fix ssl/tsl

2024-11-24 15:04:18 +00:00 · 2017-02-18 17:35:50 +03:00 · 2017-02-18 17:35:50 +03:00 · 5cd20e5b8d
commit 5cd20e5b8d
parent e423a86f64
7 changed files with 37 additions and 10 deletions
--- a/RTL00_SDKV35a/component/common/network/ssl/polarssl-1.3.8/include/polarssl/config_rsa.h
+++ b/RTL00_SDKV35a/component/common/network/ssl/polarssl-1.3.8/include/polarssl/config_rsa.h
@ -2153,7 +2153,7 @@
 //#define SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */

 /* SSL options */
-#define SSL_MAX_CONTENT_LEN                4096 /**< Size of the input / output buffer */
+//pvvx/#define SSL_MAX_CONTENT_LEN                4096 /**< Size of the input / output buffer */
 //#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define POLARSSL_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */

--- a/RTL00_SDKV35a/component/common/network/ssl/polarssl-1.3.8/include/polarssl/ssl.h
+++ b/RTL00_SDKV35a/component/common/network/ssl/polarssl-1.3.8/include/polarssl/ssl.h
@ -258,7 +258,12 @@
 * peers are using it too!
 */
 #if !defined(SSL_MAX_CONTENT_LEN)
-#define SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+extern unsigned int mfl_code_to_length[]; // pvvx
+#define SSL_MAX_CONTENT_LEN	mfl_code_to_length[0] // default = 16384 (!)
+#else
+#define SSL_MAX_CONTENT_LEN	16384   /**< Size of the input / output buffer */
+#endif
 #endif

 /* \} name SECTION: Module settings */
@ -295,13 +300,15 @@
 #define SSL_PADDING_ADD              0
 #endif

-#define SSL_BUFFER_LEN  ( SSL_MAX_CONTENT_LEN               \
+#define SSL_BUFFER_LEN  (rom_ssl_ram_map.ssl_buffer_len) // pvvx -> int set_ssl_max_frag_len(int len)
+/*
+						( SSL_MAX_CONTENT_LEN               \
                        + SSL_COMPRESSION_ADD               \
-                        + 29 /* counter + header + IV */    \
+                        + 29 // counter + header + IV       \
                        + SSL_MAC_ADD                       \
                        + SSL_PADDING_ADD                   \
                        )
-
+*/
 /*
 * Signaling ciphersuite values (SCSV)
 */
--- a/RTL00_SDKV35a/component/common/network/ssl/polarssl-1.3.8/library/ssl_tls.c
+++ b/RTL00_SDKV35a/component/common/network/ssl/polarssl-1.3.8/library/ssl_tls.c
@ -77,9 +77,10 @@ static void polarssl_zeroize( void *v, size_t n ) {
 *    } MaxFragmentLength;
 * and we add 0 -> extension unused
 */
-static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
+//static 
+unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
 {
-    SSL_MAX_CONTENT_LEN,    /* SSL_MAX_FRAG_LEN_NONE */
+    16384, /* = SSL_MAX_CONTENT_LEN */ /* SSL_MAX_FRAG_LEN_NONE */ 
    512,                    /* SSL_MAX_FRAG_LEN_512  */
    1024,                   /* SSL_MAX_FRAG_LEN_1024 */
    2048,                   /* SSL_MAX_FRAG_LEN_2048 */
--- a/RTL00_SDKV35a/component/common/network/ssl/ssl_ram_map/rom/rom_ssl_ram_map.c
+++ b/RTL00_SDKV35a/component/common/network/ssl/ssl_ram_map/rom/rom_ssl_ram_map.c
@ -8,3 +8,6 @@
 /* RAM table referred by SSL ROM */
 SSL_RAM_MAP_SECTION
 struct _rom_ssl_ram_map rom_ssl_ram_map;
+
+SSL_RAM_MAP_SECTION
+int ssl_max_frag_len;
--- a/RTL00_SDKV35a/component/common/network/ssl/ssl_ram_map/rom/rom_ssl_ram_map.h
+++ b/RTL00_SDKV35a/component/common/network/ssl/ssl_ram_map/rom/rom_ssl_ram_map.h
@ -51,6 +51,7 @@ struct _rom_ssl_ram_map {

 	/* Variables */
 	u32 use_hw_crypto_func;
+	u32 ssl_buffer_len;
 };

 extern struct _rom_ssl_ram_map rom_ssl_ram_map;
--- a/RTL00_SDKV35a/component/common/network/ssl/ssl_ram_map/ssl_ram_map.c
+++ b/RTL00_SDKV35a/component/common/network/ssl/ssl_ram_map/ssl_ram_map.c
@ -1,5 +1,6 @@
 #include "rom_ssl_ram_map.h"
 #include <diag.h>
+#include <polarssl/ssl.h>

 extern struct _rom_ssl_ram_map rom_ssl_ram_map;

@ -43,6 +44,8 @@ extern int rtl_crypto_3des_cbc_encrypt(
 	IN const u8* iv, 		IN const u32 ivlen, 
 	OUT u8* pResult);

+extern int ssl_max_frag_len;
+
 int platform_set_malloc_free( void * (*malloc_func)( size_t ),
                              void (*free_func)( void * ) )
 {
@ -69,6 +72,17 @@ int platform_set_malloc_free( void * (*malloc_func)( size_t ),

 	/* Variables */
 	rom_ssl_ram_map.use_hw_crypto_func = 1;
-
+	
+	int len = ssl_max_frag_len;
+			if(len == 0) len = 8192;
+			else if(len < 512) len = 512;
+			else if(len > 16384) len = 16384;
+	rom_ssl_ram_map.ssl_buffer_len = len + SSL_COMPRESSION_ADD
+			+ 29 /* counter + header + IV */
+			+ SSL_MAC_ADD
+			+ SSL_PADDING_ADD;
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+	 mfl_code_to_length[0] = len;
+#endif
 	return 0;
 }
--- a/RTL00_SDKV35a/component/soc/realtek/8195a/misc/bsp/lib/common/GCC/rlx8195A-symbol-v04-img2.ld
+++ b/RTL00_SDKV35a/component/soc/realtek/8195a/misc/bsp/lib/common/GCC/rlx8195A-symbol-v04-img2.ld
@ -154,12 +154,13 @@ SECTIONS
    *(.fwu.data*)
    *(.bss*)
    *(COMMON)
-    *(.bdsram.data*)
-	*(.bfsram.data*)
    *(.sdram.bss*)
    *(.p2p.bss*)
    *(.wps.bss*)
    *(.websocket.bss*)
+    *(.ssl_ram_map*)
+    *(.bdsram.data*)
+	*(.bfsram.data*)
    __bss_end__ = .;
    .ram.bss$$Limit = .;