diff --git a/pkg/tinydtls/Kconfig b/pkg/tinydtls/Kconfig index 14ef675737e4..daf62b0fb186 100644 --- a/pkg/tinydtls/Kconfig +++ b/pkg/tinydtls/Kconfig @@ -38,6 +38,7 @@ config DTLS_CONTEXT_MAX config DTLS_PEER_MAX int "Max number of peers" + default 2 if KCONFIG_USEMODULE_GCOAP_DTLS default 1 help The maximum number of DTLS peers. diff --git a/pkg/tinydtls/Makefile b/pkg/tinydtls/Makefile index 973f44dbc199..4d6bdd100266 100644 --- a/pkg/tinydtls/Makefile +++ b/pkg/tinydtls/Makefile @@ -18,3 +18,23 @@ all: ifeq (llvm,$(TOOLCHAIN)) CFLAGS += -Wno-format-nonliteral endif + +ifneq (,$(filter gcoap,$(USEMODULE))) + # Configuring the buffer large enough that a full Gcoap packet can be + # encrypted or decrypted. + + # This is the default in gcoap.h, which we don't have access to, so it is copied over. + CONFIG_GCOAP_PDU_BUF_SIZE := $(or $(CONFIG_GCOAP_PDU_BUF_SIZE),128) + + # If there were another way to set up DTLS_MAX_BUF, we'd need to set the + # maximum of these here. + # + # 29 bytes are the overhead measured with Wireshark on packets exchanged in + # default configuration; adding some to be safe against variable size fields. + CFLAGS += "-DDTLS_MAX_BUF=($(CONFIG_GCOAP_PDU_BUF_SIZE) + 36)" +endif + +# TinyDTLS emits several messages during connection establishment at the info +# level; this is way more verbose than common in RIOT. +TINYDTLS_LOG_LEVEL ?= LOG_WARNING +CFLAGS += -DLOG_LEVEL=$(TINYDTLS_LOG_LEVEL) diff --git a/pkg/tinydtls/Makefile.include b/pkg/tinydtls/Makefile.include index fda2825bd6ef..79245a2b986a 100644 --- a/pkg/tinydtls/Makefile.include +++ b/pkg/tinydtls/Makefile.include @@ -63,6 +63,12 @@ endif PEER_MAX := $(or $(CONFIG_DTLS_PEER_MAX),$(patsubst -DCONFIG_DTLS_PEER_MAX=%,%,$(filter -DCONFIG_DTLS_PEER_MAX=%,$(CFLAGS)))) ifneq (,$(PEER_MAX)) CFLAGS += -DDTLS_PEER_MAX=$(PEER_MAX) +else ifneq (,$(filter gcoap_dtls,$(USEMODULE))) + # The default value in sys/include/net/dtls.h for CONFIG_DTLS_PEER_MAX is 2 + # when gcoap_dtls is active, otherwise 1. As the default in tinydtls is 1, + # we need to set it explicitly if the dtls.h default value deviates from + # the tinydtls default. + CFLAGS += -DDTLS_PEER_MAX=2 endif HANDSHAKE_MAX := $(or $(CONFIG_DTLS_HANDSHAKE_MAX),$(patsubst -DCONFIG_DTLS_HANDSHAKE_MAX=%,%,$(filter -DCONFIG_DTLS_HANDSHAKE_MAX=%,$(CFLAGS)))) diff --git a/sys/include/net/dtls.h b/sys/include/net/dtls.h index bfc9dada4e8a..1e5571dacebc 100644 --- a/sys/include/net/dtls.h +++ b/sys/include/net/dtls.h @@ -36,6 +36,8 @@ #ifndef NET_DTLS_H #define NET_DTLS_H +#include "modules.h" + #ifdef __cplusplus extern "C" { #endif @@ -44,8 +46,12 @@ extern "C" { * @brief The maximum number DTLS peers (i.e. sessions) */ #ifndef CONFIG_DTLS_PEER_MAX +#if IS_USED(MODULE_GCOAP_DTLS) +#define CONFIG_DTLS_PEER_MAX (2) +#else #define CONFIG_DTLS_PEER_MAX (1) #endif +#endif #ifdef __cplusplus }