- Merged patches from native Fedora openssl (up to 1.0.0-0.16.beta4)

- Dropped the patch to fix non-fips mingw build, as it's now merged into
    fips patch from native openssl

mingw32-openssl-1.0.0-beta4-nofips.patch

@@ -1,130 +0,0 @@
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.mingw-nofips openssl-1.0.0-beta4/crypto/dsa/dsa_key.c
---- openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa_key.c	2009-11-22 19:07:58.000000000 +0200
-@@ -65,7 +65,9 @@
- #include <openssl/rand.h>
- #include <openssl/err.h>
- #include <openssl/evp.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include "fips_locl.h"
- 
- static int dsa_builtin_keygen(DSA *dsa);
-diff -up openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c
---- openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c	2009-11-22 19:07:58.000000000 +0200
-@@ -49,7 +49,9 @@
- 
- #include <string.h>
- #include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include <openssl/evp.h>
- 
- #ifdef OPENSSL_FIPS
-diff -up openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c
---- openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c	2009-11-22 19:07:58.000000000 +0200
-@@ -49,7 +49,9 @@
- 
- #include <string.h>
- #include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include <openssl/evp.h>
- #include <openssl/opensslconf.h>
- 
-diff -up openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c
---- openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c	2009-11-22 19:07:58.000000000 +0200
-@@ -59,7 +59,9 @@
- #include <string.h>
- #include <openssl/crypto.h>
- #include <openssl/dsa.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include <openssl/err.h>
- #include <openssl/evp.h>
- #include <openssl/bn.h>
-diff -up openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c
---- openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c	2009-11-22 19:07:58.000000000 +0200
-@@ -49,7 +49,9 @@
- 
- #include <string.h>
- #include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include <openssl/hmac.h>
- 
- #ifdef OPENSSL_FIPS
-diff -up openssl-1.0.0-beta4/crypto/fips/fips_rand.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_rand.c
---- openssl-1.0.0-beta4/crypto/fips/fips_rand.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.c	2009-11-22 19:07:58.000000000 +0200
-@@ -76,7 +76,9 @@
- # endif
- #endif
- #include <string.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include "fips_locl.h"
- 
- #ifdef OPENSSL_FIPS
-diff -up openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c
---- openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c	2009-11-22 19:07:58.000000000 +0200
-@@ -49,7 +49,9 @@
- 
- #include <string.h>
- #include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include <openssl/rand.h>
- #include <openssl/fips_rand.h>
- 
-diff -up openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c	2009-11-22 19:07:58.000000000 +0200
-@@ -49,7 +49,9 @@
- 
- #include <string.h>
- #include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include <openssl/rsa.h>
- #include <openssl/evp.h>
- #include <openssl/bn.h>
-diff -up openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c
---- openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c	2009-11-22 19:07:58.000000000 +0200
-@@ -49,7 +49,9 @@
- 
- #include <string.h>
- #include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- #include <openssl/evp.h>
- #include <openssl/sha.h>
- 
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.mingw-nofips openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.mingw-nofips	2009-11-22 19:07:58.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c	2009-11-22 19:07:58.000000000 +0200
-@@ -115,7 +115,9 @@
- #include <openssl/rsa.h>
- #include <openssl/rand.h>
- #include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
- #include <openssl/fips.h>
-+#endif
- 
- #ifndef RSA_NULL
- 

mingw32-openssl.spec

@@ -31,7 +31,7 @@
 
 Name:           mingw32-openssl
 Version:        1.0.0
-Release:        0.5.%{beta}%{?dist}
+Release:        0.6.%{beta}%{?dist}
 Summary:        MinGW port of the OpenSSL toolkit
 
 License:        OpenSSL
@@ -83,6 +83,7 @@ Patch60:        openssl-1.0.0-beta4-reneg.patch
 Patch61:        openssl-1.0.0-beta4-client-reneg.patch
 Patch62:        openssl-1.0.0-beta4-backports.patch
 Patch63:        openssl-1.0.0-beta4-reneg-err.patch
+Patch64:        openssl-1.0.0-beta4-dtls-ipv6.patch
 
 # MinGW-specific patches.
 # Use MINGW32_CFLAGS (set below) in Configure script
@@ -94,8 +95,6 @@ Patch102:       mingw32-openssl-1.0.0-beta3-sfx.patch
 # Ugly patch to fix a compilation error (the linker can't find
 # some symbols mentioned in an autogenerated .def file)
 Patch105:       mingw32-openssl-1.0.0-beta3-linker-fix.patch
-# Fix build without fips
-Patch106:       mingw32-openssl-1.0.0-beta4-nofips.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -189,12 +188,12 @@ Static version of the MinGW port of the OpenSSL toolkit.
 %patch61 -p1 -b .client-reneg
 %patch62 -p1 -b .backports
 %patch63 -p1 -b .reneg-err
+%patch64 -p1 -b .dtls-ipv6
 
 %patch100 -p1 -b .mingw-configure
 %patch101 -p1 -b .mingw-libversion
 %patch102 -p1 -b .mingw-sfx
 %patch105 -p0 -b .mingw-linker-fix
-%patch106 -p1 -b .mingw-nofips
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -353,6 +352,11 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Nov 26 2009 Kalev Lember <kalev@smartlink.ee> - 1.0.0-0.6.beta4
+- Merged patches from native Fedora openssl (up to 1.0.0-0.16.beta4)
+- Dropped the patch to fix non-fips mingw build,
+  as it's now merged into fips patch from native openssl
+
 * Sun Nov 22 2009 Kalev Lember <kalev@smartlink.ee> - 1.0.0-0.5.beta4
 - Updated to version 1.0.0 beta 4
 - Merged patches from native Fedora openssl (up to 1.0.0-0.15.beta4)

openssl-1.0.0-beta4-dtls-ipv6.patch

@@ -0,0 +1,219 @@
+diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/b_sock.c
+--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6	2009-11-09 15:09:53.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/bio/b_sock.c	2009-11-23 08:50:45.000000000 +0100
+@@ -822,7 +822,8 @@ int BIO_accept(int sock, char **addr)
+ 	if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
+ 		{
+ 		OPENSSL_assert(sa.len.s<=sizeof(sa.from));
+-		sa.len.i = (unsigned int)sa.len.s;
++		sa.len.i = (int)sa.len.s;
++		/* use sa.len.i from this point */
+ 		}
+ 	if (ret == INVALID_SOCKET)
+ 		{
+diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c
+--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6	2009-10-15 19:41:44.000000000 +0200
++++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c	2009-11-23 08:50:45.000000000 +0100
+@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp=
+ 
+ typedef struct bio_dgram_data_st
+ 	{
++	union {
++		struct sockaddr sa;
++		struct sockaddr_in sa_in;
+ #if OPENSSL_USE_IPV6
+-	struct sockaddr_storage peer;
+-#else
+-	struct sockaddr_in peer;
++		struct sockaddr_in6 sa_in6;
+ #endif
++	} peer;
+ 	unsigned int connected;
+ 	unsigned int _errno;
+ 	unsigned int mtu;
+@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out,
+ 	int ret=0;
+ 	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ 
++	struct	{
++	/*
++	 * See commentary in b_sock.c. <appro>
++	 */
++	union	{ size_t s; int i; } len;
++	union	{
++		struct sockaddr sa;
++		struct sockaddr_in sa_in;
+ #if OPENSSL_USE_IPV6
+-	struct sockaddr_storage peer;
+-#else
+-	struct sockaddr_in peer;
++		struct sockaddr_in6 sa_in6;
+ #endif
+-	int peerlen = sizeof(peer);
++		} peer;
++	} sa;
++
++	sa.len.s=0;
++	sa.len.i=sizeof(sa.peer);
+ 
+ 	if (out != NULL)
+ 		{
+ 		clear_socket_error();
+-		memset(&peer, 0x00, peerlen);
+-		/* Last arg in recvfrom is signed on some platforms and
+-		 * unsigned on others. It is of type socklen_t on some
+-		 * but this is not universal. Cast to (void *) to avoid
+-		 * compiler warnings.
+-		 */
++		memset(&sa.peer, 0x00, sizeof(sa.peer));
+ 		dgram_adjust_rcv_timeout(b);
+-		ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen);
++		ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
++		if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
++			{
++			OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
++			sa.len.i = (int)sa.len.s;
++			}
+ 		dgram_reset_rcv_timeout(b);
+ 
+ 		if ( ! data->connected  && ret >= 0)
+-			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
++			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
+ 
+ 		BIO_clear_retry_flags(b);
+ 		if (ret < 0)
+@@ -323,25 +335,10 @@ static int dgram_write(BIO *b, const cha
+ 	if ( data->connected )
+ 		ret=writesocket(b->num,in,inl);
+ 	else
+-#if OPENSSL_USE_IPV6
+-		if (data->peer.ss_family == AF_INET)
+ #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+-			ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
++		ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
+ #else
+-			ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
+-#endif
+-		else
+-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+-			ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
+-#else
+-			ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
+-#endif
+-#else
+-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+-		ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
+-#else
+-		ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
+-#endif
++		ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
+ #endif
+ 
+ 	BIO_clear_retry_flags(b);
+@@ -428,11 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd, 
+ 		else
+ 			{
+ #endif
++			switch (to->sa_family)
++				{
++				case AF_INET:
++					memcpy(&data->peer,to,sizeof(data->peer.sa_in));
++					break;
+ #if OPENSSL_USE_IPV6
+-			memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
+-#else
+-			memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
+-#endif
++				case AF_INET6:
++					memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
++					break;
++#endif
++				default:
++					memcpy(&data->peer,to,sizeof(data->peer.sa));
++					break;
++				}
+ #if 0
+ 			}
+ #endif
+@@ -537,41 +543,60 @@ static long dgram_ctrl(BIO *b, int cmd, 
+ 		if ( to != NULL)
+ 			{
+ 			data->connected = 1;
++			switch (to->sa_family)
++				{
++				case AF_INET:
++					memcpy(&data->peer,to,sizeof(data->peer.sa_in));
++					break;
+ #if OPENSSL_USE_IPV6
+-			memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
+-#else
+-			memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
+-#endif
++				case AF_INET6:
++					memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
++					break;
++#endif
++				default:
++					memcpy(&data->peer,to,sizeof(data->peer.sa));
++					break;
++				}
+ 			}
+ 		else
+ 			{
+ 			data->connected = 0;
+-#if OPENSSL_USE_IPV6
+-			memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage));
+-#else
+-			memset(&(data->peer), 0x00, sizeof(struct sockaddr_in));
+-#endif
++			memset(&(data->peer), 0x00, sizeof(data->peer));
+ 			}
+ 		break;
+ 	case BIO_CTRL_DGRAM_GET_PEER:
+ 		to = (struct sockaddr *) ptr;
+-
++		switch (to->sa_family)
++			{
++			case AF_INET:
++				memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in)));
++				break;
+ #if OPENSSL_USE_IPV6
+-		memcpy(to, &(data->peer), sizeof(struct sockaddr_storage));
+-		ret = sizeof(struct sockaddr_storage);
+-#else
+-		memcpy(to, &(data->peer), sizeof(struct sockaddr_in));
+-		ret = sizeof(struct sockaddr_in);
+-#endif
++			case AF_INET6:
++				memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in6)));
++				break;
++#endif
++			default:
++				memcpy(to,&data->peer,(ret=sizeof(data->peer.sa)));
++				break;
++			}
+ 		break;
+ 	case BIO_CTRL_DGRAM_SET_PEER:
+ 		to = (struct sockaddr *) ptr;
+-
++		switch (to->sa_family)
++			{
++			case AF_INET:
++				memcpy(&data->peer,to,sizeof(data->peer.sa_in));
++				break;
+ #if OPENSSL_USE_IPV6
+-		memcpy(&(data->peer), to, sizeof(struct sockaddr_storage));
+-#else
+-		memcpy(&(data->peer), to, sizeof(struct sockaddr_in));
+-#endif
++			case AF_INET6:
++				memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
++				break;
++#endif
++			default:
++				memcpy(&data->peer,to,sizeof(data->peer.sa));
++				break;
++			}
+ 		break;
+ 	case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+ 		memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));