mirror of
https://github.com/drasko/open-ameba.git
synced 2024-12-25 23:55:18 +00:00
fix ssl/tsl
This commit is contained in:
parent
e423a86f64
commit
5cd20e5b8d
7 changed files with 37 additions and 10 deletions
|
@ -2153,7 +2153,7 @@
|
|||
//#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
|
||||
|
||||
/* SSL options */
|
||||
#define SSL_MAX_CONTENT_LEN 4096 /**< Size of the input / output buffer */
|
||||
//pvvx/#define SSL_MAX_CONTENT_LEN 4096 /**< Size of the input / output buffer */
|
||||
//#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
|
||||
//#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
|
||||
|
||||
|
|
|
@ -258,7 +258,12 @@
|
|||
* peers are using it too!
|
||||
*/
|
||||
#if !defined(SSL_MAX_CONTENT_LEN)
|
||||
#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
|
||||
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
|
||||
extern unsigned int mfl_code_to_length[]; // pvvx
|
||||
#define SSL_MAX_CONTENT_LEN mfl_code_to_length[0] // default = 16384 (!)
|
||||
#else
|
||||
#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
@ -295,13 +300,15 @@
|
|||
#define SSL_PADDING_ADD 0
|
||||
#endif
|
||||
|
||||
#define SSL_BUFFER_LEN ( SSL_MAX_CONTENT_LEN \
|
||||
#define SSL_BUFFER_LEN (rom_ssl_ram_map.ssl_buffer_len) // pvvx -> int set_ssl_max_frag_len(int len)
|
||||
/*
|
||||
( SSL_MAX_CONTENT_LEN \
|
||||
+ SSL_COMPRESSION_ADD \
|
||||
+ 29 /* counter + header + IV */ \
|
||||
+ 29 // counter + header + IV \
|
||||
+ SSL_MAC_ADD \
|
||||
+ SSL_PADDING_ADD \
|
||||
)
|
||||
|
||||
*/
|
||||
/*
|
||||
* Signaling ciphersuite values (SCSV)
|
||||
*/
|
||||
|
|
|
@ -77,9 +77,10 @@ static void polarssl_zeroize( void *v, size_t n ) {
|
|||
* } MaxFragmentLength;
|
||||
* and we add 0 -> extension unused
|
||||
*/
|
||||
static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
|
||||
//static
|
||||
unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
|
||||
{
|
||||
SSL_MAX_CONTENT_LEN, /* SSL_MAX_FRAG_LEN_NONE */
|
||||
16384, /* = SSL_MAX_CONTENT_LEN */ /* SSL_MAX_FRAG_LEN_NONE */
|
||||
512, /* SSL_MAX_FRAG_LEN_512 */
|
||||
1024, /* SSL_MAX_FRAG_LEN_1024 */
|
||||
2048, /* SSL_MAX_FRAG_LEN_2048 */
|
||||
|
|
|
@ -8,3 +8,6 @@
|
|||
/* RAM table referred by SSL ROM */
|
||||
SSL_RAM_MAP_SECTION
|
||||
struct _rom_ssl_ram_map rom_ssl_ram_map;
|
||||
|
||||
SSL_RAM_MAP_SECTION
|
||||
int ssl_max_frag_len;
|
|
@ -51,6 +51,7 @@ struct _rom_ssl_ram_map {
|
|||
|
||||
/* Variables */
|
||||
u32 use_hw_crypto_func;
|
||||
u32 ssl_buffer_len;
|
||||
};
|
||||
|
||||
extern struct _rom_ssl_ram_map rom_ssl_ram_map;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
#include "rom_ssl_ram_map.h"
|
||||
#include <diag.h>
|
||||
#include <polarssl/ssl.h>
|
||||
|
||||
extern struct _rom_ssl_ram_map rom_ssl_ram_map;
|
||||
|
||||
|
@ -43,6 +44,8 @@ extern int rtl_crypto_3des_cbc_encrypt(
|
|||
IN const u8* iv, IN const u32 ivlen,
|
||||
OUT u8* pResult);
|
||||
|
||||
extern int ssl_max_frag_len;
|
||||
|
||||
int platform_set_malloc_free( void * (*malloc_func)( size_t ),
|
||||
void (*free_func)( void * ) )
|
||||
{
|
||||
|
@ -69,6 +72,17 @@ int platform_set_malloc_free( void * (*malloc_func)( size_t ),
|
|||
|
||||
/* Variables */
|
||||
rom_ssl_ram_map.use_hw_crypto_func = 1;
|
||||
|
||||
|
||||
int len = ssl_max_frag_len;
|
||||
if(len == 0) len = 8192;
|
||||
else if(len < 512) len = 512;
|
||||
else if(len > 16384) len = 16384;
|
||||
rom_ssl_ram_map.ssl_buffer_len = len + SSL_COMPRESSION_ADD
|
||||
+ 29 /* counter + header + IV */
|
||||
+ SSL_MAC_ADD
|
||||
+ SSL_PADDING_ADD;
|
||||
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
|
||||
mfl_code_to_length[0] = len;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -154,12 +154,13 @@ SECTIONS
|
|||
*(.fwu.data*)
|
||||
*(.bss*)
|
||||
*(COMMON)
|
||||
*(.bdsram.data*)
|
||||
*(.bfsram.data*)
|
||||
*(.sdram.bss*)
|
||||
*(.p2p.bss*)
|
||||
*(.wps.bss*)
|
||||
*(.websocket.bss*)
|
||||
*(.ssl_ram_map*)
|
||||
*(.bdsram.data*)
|
||||
*(.bfsram.data*)
|
||||
__bss_end__ = .;
|
||||
.ram.bss$$Limit = .;
|
||||
|
||||
|
|
Loading…
Reference in a new issue