provider_core.c
--- openssl-3.0.5/crypto/provider_core.c	2022-07-05 10:57:04.000000000 +0200
+--- openssl-3.0.7-hobbled/crypto/provider_core.c	2022-11-01 15:14:36.000000000 +0100
-+++ openssl-3.0.5-new/crypto/provider_core.c	2022-07-08 10:09:54.624097995 +0200
+++ openssl-3.0.7-hobbled-new/crypto/provider_core.c	2022-11-28 16:00:19.679841210 +0100
@@ -32,6 +32,10 @@
 #ifndef FIPS_MODULE
 # include <openssl/self_test.h>
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-3.0.5-hobbled.tar.xz) = 2f5531d46a905af8d36bf81c18fa34ccc86f5bd66e6e4227bb17e2f926ef14f78057ab60cd9d55bb9d1bad3d5b56a71170e4a86708fd8352324db2e0747142cf
+SHA512 (openssl-3.0.7-hobbled.tar.xz) = 1d536936503b080ad765d53ce182690dc08e682e7e099405d844307a82b020bcd019d8f85db1fb8fd0e8423ee07f485b227d6529951eb528354b1fbbd89840df
`@ -1 +1 @@`
	`SHA512 (openssl-3.0.5-hobbled.tar.xz) = 2f5531d46a905af8d36bf81c18fa34ccc86f5bd66e6e4227bb17e2f926ef14f78057ab60cd9d55bb9d1bad3d5b56a71170e4a86708fd8352324db2e0747142cf`	`SHA512 (openssl-3.0.7-hobbled.tar.xz) = 1d536936503b080ad765d53ce182690dc08e682e7e099405d844307a82b020bcd019d8f85db1fb8fd0e8423ee07f485b227d6529951eb528354b1fbbd89840df`