Message ID | 20200301120250.5390-1-bastiangermann@fishpost.de |
---|---|
State | Accepted |
Headers | show |
Series | [v2] Use SSL provider for mongoose | expand |
Hi Bastian, On 01.03.20 13:02, Bastian Germann wrote: > Mongoose always uses OpenSSL even though it can be built with mbed TLS. > Let the configuration depend on the SSL_IMPL_* options and enable building > with mbed TLS. > > Signed-off-by: Bastian Germann <bastiangermann@fishpost.de> > --- > Makefile.flags | 2 +- > mongoose/Config.in | 7 +++---- > mongoose/Makefile | 6 ++++++ > mongoose/mongoose_interface.c | 7 +++++++ > 4 files changed, 17 insertions(+), 5 deletions(-) > > diff --git a/Makefile.flags b/Makefile.flags > index bd21197..514f798 100644 > --- a/Makefile.flags > +++ b/Makefile.flags > @@ -150,7 +150,7 @@ LDLIBS += crypto ssl > endif > > ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y) > -LDLIBS += mbedcrypto mbedtls > +LDLIBS += mbedcrypto mbedtls mbedx509 > endif > > # MTD > diff --git a/mongoose/Config.in b/mongoose/Config.in > index 29cac90..e315eb2 100644 > --- a/mongoose/Config.in > +++ b/mongoose/Config.in > @@ -28,12 +28,11 @@ config MONGOOSEIPV6 > config MONGOOSESSL > bool "SSL support" > depends on MONGOOSE > - depends on HAVE_LIBSSL > - depends on HAVE_LIBCRYPTO > + depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS > help > It enables SSL support into mongoose > > -comment "SSL support needs libcrypto, libssl" > - depends on !HAVE_LIBSSL || !HAVE_LIBCRYPTO > +comment "SSL support needs an SSL implementation" > + depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS > > endif > diff --git a/mongoose/Makefile b/mongoose/Makefile > index dc2d3d3..59bf508 100644 > --- a/mongoose/Makefile > +++ b/mongoose/Makefile > @@ -7,6 +7,12 @@ KBUILD_CFLAGS += -DMG_ENABLE_IPV6=1 > endif > ifneq ($(CONFIG_MONGOOSESSL),) > KBUILD_CFLAGS += -DMG_ENABLE_SSL=1 > +ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y) > +KBUILD_CFLAGS += -DMG_SSL_IF=MG_SSL_IF_OPENSSL > +endif > +ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y) > +KBUILD_CFLAGS += -DMG_SSL_IF=MG_SSL_IF_MBEDTLS > +endif > endif > endif > endif > diff --git a/mongoose/mongoose_interface.c b/mongoose/mongoose_interface.c > index 55ebad2..f9b1cae 100644 > --- a/mongoose/mongoose_interface.c > +++ b/mongoose/mongoose_interface.c > @@ -635,3 +635,10 @@ int start_mongoose(const char *cfgfname, int argc, char *argv[]) > > return 0; > } > + > +#if MG_ENABLE_SSL && MG_SSL_IF == MG_SSL_IF_MBEDTLS > +#include <mbedtls/ctr_drbg.h> > +int mg_ssl_if_mbed_random(void *ctx, unsigned char *buf, size_t len) { > + return mbedtls_ctr_drbg_random(ctx, buf, len); > +} > +#endif > It looks good to me. Acked-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
diff --git a/Makefile.flags b/Makefile.flags index bd21197..514f798 100644 --- a/Makefile.flags +++ b/Makefile.flags @@ -150,7 +150,7 @@ LDLIBS += crypto ssl endif ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y) -LDLIBS += mbedcrypto mbedtls +LDLIBS += mbedcrypto mbedtls mbedx509 endif # MTD diff --git a/mongoose/Config.in b/mongoose/Config.in index 29cac90..e315eb2 100644 --- a/mongoose/Config.in +++ b/mongoose/Config.in @@ -28,12 +28,11 @@ config MONGOOSEIPV6 config MONGOOSESSL bool "SSL support" depends on MONGOOSE - depends on HAVE_LIBSSL - depends on HAVE_LIBCRYPTO + depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS help It enables SSL support into mongoose -comment "SSL support needs libcrypto, libssl" - depends on !HAVE_LIBSSL || !HAVE_LIBCRYPTO +comment "SSL support needs an SSL implementation" + depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS endif diff --git a/mongoose/Makefile b/mongoose/Makefile index dc2d3d3..59bf508 100644 --- a/mongoose/Makefile +++ b/mongoose/Makefile @@ -7,6 +7,12 @@ KBUILD_CFLAGS += -DMG_ENABLE_IPV6=1 endif ifneq ($(CONFIG_MONGOOSESSL),) KBUILD_CFLAGS += -DMG_ENABLE_SSL=1 +ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y) +KBUILD_CFLAGS += -DMG_SSL_IF=MG_SSL_IF_OPENSSL +endif +ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y) +KBUILD_CFLAGS += -DMG_SSL_IF=MG_SSL_IF_MBEDTLS +endif endif endif endif diff --git a/mongoose/mongoose_interface.c b/mongoose/mongoose_interface.c index 55ebad2..f9b1cae 100644 --- a/mongoose/mongoose_interface.c +++ b/mongoose/mongoose_interface.c @@ -635,3 +635,10 @@ int start_mongoose(const char *cfgfname, int argc, char *argv[]) return 0; } + +#if MG_ENABLE_SSL && MG_SSL_IF == MG_SSL_IF_MBEDTLS +#include <mbedtls/ctr_drbg.h> +int mg_ssl_if_mbed_random(void *ctx, unsigned char *buf, size_t len) { + return mbedtls_ctr_drbg_random(ctx, buf, len); +} +#endif
Mongoose always uses OpenSSL even though it can be built with mbed TLS. Let the configuration depend on the SSL_IMPL_* options and enable building with mbed TLS. Signed-off-by: Bastian Germann <bastiangermann@fishpost.de> --- Makefile.flags | 2 +- mongoose/Config.in | 7 +++---- mongoose/Makefile | 6 ++++++ mongoose/mongoose_interface.c | 7 +++++++ 4 files changed, 17 insertions(+), 5 deletions(-)