diff -Nru openssl-3.0.2/debian/changelog openssl-3.0.2/debian/changelog --- openssl-3.0.2/debian/changelog 2022-05-05 10:04:52.000000000 +0200 +++ openssl-3.0.2/debian/changelog 2022-05-24 10:55:08.000000000 +0200 @@ -1,3 +1,10 @@ +openssl (3.0.2-0ubuntu1.3) jammy; urgency=medium + + * d/p/lp1974037/*: cherry-pick another patchset to fix regressions with the + previous lp1974037 one (LP: #1974037) + + -- Simon Chopin Tue, 24 May 2022 10:55:08 +0200 + openssl (3.0.2-0ubuntu1.2) jammy; urgency=medium * d/p/lp1968997/*: cherry-pick a patchset to fix issues with the Turkish diff -Nru openssl-3.0.2/debian/patches/lp1974037/0001-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch openssl-3.0.2/debian/patches/lp1974037/0001-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch --- openssl-3.0.2/debian/patches/lp1974037/0001-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0001-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,58 @@ +From ba77d0fd57d869f037a9c4520b1c66094125f9bc Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 5 May 2022 08:11:24 +0200 +Subject: [PATCH 01/11] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init + strcasecmp + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18247) + +(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9) +Origin: upstream, https://github.com/openssl/openssl/pull/18247 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/evp/evp_lib.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c +index da3ef28b3d..d086dc94df 100644 +--- a/crypto/evp/evp_lib.c ++++ b/crypto/evp/evp_lib.c +@@ -24,6 +24,7 @@ + #include + #include + #include "crypto/evp.h" ++#include "crypto/cryptlib.h" + #include "internal/provider.h" + #include "evp_local.h" + +@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) + return (ctx->flags & flags); + } + ++#if !defined(FIPS_MODULE) ++ + int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name) + { + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; +@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, + + va_start(args, type); + ++ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL); ++ + if (OPENSSL_strcasecmp(type, "RSA") == 0) { + bits = va_arg(args, size_t); + params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); +@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, + va_end(args); + return ret; + } ++ ++#endif /* !defined(FIPS_MODULE) */ +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0002-Fix-build-on-OPENSSL_SYS_TANDEM-and-older-POSIXes.patch openssl-3.0.2/debian/patches/lp1974037/0002-Fix-build-on-OPENSSL_SYS_TANDEM-and-older-POSIXes.patch --- openssl-3.0.2/debian/patches/lp1974037/0002-Fix-build-on-OPENSSL_SYS_TANDEM-and-older-POSIXes.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0002-Fix-build-on-OPENSSL_SYS_TANDEM-and-older-POSIXes.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,226 @@ +From 53826887174e816db5c45265f0817f3371f8220d Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Wed, 4 May 2022 16:58:06 +0200 +Subject: [PATCH 02/11] Fix build on OPENSSL_SYS_TANDEM and older POSIXes + +It also allows for passing -DOPENSSL_NO_LOCALE as a workaround +to ./Configure command. + +Fixes #18233 + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18293) + +Origin: upstream, https://github.com/openssl/openssl/pull/18293 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/ctype.c | 28 +++++++--------------------- + e_os.h | 19 +++++++++++++++++++ + providers/fips/fipsprov.c | 34 ++++++++++++++++++++++------------ + test/localetest.c | 27 ++++++++++++++++++++------- + 4 files changed, 68 insertions(+), 40 deletions(-) + +diff --git a/crypto/ctype.c b/crypto/ctype.c +index 321306eb5f..e55ed17ffa 100644 +--- a/crypto/ctype.c ++++ b/crypto/ctype.c +@@ -15,16 +15,13 @@ + #include + #include "internal/core.h" + #include "internal/thread_once.h" +- +-#ifndef OPENSSL_SYS_WINDOWS +-#include +-#endif +-#include +- +-#ifdef OPENSSL_SYS_MACOSX +-#include ++#include "e_os.h" ++#ifndef OPENSSL_NO_LOCALE ++# include ++# ifdef OPENSSL_SYS_MACOSX ++# include ++# endif + #endif +- + /* + * Define the character classes for each character in the seven bit ASCII + * character set. This is independent of the host's character set, characters +@@ -292,18 +289,7 @@ int ossl_ascii_isdigit(const char inchar) { + return 0; + } + +-/* str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly +- * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */ +- +-#if (defined OPENSSL_SYS_WINDOWS) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200809L) +- +-# if defined OPENSSL_SYS_WINDOWS +-# define locale_t _locale_t +-# define freelocale _free_locale +-# define strcasecmp_l _stricmp_l +-# define strncasecmp_l _strnicmp_l +-# endif +- ++#ifndef OPENSSL_NO_LOCALE + # ifndef FIPS_MODULE + static locale_t loc; + +diff --git a/e_os.h b/e_os.h +index 5490a48fcd..00b104864d 100644 +--- a/e_os.h ++++ b/e_os.h +@@ -409,4 +409,23 @@ inline int nssgetpid(); + # endif + # endif + ++/* ++ * str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly ++ * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html ++ * There are also equivalent functions on Windows. ++ * There is no locale_t on NONSTOP. ++ */ ++# if defined(OPENSSL_SYS_WINDOWS) ++# define locale_t _locale_t ++# define freelocale _free_locale ++# define strcasecmp_l _stricmp_l ++# define strncasecmp_l _strnicmp_l ++# define strcasecmp _stricmp ++# elif !defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE < 200809L \ ++ || defined(OPENSSL_SYS_TANDEM) ++# ifndef OPENSSL_NO_LOCALE ++# define OPENSSL_NO_LOCALE ++# endif ++# endif ++ + #endif +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index fc17a958ce..c2a6bc1701 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -23,6 +23,7 @@ + #include "prov/seeding.h" + #include "self_test.h" + #include "internal/core.h" ++#include "e_os.h" + + static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; + static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; +@@ -37,17 +38,13 @@ static OSSL_FUNC_provider_get_params_fn fips_get_params; + static OSSL_FUNC_provider_query_operation_fn fips_query; + + /* Locale object accessor functions */ +-#ifdef OPENSSL_SYS_MACOSX +-# include +-#else ++#ifndef OPENSSL_NO_LOCALE + # include +-#endif +- +-#if defined OPENSSL_SYS_WINDOWS +-# define locale_t _locale_t +-# define freelocale _free_locale +-#endif ++# ifdef OPENSSL_SYS_MACOSX ++# include ++# endif + static locale_t loc; ++#endif + + static int fips_init_casecmp(void); + static void fips_deinit_casecmp(void); +@@ -503,22 +500,35 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, + return NULL; + } + ++# ifndef OPENSSL_NO_LOCALE + void *ossl_c_locale() { + return (void *)loc; + } + + static int fips_init_casecmp(void) { +-# ifdef OPENSSL_SYS_WINDOWS ++# ifdef OPENSSL_SYS_WINDOWS + loc = _create_locale(LC_COLLATE, "C"); +-# else ++# else + loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); +-# endif ++# endif + return (loc == (locale_t) 0) ? 0 : 1; + } + + static void fips_deinit_casecmp(void) { + freelocale(loc); + } ++# else ++void *ossl_c_locale() { ++ return NULL; ++} ++ ++static int fips_init_casecmp(void) { ++ return 1; ++} ++ ++static void fips_deinit_casecmp(void) { ++} ++# endif + + static void fips_teardown(void *provctx) + { +diff --git a/test/localetest.c b/test/localetest.c +index 3db66b7a9e..7e0a37af4e 100644 +--- a/test/localetest.c ++++ b/test/localetest.c +@@ -1,3 +1,11 @@ ++/* ++ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ + + #include + #include +@@ -7,12 +15,12 @@ + + #include + #include +-#include +-#ifdef OPENSSL_SYS_WINDOWS +-# define strcasecmp _stricmp +-#else +-# include +-#endif ++#include "../e_os.h" ++#ifndef OPENSSL_NO_LOCALE ++# include ++# ifdef OPENSSL_SYS_MACOSX ++# include ++# endif + + int setup_tests(void) + { +@@ -116,7 +124,12 @@ int setup_tests(void) + X509_free(cert); + return 1; + } +- ++#else ++int setup_tests(void) ++{ ++ return TEST_skip("Locale support not available"); ++} ++#endif /* OPENSSL_NO_LOCALE */ + void cleanup_tests(void) + { + } +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0003-Include-the-e_os.h-before-string.h.patch openssl-3.0.2/debian/patches/lp1974037/0003-Include-the-e_os.h-before-string.h.patch --- openssl-3.0.2/debian/patches/lp1974037/0003-Include-the-e_os.h-before-string.h.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0003-Include-the-e_os.h-before-string.h.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,66 @@ +From 94c4ca1d096f96335464ca700587a35001dd7583 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 5 May 2022 12:35:11 +0200 +Subject: [PATCH 03/11] Include the e_os.h before string.h + +Fixes #18244 + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18293) + +Origin: upstream, https://github.com/openssl/openssl/pull/18293 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/ctype.c | 3 +-- + test/localetest.c | 5 ++--- + 2 files changed, 3 insertions(+), 5 deletions(-) + +diff --git a/crypto/ctype.c b/crypto/ctype.c +index e55ed17ffa..bf99bc8eb7 100644 +--- a/crypto/ctype.c ++++ b/crypto/ctype.c +@@ -7,15 +7,14 @@ + * https://www.openssl.org/source/license.html + */ + ++#include "e_os.h" + #include + #include + #include "crypto/ctype.h" + #include +- + #include + #include "internal/core.h" + #include "internal/thread_once.h" +-#include "e_os.h" + #ifndef OPENSSL_NO_LOCALE + # include + # ifdef OPENSSL_SYS_MACOSX +diff --git a/test/localetest.c b/test/localetest.c +index 7e0a37af4e..62edf8f849 100644 +--- a/test/localetest.c ++++ b/test/localetest.c +@@ -7,15 +7,14 @@ + * https://www.openssl.org/source/license.html + */ + ++#include "../e_os.h" + #include + #include ++#include + #include + #include "testutil.h" + #include "testutil/output.h" + +-#include +-#include +-#include "../e_os.h" + #ifndef OPENSSL_NO_LOCALE + # include + # ifdef OPENSSL_SYS_MACOSX +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0004-int_ctx_new-Revert-extra-ossl_init_casecmp-call.patch openssl-3.0.2/debian/patches/lp1974037/0004-int_ctx_new-Revert-extra-ossl_init_casecmp-call.patch --- openssl-3.0.2/debian/patches/lp1974037/0004-int_ctx_new-Revert-extra-ossl_init_casecmp-call.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0004-int_ctx_new-Revert-extra-ossl_init_casecmp-call.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,40 @@ +From 29fdcfe6d20b05c53f5258dd282bc43fdb3526ff Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 10 May 2022 15:40:58 +0200 +Subject: [PATCH 04/11] int_ctx_new(): Revert extra ossl_init_casecmp call + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18293) + +Origin: upstream, https://github.com/openssl/openssl/pull/18293 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/evp/pmeth_lib.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index 92d25de445..2b9c6c2351 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -27,7 +27,6 @@ + #ifndef FIPS_MODULE + # include "crypto/asn1.h" + #endif +-#include "crypto/ctype.h" + #include "crypto/evp.h" + #include "crypto/dh.h" + #include "crypto/ec.h" +@@ -200,7 +199,6 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, + } + #ifndef FIPS_MODULE + if (keytype != NULL) { +- ossl_init_casecmp(); + id = evp_pkey_name2type(keytype); + if (id == NID_undef) + id = -1; +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0005-Move-OPENSSL_strcasecmp-and-related-to-o_str.c.patch openssl-3.0.2/debian/patches/lp1974037/0005-Move-OPENSSL_strcasecmp-and-related-to-o_str.c.patch --- openssl-3.0.2/debian/patches/lp1974037/0005-Move-OPENSSL_strcasecmp-and-related-to-o_str.c.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0005-Move-OPENSSL_strcasecmp-and-related-to-o_str.c.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,237 @@ +From eac92803c38e505062d5b5bc032bdebc1b48c458 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 10 May 2022 16:31:20 +0200 +Subject: [PATCH 05/11] Move OPENSSL_strcasecmp() and related to o_str.c + +Otherwise the implementation is unnecessarily duplicated in legacy.so. + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18293) + +Origin: upstream, https://github.com/openssl/openssl/pull/18293 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/ctype.c | 87 +------------------------------------ + crypto/o_str.c | 65 +++++++++++++++++++++++++++ + include/crypto/ctype.h | 3 -- + include/internal/cryptlib.h | 2 + + 4 files changed, 68 insertions(+), 89 deletions(-) + +diff --git a/crypto/ctype.c b/crypto/ctype.c +index bf99bc8eb7..83c24a546f 100644 +--- a/crypto/ctype.c ++++ b/crypto/ctype.c +@@ -7,20 +7,11 @@ + * https://www.openssl.org/source/license.html + */ + +-#include "e_os.h" + #include + #include + #include "crypto/ctype.h" + #include +-#include +-#include "internal/core.h" +-#include "internal/thread_once.h" +-#ifndef OPENSSL_NO_LOCALE +-# include +-# ifdef OPENSSL_SYS_MACOSX +-# include +-# endif +-#endif ++ + /* + * Define the character classes for each character in the seven bit ASCII + * character set. This is independent of the host's character set, characters +@@ -287,79 +278,3 @@ int ossl_ascii_isdigit(const char inchar) { + return 1; + return 0; + } +- +-#ifndef OPENSSL_NO_LOCALE +-# ifndef FIPS_MODULE +-static locale_t loc; +- +-static int locale_base_inited = 0; +-static CRYPTO_ONCE locale_base = CRYPTO_ONCE_STATIC_INIT; +-static CRYPTO_ONCE locale_base_deinit = CRYPTO_ONCE_STATIC_INIT; +- +-void *ossl_c_locale() { +- return (void *)loc; +-} +- +-DEFINE_RUN_ONCE_STATIC(ossl_init_locale_base) +-{ +-# ifdef OPENSSL_SYS_WINDOWS +- loc = _create_locale(LC_COLLATE, "C"); +-# else +- loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); +-# endif +- locale_base_inited = 1; +- return (loc == (locale_t) 0) ? 0 : 1; +-} +- +-DEFINE_RUN_ONCE_STATIC(ossl_deinit_locale_base) +-{ +- if (locale_base_inited && loc) { +- freelocale(loc); +- loc = NULL; +- } +- return 1; +-} +- +-int ossl_init_casecmp() +-{ +- return RUN_ONCE(&locale_base, ossl_init_locale_base); +-} +- +-void ossl_deinit_casecmp() { +- (void)RUN_ONCE(&locale_base_deinit, ossl_deinit_locale_base); +-} +-# endif +- +-int OPENSSL_strcasecmp(const char *s1, const char *s2) +-{ +- return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale()); +-} +- +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) +-{ +- return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale()); +-} +-#else +-# ifndef FIPS_MODULE +-void *ossl_c_locale() { +- return NULL; +-} +-# endif +- +-int ossl_init_casecmp() { +- return 1; +-} +- +-void ossl_deinit_casecmp() { +-} +- +-int OPENSSL_strcasecmp(const char *s1, const char *s2) +-{ +- return strcasecmp(s1, s2); +-} +- +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) +-{ +- return strncasecmp(s1, s2, n); +-} +-#endif +diff --git a/crypto/o_str.c b/crypto/o_str.c +index 5c4e4e7781..30e5820c49 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -8,9 +8,17 @@ + */ + + #include "e_os.h" ++#include + #include ++#ifndef OPENSSL_NO_LOCALE ++# include ++# ifdef OPENSSL_SYS_MACOSX ++# include ++# endif ++#endif + #include + #include "internal/cryptlib.h" ++#include "internal/core.h" + + #define DEFAULT_SEPARATOR ':' + #define CH_ZERO '\0' +@@ -338,3 +346,60 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) + return 1; + #endif + } ++ ++#ifndef OPENSSL_NO_LOCALE ++# ifndef FIPS_MODULE ++static locale_t loc; ++ ++ ++void *ossl_c_locale() { ++ return (void *)loc; ++} ++ ++int ossl_init_casecmp_int() { ++# ifdef OPENSSL_SYS_WINDOWS ++ loc = _create_locale(LC_COLLATE, "C"); ++# else ++ loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); ++# endif ++ return (loc == (locale_t) 0) ? 0 : 1; ++} ++ ++void ossl_deinit_casecmp() { ++ freelocale(loc); ++} ++# endif ++ ++int OPENSSL_strcasecmp(const char *s1, const char *s2) ++{ ++ return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale()); ++} ++ ++int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++{ ++ return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale()); ++} ++#else ++# ifndef FIPS_MODULE ++void *ossl_c_locale() { ++ return NULL; ++} ++# endif ++ ++int ossl_init_casecmp_int() { ++ return 1; ++} ++ ++void ossl_deinit_casecmp() { ++} ++ ++int OPENSSL_strcasecmp(const char *s1, const char *s2) ++{ ++ return strcasecmp(s1, s2); ++} ++ ++int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++{ ++ return strncasecmp(s1, s2, n); ++} ++#endif +diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h +index 44fa9a8ae9..8032ccc447 100644 +--- a/include/crypto/ctype.h ++++ b/include/crypto/ctype.h +@@ -79,7 +79,4 @@ int ossl_ascii_isdigit(const char inchar); + # define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit)) + # define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) + # define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) +- +-int ossl_init_casecmp(void); +-void ossl_deinit_casecmp(void); + #endif +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index 1291299b6e..640b41cc10 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -258,4 +258,6 @@ static ossl_inline int ossl_is_absolute_path(const char *path) + return path[0] == '/'; + } + ++int ossl_init_casecmp_int(void); ++void ossl_deinit_casecmp(void); + #endif +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0006-Avoid-code-duplication-for-locale-initialization.patch openssl-3.0.2/debian/patches/lp1974037/0006-Avoid-code-duplication-for-locale-initialization.patch --- openssl-3.0.2/debian/patches/lp1974037/0006-Avoid-code-duplication-for-locale-initialization.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0006-Avoid-code-duplication-for-locale-initialization.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,190 @@ +From 6eb0ed5cda248bf60f4673f9380f6d481908bedd Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 10 May 2022 16:46:35 +0200 +Subject: [PATCH 06/11] Avoid code duplication for locale initialization + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18293) + +Origin: upstream, https://github.com/openssl/openssl/pull/18293 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/o_str.c | 20 ++++------------ + include/internal/core.h | 3 --- + providers/fips/fipsprov.c | 49 +++------------------------------------ + 3 files changed, 8 insertions(+), 64 deletions(-) + +diff --git a/crypto/o_str.c b/crypto/o_str.c +index 30e5820c49..9309a7bad4 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -18,7 +18,6 @@ + #endif + #include + #include "internal/cryptlib.h" +-#include "internal/core.h" + + #define DEFAULT_SEPARATOR ':' + #define CH_ZERO '\0' +@@ -348,15 +347,13 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) + } + + #ifndef OPENSSL_NO_LOCALE +-# ifndef FIPS_MODULE + static locale_t loc; + +- +-void *ossl_c_locale() { ++static void *ossl_c_locale(void) { + return (void *)loc; + } + +-int ossl_init_casecmp_int() { ++int ossl_init_casecmp_int(void) { + # ifdef OPENSSL_SYS_WINDOWS + loc = _create_locale(LC_COLLATE, "C"); + # else +@@ -365,10 +362,9 @@ int ossl_init_casecmp_int() { + return (loc == (locale_t) 0) ? 0 : 1; + } + +-void ossl_deinit_casecmp() { ++void ossl_deinit_casecmp(void) { + freelocale(loc); + } +-# endif + + int OPENSSL_strcasecmp(const char *s1, const char *s2) + { +@@ -380,17 +376,11 @@ int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale()); + } + #else +-# ifndef FIPS_MODULE +-void *ossl_c_locale() { +- return NULL; +-} +-# endif +- +-int ossl_init_casecmp_int() { ++int ossl_init_casecmp_int(void) { + return 1; + } + +-void ossl_deinit_casecmp() { ++void ossl_deinit_casecmp(void) { + } + + int OPENSSL_strcasecmp(const char *s1, const char *s2) +diff --git a/include/internal/core.h b/include/internal/core.h +index b63af84787..6f3fd79682 100644 +--- a/include/internal/core.h ++++ b/include/internal/core.h +@@ -62,7 +62,4 @@ __owur int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx); + __owur int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx); + int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx); + int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx); +- +-void *ossl_c_locale(void); +- + #endif +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index c2a6bc1701..a8a508d9ac 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -23,7 +23,6 @@ + #include "prov/seeding.h" + #include "self_test.h" + #include "internal/core.h" +-#include "e_os.h" + + static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; + static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; +@@ -37,18 +36,6 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; + static OSSL_FUNC_provider_get_params_fn fips_get_params; + static OSSL_FUNC_provider_query_operation_fn fips_query; + +-/* Locale object accessor functions */ +-#ifndef OPENSSL_NO_LOCALE +-# include +-# ifdef OPENSSL_SYS_MACOSX +-# include +-# endif +-static locale_t loc; +-#endif +- +-static int fips_init_casecmp(void); +-static void fips_deinit_casecmp(void); +- + #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } + #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) + +@@ -500,40 +487,11 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, + return NULL; + } + +-# ifndef OPENSSL_NO_LOCALE +-void *ossl_c_locale() { +- return (void *)loc; +-} +- +-static int fips_init_casecmp(void) { +-# ifdef OPENSSL_SYS_WINDOWS +- loc = _create_locale(LC_COLLATE, "C"); +-# else +- loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); +-# endif +- return (loc == (locale_t) 0) ? 0 : 1; +-} +- +-static void fips_deinit_casecmp(void) { +- freelocale(loc); +-} +-# else +-void *ossl_c_locale() { +- return NULL; +-} +- +-static int fips_init_casecmp(void) { +- return 1; +-} +- +-static void fips_deinit_casecmp(void) { +-} +-# endif +- + static void fips_teardown(void *provctx) + { + OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); + ossl_prov_ctx_free(provctx); ++ ossl_deinit_casecmp(); + } + + static void fips_intern_teardown(void *provctx) +@@ -542,7 +500,6 @@ static void fips_intern_teardown(void *provctx) + * We know that the library context is the same as for the outer provider, + * so no need to destroy it here. + */ +- fips_deinit_casecmp(); + ossl_prov_ctx_free(provctx); + } + +@@ -592,10 +549,10 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, + + memset(&selftest_params, 0, sizeof(selftest_params)); + +- if (!fips_init_casecmp()) ++ if (!ossl_init_casecmp_int()) + return 0; + if (!ossl_prov_seeding_from_dispatch(in)) +- return 0; ++ goto err; + for (; in->function_id != 0; in++) { + /* + * We do not support the scenario of an application linked against +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0007-Add-fallback-in-case-of-locale-initialization-failur.patch openssl-3.0.2/debian/patches/lp1974037/0007-Add-fallback-in-case-of-locale-initialization-failur.patch --- openssl-3.0.2/debian/patches/lp1974037/0007-Add-fallback-in-case-of-locale-initialization-failur.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0007-Add-fallback-in-case-of-locale-initialization-failur.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,84 @@ +From 0428728769536825a38a38fb689cb20522641d1b Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 10 May 2022 17:00:26 +0200 +Subject: [PATCH 07/11] Add fallback in case of locale initialization failure + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18293) + +Origin: upstream, https://github.com/openssl/openssl/pull/18293 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/o_str.c | 21 ++++++++++++++++----- + e_os.h | 1 + + 2 files changed, 17 insertions(+), 5 deletions(-) + +diff --git a/crypto/o_str.c b/crypto/o_str.c +index 9309a7bad4..f59e324cfa 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -349,8 +349,8 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) + #ifndef OPENSSL_NO_LOCALE + static locale_t loc; + +-static void *ossl_c_locale(void) { +- return (void *)loc; ++static locale_t ossl_c_locale(void) { ++ return loc; + } + + int ossl_init_casecmp_int(void) { +@@ -359,21 +359,32 @@ int ossl_init_casecmp_int(void) { + # else + loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); + # endif +- return (loc == (locale_t) 0) ? 0 : 1; ++ return (loc == (locale_t)0) ? 0 : 1; + } + + void ossl_deinit_casecmp(void) { + freelocale(loc); ++ loc = (locale_t)0; + } + + int OPENSSL_strcasecmp(const char *s1, const char *s2) + { +- return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale()); ++ locale_t l = ossl_c_locale(); ++ ++ /* Fallback in case of locale initialization failure */ ++ if (l == (locale_t)0) ++ return strcasecmp(s1, s2); ++ return strcasecmp_l(s1, s2, l); + } + + int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + { +- return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale()); ++ locale_t l = ossl_c_locale(); ++ ++ /* Fallback in case of locale initialization failure */ ++ if (l == (locale_t)0) ++ return strncasecmp(s1, s2, n); ++ return strncasecmp_l(s1, s2, n, l); + } + #else + int ossl_init_casecmp_int(void) { +diff --git a/e_os.h b/e_os.h +index 00b104864d..b5462b9dbc 100644 +--- a/e_os.h ++++ b/e_os.h +@@ -421,6 +421,7 @@ inline int nssgetpid(); + # define strcasecmp_l _stricmp_l + # define strncasecmp_l _strnicmp_l + # define strcasecmp _stricmp ++# define strncasecmp _strnicmp + # elif !defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE < 200809L \ + || defined(OPENSSL_SYS_TANDEM) + # ifndef OPENSSL_NO_LOCALE +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0008-Always-try-locale-initialization-from-OPENSSL_strcas.patch openssl-3.0.2/debian/patches/lp1974037/0008-Always-try-locale-initialization-from-OPENSSL_strcas.patch --- openssl-3.0.2/debian/patches/lp1974037/0008-Always-try-locale-initialization-from-OPENSSL_strcas.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0008-Always-try-locale-initialization-from-OPENSSL_strcas.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,162 @@ +From b4f8e3fd1f4d4e11a42865b67595249d62226bcf Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 10 May 2022 17:22:24 +0200 +Subject: [PATCH 08/11] Always try locale initialization from + OPENSSL_strcasecmp + +Fixes #18172 + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18293) + +Origin: upstream, https://github.com/openssl/openssl/pull/18293 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/evp/evp_lib.c | 2 -- + crypto/init.c | 6 ++--- + crypto/o_str.c | 48 +++++++++++++++++++++++++++++++------ + include/internal/cryptlib.h | 1 + + 4 files changed, 45 insertions(+), 12 deletions(-) + +diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c +index d086dc94df..3711928c14 100644 +--- a/crypto/evp/evp_lib.c ++++ b/crypto/evp/evp_lib.c +@@ -1172,8 +1172,6 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, + + va_start(args, type); + +- OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL); +- + if (OPENSSL_strcasecmp(type, "RSA") == 0) { + bits = va_arg(args, size_t); + params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); +diff --git a/crypto/init.c b/crypto/init.c +index 1569c35a6b..447a009e38 100644 +--- a/crypto/init.c ++++ b/crypto/init.c +@@ -464,9 +464,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) + uint64_t tmp; + int aloaddone = 0; + +- if (!ossl_init_casecmp()) +- return 0; +- + /* Applications depend on 0 being returned when cleanup was already done */ + if (stopped) { + if (!(opts & OPENSSL_INIT_BASE_ONLY)) +@@ -493,6 +490,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) + aloaddone = 1; + } + ++ if (!ossl_init_casecmp()) ++ return 0; ++ + /* + * At some point we should look at this function with a view to moving + * most/all of this into OSSL_LIB_CTX. +diff --git a/crypto/o_str.c b/crypto/o_str.c +index f59e324cfa..789de7bd4d 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -18,6 +18,7 @@ + #endif + #include + #include "internal/cryptlib.h" ++#include "internal/thread_once.h" + + #define DEFAULT_SEPARATOR ':' + #define CH_ZERO '\0' +@@ -347,13 +348,36 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) + } + + #ifndef OPENSSL_NO_LOCALE ++# ifndef FIPS_MODULE ++static CRYPTO_ONCE casecmp = CRYPTO_ONCE_STATIC_INIT; ++DEFINE_RUN_ONCE_STATIC(init_casecmp) ++{ ++ int ret = ossl_init_casecmp_int(); ++ ++ return ret; ++} ++ ++int ossl_init_casecmp(void) ++{ ++ if (!RUN_ONCE(&casecmp, init_casecmp)) ++ return 0; ++ return 1; ++} ++# endif ++ + static locale_t loc; + +-static locale_t ossl_c_locale(void) { ++static locale_t ossl_c_locale(void) ++{ ++# ifndef FIPS_MODULE ++ if (!ossl_init_casecmp()) ++ return (locale_t)0; ++# endif + return loc; + } + +-int ossl_init_casecmp_int(void) { ++int ossl_init_casecmp_int(void) ++{ + # ifdef OPENSSL_SYS_WINDOWS + loc = _create_locale(LC_COLLATE, "C"); + # else +@@ -362,9 +386,12 @@ int ossl_init_casecmp_int(void) { + return (loc == (locale_t)0) ? 0 : 1; + } + +-void ossl_deinit_casecmp(void) { +- freelocale(loc); +- loc = (locale_t)0; ++void ossl_deinit_casecmp(void) ++{ ++ if (loc != (locale_t)0) { ++ freelocale(loc); ++ loc = (locale_t)0; ++ } + } + + int OPENSSL_strcasecmp(const char *s1, const char *s2) +@@ -387,11 +414,18 @@ int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + return strncasecmp_l(s1, s2, n, l); + } + #else +-int ossl_init_casecmp_int(void) { ++int ossl_init_casecmp(void) ++{ + return 1; + } + +-void ossl_deinit_casecmp(void) { ++int ossl_init_casecmp_int(void) ++{ ++ return 1; ++} ++ ++void ossl_deinit_casecmp(void) ++{ + } + + int OPENSSL_strcasecmp(const char *s1, const char *s2) +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index 640b41cc10..4915680c26 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -259,5 +259,6 @@ static ossl_inline int ossl_is_absolute_path(const char *path) + } + + int ossl_init_casecmp_int(void); ++int ossl_init_casecmp(void); + void ossl_deinit_casecmp(void); + #endif +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0009-tolower-refine-the-tolower-code-to-avoid-a-memory-ac.patch openssl-3.0.2/debian/patches/lp1974037/0009-tolower-refine-the-tolower-code-to-avoid-a-memory-ac.patch --- openssl-3.0.2/debian/patches/lp1974037/0009-tolower-refine-the-tolower-code-to-avoid-a-memory-ac.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0009-tolower-refine-the-tolower-code-to-avoid-a-memory-ac.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,139 @@ +From 267850a9afeedca6dc1cfca1f20c3d06873849e5 Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Thu, 19 May 2022 12:23:55 +1000 +Subject: [PATCH 09/11] tolower: refine the tolower code to avoid a memory + access + +This improves the performance of this function and the ones that rely on it +(ossl_lh_strcasehash primarily). + +Reviewed-by: Tomas Mraz +Reviewed-by: Tim Hudson +Reviewed-by: Dmitry Belyavskiy +(Merged from https://github.com/openssl/openssl/pull/18344) + +(cherry picked from commit 286053fc8f78e34828a576830ef879c021640aee) + +Origin: upstream, https://github.com/openssl/openssl/pull/18344 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/ctype.c | 45 ++++++++++++++++++++++++++++++++++++------ + include/crypto/ctype.h | 12 +++++++---- + 2 files changed, 47 insertions(+), 10 deletions(-) + +diff --git a/crypto/ctype.c b/crypto/ctype.c +index 83c24a546f..9d2442e1e4 100644 +--- a/crypto/ctype.c ++++ b/crypto/ctype.c +@@ -257,6 +257,36 @@ int ossl_ctype_check(int c, unsigned int mask) + return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0; + } + ++/* ++ * Implement some of the simplier functions directly to avoid the overhead of ++ * accessing memory via ctype_char_map[]. ++ */ ++ ++#define ASCII_IS_DIGIT(c) (c >= 0x30 && c <= 0x39) ++#define ASCII_IS_UPPER(c) (c >= 0x41 && c <= 0x5A) ++#define ASCII_IS_LOWER(c) (c >= 0x61 && c <= 0x7A) ++ ++int ossl_isdigit(int c) ++{ ++ int a = ossl_toascii(c); ++ ++ return ASCII_IS_DIGIT(a); ++} ++ ++int ossl_isupper(int c) ++{ ++ int a = ossl_toascii(c); ++ ++ return ASCII_IS_UPPER(a); ++} ++ ++int ossl_islower(int c) ++{ ++ int a = ossl_toascii(c); ++ ++ return ASCII_IS_LOWER(a); ++} ++ + #if defined(CHARSET_EBCDIC) && !defined(CHARSET_EBCDIC_TEST) + static const int case_change = 0x40; + #else +@@ -265,16 +295,19 @@ static const int case_change = 0x20; + + int ossl_tolower(int c) + { +- return ossl_isupper(c) ? c ^ case_change : c; ++ int a = ossl_toascii(c); ++ ++ return ASCII_IS_UPPER(a) ? c ^ case_change : c; + } + + int ossl_toupper(int c) + { +- return ossl_islower(c) ? c ^ case_change : c; ++ int a = ossl_toascii(c); ++ ++ return ASCII_IS_LOWER(a) ? c ^ case_change : c; + } + +-int ossl_ascii_isdigit(const char inchar) { +- if (inchar > 0x2F && inchar < 0x3A) +- return 1; +- return 0; ++int ossl_ascii_isdigit(int c) ++{ ++ return ASCII_IS_DIGIT(c); + } +diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h +index 8032ccc447..e958a977f8 100644 +--- a/include/crypto/ctype.h ++++ b/include/crypto/ctype.h +@@ -22,6 +22,8 @@ + # define OSSL_CRYPTO_CTYPE_H + # pragma once + ++# include ++ + # define CTYPE_MASK_lower 0x1 + # define CTYPE_MASK_upper 0x2 + # define CTYPE_MASK_digit 0x4 +@@ -55,10 +57,15 @@ int ossl_fromascii(int c); + # define ossl_fromascii(c) (c) + # endif + int ossl_ctype_check(int c, unsigned int mask); ++ + int ossl_tolower(int c); + int ossl_toupper(int c); + +-int ossl_ascii_isdigit(const char inchar); ++int ossl_isdigit(int c); ++int ossl_islower(int c); ++int ossl_isupper(int c); ++ ++int ossl_ascii_isdigit(int c); + + # define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum)) + # define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha)) +@@ -69,13 +76,10 @@ int ossl_ascii_isdigit(const char inchar); + # endif + # define ossl_isblank(c) (ossl_ctype_check((c), CTYPE_MASK_blank)) + # define ossl_iscntrl(c) (ossl_ctype_check((c), CTYPE_MASK_cntrl)) +-# define ossl_isdigit(c) (ossl_ctype_check((c), CTYPE_MASK_digit)) + # define ossl_isgraph(c) (ossl_ctype_check((c), CTYPE_MASK_graph)) +-# define ossl_islower(c) (ossl_ctype_check((c), CTYPE_MASK_lower)) + # define ossl_isprint(c) (ossl_ctype_check((c), CTYPE_MASK_print)) + # define ossl_ispunct(c) (ossl_ctype_check((c), CTYPE_MASK_punct)) + # define ossl_isspace(c) (ossl_ctype_check((c), CTYPE_MASK_space)) +-# define ossl_isupper(c) (ossl_ctype_check((c), CTYPE_MASK_upper)) + # define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit)) + # define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) + # define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0010-strcasecmp-implement-strcasecmp-and-strncasecmp.patch openssl-3.0.2/debian/patches/lp1974037/0010-strcasecmp-implement-strcasecmp-and-strncasecmp.patch --- openssl-3.0.2/debian/patches/lp1974037/0010-strcasecmp-implement-strcasecmp-and-strncasecmp.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0010-strcasecmp-implement-strcasecmp-and-strncasecmp.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,215 @@ +From 5083f5e0713b7027e33a0cb702bb2863f9970980 Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Thu, 19 May 2022 12:51:07 +1000 +Subject: [PATCH 10/11] strcasecmp: implement strcasecmp and strncasecmp + +Rather than relying on the locale code working, instead implement these +functions directly. + +Fixes #18322 + +Reviewed-by: Tomas Mraz +Reviewed-by: Tim Hudson +Reviewed-by: Dmitry Belyavskiy +(Merged from https://github.com/openssl/openssl/pull/18344) + +(cherry picked from commit fb4cdca053fb9d3f0e11eeaf31f4b4ff87f69a95) + +Origin: upstream, https://github.com/openssl/openssl/pull/18344 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/init.c | 6 --- + crypto/o_str.c | 102 +++++------------------------------- + include/internal/cryptlib.h | 3 -- + providers/fips/fipsprov.c | 3 -- + 4 files changed, 14 insertions(+), 100 deletions(-) + +diff --git a/crypto/init.c b/crypto/init.c +index 447a009e38..85bf76ae8b 100644 +--- a/crypto/init.c ++++ b/crypto/init.c +@@ -448,9 +448,6 @@ void OPENSSL_cleanup(void) + OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n"); + ossl_trace_cleanup(); + +- OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_deinit_casecmp()\n"); +- ossl_deinit_casecmp(); +- + base_inited = 0; + } + +@@ -490,9 +487,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) + aloaddone = 1; + } + +- if (!ossl_init_casecmp()) +- return 0; +- + /* + * At some point we should look at this function with a view to moving + * most/all of this into OSSL_LIB_CTX. +diff --git a/crypto/o_str.c b/crypto/o_str.c +index 789de7bd4d..7fa487dd5f 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -10,13 +10,8 @@ + #include "e_os.h" + #include + #include +-#ifndef OPENSSL_NO_LOCALE +-# include +-# ifdef OPENSSL_SYS_MACOSX +-# include +-# endif +-#endif + #include ++#include "crypto/ctype.h" + #include "internal/cryptlib.h" + #include "internal/thread_once.h" + +@@ -347,94 +342,25 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) + #endif + } + +-#ifndef OPENSSL_NO_LOCALE +-# ifndef FIPS_MODULE +-static CRYPTO_ONCE casecmp = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(init_casecmp) +-{ +- int ret = ossl_init_casecmp_int(); +- +- return ret; +-} +- +-int ossl_init_casecmp(void) +-{ +- if (!RUN_ONCE(&casecmp, init_casecmp)) +- return 0; +- return 1; +-} +-# endif +- +-static locale_t loc; +- +-static locale_t ossl_c_locale(void) +-{ +-# ifndef FIPS_MODULE +- if (!ossl_init_casecmp()) +- return (locale_t)0; +-# endif +- return loc; +-} +- +-int ossl_init_casecmp_int(void) +-{ +-# ifdef OPENSSL_SYS_WINDOWS +- loc = _create_locale(LC_COLLATE, "C"); +-# else +- loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); +-# endif +- return (loc == (locale_t)0) ? 0 : 1; +-} +- +-void ossl_deinit_casecmp(void) +-{ +- if (loc != (locale_t)0) { +- freelocale(loc); +- loc = (locale_t)0; +- } +-} +- + int OPENSSL_strcasecmp(const char *s1, const char *s2) + { +- locale_t l = ossl_c_locale(); ++ int t; + +- /* Fallback in case of locale initialization failure */ +- if (l == (locale_t)0) +- return strcasecmp(s1, s2); +- return strcasecmp_l(s1, s2, l); ++ while ((t = ossl_tolower(*s1) - ossl_tolower(*s2++)) == 0) ++ if (*s1++ == '\0') ++ return 0; ++ return t; + } + + int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + { +- locale_t l = ossl_c_locale(); +- +- /* Fallback in case of locale initialization failure */ +- if (l == (locale_t)0) +- return strncasecmp(s1, s2, n); +- return strncasecmp_l(s1, s2, n, l); +-} +-#else +-int ossl_init_casecmp(void) +-{ +- return 1; +-} +- +-int ossl_init_casecmp_int(void) +-{ +- return 1; +-} +- +-void ossl_deinit_casecmp(void) +-{ +-} +- +-int OPENSSL_strcasecmp(const char *s1, const char *s2) +-{ +- return strcasecmp(s1, s2); +-} ++ int t; ++ size_t i; + +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) +-{ +- return strncasecmp(s1, s2, n); ++ for (i = 0; i < n; i++) ++ if ((t = ossl_tolower(*s1) - ossl_tolower(*s2++)) != 0) ++ return t; ++ else if (*s1++ == '\0') ++ return 0; ++ return 0; + } +-#endif +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index 4915680c26..1291299b6e 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -258,7 +258,4 @@ static ossl_inline int ossl_is_absolute_path(const char *path) + return path[0] == '/'; + } + +-int ossl_init_casecmp_int(void); +-int ossl_init_casecmp(void); +-void ossl_deinit_casecmp(void); + #endif +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index a8a508d9ac..872ba4ba0f 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -491,7 +491,6 @@ static void fips_teardown(void *provctx) + { + OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); + ossl_prov_ctx_free(provctx); +- ossl_deinit_casecmp(); + } + + static void fips_intern_teardown(void *provctx) +@@ -549,8 +548,6 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, + + memset(&selftest_params, 0, sizeof(selftest_params)); + +- if (!ossl_init_casecmp_int()) +- return 0; + if (!ossl_prov_seeding_from_dispatch(in)) + goto err; + for (; in->function_id != 0; in++) { +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/lp1974037/0011-Drop-the-last-ossl_init_casecmp-call.patch openssl-3.0.2/debian/patches/lp1974037/0011-Drop-the-last-ossl_init_casecmp-call.patch --- openssl-3.0.2/debian/patches/lp1974037/0011-Drop-the-last-ossl_init_casecmp-call.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.2/debian/patches/lp1974037/0011-Drop-the-last-ossl_init_casecmp-call.patch 2022-05-24 10:55:08.000000000 +0200 @@ -0,0 +1,36 @@ +From 6eaaa39e36d6ca37697e7cc3d301733947e43da0 Mon Sep 17 00:00:00 2001 +From: Richard Levitte +Date: Mon, 23 May 2022 09:30:36 +0200 +Subject: [PATCH 11/11] Drop the last ossl_init_casecmp() call + +This was missed in an earlier merge that removed it. + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18380) + +Origin: upstream, https://github.com/openssl/openssl/pull/18380 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 +Applied-Upstream: 3.0 branch (probably upcoming 3.0.4) +--- + crypto/context.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/crypto/context.c b/crypto/context.c +index 4fef24cadd..bdfc4d02a3 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -151,8 +151,7 @@ static CRYPTO_THREAD_LOCAL default_context_thread_local; + DEFINE_RUN_ONCE_STATIC(default_context_do_init) + { + return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) +- && context_init(&default_context_int) +- && ossl_init_casecmp(); ++ && context_init(&default_context_int); + } + + void ossl_lib_ctx_default_deinit(void) +-- +2.34.1 + diff -Nru openssl-3.0.2/debian/patches/series openssl-3.0.2/debian/patches/series --- openssl-3.0.2/debian/patches/series 2022-05-05 10:04:44.000000000 +0200 +++ openssl-3.0.2/debian/patches/series 2022-05-24 10:55:08.000000000 +0200 @@ -11,11 +11,25 @@ tests-use-seclevel-1.patch tls1.2-min-seclevel2.patch skip_tls1.1_seclevel3_tests.patch + lp1968997/0001-Public-API-functions-OPENSSL_str-n-casecmp.patch lp1968997/0002-FIPS-provider-modifications.patch lp1968997/0003-Minimal-test-checking-we-can-get-public-key-in-Turki.patch lp1968997/0004-str-n-casecmp-OPENSSL_strncasecmp.patch lp1968997/0005-Ensure-we-initialized-the-locale-before-evp_pkey_nam.patch + +lp1974037/0001-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch +lp1974037/0002-Fix-build-on-OPENSSL_SYS_TANDEM-and-older-POSIXes.patch +lp1974037/0003-Include-the-e_os.h-before-string.h.patch +lp1974037/0004-int_ctx_new-Revert-extra-ossl_init_casecmp-call.patch +lp1974037/0005-Move-OPENSSL_strcasecmp-and-related-to-o_str.c.patch +lp1974037/0006-Avoid-code-duplication-for-locale-initialization.patch +lp1974037/0007-Add-fallback-in-case-of-locale-initialization-failur.patch +lp1974037/0008-Always-try-locale-initialization-from-OPENSSL_strcas.patch +lp1974037/0009-tolower-refine-the-tolower-code-to-avoid-a-memory-ac.patch +lp1974037/0010-strcasecmp-implement-strcasecmp-and-strncasecmp.patch +lp1974037/0011-Drop-the-last-ossl_init_casecmp-call.patch + CVE-2022-1292.patch CVE-2022-1343-1.patch CVE-2022-1343-2.patch