diff --git a/.gitignore b/.gitignore index 0a3d925..a8b9f6a 100644 --- a/.gitignore +++ b/.gitignore @@ -53,3 +53,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.1.1k-hobbled.tar.xz /openssl-3.0.0-hobbled.tar.xz /openssl-3.0.1-hobbled.tar.xz +/openssl-3.0.7-hobbled.tar.gz diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 9917fcf..7a97dee 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: - ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: - EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -- 2.26.2 diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch index 01bd840..30ff325 100644 --- a/0009-Add-Kernel-FIPS-mode-flag-support.patch +++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 +++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 @@ -12,11 +12,46 @@ - #include "internal/bio.h" #include "internal/provider.h" + #include "crypto/ctype.h" +# include +# include diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch index 51c9d23..10e200c 100644 --- a/0011-Remove-EC-curves.patch +++ b/0011-Remove-EC-curves.patch @@ -5011,3 +5011,15 @@ diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remov Title=prime256v1 curve tests PrivateKey=ALICE_cf_prime256v1 +diff -up openssl-3.0.7/test/recipes/15-test_ec.t.skipshort openssl-3.0.7/test/recipes/15-test_ec.t +--- openssl-3.0.7/test/recipes/15-test_ec.t.skipshort 2022-11-23 12:40:55.324395782 +0100 ++++ openssl-3.0.7/test/recipes/15-test_ec.t 2022-11-23 12:42:12.478094387 +0100 +@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key + + subtest 'Check loading of fips and non-fips keys' => sub { + plan skip_all => "FIPS is disabled" +- if $no_fips; ++ if 1; #Red Hat specific, original value is $no_fips; + + plan tests => 2; + diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch index 9c3ef57..550cdf4 100644 --- a/0012-Disable-explicit-ec.patch +++ b/0012-Disable-explicit-ec.patch @@ -40,17 +40,17 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te static OSSL_PARAM_BLD *bld_tri_nc = NULL; @@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); - IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") + IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") -DOMAIN_KEYS(ECExplicitPrime2G); --IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC") +-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) -IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") +/*DOMAIN_KEYS(ECExplicitPrime2G);*/ -+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/ ++/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/ +/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ # ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); - IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") + IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) @@ -1318,7 +1318,7 @@ int setup_tests(void) || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) || !create_ec_explicit_prime_params(bld_prime) diff --git a/0031-tmp-Fix-test-names.patch b/0031-tmp-Fix-test-names.patch index 5c22f24..42b3c0a 100644 --- a/0031-tmp-Fix-test-names.patch +++ b/0031-tmp-Fix-test-names.patch @@ -2,9 +2,9 @@ diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/ --- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200 +++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200 @@ -40,7 +40,7 @@ unless ($no_fips) { - srctop_file("test", "recipes", "90-test_sslapi_data", - "passwd.txt"), $tmpfilename, "fips", - srctop_file("test", "fips-and-base.cnf")])), + "recipes", + "90-test_sslapi_data", + "dhparams.pem")])), - "running sslapitest"); + "running sslapitest - FIPS"); } diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch index 6d948dd..9256f7f 100644 --- a/0035-speed-skip-unavailable-dgst.patch +++ b/0035-speed-skip-unavailable-dgst.patch @@ -11,16 +11,3 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c if (!EVP_MAC_init(mctx, NULL, 0, NULL) || !EVP_MAC_update(mctx, buf, lengths[testnum]) || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) -@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv) - if (loopargs[i].mctx == NULL) - goto end; - -- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) -- goto end; -+ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) { -+ EVP_MAC_CTX_free(loopargs[i].mctx); -+ loopargs[i].mctx = NULL; -+ } - } - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch index 8308990..abb13e0 100644 --- a/0045-FIPS-services-minimize.patch +++ b/0045-FIPS-services-minimize.patch @@ -717,35 +717,3 @@ diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen if (!ossl_prov_is_running()) return 0; -diff -up openssl-3.0.1/ssl/t1_lib.c.groupnames openssl-3.0.1/ssl/t1_lib.c ---- openssl-3.0.1/ssl/t1_lib.c.groupnames 2022-06-17 09:42:50.866748854 +0200 -+++ openssl-3.0.1/ssl/t1_lib.c 2022-06-17 09:49:07.715973172 +0200 -@@ -345,6 +345,7 @@ static int add_provider_groups(const OSS - * it. - */ - ret = 1; -+ (void)ERR_set_mark(); - keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq); - if (keymgmt != NULL) { - /* -@@ -366,6 +367,7 @@ static int add_provider_groups(const OSS - } - EVP_KEYMGMT_free(keymgmt); - } -+ (void)ERR_pop_to_mark(); - err: - if (ginf != NULL) { - OPENSSL_free(ginf->tlsname); -@@ -725,8 +727,11 @@ static int gid_cb(const char *elem, int - etmp[len] = 0; - - gid = tls1_group_name2id(garg->ctx, etmp); -- if (gid == 0) -+ if (gid == 0) { -+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, -+ "group '%s' cannot be set", etmp); - return 0; -+ } - for (i = 0; i < garg->gidcnt; i++) - if (garg->gid_arr[i] == gid) - return 0; diff --git a/0049-Selectively-disallow-SHA1-signatures.patch b/0049-Selectively-disallow-SHA1-signatures.patch index 18b0183..f18e099 100644 --- a/0049-Selectively-disallow-SHA1-signatures.patch +++ b/0049-Selectively-disallow-SHA1-signatures.patch @@ -479,8 +479,8 @@ index 10b4e57d79..2d3c363bb0 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: - EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: - EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch index ed30b2e..5c33a76 100644 --- a/0056-strcasecmp.patch +++ b/0056-strcasecmp.patch @@ -1,2279 +1,14 @@ -diff --git a/apps/ca.c b/apps/ca.c -index 24883615ed6b..8a2b31579549 100644 ---- a/apps/ca.c -+++ b/apps/ca.c -@@ -2367,7 +2367,7 @@ static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg) - - case REV_CRL_REASON: - for (i = 0; i < 8; i++) { -- if (strcasecmp(rev_arg, crl_reasons[i]) == 0) { -+ if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) { - reason = crl_reasons[i]; - break; - } -@@ -2584,7 +2584,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - } - if (reason_str) { - for (i = 0; i < NUM_REASONS; i++) { -- if (strcasecmp(reason_str, crl_reasons[i]) == 0) { -+ if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) { - reason_code = i; - break; - } -diff --git a/apps/cmp.c b/apps/cmp.c -index 9ea5cee4124d..5c6bcdad0a64 100644 ---- a/apps/cmp.c -+++ b/apps/cmp.c -@@ -1745,7 +1745,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx) - valptr[0] = '\0'; - valptr++; - -- if (strncasecmp(valptr, "int:", 4) != 0) { -+ if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) { - CMP_err("missing 'int:' in -geninfo option"); - return 0; - } -diff --git a/apps/ecparam.c b/apps/ecparam.c -index 12eed703de69..ecce36be71a2 100644 ---- a/apps/ecparam.c -+++ b/apps/ecparam.c -@@ -229,7 +229,7 @@ int ecparam_main(int argc, char **argv) - point_format, 0); - *p = OSSL_PARAM_construct_end(); - -- if (strcasecmp(curve_name, "SM2") == 0) -+ if (OPENSSL_strcasecmp(curve_name, "SM2") == 0) - gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL); - else - gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL); -diff --git a/apps/lib/apps.c b/apps/lib/apps.c -index 30da6e8a8cb8..227da4982d14 100644 ---- a/apps/lib/apps.c -+++ b/apps/lib/apps.c -@@ -688,8 +688,8 @@ int load_cert_certs(const char *uri, - int ret = 0; - char *pass_string; - -- if (exclude_http && (strncasecmp(uri, "http://", 7) == 0 -- || strncasecmp(uri, "https://", 8) == 0)) { -+ if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 -+ || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) { - BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); - return ret; - } -@@ -1182,20 +1182,20 @@ int set_name_ex(unsigned long *flags, const char *arg) - - int set_dateopt(unsigned long *dateopt, const char *arg) - { -- if (strcasecmp(arg, "rfc_822") == 0) -+ if (OPENSSL_strcasecmp(arg, "rfc_822") == 0) - *dateopt = ASN1_DTFLGS_RFC822; -- else if (strcasecmp(arg, "iso_8601") == 0) -+ else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0) - *dateopt = ASN1_DTFLGS_ISO8601; - return 0; - } - - int set_ext_copy(int *copy_type, const char *arg) - { -- if (strcasecmp(arg, "none") == 0) -+ if (OPENSSL_strcasecmp(arg, "none") == 0) - *copy_type = EXT_COPY_NONE; -- else if (strcasecmp(arg, "copy") == 0) -+ else if (OPENSSL_strcasecmp(arg, "copy") == 0) - *copy_type = EXT_COPY_ADD; -- else if (strcasecmp(arg, "copyall") == 0) -+ else if (OPENSSL_strcasecmp(arg, "copyall") == 0) - *copy_type = EXT_COPY_ALL; - else - return 0; -@@ -1275,7 +1275,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, - } - - for (ptbl = in_tbl; ptbl->name; ptbl++) { -- if (strcasecmp(arg, ptbl->name) == 0) { -+ if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) { - *flags &= ~ptbl->mask; - if (c) - *flags |= ptbl->flag; -diff --git a/apps/lib/engine_loader.c b/apps/lib/engine_loader.c -index c093f31e1b39..42775a89f361 100644 ---- a/apps/lib/engine_loader.c -+++ b/apps/lib/engine_loader.c -@@ -71,7 +71,7 @@ static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader, - char *keyid = NULL; - OSSL_STORE_LOADER_CTX *ctx = NULL; - -- if (strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) -+ if (OPENSSL_strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) - != 0) - return NULL; - p += sizeof(ENGINE_SCHEME_COLON) - 1; -diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c -index 03faac7707b7..df9575e2cd21 100644 ---- a/apps/lib/http_server.c -+++ b/apps/lib/http_server.c -@@ -453,10 +453,11 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, - } - *line_end = '\0'; - /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ -- if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) { -- if (strcasecmp(value, "keep-alive") == 0) -+ if (found_keep_alive != NULL -+ && OPENSSL_strcasecmp(key, "Connection") == 0) { -+ if (OPENSSL_strcasecmp(value, "keep-alive") == 0) - *found_keep_alive = 1; -- else if (strcasecmp(value, "close") == 0) -+ else if (OPENSSL_strcasecmp(value, "close") == 0) - *found_keep_alive = 0; - } - } -diff --git a/apps/lib/names.c b/apps/lib/names.c -index 5e2e7e147c7f..462703c6462b 100644 ---- a/apps/lib/names.c -+++ b/apps/lib/names.c -@@ -11,14 +11,11 @@ - #include - #include - #include "names.h" -- --#ifdef _WIN32 --# define strcasecmp _stricmp --#endif -+#include "openssl/crypto.h" - - int name_cmp(const char * const *a, const char * const *b) - { -- return strcasecmp(*a, *b); -+ return OPENSSL_strcasecmp(*a, *b); - } - - void collect_names(const char *name, void *vdata) -diff --git a/apps/lib/vms_term_sock.c b/apps/lib/vms_term_sock.c -index 1b27699b9d49..4d9a69b29e03 100644 ---- a/apps/lib/vms_term_sock.c -+++ b/apps/lib/vms_term_sock.c -@@ -132,7 +132,7 @@ int main (int argc, char *argv[], char *envp[]) - len; - - LogMessage ("Enter 'q' or 'Q' to quit ..."); -- while (strcasecmp (TermBuff, "Q")) { -+ while (OPENSSL_strcasecmp (TermBuff, "Q")) { - /* - ** Create the terminal socket - */ -diff --git a/apps/list.c b/apps/list.c -index 9732d6625a05..620ce0083134 100644 ---- a/apps/list.c -+++ b/apps/list.c -@@ -71,7 +71,7 @@ static void legacy_cipher_fn(const EVP_CIPHER *c, - { - if (select_name != NULL - && (c == NULL -- || strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) -+ || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) - return; - if (c != NULL) { - BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c)); -@@ -370,7 +370,7 @@ DEFINE_STACK_OF(EVP_RAND) - - static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b) - { -- int ret = strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); -+ int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)), -@@ -404,7 +404,7 @@ static void list_random_generators(void) - const EVP_RAND *m = sk_EVP_RAND_value(rands, i); - - if (select_name != NULL -- && strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) -+ && OPENSSL_strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) - continue; - BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m)); - BIO_printf(bio_out, " @ %s\n", -@@ -463,7 +463,7 @@ static void display_random(const char *name, EVP_RAND_CTX *drbg) - if (gettables != NULL) - for (; gettables->key != NULL; gettables++) { - /* State has been dealt with already, so ignore */ -- if (strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) -+ if (OPENSSL_strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) - continue; - /* Outside of verbose mode, we skip non-string values */ - if (gettables->data_type != OSSL_PARAM_UTF8_STRING -diff --git a/apps/rehash.c b/apps/rehash.c -index fb6c08c420ca..e4a4e14fd497 100644 ---- a/apps/rehash.c -+++ b/apps/rehash.c -@@ -214,7 +214,7 @@ static int handle_symlink(const char *filename, const char *fullpath) - return -1; - for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) { - const char *suffix = suffixes[type]; -- if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) -+ if (OPENSSL_strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) - break; - } - i += strlen(suffixes[type]); -@@ -249,7 +249,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) - if ((ext = strrchr(filename, '.')) == NULL) - goto end; - for (i = 0; i < OSSL_NELEM(extensions); i++) { -- if (strcasecmp(extensions[i], ext + 1) == 0) -+ if (OPENSSL_strcasecmp(extensions[i], ext + 1) == 0) - break; - } - if (i >= OSSL_NELEM(extensions)) -diff --git a/apps/s_server.c b/apps/s_server.c -index ccaec3124bf4..e93cfa1e2c7a 100644 ---- a/apps/s_server.c -+++ b/apps/s_server.c -@@ -432,7 +432,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) - return SSL_TLSEXT_ERR_NOACK; - - if (servername != NULL) { -- if (strcasecmp(servername, p->servername)) -+ if (OPENSSL_strcasecmp(servername, p->servername)) - return p->extension_error; - if (ctx2 != NULL) { - BIO_printf(p->biodebug, "Switching server context.\n"); -diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c -index ddf68b576f88..fe9fc0dd43ba 100644 ---- a/crypto/LPdir_unix.c -+++ b/crypto/LPdir_unix.c -@@ -141,7 +141,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) - p--; - if (p > (*ctx)->entry_name && p[-1] == ';') - p[-1] = '\0'; -- if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0) -+ if (OPENSSL_strcasecmp((*ctx)->entry_name, -+ (*ctx)->previous_entry_name) == 0) - goto again; - } - #endif -diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c -index 031a6c936ad1..0de5785c2745 100644 ---- a/crypto/asn1/ameth_lib.c -+++ b/crypto/asn1/ameth_lib.c -@@ -10,7 +10,6 @@ - /* We need to use some engine deprecated APIs */ - #define OPENSSL_SUPPRESS_DEPRECATED - --#include "e_os.h" /* for strncasecmp */ - #include "internal/cryptlib.h" - #include - #include -@@ -134,7 +133,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - if (ameth->pkey_flags & ASN1_PKEY_ALIAS) - continue; - if ((int)strlen(ameth->pem_str) == len -- && strncasecmp(ameth->pem_str, str, len) == 0) -+ && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) - return ameth; - } - return NULL; -diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c -index ecff2be02e1f..59d42daf4a1c 100644 ---- a/crypto/asn1/asn1_gen.c -+++ b/crypto/asn1/asn1_gen.c -@@ -10,7 +10,6 @@ - #include "internal/cryptlib.h" - #include - #include --#include "e_os.h" /* strncasecmp() */ - - #define ASN1_GEN_FLAG 0x10000 - #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) -@@ -565,7 +564,8 @@ static int asn1_str2tag(const char *tagstr, int len) - - tntmp = tnst; - for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { -- if ((len == tntmp->len) && (strncasecmp(tntmp->strnam, tagstr, len) == 0)) -+ if ((len == tntmp->len) -+ && (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0)) - return tntmp->tag; - } - -diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c -index c05c3c6b109d..6fe8427dc5e6 100644 ---- a/crypto/conf/conf_def.c -+++ b/crypto/conf/conf_def.c -@@ -11,7 +11,7 @@ - - #include - #include --#include "e_os.h" /* strcasecmp and struct stat */ -+#include "e_os.h" /* struct stat */ - #ifdef __TANDEM - # include /* needed for stat.h */ - # include /* struct stat */ -@@ -192,11 +192,11 @@ static int def_load(CONF *conf, const char *name, long *line) - /* Parse a boolean value and fill in *flag. Return 0 on error. */ - static int parsebool(const char *pval, int *flag) - { -- if (strcasecmp(pval, "on") == 0 -- || strcasecmp(pval, "true") == 0) { -+ if (OPENSSL_strcasecmp(pval, "on") == 0 -+ || OPENSSL_strcasecmp(pval, "true") == 0) { - *flag = 1; -- } else if (strcasecmp(pval, "off") == 0 -- || strcasecmp(pval, "false") == 0) { -+ } else if (OPENSSL_strcasecmp(pval, "off") == 0 -+ || OPENSSL_strcasecmp(pval, "false") == 0) { - *flag = 0; - } else { - ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); -@@ -839,8 +839,10 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) - namelen = strlen(filename); - - -- if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0) -- || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) { -+ if ((namelen > 5 -+ && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0) -+ || (namelen > 4 -+ && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) { - size_t newlen; - char *newpath; - BIO *bio; -diff --git a/crypto/context.c b/crypto/context.c -index 3333af4c534e..4fef24cadd5a 100644 ---- a/crypto/context.c -+++ b/crypto/context.c -@@ -14,6 +14,7 @@ - #include "internal/core.h" - #include "internal/bio.h" - #include "internal/provider.h" -+#include "crypto/ctype.h" - - # include - # include -@@ -150,7 +151,8 @@ static CRYPTO_THREAD_LOCAL default_context_thread_local; - { - read_kernel_fips_flag(); - return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) -- && context_init(&default_context_int); -+ && context_init(&default_context_int) -+ && ossl_init_casecmp(); - } - - void ossl_lib_ctx_default_deinit(void) -diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c -index 55248affc663..7e11ab1c8845 100644 ---- a/crypto/core_namemap.c -+++ b/crypto/core_namemap.c -@@ -7,7 +7,6 @@ - * https://www.openssl.org/source/license.html - */ - --#include "e_os.h" /* strcasecmp */ - #include "internal/namemap.h" - #include - #include "crypto/lhash.h" /* ossl_lh_strcasehash */ -@@ -49,7 +48,7 @@ static unsigned long namenum_hash(const NAMENUM_ENTRY *n) - - static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b) - { -- return strcasecmp(a->name, b->name); -+ return OPENSSL_strcasecmp(a->name, b->name); - } - - static void namenum_free(NAMENUM_ENTRY *n) -diff --git a/crypto/ctype.c b/crypto/ctype.c -index 83c24a546f53..321306eb5f50 100644 ---- a/crypto/ctype.c -+++ b/crypto/ctype.c -@@ -12,6 +12,19 @@ - #include "crypto/ctype.h" - #include - -+#include -+#include "internal/core.h" -+#include "internal/thread_once.h" -+ -+#ifndef OPENSSL_SYS_WINDOWS -+#include -+#endif -+#include -+ -+#ifdef OPENSSL_SYS_MACOSX -+#include -+#endif -+ - /* - * Define the character classes for each character in the seven bit ASCII - * character set. This is independent of the host's character set, characters -@@ -278,3 +291,90 @@ int ossl_ascii_isdigit(const char inchar) { - return 1; - return 0; - } -+ -+/* str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly -+ * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */ -+ -+#if (defined OPENSSL_SYS_WINDOWS) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200809L) -+ -+# if defined OPENSSL_SYS_WINDOWS -+# define locale_t _locale_t -+# define freelocale _free_locale -+# define strcasecmp_l _stricmp_l -+# define strncasecmp_l _strnicmp_l -+# endif -+ -+# ifndef FIPS_MODULE -+static locale_t loc; -+ -+static int locale_base_inited = 0; -+static CRYPTO_ONCE locale_base = CRYPTO_ONCE_STATIC_INIT; -+static CRYPTO_ONCE locale_base_deinit = CRYPTO_ONCE_STATIC_INIT; -+ -+void *ossl_c_locale() { -+ return (void *)loc; -+} -+ -+DEFINE_RUN_ONCE_STATIC(ossl_init_locale_base) -+{ -+# ifdef OPENSSL_SYS_WINDOWS -+ loc = _create_locale(LC_COLLATE, "C"); -+# else -+ loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); -+# endif -+ locale_base_inited = 1; -+ return (loc == (locale_t) 0) ? 0 : 1; -+} -+ -+DEFINE_RUN_ONCE_STATIC(ossl_deinit_locale_base) -+{ -+ if (locale_base_inited && loc) { -+ freelocale(loc); -+ loc = NULL; -+ } -+ return 1; -+} -+ -+int ossl_init_casecmp() -+{ -+ return RUN_ONCE(&locale_base, ossl_init_locale_base); -+} -+ -+void ossl_deinit_casecmp() { -+ (void)RUN_ONCE(&locale_base_deinit, ossl_deinit_locale_base); -+} -+# endif -+ -+int OPENSSL_strcasecmp(const char *s1, const char *s2) -+{ -+ return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale()); -+} -+ -+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) -+{ -+ return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale()); -+} -+#else -+# ifndef FIPS_MODULE -+void *ossl_c_locale() { -+ return NULL; -+} -+# endif -+ -+int ossl_init_casecmp() { -+ return 1; -+} -+ -+void ossl_deinit_casecmp() { -+} -+ -+int OPENSSL_strcasecmp(const char *s1, const char *s2) -+{ -+ return strcasecmp(s1, s2); -+} -+ -+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) -+{ -+ return strncasecmp(s1, s2, n); -+} -+#endif -diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c -index c71f4053da6c..7608cbae5a28 100644 ---- a/crypto/dh/dh_group_params.c -+++ b/crypto/dh/dh_group_params.c -@@ -23,7 +23,6 @@ - #include - #include "internal/nelem.h" - #include "crypto/dh.h" --#include "e_os.h" /* strcasecmp */ - - static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) - { -diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c -index 381da71f33a8..0d84a3332296 100644 ---- a/crypto/ec/ec_backend.c -+++ b/crypto/ec/ec_backend.c -@@ -54,7 +54,7 @@ int ossl_ec_encoding_name2id(const char *name) - return OPENSSL_EC_NAMED_CURVE; - - for (i = 0, sz = OSSL_NELEM(encoding_nameid_map); i < sz; i++) { -- if (strcasecmp(name, encoding_nameid_map[i].ptr) == 0) -+ if (OPENSSL_strcasecmp(name, encoding_nameid_map[i].ptr) == 0) - return encoding_nameid_map[i].id; - } - return -1; -@@ -91,7 +91,7 @@ static int ec_check_group_type_name2id(const char *name) - return 0; - - for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) { -- if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) -+ if (OPENSSL_strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) - return check_group_type_nameid_map[i].id; - } - return -1; -@@ -136,7 +136,7 @@ int ossl_ec_pt_format_name2id(const char *name) - return (int)POINT_CONVERSION_UNCOMPRESSED; - - for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) { -- if (strcasecmp(name, format_nameid_map[i].ptr) == 0) -+ if (OPENSSL_strcasecmp(name, format_nameid_map[i].ptr) == 0) - return format_nameid_map[i].id; - } - return -1; -diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index 2ee8284eaff3..ecd53fee008a 100644 ---- a/crypto/ec/ec_lib.c -+++ b/crypto/ec/ec_lib.c -@@ -22,7 +22,6 @@ - #include "crypto/ec.h" - #include "internal/nelem.h" - #include "ec_local.h" --#include "e_os.h" /* strcasecmp */ - - /* functions for EC_GROUP objects */ - -@@ -1581,9 +1580,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); - goto err; - } -- if (strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { -+ if (OPENSSL_strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { - is_prime_field = 1; -- } else if (strcasecmp(ptmp->data, SN_X9_62_characteristic_two_field) == 0) { -+ } else if (OPENSSL_strcasecmp(ptmp->data, -+ SN_X9_62_characteristic_two_field) == 0) { - is_prime_field = 0; - } else { - /* Invalid field */ -diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c -index 10a38b6f82a7..de6d3def3101 100644 ---- a/crypto/encode_decode/decoder_lib.c -+++ b/crypto/encode_decode/decoder_lib.c -@@ -789,7 +789,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) - */ - trace_data_structure = data_structure; - if (data_type != NULL && data_structure != NULL -- && strcasecmp(data_structure, "type-specific") == 0) -+ && OPENSSL_strcasecmp(data_structure, "type-specific") == 0) - data_structure = NULL; - - OSSL_TRACE_BEGIN(DECODER) { -@@ -850,7 +850,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) - * that's the case, we do this extra check. - */ - if (decoder == NULL && ctx->start_input_type != NULL -- && strcasecmp(ctx->start_input_type, new_input_type) != 0) { -+ && OPENSSL_strcasecmp(ctx->start_input_type, new_input_type) != 0) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n", -@@ -896,7 +896,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) - */ - if (data_structure != NULL - && (new_input_structure == NULL -- || strcasecmp(data_structure, new_input_structure) != 0)) { -+ || OPENSSL_strcasecmp(data_structure, -+ new_input_structure) != 0)) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n", -@@ -915,7 +916,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) - && ctx->input_structure != NULL - && new_input_structure != NULL) { - data->flag_input_structure_checked = 1; -- if (strcasecmp(new_input_structure, ctx->input_structure) != 0) { -+ if (OPENSSL_strcasecmp(new_input_structure, -+ ctx->input_structure) != 0) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", -diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c -index 475117a463af..833061d873ed 100644 ---- a/crypto/encode_decode/decoder_pkey.c -+++ b/crypto/encode_decode/decoder_pkey.c -@@ -18,7 +18,6 @@ - #include "crypto/evp.h" - #include "crypto/decoder.h" - #include "encoder_local.h" --#include "e_os.h" /* strcasecmp on Windows */ - - int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, - const unsigned char *kstr, -diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c -index cfd9275172f5..2a83af825c2d 100644 ---- a/crypto/encode_decode/encoder_lib.c -+++ b/crypto/encode_decode/encoder_lib.c -@@ -7,7 +7,6 @@ - * https://www.openssl.org/source/license.html - */ - --#include "e_os.h" /* strcasecmp on Windows */ - #include - #include - #include -@@ -453,8 +452,8 @@ static int encoder_process(struct encoder_process_data_st *data) - */ - if (top) { - if (data->ctx->output_type != NULL -- && strcasecmp(current_output_type, -- data->ctx->output_type) != 0) { -+ && OPENSSL_strcasecmp(current_output_type, -+ data->ctx->output_type) != 0) { - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] Skipping because current encoder output type (%s) != desired output type (%s)\n", -@@ -482,8 +481,8 @@ static int encoder_process(struct encoder_process_data_st *data) - */ - if (data->ctx->output_structure != NULL - && current_output_structure != NULL) { -- if (strcasecmp(data->ctx->output_structure, -- current_output_structure) != 0) { -+ if (OPENSSL_strcasecmp(data->ctx->output_structure, -+ current_output_structure) != 0) { - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] Skipping because current encoder output structure (%s) != ctx output structure (%s)\n", -diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c -index c37edf966d7e..3a24317cf4d6 100644 ---- a/crypto/encode_decode/encoder_pkey.c -+++ b/crypto/encode_decode/encoder_pkey.c -@@ -7,7 +7,6 @@ - * https://www.openssl.org/source/license.html - */ - --#include "e_os.h" /* strcasecmp on Windows */ - #include - #include - #include -diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c -index e3a5c82e9957..09d0ed9d3aae 100644 ---- a/crypto/engine/tb_asnmth.c -+++ b/crypto/engine/tb_asnmth.c -@@ -152,7 +152,7 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); - if (ameth != NULL - && ((int)strlen(ameth->pem_str) == len) -- && strncasecmp(ameth->pem_str, str, len) == 0) -+ && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) - return ameth; - } - return NULL; -@@ -177,7 +177,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) - e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (ameth != NULL - && ((int)strlen(ameth->pem_str) == lk->len) -- && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { -+ && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { - lk->e = e; - lk->ameth = ameth; - return; -diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c -index 961ca116b32f..0aa1c23beec7 100644 ---- a/crypto/evp/ctrl_params_translate.c -+++ b/crypto/evp/ctrl_params_translate.c -@@ -37,8 +37,6 @@ - #include "crypto/dh.h" - #include "crypto/ec.h" - --#include "e_os.h" /* strcasecmp() for Windows */ -- - struct translation_ctx_st; /* Forwarding */ - struct translation_st; /* Forwarding */ - -@@ -905,7 +903,7 @@ static int fix_kdf_type(enum state state, - - /* Convert KDF type strings to numbers */ - for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++) -- if (strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { -+ if (OPENSSL_strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { - ctx->p1 = kdf_type_map->kdf_type_num; - ret = 1; - break; -@@ -2469,10 +2467,11 @@ lookup_translation(struct translation_st *tmpl, - * cmd name in the template. - */ - if (item->ctrl_str != NULL -- && strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) -+ && OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) - ctrl_str = tmpl->ctrl_str; - else if (item->ctrl_hexstr != NULL -- && strcasecmp(tmpl->ctrl_hexstr, item->ctrl_hexstr) == 0) -+ && OPENSSL_strcasecmp(tmpl->ctrl_hexstr, -+ item->ctrl_hexstr) == 0) - ctrl_hexstr = tmpl->ctrl_hexstr; - else - continue; -@@ -2500,7 +2499,8 @@ lookup_translation(struct translation_st *tmpl, - if ((item->action_type != NONE - && tmpl->action_type != item->action_type) - || (item->param_key != NULL -- && strcasecmp(tmpl->param_key, item->param_key) != 0)) -+ && OPENSSL_strcasecmp(tmpl->param_key, -+ item->param_key) != 0)) - continue; - } else { - return NULL; -diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c -index 8550be65e785..aa3c7fa4efc7 100644 ---- a/crypto/evp/ec_support.c -+++ b/crypto/evp/ec_support.c -@@ -10,7 +10,7 @@ - #include - #include - #include "crypto/ec.h" --#include "e_os.h" /* strcasecmp required by windows */ -+#include "internal/nelem.h" - - typedef struct ec_name2nid_st { - const char *name; -@@ -139,7 +139,7 @@ int ossl_ec_curve_name2nid(const char *name) - return nid; - - for (i = 0; i < OSSL_NELEM(curve_list); i++) { -- if (strcasecmp(curve_list[i].name, name) == 0) -+ if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0) - return curve_list[i].nid; - } - } -diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c -index 24092cfd5be0..da3ef28b3d18 100644 ---- a/crypto/evp/evp_lib.c -+++ b/crypto/evp/evp_lib.c -@@ -15,7 +15,6 @@ - - #include - #include --#include "e_os.h" /* strcasecmp */ - #include "internal/cryptlib.h" - #include - #include -@@ -1170,17 +1169,17 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, - - va_start(args, type); - -- if (strcasecmp(type, "RSA") == 0) { -+ if (OPENSSL_strcasecmp(type, "RSA") == 0) { - bits = va_arg(args, size_t); - params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); -- } else if (strcasecmp(type, "EC") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "EC") == 0) { - name = va_arg(args, char *); - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - name, 0); -- } else if (strcasecmp(type, "ED25519") != 0 -- && strcasecmp(type, "X25519") != 0 -- && strcasecmp(type, "ED448") != 0 -- && strcasecmp(type, "X448") != 0) { -+ } else if (OPENSSL_strcasecmp(type, "ED25519") != 0 -+ && OPENSSL_strcasecmp(type, "X25519") != 0 -+ && OPENSSL_strcasecmp(type, "ED448") != 0 -+ && OPENSSL_strcasecmp(type, "X448") != 0) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); - goto end; - } -diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c -index 27138af56421..668607a72360 100644 ---- a/crypto/evp/p_lib.c -+++ b/crypto/evp/p_lib.c -@@ -50,8 +50,6 @@ - #include "internal/provider.h" - #include "evp_local.h" - --#include "e_os.h" /* strcasecmp on Windows */ -- - static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, - int len, EVP_KEYMGMT *keymgmt); - static void evp_pkey_free_it(EVP_PKEY *key); -@@ -1018,7 +1016,7 @@ int evp_pkey_name2type(const char *name) - size_t i; - - for (i = 0; i < OSSL_NELEM(standard_name2type); i++) { -- if (strcasecmp(name, standard_name2type[i].ptr) == 0) -+ if (OPENSSL_strcasecmp(name, standard_name2type[i].ptr) == 0) - return (int)standard_name2type[i].id; - } - -diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c -index e9f597c46c00..266cb30bc245 100644 ---- a/crypto/ffc/ffc_dh.c -+++ b/crypto/ffc/ffc_dh.c -@@ -10,7 +10,6 @@ - #include "internal/ffc.h" - #include "internal/nelem.h" - #include "crypto/bn_dh.h" --#include "e_os.h" /* strcasecmp */ - - #ifndef OPENSSL_NO_DH - -@@ -84,7 +83,7 @@ const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name) - size_t i; - - for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) { -- if (strcasecmp(dh_named_groups[i].name, name) == 0) -+ if (OPENSSL_strcasecmp(dh_named_groups[i].name, name) == 0) - return &dh_named_groups[i]; - } - return NULL; -diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c -index 6e025a06be6e..500189e49fc0 100644 ---- a/crypto/ffc/ffc_params.c -+++ b/crypto/ffc/ffc_params.c -@@ -12,7 +12,6 @@ - #include "internal/ffc.h" - #include "internal/param_build_set.h" - #include "internal/nelem.h" --#include "e_os.h" /* strcasecmp */ - - #ifndef FIPS_MODULE - # include /* ossl_ffc_params_print */ -diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c -index 33e7b82b9e8c..8133a04936c5 100644 ---- a/crypto/http/http_client.c -+++ b/crypto/http/http_client.c -@@ -322,7 +322,7 @@ static int add1_headers(OSSL_HTTP_REQ_CTX *rctx, - - for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { - hdr = sk_CONF_VALUE_value(headers, i); -- if (add_host && strcasecmp("host", hdr->name) == 0) -+ if (add_host && OPENSSL_strcasecmp("host", hdr->name) == 0) - add_host = 0; - if (!OSSL_HTTP_REQ_CTX_add1_header(rctx, hdr->name, hdr->value)) - return 0; -@@ -666,13 +666,13 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) - } - if (value != NULL && line_end != NULL) { - if (rctx->state == OHS_REDIRECT -- && strcasecmp(key, "Location") == 0) { -+ && OPENSSL_strcasecmp(key, "Location") == 0) { - rctx->redirection_url = value; - return 0; - } - if (rctx->expected_ct != NULL -- && strcasecmp(key, "Content-Type") == 0) { -- if (strcasecmp(rctx->expected_ct, value) != 0) { -+ && OPENSSL_strcasecmp(key, "Content-Type") == 0) { -+ if (OPENSSL_strcasecmp(rctx->expected_ct, value) != 0) { - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE, - "expected=%s, actual=%s", - rctx->expected_ct, value); -@@ -682,12 +682,12 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) - } - - /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ -- if (strcasecmp(key, "Connection") == 0) { -- if (strcasecmp(value, "keep-alive") == 0) -+ if (OPENSSL_strcasecmp(key, "Connection") == 0) { -+ if (OPENSSL_strcasecmp(value, "keep-alive") == 0) - found_keep_alive = 1; -- else if (strcasecmp(value, "close") == 0) -+ else if (OPENSSL_strcasecmp(value, "close") == 0) - found_keep_alive = 0; -- } else if (strcasecmp(key, "Content-Length") == 0) { -+ } else if (OPENSSL_strcasecmp(key, "Content-Length") == 0) { - resp_len = (size_t)strtoul(value, &line_end, 10); - if (line_end == value || *line_end != '\0') { - ERR_raise_data(ERR_LIB_HTTP, -diff --git a/crypto/init.c b/crypto/init.c -index 6a27d1a8e440..1569c35a6b96 100644 ---- a/crypto/init.c -+++ b/crypto/init.c -@@ -32,6 +32,7 @@ - #include "crypto/store.h" - #include /* for OSSL_CMP_log_close() */ - #include -+#include "crypto/ctype.h" - - static int stopped = 0; - static uint64_t optsdone = 0; -@@ -447,6 +448,9 @@ void OPENSSL_cleanup(void) - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n"); - ossl_trace_cleanup(); - -+ OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_deinit_casecmp()\n"); -+ ossl_deinit_casecmp(); -+ - base_inited = 0; - } - -@@ -460,6 +464,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) - uint64_t tmp; - int aloaddone = 0; - -+ if (!ossl_init_casecmp()) -+ return 0; -+ - /* Applications depend on 0 being returned when cleanup was already done */ - if (stopped) { - if (!(opts & OPENSSL_INIT_BASE_ONLY)) -diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c -index 92152eeb6674..7596d720e964 100644 ---- a/crypto/objects/o_names.c -+++ b/crypto/objects/o_names.c -@@ -21,23 +21,6 @@ - #include "obj_local.h" - #include "e_os.h" - --/* -- * We define this wrapper for two reasons. Firstly, later versions of -- * DEC C add linkage information to certain functions, which makes it -- * tricky to use them as values to regular function pointers. -- * Secondly, in the EDK2 build environment, the strcasecmp function is -- * actually an external function with the Microsoft ABI, so we can't -- * transparently assign function pointers to it. -- */ --#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI) --static int obj_strcasecmp(const char *a, const char *b) --{ -- return strcasecmp(a, b); --} --#else --#define obj_strcasecmp strcasecmp --#endif -- - /* - * I use the ex_data stuff to manage the identifiers for the obj_name_types - * that applications may define. I only really use the free function field. -@@ -111,7 +94,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), - goto out; - } - name_funcs->hash_func = ossl_lh_strcasehash; -- name_funcs->cmp_func = obj_strcasecmp; -+ name_funcs->cmp_func = OPENSSL_strcasecmp; - push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); - - if (!push) { -@@ -145,7 +128,7 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) - ret = sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->cmp_func(a->name, b->name); - } else -- ret = strcasecmp(a->name, b->name); -+ ret = OPENSSL_strcasecmp(a->name, b->name); - } - return ret; - } -diff --git a/crypto/params_dup.c b/crypto/params_dup.c -index 6a58b52f65cb..d92176da46e5 100644 ---- a/crypto/params_dup.c -+++ b/crypto/params_dup.c -@@ -11,7 +11,6 @@ - #include - #include - #include "internal/param_build_set.h" --#include "e_os.h" /* strcasecmp */ - - #define OSSL_PARAM_ALLOCATED_END 127 - #define OSSL_PARAM_MERGE_LIST_MAX 128 -@@ -142,7 +141,7 @@ static int compare_params(const void *left, const void *right) - const OSSL_PARAM *l = *(const OSSL_PARAM **)left; - const OSSL_PARAM *r = *(const OSSL_PARAM **)right; - -- return strcasecmp(l->key, r->key); -+ return OPENSSL_strcasecmp(l->key, r->key); - } - - OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) -@@ -205,7 +204,7 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) - break; - } - /* consume the list element with the smaller key */ -- diff = strcasecmp((*p1cur)->key, (*p2cur)->key); -+ diff = OPENSSL_strcasecmp((*p1cur)->key, (*p2cur)->key); - if (diff == 0) { - /* If the keys are the same then throw away the list1 element */ - *dst++ = **p2cur; -diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c -index 8954ec724617..c5691395c424 100644 ---- a/crypto/property/property_parse.c -+++ b/crypto/property/property_parse.c -@@ -45,7 +45,7 @@ static int match(const char *t[], const char m[], size_t m_len) - { - const char *s = *t; - -- if (strncasecmp(s, m, m_len) == 0) { -+ if (OPENSSL_strncasecmp(s, m, m_len) == 0) { - *t = skip_space(s + m_len); - return 1; - } -diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c -index afe3521186ca..c453d3226133 100644 ---- a/crypto/rand/rand_lib.c -+++ b/crypto/rand/rand_lib.c -@@ -768,22 +768,22 @@ static int random_conf_init(CONF_IMODULE *md, const CONF *cnf) - - for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { - cval = sk_CONF_VALUE_value(elist, i); -- if (strcasecmp(cval->name, "random") == 0) { -+ if (OPENSSL_strcasecmp(cval->name, "random") == 0) { - if (!random_set_string(&dgbl->rng_name, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "cipher") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "cipher") == 0) { - if (!random_set_string(&dgbl->rng_cipher, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "digest") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "digest") == 0) { - if (!random_set_string(&dgbl->rng_digest, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "properties") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "properties") == 0) { - if (!random_set_string(&dgbl->rng_propq, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "seed") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "seed") == 0) { - if (!random_set_string(&dgbl->seed_name, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "seed_properties") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "seed_properties") == 0) { - if (!random_set_string(&dgbl->seed_propq, cval->value)) - return 0; - } else { -diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c -index ad1623dd1444..254ebdb24287 100644 ---- a/crypto/rsa/rsa_backend.c -+++ b/crypto/rsa/rsa_backend.c -@@ -27,8 +27,6 @@ - #include "crypto/rsa.h" - #include "rsa_local.h" - --#include "e_os.h" /* strcasecmp for Windows() */ -- - /* - * The intention with the "backend" source file is to offer backend support - * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider -@@ -275,8 +273,8 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, - else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname)) - return 0; - -- if (strcasecmp(param_mgf->data, -- ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) -+ if (OPENSSL_strcasecmp(param_mgf->data, -+ ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) - return 0; - } - -diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c -index 7dcb939066f2..42bf9d555a36 100644 ---- a/crypto/store/store_lib.c -+++ b/crypto/store/store_lib.c -@@ -93,7 +93,7 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, - OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy)); - if ((p = strchr(scheme_copy, ':')) != NULL) { - *p++ = '\0'; -- if (strcasecmp(scheme_copy, "file") != 0) { -+ if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) { - if (strncmp(p, "//", 2) == 0) - schemes_n--; /* Invalidate the file scheme */ - schemes[schemes_n++] = scheme_copy; -diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c -index 1306b270bbaf..6f83da4beb02 100644 ---- a/crypto/store/store_result.c -+++ b/crypto/store/store_result.c -@@ -457,7 +457,7 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - - /* If we have a data type, it should be a PEM name */ - if (data->data_type != NULL -- && (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) -+ && (OPENSSL_strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) - ignore_trusted = 0; - - if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, -diff --git a/crypto/trace.c b/crypto/trace.c -index 40941990e673..d790409a2d62 100644 ---- a/crypto/trace.c -+++ b/crypto/trace.c -@@ -19,8 +19,6 @@ - #include "internal/refcount.h" - #include "crypto/cryptlib.h" - --#include "e_os.h" /* strcasecmp for Windows */ -- - #ifndef OPENSSL_NO_TRACE - - static CRYPTO_RWLOCK *trace_lock = NULL; -@@ -158,7 +156,7 @@ int OSSL_trace_get_category_num(const char *name) - size_t i; - - for (i = 0; i < OSSL_NELEM(trace_categories); i++) -- if (strcasecmp(name, trace_categories[i].name) == 0) -+ if (OPENSSL_strcasecmp(name, trace_categories[i].name) == 0) - return trace_categories[i].num; - return -1; /* not found */ - } -diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c -index 6a613d64e6aa..9927c083b115 100644 ---- a/crypto/x509/v3_tlsf.c -+++ b/crypto/x509/v3_tlsf.c -@@ -108,7 +108,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - extval = val->name; - - for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) -- if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) -+ if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0) - break; - if (j < OSSL_NELEM(tls_feature_tbl)) - tlsextid = tls_feature_tbl[j].num; -diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c -index ff049c897bae..6e4ef26ed608 100644 ---- a/crypto/x509/v3_utl.c -+++ b/crypto/x509/v3_utl.c -@@ -715,7 +715,7 @@ static int wildcard_match(const unsigned char *prefix, size_t prefix_len, - } - /* IDNA labels cannot match partial wildcards */ - if (!allow_idna && -- subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0) -+ subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0) - return 0; - /* The wildcard may match a literal '*' */ - if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') -@@ -775,7 +775,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, - || ('A' <= p[i] && p[i] <= 'Z') - || ('0' <= p[i] && p[i] <= '9')) { - if ((state & LABEL_START) != 0 -- && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0) -+ && len - i >= 4 && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0) - state |= LABEL_IDNA; - state &= ~(LABEL_HYPHEN | LABEL_START); - } else if (p[i] == '.') { -diff --git a/doc/build.info b/doc/build.info -index c1d98a4ca669..7e86de588aed 100644 ---- a/doc/build.info -+++ b/doc/build.info -@@ -1531,6 +1531,10 @@ DEPEND[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod - GENERATE[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod - DEPEND[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod - GENERATE[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod -+DEPEND[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod -+GENERATE[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod -+DEPEND[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod -+GENERATE[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod - DEPEND[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod - GENERATE[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod - DEPEND[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod -@@ -3110,6 +3114,7 @@ html/man3/OPENSSL_load_builtin_modules.html \ - html/man3/OPENSSL_malloc.html \ - html/man3/OPENSSL_s390xcap.html \ - html/man3/OPENSSL_secure_malloc.html \ -+html/man3/OPENSSL_strcasecmp.html \ - html/man3/OSSL_CMP_CTX_new.html \ - html/man3/OSSL_CMP_HDR_get0_transactionID.html \ - html/man3/OSSL_CMP_ITAV_set0.html \ -@@ -3704,6 +3709,7 @@ man/man3/OPENSSL_load_builtin_modules.3 \ - man/man3/OPENSSL_malloc.3 \ - man/man3/OPENSSL_s390xcap.3 \ - man/man3/OPENSSL_secure_malloc.3 \ -+man/man3/OPENSSL_strcasecmp.3 \ - man/man3/OSSL_CMP_CTX_new.3 \ - man/man3/OSSL_CMP_HDR_get0_transactionID.3 \ - man/man3/OSSL_CMP_ITAV_set0.3 \ -diff --git a/doc/man3/OPENSSL_strcasecmp.pod b/doc/man3/OPENSSL_strcasecmp.pod -new file mode 100644 -index 000000000000..1bb8b18c5013 ---- /dev/null -+++ b/doc/man3/OPENSSL_strcasecmp.pod -@@ -0,0 +1,47 @@ -+=pod -+ -+=head1 NAME -+ -+OPENSSL_strcasecmp, OPENSSL_strncasecmp - compare two strings ignoring case -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ int OPENSSL_strcasecmp(const char *s1, const char *s2); -+ int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); -+ -+=head1 DESCRIPTION -+ -+The OPENSSL_strcasecmp function performs a byte-by-byte comparison of the strings -+B and B, ignoring the case of the characters. -+ -+The OPENSSL_strncasecmp function is similar, except that it compares no more than -+B bytes of B and B. -+ -+In POSIX-compatible system and on Windows these functions use "C" locale for -+case insensitive. Otherwise the comparison is done in current locale. -+ -+=head1 RETURN VALUES -+ -+Both functions return an integer less than, equal to, or greater than zero if -+s1 is found, respectively, to be less than, to match, or be greater than s2. -+ -+=head1 NOTES -+ -+OpenSSL extensively uses case insensitive comparison of ASCII strings. Though -+OpenSSL itself is locale-agnostic, the applications using OpenSSL libraries may -+unpredictably suffer when they use localization (e.g. Turkish locale is -+well-known with a specific I/i cases). These functions use C locale for string -+comparison. -+ -+=head1 COPYRIGHT -+ -+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff --git a/e_os.h b/e_os.h -index e1608ae55d7d..5490a48fcd48 100644 ---- a/e_os.h -+++ b/e_os.h -@@ -249,8 +249,6 @@ FILE *__iob_func(); - /***********************************************/ - - # if defined(OPENSSL_SYS_WINDOWS) --# define strcasecmp _stricmp --# define strncasecmp _strnicmp - # if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) - # define open _open - # define fdopen _fdopen -diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c -index fa01317db5eb..a9c10d375a58 100644 ---- a/engines/e_devcrypto.c -+++ b/engines/e_devcrypto.c -@@ -1159,9 +1159,9 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) - case DEVCRYPTO_CMD_CIPHERS: - if (p == NULL) - return 1; -- if (strcasecmp((const char *)p, "ALL") == 0) { -+ if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { - devcrypto_select_all_ciphers(selected_ciphers); -- } else if (strcasecmp((const char*)p, "NONE") == 0) { -+ } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { - memset(selected_ciphers, 0, sizeof(selected_ciphers)); - } else { - new_list=OPENSSL_zalloc(sizeof(selected_ciphers)); -@@ -1179,9 +1179,9 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) - case DEVCRYPTO_CMD_DIGESTS: - if (p == NULL) - return 1; -- if (strcasecmp((const char *)p, "ALL") == 0) { -+ if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { - devcrypto_select_all_digests(selected_digests); -- } else if (strcasecmp((const char*)p, "NONE") == 0) { -+ } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { - memset(selected_digests, 0, sizeof(selected_digests)); - } else { - new_list=OPENSSL_zalloc(sizeof(selected_digests)); -diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c -index 391ed33d5e3a..f6de29c0c33a 100644 ---- a/engines/e_loader_attic.c -+++ b/engines/e_loader_attic.c -@@ -14,7 +14,6 @@ - /* We need to use some engine deprecated APIs */ - #define OPENSSL_SUPPRESS_DEPRECATED - --/* #include "e_os.h" */ - #include - #include - #include -@@ -44,7 +43,6 @@ DEFINE_STACK_OF(OSSL_STORE_INFO) - - #ifdef _WIN32 - # define stat _stat --# define strncasecmp _strnicmp - #endif - - #ifndef S_ISDIR -@@ -971,12 +969,12 @@ static OSSL_STORE_LOADER_CTX *file_open_ex - * There's a special case if the URI also contains an authority, then - * the full URI shouldn't be used as a path anywhere. - */ -- if (strncasecmp(uri, "file:", 5) == 0) { -+ if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) { - const char *p = &uri[5]; - - if (strncmp(&uri[5], "//", 2) == 0) { - path_data_n--; /* Invalidate using the full URI */ -- if (strncasecmp(&uri[7], "localhost/", 10) == 0) { -+ if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { - p = &uri[16]; - } else if (uri[7] == '/') { - p = &uri[7]; -@@ -1466,7 +1464,8 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) - /* - * First, check the basename - */ -- if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.') -+ if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0 -+ || name[len] != '.') - return 0; - p = &name[len + 1]; - -diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c -index 0506faa6285b..5d31b31c11f1 100644 ---- a/engines/e_ossltest.c -+++ b/engines/e_ossltest.c -@@ -42,10 +42,6 @@ - - #include "e_ossltest_err.c" - --#ifdef _WIN32 --# define strncasecmp _strnicmp --#endif -- - /* Engine Id and Name */ - static const char *engine_ossltest_id = "ossltest"; - static const char *engine_ossltest_name = "OpenSSL Test engine support"; -@@ -383,7 +379,7 @@ static EVP_PKEY *load_key(ENGINE *eng, const char *key_id, int pub, - BIO *in; - EVP_PKEY *key; - -- if (strncasecmp(key_id, "ot:", 3) != 0) -+ if (OPENSSL_strncasecmp(key_id, "ot:", 3) != 0) - return NULL; - key_id += 3; - -diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h -index a35c137e8431..44fa9a8ae930 100644 ---- a/include/crypto/ctype.h -+++ b/include/crypto/ctype.h -@@ -80,4 +80,6 @@ int ossl_ascii_isdigit(const char inchar); - # define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) - # define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) - -+int ossl_init_casecmp(void); -+void ossl_deinit_casecmp(void); - #endif -diff --git a/include/internal/core.h b/include/internal/core.h -index d9dc424164c9..b63af84787af 100644 ---- a/include/internal/core.h -+++ b/include/internal/core.h -@@ -63,4 +63,6 @@ __owur int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx); - int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx); - int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx); - -+void *ossl_c_locale(void); -+ - #endif -diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in -index c56885d2d6ff..7232f647e8a3 100644 ---- a/include/openssl/crypto.h.in -+++ b/include/openssl/crypto.h.in -@@ -133,6 +133,8 @@ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str, const char sep); - unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); - int OPENSSL_hexchar2int(unsigned char c); -+int OPENSSL_strcasecmp(const char *s1, const char *s2); -+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); - - # define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) - -diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index f6d95197f07c..e1e1961b2329 100644 ---- a/providers/common/capabilities.c -+++ b/providers/common/capabilities.c -@@ -217,7 +217,7 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg) - int ossl_prov_get_capabilities(void *provctx, const char *capability, - OSSL_CALLBACK *cb, void *arg) - { -- if (strcasecmp(capability, "TLS-GROUP") == 0) -+ if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0) - return tls_group_capability(cb, arg); - - /* We don't support this capability */ -diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index f4605dcd6ce5..fc17a958ce26 100644 ---- a/providers/fips/fipsprov.c -+++ b/providers/fips/fipsprov.c -@@ -22,6 +22,7 @@ - #include "prov/provider_util.h" - #include "prov/seeding.h" - #include "self_test.h" -+#include "internal/core.h" - - static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; - static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; -@@ -35,6 +36,22 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; - static OSSL_FUNC_provider_get_params_fn fips_get_params; - static OSSL_FUNC_provider_query_operation_fn fips_query; - -+/* Locale object accessor functions */ -+#ifdef OPENSSL_SYS_MACOSX -+# include -+#else -+# include -+#endif -+ -+#if defined OPENSSL_SYS_WINDOWS -+# define locale_t _locale_t -+# define freelocale _free_locale -+#endif -+static locale_t loc; -+ -+static int fips_init_casecmp(void); -+static void fips_deinit_casecmp(void); -+ - #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } - #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) - extern OSSL_FUNC_core_thread_start_fn *c_thread_start; -@@ -486,6 +503,23 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, - return NULL; - } - -+void *ossl_c_locale() { -+ return (void *)loc; -+} -+ -+static int fips_init_casecmp(void) { -+# ifdef OPENSSL_SYS_WINDOWS -+ loc = _create_locale(LC_COLLATE, "C"); -+# else -+ loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); -+# endif -+ return (loc == (locale_t) 0) ? 0 : 1; -+} -+ -+static void fips_deinit_casecmp(void) { -+ freelocale(loc); -+} -+ - static void fips_teardown(void *provctx) - { - OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); -@@ -498,6 +532,7 @@ static void fips_intern_teardown(void *provctx) - * We know that the library context is the same as for the outer provider, - * so no need to destroy it here. - */ -+ fips_deinit_casecmp(); - ossl_prov_ctx_free(provctx); - } - -@@ -547,6 +582,8 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, - - memset(&selftest_params, 0, sizeof(selftest_params)); - -+ if (!fips_init_casecmp()) -+ return 0; - if (!ossl_prov_seeding_from_dispatch(in)) - return 0; - for (; in->function_id != 0; in++) { -diff --git a/providers/implementations/ciphers/cipher_cts.c b/providers/implementations/ciphers/cipher_cts.c -index cb3372c646aa..5c48f37c9527 100644 ---- a/providers/implementations/ciphers/cipher_cts.c -+++ b/providers/implementations/ciphers/cipher_cts.c -@@ -46,7 +46,6 @@ - * Otherwise it is the same as CS2. - */ - --#include "e_os.h" /* strcasecmp */ - #include - #include "prov/ciphercommon.h" - #include "internal/nelem.h" -@@ -92,7 +91,7 @@ int ossl_cipher_cbc_cts_mode_name2id(const char *name) - size_t i; - - for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { -- if (strcasecmp(name, cts_modes[i].name) == 0) -+ if (OPENSSL_strcasecmp(name, cts_modes[i].name) == 0) - return (int)cts_modes[i].id; - } - return -1; -diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c -index 667d5e9619ff..89f304b41816 100644 ---- a/providers/implementations/kdfs/hkdf.c -+++ b/providers/implementations/kdfs/hkdf.c -@@ -199,11 +199,11 @@ static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[]) - - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { - if (p->data_type == OSSL_PARAM_UTF8_STRING) { -- if (strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { -+ if (OPENSSL_strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { - ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND; -- } else if (strcasecmp(p->data, "EXTRACT_ONLY") == 0) { -+ } else if (OPENSSL_strcasecmp(p->data, "EXTRACT_ONLY") == 0) { - ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; -- } else if (strcasecmp(p->data, "EXPAND_ONLY") == 0) { -+ } else if (OPENSSL_strcasecmp(p->data, "EXPAND_ONLY") == 0) { - ctx->mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; - } else { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); -diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c -index 5f30b037d94e..6be7f45fc58a 100644 ---- a/providers/implementations/kdfs/kbkdf.c -+++ b/providers/implementations/kdfs/kbkdf.c -@@ -298,10 +298,11 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - } - - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE); -- if (p != NULL && strncasecmp("counter", p->data, p->data_size) == 0) { -+ if (p != NULL -+ && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { - ctx->mode = COUNTER; - } else if (p != NULL -- && strncasecmp("feedback", p->data, p->data_size) == 0) { -+ && OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) { - ctx->mode = FEEDBACK; - } else if (p != NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); -diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c -index 74a0f7e1f3e6..e0b5971a3b7a 100644 ---- a/providers/implementations/kdfs/tls1_prf.c -+++ b/providers/implementations/kdfs/tls1_prf.c -@@ -172,7 +172,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - return 1; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { -- if (strcasecmp(p->data, SN_md5_sha1) == 0) { -+ if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) { - if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, - OSSL_MAC_NAME_HMAC, - NULL, SN_md5, libctx) -diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index 313ab133b33a..bfc3da690875 100644 ---- a/providers/implementations/kem/rsa_kem.c -+++ b/providers/implementations/kem/rsa_kem.c -@@ -12,8 +12,8 @@ - * internal use. - */ - #include "internal/deprecated.h" -+#include "internal/nelem.h" - --#include "e_os.h" /* strcasecmp */ - #include - #include - #include -@@ -69,7 +69,7 @@ static int name2id(const char *name, const OSSL_ITEM *map, size_t sz) - return -1; - - for (i = 0; i < sz; ++i) { -- if (strcasecmp(map[i].ptr, name) == 0) -+ if (OPENSSL_strcasecmp(map[i].ptr, name) == 0) - return map[i].id; - } - return -1; -diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c -index 885bd62eeaae..2ab69f5f32f5 100644 ---- a/providers/implementations/keymgmt/dsa_kmgmt.c -+++ b/providers/implementations/keymgmt/dsa_kmgmt.c -@@ -13,7 +13,6 @@ - */ - #include "internal/deprecated.h" - --#include "e_os.h" /* strcasecmp */ - #include - #include - #include -@@ -90,7 +89,7 @@ static int dsa_gen_type_name2id(const char *name) - size_t i; - - for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) { -- if (strcasecmp(dsatype2id[i].name, name) == 0) -+ if (OPENSSL_strcasecmp(dsatype2id[i].name, name) == 0) - return dsatype2id[i].id; - } - return -1; -diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c -index f564a470ac04..68bb35e4cbe1 100644 ---- a/providers/implementations/keymgmt/ec_kmgmt.c -+++ b/providers/implementations/keymgmt/ec_kmgmt.c -@@ -13,7 +13,6 @@ - */ - #include "internal/deprecated.h" - --#include "e_os.h" /* strcasecmp */ - #include - #include - #include -diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c -index 99d685735e2f..2a7f867aa56b 100644 ---- a/providers/implementations/keymgmt/ecx_kmgmt.c -+++ b/providers/implementations/keymgmt/ecx_kmgmt.c -@@ -9,8 +9,6 @@ - - #include - #include --/* For strcasecmp on Windows */ --#include "e_os.h" - #include - #include - #include -@@ -546,7 +544,7 @@ static int ecx_gen_set_params(void *genctx, const OSSL_PARAM params[]) - } - if (p->data_type != OSSL_PARAM_UTF8_STRING - || groupname == NULL -- || strcasecmp(p->data, groupname) != 0) { -+ || OPENSSL_strcasecmp(p->data, groupname) != 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } -diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c -index ec34a3ee7131..ecfd2eaaa5c0 100644 ---- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c -+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c -@@ -26,7 +26,6 @@ - #include "prov/providercommon.h" - #include "prov/provider_ctx.h" - #include "prov/macsignature.h" --#include "e_os.h" /* strcasecmp */ - - static OSSL_FUNC_keymgmt_new_fn mac_new; - static OSSL_FUNC_keymgmt_free_fn mac_free; -diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c -index dbe57b0d2898..c51eb4b4e581 100644 ---- a/providers/implementations/rands/drbg_ctr.c -+++ b/providers/implementations/rands/drbg_ctr.c -@@ -14,7 +14,6 @@ - #include - #include - #include --#include "e_os.h" /* strcasecmp */ - #include "crypto/modes.h" - #include "internal/thread_once.h" - #include "prov/implementations.h" -@@ -690,7 +689,7 @@ static int drbg_ctr_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - if (p->data_type != OSSL_PARAM_UTF8_STRING - || p->data_size < ctr_str_len) - return 0; -- if (strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { -+ if (OPENSSL_strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER); - return 0; - } -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 325e855333e9..9460136bca0b 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -13,7 +13,6 @@ - */ - #include "internal/deprecated.h" - --#include "e_os.h" /* strcasecmp */ - #include - #include - #include -@@ -854,7 +853,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, - - if (mdname != NULL - /* was rsa_setup_md already called in rsa_signverify_init()? */ -- && (mdname[0] == '\0' || strcasecmp(prsactx->mdname, mdname) != 0) -+ && (mdname[0] == '\0' || OPENSSL_strcasecmp(prsactx->mdname, mdname) != 0) - && !rsa_setup_md(prsactx, mdname, prsactx->propq)) - return 0; - -diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c -index fef2b1d2900f..fceef73b7c09 100644 ---- a/providers/implementations/storemgmt/file_store.c -+++ b/providers/implementations/storemgmt/file_store.c -@@ -9,8 +9,6 @@ - - /* This file has quite some overlap with engines/e_loader_attic.c */ - --#include "e_os.h" /* To get strncasecmp() on Windows */ -- - #include - #include - #include /* isdigit */ -@@ -220,12 +218,12 @@ static void *file_open(void *provctx, const char *uri) - * There's a special case if the URI also contains an authority, then - * the full URI shouldn't be used as a path anywhere. - */ -- if (strncasecmp(uri, "file:", 5) == 0) { -+ if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) { - const char *p = &uri[5]; - - if (strncmp(&uri[5], "//", 2) == 0) { - path_data_n--; /* Invalidate using the full URI */ -- if (strncasecmp(&uri[7], "localhost/", 10) == 0) { -+ if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { - p = &uri[16]; - } else if (uri[7] == '/') { - p = &uri[7]; -@@ -592,7 +590,8 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name) - /* - * First, check the basename - */ -- if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.') -+ if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0 -+ || name[len] != '.') - return 0; - p = &name[len + 1]; - -diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c -index deb0c9aaa650..ae97c38b1597 100644 ---- a/ssl/ssl_conf.c -+++ b/ssl/ssl_conf.c -@@ -148,7 +148,8 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, - if (namelen == -1) { - if (strcmp(tbl->name, name)) - return 0; -- } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen)) -+ } else if (tbl->namelen != namelen -+ || OPENSSL_strncasecmp(tbl->name, name, namelen)) - return 0; - ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); - return 1; -@@ -232,8 +233,8 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) - - /* Ignore values supported by 1.0.2 for the automatic selection */ - if ((cctx->flags & SSL_CONF_FLAG_FILE) -- && (strcasecmp(value, "+automatic") == 0 -- || strcasecmp(value, "automatic") == 0)) -+ && (OPENSSL_strcasecmp(value, "+automatic") == 0 -+ || OPENSSL_strcasecmp(value, "automatic") == 0)) - return 1; - if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && - strcmp(value, "auto") == 0) -@@ -812,7 +813,7 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) - strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) - return 0; - if (cctx->flags & SSL_CONF_FLAG_FILE && -- strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) -+ OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) - return 0; - *pcmd += cctx->prefixlen; - } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { -@@ -854,7 +855,7 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, - return t; - } - if (cctx->flags & SSL_CONF_FLAG_FILE) { -- if (t->str_file && strcasecmp(t->str_file, cmd) == 0) -+ if (t->str_file && OPENSSL_strcasecmp(t->str_file, cmd) == 0) - return t; - } - } -diff --git a/test/bntest.c b/test/bntest.c -index 4c1ee0c13b6d..c5894c157b3c 100644 ---- a/test/bntest.c -+++ b/test/bntest.c -@@ -10,9 +10,6 @@ - #include - #include - #include --#ifdef __TANDEM --# include /* strcasecmp */ --#endif - #include - - #include -@@ -23,10 +20,6 @@ - #include "internal/numbers.h" - #include "testutil.h" - --#ifdef OPENSSL_SYS_WINDOWS --# define strcasecmp _stricmp --#endif -- - /* - * Things in boring, not in openssl. - */ -@@ -64,7 +57,7 @@ static const char *findattr(STANZA *s, const char *key) - PAIR *pp = s->pairs; - - for ( ; --i >= 0; pp++) -- if (strcasecmp(pp->key, key) == 0) -+ if (OPENSSL_strcasecmp(pp->key, key) == 0) - return pp->value; - return NULL; - } -diff --git a/test/build.info b/test/build.info -index 0f379e11e222..14a84f00a258 100644 ---- a/test/build.info -+++ b/test/build.info -@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}] - sanitytest rsa_complex exdatatest bntest \ - ecstresstest gmdifftest pbelutest \ - destest mdc2test sha_test \ -- exptest pbetest \ -+ exptest pbetest localetest \ - evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ - evp_fetch_prov_test evp_libctx_test ossl_store_test \ - v3nametest v3ext \ -@@ -135,6 +135,10 @@ IF[{- !$disabled{tests} -}] - INCLUDE[exptest]=../include ../apps/include - DEPEND[exptest]=../libcrypto libtestutil.a - -+ SOURCE[localetest]=localetest.c -+ INCLUDE[localetest]=../include ../apps/include -+ DEPEND[localetest]=../libcrypto libtestutil.a -+ - SOURCE[pbetest]=pbetest.c - INCLUDE[pbetest]=../include ../apps/include - DEPEND[pbetest]=../libcrypto libtestutil.a -diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c -index 826e558cc0cd..3b597617791a 100644 ---- a/test/evp_extra_test.c -+++ b/test/evp_extra_test.c -@@ -35,7 +35,6 @@ - #include "internal/nelem.h" - #include "internal/sizes.h" - #include "crypto/evp.h" --#include "../e_os.h" /* strcasecmp */ - - static OSSL_LIB_CTX *testctx = NULL; - static char *testpropq = NULL; -@@ -1739,7 +1738,7 @@ static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) - return 0; - - for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { -- if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { -+ if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { - *enc = ec_encodings[i].encoding; - break; - } -diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c -index e2663dc02998..9b2f4a016893 100644 ---- a/test/evp_libctx_test.c -+++ b/test/evp_libctx_test.c -@@ -33,7 +33,6 @@ - #include "testutil.h" - #include "internal/nelem.h" - #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ --#include "../e_os.h" /* strcasecmp */ - - static OSSL_LIB_CTX *libctx = NULL; - static OSSL_PROVIDER *nullprov = NULL; -@@ -478,7 +477,7 @@ static int test_cipher_reinit_partialupdate(int test_id) - - static int name_cmp(const char * const *a, const char * const *b) - { -- return strcasecmp(*a, *b); -+ return OPENSSL_strcasecmp(*a, *b); - } - - static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) -diff --git a/test/evp_test.c b/test/evp_test.c -index 7a5b9345e0db..8a0758f857a5 100644 ---- a/test/evp_test.c -+++ b/test/evp_test.c -@@ -12,7 +12,6 @@ - #include - #include - #include --#include "../e_os.h" /* strcasecmp */ - #include - #include - #include -@@ -3886,9 +3885,9 @@ void cleanup_tests(void) - OSSL_LIB_CTX_free(libctx); - } - --#define STR_STARTS_WITH(str, pre) strncasecmp(pre, str, strlen(pre)) == 0 -+#define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0 - #define STR_ENDS_WITH(str, pre) \ --strlen(str) < strlen(pre) ? 0 : (strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) -+strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) - - static int is_digest_disabled(const char *name) - { -@@ -3897,31 +3896,31 @@ static int is_digest_disabled(const char *name) - return 1; - #endif - #ifdef OPENSSL_NO_MD2 -- if (strcasecmp(name, "MD2") == 0) -+ if (OPENSSL_strcasecmp(name, "MD2") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_MDC2 -- if (strcasecmp(name, "MDC2") == 0) -+ if (OPENSSL_strcasecmp(name, "MDC2") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_MD4 -- if (strcasecmp(name, "MD4") == 0) -+ if (OPENSSL_strcasecmp(name, "MD4") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_MD5 -- if (strcasecmp(name, "MD5") == 0) -+ if (OPENSSL_strcasecmp(name, "MD5") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_RMD160 -- if (strcasecmp(name, "RIPEMD160") == 0) -+ if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_SM3 -- if (strcasecmp(name, "SM3") == 0) -+ if (OPENSSL_strcasecmp(name, "SM3") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_WHIRLPOOL -- if (strcasecmp(name, "WHIRLPOOL") == 0) -+ if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0) - return 1; - #endif - return 0; -diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c -index 1374b04cf02f..7236ffd4a6ac 100644 ---- a/test/helpers/ssl_test_ctx.c -+++ b/test/helpers/ssl_test_ctx.c -@@ -16,21 +16,17 @@ - #include "ssl_test_ctx.h" - #include "../testutil.h" - --#ifdef OPENSSL_SYS_WINDOWS --# define strcasecmp _stricmp --#endif -- - static const int default_app_data_size = 256; - /* Default set to be as small as possible to exercise fragmentation. */ - static const int default_max_fragment_size = 512; - - static int parse_boolean(const char *value, int *result) - { -- if (strcasecmp(value, "Yes") == 0) { -+ if (OPENSSL_strcasecmp(value, "Yes") == 0) { - *result = 1; - return 1; - } -- else if (strcasecmp(value, "No") == 0) { -+ else if (OPENSSL_strcasecmp(value, "No") == 0) { - *result = 0; - return 1; - } -diff --git a/test/localetest.c b/test/localetest.c -new file mode 100644 -index 000000000000..3db66b7a9e5f ---- /dev/null -+++ b/test/localetest.c -@@ -0,0 +1,122 @@ -+ -+#include -+#include -+#include -+#include "testutil.h" -+#include "testutil/output.h" -+ -+#include -+#include -+#include -+#ifdef OPENSSL_SYS_WINDOWS -+# define strcasecmp _stricmp -+#else -+# include -+#endif -+ -+int setup_tests(void) -+{ -+ const unsigned char der_bytes[] = { -+ 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x01, 0xf1, 0xa0, 0x03, 0x02, 0x01, -+ 0x02, 0x02, 0x14, 0x08, 0xe0, 0x8c, 0xd3, 0xf3, 0xbf, 0x2c, 0xf2, 0x0d, -+ 0x0a, 0x75, 0xd1, 0xe8, 0xea, 0xbe, 0x70, 0x61, 0xd9, 0x67, 0xf9, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, -+ 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, -+ 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, -+ 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x34, -+ 0x31, 0x39, 0x35, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x31, -+ 0x31, 0x31, 0x34, 0x31, 0x39, 0x35, 0x37, 0x5a, 0x30, 0x14, 0x31, 0x12, -+ 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, -+ 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, -+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, -+ 0x01, 0x01, 0x00, 0xc3, 0x1f, 0x5c, 0x56, 0x46, 0x8d, 0x69, 0xb6, 0x48, -+ 0x3c, 0xbf, 0xe2, 0x0f, 0xa7, 0x4a, 0x44, 0x72, 0x74, 0x36, 0xfe, 0xe8, -+ 0x2f, 0x10, 0x4a, 0xe9, 0x46, 0x45, 0x72, 0x5e, 0x48, 0xdd, 0x75, 0xab, -+ 0xd9, 0x63, 0x91, 0x37, 0x93, 0x46, 0x28, 0x7e, 0x45, 0x94, 0x4b, 0x8a, -+ 0xd5, 0x05, 0x2b, 0x9a, 0x01, 0x96, 0x30, 0xde, 0xcc, 0x14, 0x2d, 0x06, -+ 0x09, 0x1b, 0x7d, 0x50, 0x14, 0x99, 0x36, 0x6b, 0x97, 0x6e, 0xc9, 0xb1, -+ 0x69, 0x70, 0xcd, 0x9b, 0x74, 0x24, 0x9a, 0xe2, 0xd4, 0xc0, 0x1e, 0xbc, -+ 0xec, 0xf6, 0x7a, 0xbb, 0xa0, 0x53, 0x93, 0xf8, 0x68, 0x9a, 0x18, 0xa1, -+ 0xa1, 0x5c, 0x47, 0x93, 0xd1, 0x4c, 0x36, 0x8c, 0x00, 0xb3, 0x66, 0xda, -+ 0xf1, 0x05, 0xb2, 0x3a, 0xad, 0x7e, 0x4b, 0xf3, 0xd3, 0x93, 0xfa, 0x59, -+ 0x09, 0x9c, 0x60, 0x37, 0x69, 0x61, 0xe8, 0x5a, 0x33, 0xc6, 0xb2, 0x1a, -+ 0xba, 0x36, 0xe2, 0xb3, 0x58, 0xe9, 0x73, 0x01, 0x2d, 0x36, 0x48, 0x36, -+ 0x94, 0xe4, 0xb2, 0xa4, 0x5b, 0xdf, 0x3d, 0x5f, 0x62, 0x9f, 0xd9, 0xf3, -+ 0x24, 0x0c, 0xf0, 0x2f, 0x71, 0x44, 0x79, 0x13, 0x70, 0x95, 0xa7, 0xbe, -+ 0xea, 0x0a, 0x08, 0x0a, 0xa6, 0x4b, 0xe9, 0x58, 0x6b, 0xa4, 0xc2, 0xed, -+ 0x74, 0x1e, 0xb0, 0x3b, 0x59, 0xd5, 0xe6, 0xdb, 0x8f, 0x58, 0x6a, 0xa3, -+ 0x7d, 0x52, 0x40, 0xec, 0x72, 0xb7, 0xba, 0x7e, 0x30, 0x9d, 0x12, 0x57, -+ 0xf2, 0x48, 0xae, 0x80, 0x0d, 0x0a, 0xf4, 0xfd, 0x24, 0xed, 0xd8, 0x05, -+ 0xb2, 0x96, 0x44, 0x02, 0x3e, 0x6e, 0x25, 0xb0, 0xc4, 0x93, 0xda, 0xfe, -+ 0x78, 0xd9, 0xbb, 0xd2, 0x71, 0x69, 0x70, 0x7f, 0xba, 0xf7, 0xb0, 0x4f, -+ 0x14, 0xf7, 0x98, 0x71, 0x01, 0x6c, 0xec, 0x6f, 0x76, 0x03, 0x59, 0xff, -+ 0xe2, 0xba, 0x8d, 0xd9, 0x21, 0x08, 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01, -+ 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, -+ 0x16, 0x04, 0x14, 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, -+ 0x80, 0x87, 0x0f, 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, -+ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, -+ 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, 0x80, 0x87, 0x0f, -+ 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, 0x0f, 0x06, 0x03, -+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, -+ 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, -+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x76, 0x9e, -+ 0x3c, 0xfc, 0x3f, 0x58, 0xe8, 0xf2, 0x1f, 0x2e, 0x11, 0xa2, 0x59, 0xfa, -+ 0x27, 0xb5, 0xec, 0x9d, 0x97, 0x05, 0x06, 0x2c, 0x95, 0xa5, 0x28, 0x88, -+ 0x86, 0xeb, 0x4e, 0x8a, 0x62, 0xe9, 0x87, 0x78, 0xd8, 0x18, 0x22, 0x4e, -+ 0xb1, 0x8d, 0x46, 0x4a, 0x4c, 0x6e, 0x7c, 0x53, 0x62, 0x2c, 0xf2, 0x7a, -+ 0x95, 0xa0, 0x1a, 0x30, 0x18, 0x6a, 0x31, 0x6f, 0x3f, 0x55, 0x25, 0x9f, -+ 0x67, 0x60, 0x68, 0x99, 0x0f, 0x41, 0x09, 0xc8, 0xe2, 0x04, 0x33, 0x22, -+ 0x1a, 0xe9, 0xf3, 0xae, 0xce, 0xb6, 0x83, 0x64, 0x78, 0x66, 0x14, 0xc9, -+ 0x54, 0xc8, 0x34, 0x70, 0x96, 0xaf, 0x16, 0xcd, 0xb8, 0xdf, 0x81, 0x7e, -+ 0xf0, 0xa6, 0x7d, 0xc1, 0x13, 0xb2, 0x76, 0x3a, 0xd5, 0x7e, 0x68, 0x8c, -+ 0xd5, 0x00, 0x70, 0x82, 0x23, 0x7e, 0x5e, 0xc9, 0x31, 0x2f, 0x33, 0x54, -+ 0xaa, 0xaf, 0xcd, 0xe9, 0x38, 0x9a, 0x23, 0x53, 0xad, 0x4e, 0x72, 0xa7, -+ 0x6f, 0x47, 0x60, 0xc9, 0xd3, 0x06, 0x9b, 0x7a, 0x21, 0xc6, 0xe9, 0xdb, -+ 0x3c, 0xaa, 0xc0, 0x21, 0x29, 0x5f, 0x44, 0x6a, 0x45, 0x90, 0x73, 0x5e, -+ 0x6d, 0x78, 0x82, 0xcb, 0x42, 0xe6, 0xba, 0x67, 0xb2, 0xe6, 0xa2, 0x15, -+ 0x04, 0xea, 0x69, 0xae, 0x3e, 0xc0, 0x0c, 0x10, 0x99, 0xec, 0xa9, 0xb0, -+ 0x7e, 0xe8, 0x94, 0xe2, 0xf3, 0xaf, 0xf7, 0x9f, 0x65, 0xe7, 0xd7, 0xe2, -+ 0x49, 0xfa, 0x52, 0x7d, 0xb5, 0xfd, 0xa0, 0xa5, 0xe0, 0x49, 0xa7, 0x3d, -+ 0x94, 0x20, 0x2d, 0xec, 0x8c, 0x22, 0xa5, 0xa4, 0x43, 0xfa, 0x7e, 0xd0, -+ 0x50, 0x21, 0xb8, 0x67, 0x18, 0x44, 0x69, 0x8f, 0xdd, 0x47, 0x41, 0xc6, -+ 0x35, 0xe0, 0xe9, 0x2e, 0x41, 0xa9, 0x6f, 0x41, 0xee, 0xb9, 0xbd, 0x45, -+ 0xf3, 0x88, 0xc1, 0x23, 0x35, 0x96, 0xba, 0xf8, 0xcd, 0x4b, 0x83, 0x73, -+ 0x5f -+}; -+ -+ char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo"; -+ int res; -+ X509 *cert = NULL; -+ X509_PUBKEY *cert_pubkey = NULL; -+ const unsigned char *p = der_bytes; -+ -+ TEST_ptr(setlocale(LC_ALL, "")); -+ -+ res = strcasecmp(str1, str2); -+ TEST_note("Case-insensitive comparison via strcasecmp in current locale %s\n", res ? "failed" : "succeeded"); -+ -+ TEST_false(OPENSSL_strcasecmp(str1, str2)); -+ -+ cert = d2i_X509(NULL, &p, sizeof(der_bytes)); -+ if (!TEST_ptr(cert)) -+ return 0; -+ -+ cert_pubkey = X509_get_X509_PUBKEY(cert); -+ if (!TEST_ptr(cert_pubkey)) { -+ X509_free(cert); -+ return 0; -+ } -+ -+ if (!TEST_ptr(X509_PUBKEY_get0(cert_pubkey))) { -+ X509_free(cert); -+ return 0; -+ } -+ -+ X509_free(cert); -+ return 1; -+} -+ -+void cleanup_tests(void) -+{ -+} -diff --git a/test/params_conversion_test.c b/test/params_conversion_test.c -index 9422ef14734a..710c2a9a2e9f 100644 ---- a/test/params_conversion_test.c -+++ b/test/params_conversion_test.c -@@ -15,10 +15,6 @@ - /* On machines that dont support just disable the tests */ - #if !defined(OPENSSL_NO_INTTYPES_H) - --# ifdef OPENSSL_SYS_WINDOWS --# define strcasecmp _stricmp --# endif -- - # ifdef OPENSSL_SYS_VMS - # define strtoumax strtoull - # define strtoimax strtoll -@@ -62,7 +58,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - - for (i = 0; i < s->numpairs; i++, pp++) { - p = ""; -- if (strcasecmp(pp->key, "type") == 0) { -+ if (OPENSSL_strcasecmp(pp->key, "type") == 0) { - if (type != NULL) { - TEST_info("Line %d: multiple type lines", s->curr); - return 0; -@@ -72,48 +68,48 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - TEST_info("Line %d: unknown type line", s->curr); - return 0; - } -- } else if (strcasecmp(pp->key, "int32") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "int32") == 0) { - if (def_i32++) { - TEST_info("Line %d: multiple int32 lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_i32 = 1; - pc->i32 = (int32_t)strtoimax(pp->value, &p, 10); - } -- } else if (strcasecmp(pp->key, "int64") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "int64") == 0) { - if (def_i64++) { - TEST_info("Line %d: multiple int64 lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_i64 = 1; - pc->i64 = (int64_t)strtoimax(pp->value, &p, 10); - } -- } else if (strcasecmp(pp->key, "uint32") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "uint32") == 0) { - if (def_u32++) { - TEST_info("Line %d: multiple uint32 lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_u32 = 1; - pc->u32 = (uint32_t)strtoumax(pp->value, &p, 10); - } -- } else if (strcasecmp(pp->key, "uint64") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "uint64") == 0) { - if (def_u64++) { - TEST_info("Line %d: multiple uint64 lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_u64 = 1; - pc->u64 = (uint64_t)strtoumax(pp->value, &p, 10); - } -- } else if (strcasecmp(pp->key, "double") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "double") == 0) { - if (def_d++) { - TEST_info("Line %d: multiple double lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_d = 1; - pc->d = strtod(pp->value, &p); - } -@@ -133,7 +129,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - return 0; - } - -- if (strcasecmp(type, "int32") == 0) { -+ if (OPENSSL_strcasecmp(type, "int32") == 0) { - if (!TEST_true(def_i32) || !TEST_true(pc->valid_i32)) { - TEST_note("errant int32 on line %d", s->curr); - return 0; -@@ -142,7 +138,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - pc->datum = &datum_i32; - pc->ref = &ref_i32; - pc->size = sizeof(ref_i32); -- } else if (strcasecmp(type, "int64") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "int64") == 0) { - if (!TEST_true(def_i64) || !TEST_true(pc->valid_i64)) { - TEST_note("errant int64 on line %d", s->curr); - return 0; -@@ -151,7 +147,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - pc->datum = &datum_i64; - pc->ref = &ref_i64; - pc->size = sizeof(ref_i64); -- } else if (strcasecmp(type, "uint32") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "uint32") == 0) { - if (!TEST_true(def_u32) || !TEST_true(pc->valid_u32)) { - TEST_note("errant uint32 on line %d", s->curr); - return 0; -@@ -160,7 +156,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - pc->datum = &datum_u32; - pc->ref = &ref_u32; - pc->size = sizeof(ref_u32); -- } else if (strcasecmp(type, "uint64") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "uint64") == 0) { - if (!TEST_true(def_u64) || !TEST_true(pc->valid_u64)) { - TEST_note("errant uint64 on line %d", s->curr); - return 0; -@@ -169,7 +165,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - pc->datum = &datum_u64; - pc->ref = &ref_u64; - pc->size = sizeof(ref_u64); -- } else if (strcasecmp(type, "double") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "double") == 0) { - if (!TEST_true(def_d) || !TEST_true(pc->valid_d)) { - TEST_note("errant double on line %d", s->curr); - return 0; -diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t -new file mode 100644 -index 000000000000..1bccd57d4c63 ---- /dev/null -+++ b/test/recipes/02-test_localetest.t -@@ -0,0 +1,24 @@ -+#! /usr/bin/env perl -+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use OpenSSL::Test; -+use OpenSSL::Test::Utils; -+ -+setup("locale tests"); -+ -+plan skip_all => "Locale tests not available on Windows or VMS" -+ if $^O =~ /^(VMS|MSWin32)$/; -+ -+plan tests => 2; -+ -+$ENV{LANG} = "C"; -+ok(run(test(["localetest"])), "running localetest"); -+ -+$ENV{LANG} = "tr_TR.UTF-8"; -+ok(run(test(["localetest"])), "running localetest with Turkish locale"); -diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c -index b07b98062494..5fb54a3a2eb1 100644 ---- a/test/ssl_old_test.c -+++ b/test/ssl_old_test.c -@@ -216,7 +216,7 @@ static int servername_cb(SSL *s, int *ad, void *arg) - - if (servername) { - if (s_ctx2 != NULL && sn_server2 != NULL && -- !strcasecmp(servername, sn_server2)) { -+ !OPENSSL_strcasecmp(servername, sn_server2)) { - BIO_printf(bio_stdout, "Switching server context.\n"); - SSL_set_SSL_CTX(s, s_ctx2); - } -diff --git a/test/v3nametest.c b/test/v3nametest.c -index 06d713b2feb1..ce1f4949fef2 100644 ---- a/test/v3nametest.c -+++ b/test/v3nametest.c -@@ -15,10 +15,6 @@ - #include "internal/nelem.h" - #include "testutil.h" - --#ifdef OPENSSL_SYS_WINDOWS --# define strcasecmp _stricmp --#endif -- - static const char *const names[] = { - "a", "b", ".", "*", "@", - ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", -@@ -287,7 +283,7 @@ static int run_cert(X509 *crt, const char *nameincert, - int failed = 0; - - for (; *pname != NULL; ++pname) { -- int samename = strcasecmp(nameincert, *pname) == 0; -+ int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0; - size_t namelen = strlen(*pname); - char *name = OPENSSL_malloc(namelen + 1); - int match, ret; -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 10b4e57d7969..1b9b23878e83 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -5425,3 +5425,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION: +diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num +--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 ++++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 +@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex + ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: + EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: + EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: +-OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: +-OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: ++OPENSSL_strcasecmp 5556 3_0_1 EXIST::FUNCTION: ++OPENSSL_strncasecmp 5557 3_0_1 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: -+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: -+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch index a4ea757..9991c5c 100644 --- a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +++ b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch @@ -567,554 +567,4 @@ index 8c52b637fc..ff75c5b6ec 100644 + } SKIP: { - skip "No IPv4 available on this machine", 1 -diff --git a/test/smime-certs/smdh.pem b/test/smime-certs/smdh.pem -index 7d66a6b421..894461f6da 100644 ---- a/test/smime-certs/smdh.pem -+++ b/test/smime-certs/smdh.pem -@@ -14,10 +14,10 @@ ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv - BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFljCCBH6gAwIBAgIUYmx57362u3KsYCqtKby2mYi+pLMwDQYJKoZIhvcNAQEL -+MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIxMDExNTEwMDk1MloXDTMwMTEy --NDEwMDk1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz -+MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx - HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw - ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz - VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH -@@ -38,10 +38,10 @@ Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+ - xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h - wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE - FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI --qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQA5r5k39ghJIgQKjOXSffhtAaBPT0Um --WtLjijp/iBUAowFpncDRIp+Ng7n/feJHDdnh59H0ZHGljWqZ3rgG3HjjArvG+iUm --6aaS4KdM6OwK60JTUXBQ/InISXzrZof2oZ5BjO6L6yV6cpaYOLlLo3QjU8HE54G9 --7UyR48NSvhwPw+vS1Abjib+K1En/ctnlm0CurHgP56LrJxguFZZP6+UjCnEy0wxm --VRr+y4+IgWikdOumMelJ+x9O9R7EPVfwQ9TYBtpo5hZQiGhSJ3Di9LZO5i0h2xjj --AhtR8zmzusFX2Ruh2dXQWeNx/dMEcYRJLU1P+IxUq2g1GUiCgq2Xc7ZY -+qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y -+TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb -+L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC -+KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ -+EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2 -+/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5 - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem -index b424f6704e..597d98f827 100644 ---- a/test/smime-certs/smdsa1.pem -+++ b/test/smime-certs/smdsa1.pem -@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ - TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x --EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV --86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE --DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp --O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit --1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO --xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx --d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3 --MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z --Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt --17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf --0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO -+MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz -+MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E -+hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P -+faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH -++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy -+HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx -+ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd -+GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL -+sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq -+TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1 -+3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ -+2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW -+fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem -index 648447fc89..a995f665bb 100644 ---- a/test/smime-certs/smdsa2.pem -+++ b/test/smime-certs/smdsa2.pem -@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ - TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E --h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt --tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa --LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn --3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0 --KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k --qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp --VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb --uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV --6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD --2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96 --GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I -+MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz -+MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s -+zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO -+b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR -+7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA -+DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r -+z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm -+MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat -+MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx -+53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW -+Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU -+q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r -+us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem -index 77acc5e46f..9f703e52f0 100644 ---- a/test/smime-certs/smdsa3.pem -+++ b/test/smime-certs/smdsa3.pem -@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ - TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9 --msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf --zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7 --cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp --N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS --2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE --FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask --pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK --YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM --khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i --Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv --4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660 -+MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz -+MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h -+nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY -+rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA -+LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl -+pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof -+nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc -+W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR -+egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5 -+OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw -+f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J -+deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87 -+2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smec1.pem b/test/smime-certs/smec1.pem -index 75a862666b..05754f3963 100644 ---- a/test/smime-certs/smec1.pem -+++ b/test/smime-certs/smec1.pem -@@ -4,19 +4,19 @@ DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV - 3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I --iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi --ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg --MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK --Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy --WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt --7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV --FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y --S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1 --DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7 --qtcHJA== -+MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz -+MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI -+zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2 -+gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV -+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud -+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp -+sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9 -+1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj -+weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R -+mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy -+hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ -+V5ASvNRiGWIJK5XF+zRY - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smec2.pem b/test/smime-certs/smec2.pem -index 457297a760..7c502d8799 100644 ---- a/test/smime-certs/smec2.pem -+++ b/test/smime-certs/smec2.pem -@@ -5,19 +5,19 @@ uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 - 6bQ= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+ --huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj --JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E --BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA --FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez --ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK --xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0 --uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P --rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq --IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0 --4ZdCllHZkhop -+MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz -+MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE -+ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT -+cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA -+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw -+HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD -+ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ -+Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5 -+7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd -+oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60 -+cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ -+/UfNk+5Y3g5Mm642MLvjBEUqurw= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smec3.pem b/test/smime-certs/smec3.pem -index 90eac867d0..5110e2984b 100644 ---- a/test/smime-certs/smec3.pem -+++ b/test/smime-certs/smec3.pem -@@ -4,19 +4,19 @@ zSy+knGorGWZBGG5p//ke0WUSbqhRANCAARH8uHBHkuOfuyXgJj7V3lNqUEPiQNo - xG8ntGjVmKRHfywdUoQJ1PgfbkCEsBk334rRFmja1r+MYyqn/A9ARiGB - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICoDCCAYigAwIBAgIJAPaEOllWs/pjMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xNzA4MTAxNTQyMDhaFw0yNzA2MTkxNTQyMDhaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBFQyAjMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEfy --4cEeS45+7JeAmPtXeU2pQQ+JA2jEbye0aNWYpEd/LB1ShAnU+B9uQISwGTffitEW --aNrWv4xjKqf8D0BGIYGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg --MB0GA1UdDgQWBBQLR+H9CmAY/KDyXWdVUM9FP766WzAfBgNVHSMEGDAWgBT3YQTy --KJTdSIrnOcPj3pm5oVNtazANBgkqhkiG9w0BAQsFAAOCAQEAmMRuf8Iz5fr9f0GA --HaNiOM5S7AIfZ6W7zzdeF63EF1j9HqP1DJsUW4y5b9azWmpp62kKuNaM4CGPUVvm --diLKJVlrDcc+6lW9oROpnBsskhjqFMTjTANPQSAKZeKiG2W3U8Q103VQpuYvE4Nj --OU9JT+5e4RZS7wxYk/IsvnyF/DkoF1FTMHo9/3Wiw4V4KRhpJIPnqojWNcfipmhM --UDpbw0Oyj5fE7x6wvaoOUr8GNJE5NudtV/5QDh9REkjyKUdVYsuUrWwKqn3NT8EI --OLl8wx3RqA8htRg/W+SoESx87rvW1saPGvfypBp4cl18B1IzTlC+FMbHFJvZqQn8 --Ci1l4Q== -+MIICqzCCAZOgAwIBAgIUSG5MT0bOz48OfBayRWfoQwUcA50wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0Mjg1MloXDTMyMDMz -+MTE0Mjg1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMzMFkwEwYHKoZIzj0CAQYIKoZI -+zj0DAQcDQgAER/LhwR5Ljn7sl4CY+1d5TalBD4kDaMRvJ7Ro1ZikR38sHVKECdT4 -+H25AhLAZN9+K0RZo2ta/jGMqp/wPQEYhgaNgMF4wDAYDVR0TAQH/BAIwADAOBgNV -+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFAtH4f0KYBj8oPJdZ1VQz0U/vrpbMB8GA1Ud -+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQBY -+xXTNWQz38q37bRjyl6FWMdIaVRkle1Qzjo0bAVHsrYNwY36PBnJpfZE8aJS6WwD2 -+PUHWVLc0zd50pXbAa41FlquOdP5FNa8wOc+jHIiyWaE8SEdt0jsxPRTJ9kElXuJ5 -+wFx7icmRde7DWLG32SWwR1pFi4R/aDOOxpTzUuYvKuawfAUVQtQyCz8sahbmI8EW -+H0KDuiyuncq1YjvHfaUR7QKijMJ0eBRsjUls0HeMjkehBkTrz78u7TJBWKE/BCiB -+HzuZeMqHpSXtK6ZCRtQXTLv0HyenFmbdVSDiOFSnvdL5lyLT3aFQ19DVtGFCAUwZ -+HQdD3KNn4i073Z7Ia2Xa - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem -index d1a253f409..f62a54e2a3 100644 ---- a/test/smime-certs/smroot.pem -+++ b/test/smime-certs/smroot.pem -@@ -27,23 +27,23 @@ vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ - KfvPCYimQwBjVrEnSntLPR0= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC --ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT --JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+ --LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E --J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/ --MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe --untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb --i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G --A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB --AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb --Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl --zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt --9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C --7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt --Emsny2ah6fU2z7PztrUy/A80 -+MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy -+MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF -+AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR -+4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb -+qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj -+pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN -+lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2 -+QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E -+FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw -+doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI -+hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN -+r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z -+tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx -+kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo -+bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2 -+b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem -index d0d0b9e66b..7eb331e2c9 100644 ---- a/test/smime-certs/smrsa1.pem -+++ b/test/smime-certs/smrsa1.pem -@@ -27,23 +27,23 @@ iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST - zQpuMJliRlrq/5JkIbH6SA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK --2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt --+W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF --Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe --bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM --kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o --E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK --WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp --lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT --GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu --9Hjq6s316fk4Ne0EUF3PbA== -+MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz -+MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw -+D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy -+5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS -+9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH -+yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT -+0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM -+y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm -+CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq -+oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ -+kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0 -+EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY -+7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem -index 2f17cb2978..4262742176 100644 ---- a/test/smime-certs/smrsa2.pem -+++ b/test/smime-certs/smrsa2.pem -@@ -27,23 +27,23 @@ hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n - yrLyf+8hjm6H6zkjqiOkHAl+ - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF --AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp --cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS --0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1 --NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0 --EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47 --Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv --/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c --XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv --6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i --NzYzLAPBkHCMY0Is3KKIBw== -+MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz -+MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6 -+RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7 -+snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk -+HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM -+ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2 -+Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT -+6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD -+QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa -+9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv -+i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR -+pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM -+1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem -index 14c27f64aa..f7dca3a004 100644 ---- a/test/smime-certs/smrsa3.pem -+++ b/test/smime-certs/smrsa3.pem -@@ -27,23 +27,23 @@ yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF - RvOAi5wVkYylDxV4238MAZIq - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC --FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF --STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW --m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha --v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p --1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp --sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa --VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr --O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7 --tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY --CscFo2Z2pYROGtZDmYqhRw== -+MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz -+MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x -+b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM -+sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5 -+FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO -+Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj -+If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868 -+yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c -+P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs -+s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn -+Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7 -+xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu -+r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf - -----END CERTIFICATE----- --- -2.35.3 - + skip "No IPv4 available on this machine", 4 diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch index 6d368d8..d2e9b0a 100644 --- a/0062-fips-Expose-a-FIPS-indicator.patch +++ b/0062-fips-Expose-a-FIPS-indicator.patch @@ -325,7 +325,7 @@ index de391ce067..1cfd71c5cf 100644 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, { NULL, NULL, NULL } @@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) { - freelocale(loc); + return NULL; } +const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) { diff --git a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch index 527b901..e5e7f9b 100644 --- a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch +++ b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch @@ -1311,7 +1311,7 @@ index c12cb9c..2a819b2 100644 $CHACHAASM_c64xplus=chacha-c64xplus.s @@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM - GENERATE[chacha-x86.s]=asm/chacha-x86.pl + GENERATE[chacha-x86.S]=asm/chacha-x86.pl GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl +GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch index 27f86f5..eeafbfa 100644 --- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -136,10 +136,17 @@ diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.i index 4e30ec56dd..0103c87528 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc -@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { +@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { ST_KAT_PARAM_END() }; +-/*- +- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the +- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient +- * HP/UX PA-RISC compilers. +- */ +-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; +- +/*- + * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient @@ -153,8 +160,7 @@ index 4e30ec56dd..0103c87528 100644 +}; + static const ST_KAT_PARAM rsa_enc_params[] = { -- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, -- OSSL_PKEY_RSA_PAD_MODE_NONE), +- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), + ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), + ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, + oaep_fixed_seed), diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch index c7e4731..0b6a9fb 100644 --- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch @@ -149,14 +149,14 @@ index db1a1d7bc3..c94c3c53bd 100644 if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + sigret == NULL ? 0 : *siglen); +#ifndef FIPS_MODULE dctx = EVP_PKEY_CTX_dup(pctx); if (dctx == NULL) return 0; @@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + *siglen); EVP_PKEY_CTX_free(dctx); +#endif /* defined(FIPS_MODULE) */ return r; diff --git a/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch b/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch index 975b810..8e41bf4 100644 --- a/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch +++ b/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch @@ -30,7 +30,7 @@ index b1580ca..dc81627 100644 return NULL; @@ -456,14 +457,28 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) return NULL; - if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) + if (EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen) <= 0) return NULL; - if (saltlen == -1) { + if (saltlen == RSA_PSS_SALTLEN_DIGEST) { diff --git a/openssl.spec b/openssl.spec index 287a6f2..cc3f992 100644 --- a/openssl.spec +++ b/openssl.spec @@ -28,13 +28,13 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 3.0.1 -Release: 44%{?dist} +Version: 3.0.7 +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. # The original openssl upstream tarball cannot be shipped in the .src.rpm. -Source: openssl-%{version}-hobbled.tar.xz +Source: openssl-%{version}-hobbled.tar.gz Source1: hobble-openssl Source2: Makefile.certificate Source3: genpatches @@ -71,11 +71,11 @@ Patch11: 0011-Remove-EC-curves.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 Patch12: 0012-Disable-explicit-ec.patch # https://github.com/openssl/openssl/pull/17981 -Patch13: 0013-FIPS-provider-explicit-ec.patch +# Patch13: 0013-FIPS-provider-explicit-ec.patch # https://github.com/openssl/openssl/pull/17998 -Patch14: 0014-FIPS-disable-explicit-ec.patch +# Patch14: 0014-FIPS-disable-explicit-ec.patch # https://github.com/openssl/openssl/pull/18609 -Patch15: 0015-FIPS-decoded-from-explicit.patch +# Patch15: 0015-FIPS-decoded-from-explicit.patch # Instructions to load legacy provider in openssl.cnf Patch24: 0024-load-legacy-prov.patch # Tmp: test name change @@ -93,11 +93,11 @@ Patch44: 0044-FIPS-140-3-keychecks.patch # Minimize fips services Patch45: 0045-FIPS-services-minimize.patch # Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486 -Patch46: 0046-FIPS-s390x-hardening.patch +# Patch46: 0046-FIPS-s390x-hardening.patch # Execute KATS before HMAC verification Patch47: 0047-FIPS-early-KATS.patch # Backport of correctly handle 2^14 byte long records #17538 -Patch48: 0048-correctly-handle-records.patch +# Patch48: 0048-correctly-handle-records.patch # Selectively disallow SHA1 signatures Patch49: 0049-Selectively-disallow-SHA1-signatures.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2049265 @@ -107,15 +107,15 @@ Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch # CVE 2022-0778 -Patch53: 0053-CVE-2022-0778.patch +# Patch53: 0053-CVE-2022-0778.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 -Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch +# Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch # https://github.com/openssl/openssl/pull/17324 -Patch55: 0055-nonlegacy-fetch-null-deref.patch +# Patch55: 0055-nonlegacy-fetch-null-deref.patch # https://github.com/openssl/openssl/pull/18103 Patch56: 0056-strcasecmp.patch # https://github.com/openssl/openssl/pull/18175 -Patch57: 0057-strcasecmp-fix.patch +# Patch57: 0057-strcasecmp-fix.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 Patch58: 0058-FIPS-limit-rsa-encrypt.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2069235 @@ -124,24 +124,24 @@ Patch60: 0060-FIPS-KAT-signature-tests.patch Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch Patch62: 0062-fips-Expose-a-FIPS-indicator.patch # https://github.com/openssl/openssl/pull/18141 -Patch63: 0063-CVE-2022-1473.patch +# Patch63: 0063-CVE-2022-1473.patch # upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a -Patch64: 0064-CVE-2022-1343.diff +# Patch64: 0064-CVE-2022-1343.diff # upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 -Patch65: 0065-CVE-2022-1292.patch +# Patch65: 0065-CVE-2022-1292.patch # https://github.com/openssl/openssl/pull/18444 # https://github.com/openssl/openssl/pull/18467 -Patch66: 0066-replace-expired-certs.patch +# Patch66: 0066-replace-expired-certs.patch # https://github.com/openssl/openssl/pull/18512 -Patch67: 0067-fix-ppc64-montgomery.patch +# Patch67: 0067-fix-ppc64-montgomery.patch #https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa #https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739 -Patch68: 0068-CVE-2022-2068.patch +# Patch68: 0068-CVE-2022-2068.patch # https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93 # https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 -Patch69: 0069-CVE-2022-2097.patch +# Patch69: 0069-CVE-2022-2097.patch # https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483 -Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch +# Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch # https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c # https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd Patch71: 0071-AES-GCM-performance-optimization.patch @@ -163,7 +163,7 @@ Patch77: 0077-FIPS-140-3-zeroization.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch #https://bugzilla.redhat.com/show_bug.cgi?id=2137723 -Patch79: 0079-CVE-2022-3602.patch +# Patch79: 0079-CVE-2022-3602.patch #https://bugzilla.redhat.com/show_bug.cgi?id=2141748 Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2142131 @@ -177,9 +177,9 @@ Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch #https://bugzilla.redhat.com/show_bug.cgi?id=2142121 Patch85: 0085-FIPS-RSA-disable-shake.patch #https://github.com/openssl/openssl/pull/17546 -Patch86: 0086-avoid-bio-memleak.patch +# Patch86: 0086-avoid-bio-memleak.patch #https://github.com/openssl/openssl/pull/19501 -Patch87: 0087-FIPS-RSA-selftest-params.patch +# Patch87: 0087-FIPS-RSA-selftest-params.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2142087 Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2142087 @@ -516,6 +516,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Tue Nov 22 2022 Dmitry Belyavskiy - 1:3.0.7-1 +- Rebasing to OpenSSL 3.0.7 + Resolves: rhbz#2129063 + * Mon Nov 14 2022 Dmitry Belyavskiy - 1:3.0.1-44 - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 diff --git a/sources b/sources index adeef22..e2d9a77 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.0.1-hobbled.tar.xz) = 8819d02a6961c2398d0fb4003f25a322f752254b5c3440cd3e9456df5c56dadbc8a1aa6f821f176941293d67771304b3a565b3b8ce7a3ac0b7ad221da97c4dfe +SHA512 (openssl-3.0.7-hobbled.tar.gz) = 1aea183b0b6650d9d5e7ba87b613bb1692c71720b0e75377b40db336b40bad780f7e8ae8dfb9f60841eeb4381f4b79c4c5043210c96e7cb51f90791b80c8285e