Update openssl to 1.0.2d

Also update Cryptlib to edk2 r17731 Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
author: Gary Ching-Pang Lin <glin@suse.com> 2015-07-28 11:46:38 -0400
committer: Peter Jones <pjones@redhat.com> 2015-07-28 11:46:38 -0400
commit: 5ce38c90cf43ee79cd999716ea83a5a44eeb819e (patch)
tree: 2fb3d9dd667c772fae5f87fa61e1501cf12da0ce /Cryptlib/Include/openssl/dtls1.h
parent: 69ba24ff72921ecabbb47178de40dc5a79350040 (diff)
download: efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.tar.gz
efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.zip
1 files changed, 46 insertions, 10 deletions
diff --git a/Cryptlib/Include/openssl/dtls1.h b/Cryptlib/Include/openssl/dtls1.h
index 7d6e6db0..30bbcf27 100644
--- a/Cryptlib/Include/openssl/dtls1.h
+++ b/Cryptlib/Include/openssl/dtls1.h
@@ -72,7 +72,11 @@
 # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #  include <sys/timeval.h>
 # else
-#  include <sys/time.h>
+#  if defined(OPENSSL_SYS_VXWORKS)
+#   include <sys/times.h>
+#  else
+#   include <sys/time.h>
+#  endif
 # endif
 
 #ifdef  __cplusplus
@@ -80,10 +84,15 @@ extern "C" {
 #endif
 
 # define DTLS1_VERSION                   0xFEFF
-# define DTLS_MAX_VERSION                DTLS1_VERSION
+# define DTLS1_2_VERSION                 0xFEFD
+# define DTLS_MAX_VERSION                DTLS1_2_VERSION
+# define DTLS1_VERSION_MAJOR             0xFE
 
 # define DTLS1_BAD_VER                   0x0100
 
+/* Special value for method supporting multiple versions */
+# define DTLS_ANY_VERSION                0x1FFFF
+
 # if 0
 /* this alert description is not specified anywhere... */
 #  define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
@@ -107,20 +116,30 @@ extern "C" {
 #  define DTLS1_AL_HEADER_LENGTH                   2
 # endif
 
+# ifndef OPENSSL_NO_SSL_INTERN
+
+#  ifndef OPENSSL_NO_SCTP
+#   define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
+#  endif
+
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+#  define DTLS1_MAX_MTU_OVERHEAD                   48
+
 typedef struct dtls1_bitmap_st {
-    PQ_64BIT map;
-    unsigned long length;       /* sizeof the bitmap in bits */
-    PQ_64BIT max_seq_num;       /* max record number seen so far */
+    unsigned long map;          /* track 32 packets on 32-bit systems and 64
+                                 * - on 64-bit systems */
+    unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit
+                                   * value in big-endian encoding */
 } DTLS1_BITMAP;
 
 struct dtls1_retransmit_state {
     EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
-    const EVP_MD *write_hash;   /* used for mac generation */
-# ifndef OPENSSL_NO_COMP
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+#  ifndef OPENSSL_NO_COMP
     COMP_CTX *compress;         /* compression */
-# else
+#  else
     char *compress;
-# endif
+#  endif
     SSL_SESSION *session;
     unsigned short epoch;
 };
@@ -197,11 +216,14 @@ typedef struct dtls1_state_st {
     record_pqueue buffered_app_data;
     /* Is set when listening for new connections with dtls1_listen() */
     unsigned int listen;
+    unsigned int link_mtu;      /* max on-the-wire DTLS packet size */
     unsigned int mtu;           /* max DTLS packet size */
     struct hm_header_st w_msg_hdr;
     struct hm_header_st r_msg_hdr;
     struct dtls1_timeout_st timeout;
-    /* Indicates when the last handshake msg sent will timeout */
+    /*
+     * Indicates when the last handshake msg or heartbeat sent will timeout
+     */
     struct timeval next_timeout;
     /* Timeout duration */
     unsigned short timeout_duration;
@@ -214,7 +236,16 @@ typedef struct dtls1_state_st {
     unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
     unsigned int handshake_fragment_len;
     unsigned int retransmitting;
+    /*
+     * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+     * Cleared after the message has been processed.
+     */
     unsigned int change_cipher_spec_ok;
+#  ifndef OPENSSL_NO_SCTP
+    /* used when SSL_ST_XX_FLUSH is entered */
+    int next_state;
+    int shutdown_received;
+#  endif
 } DTLS1_STATE;
 
 typedef struct dtls1_record_data_st {
@@ -222,8 +253,13 @@ typedef struct dtls1_record_data_st {
     unsigned int packet_length;
     SSL3_BUFFER rbuf;
     SSL3_RECORD rrec;
+#  ifndef OPENSSL_NO_SCTP
+    struct bio_dgram_sctp_rcvinfo recordinfo;
+#  endif
 } DTLS1_RECORD_DATA;
 
+# endif
+
 /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
 # define DTLS1_TMO_READ_COUNT                      2
 # define DTLS1_TMO_WRITE_COUNT                     2
author	Gary Ching-Pang Lin <glin@suse.com>	2015-07-28 11:46:38 -0400
committer	Peter Jones <pjones@redhat.com>	2015-07-28 11:46:38 -0400
commit	5ce38c90cf43ee79cd999716ea83a5a44eeb819e (patch)
tree	2fb3d9dd667c772fae5f87fa61e1501cf12da0ce /Cryptlib/Include/openssl/dtls1.h
parent	69ba24ff72921ecabbb47178de40dc5a79350040 (diff)
download	efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.tar.gz efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.zip