From e6b2d21d1db1d4ba2cdcf5a3ff8bf933a30aa475 Mon Sep 17 00:00:00 2001 From: Kevin Bracey Date: Thu, 20 Oct 2016 09:03:26 +0100 Subject: [PATCH] Allow build without SSL NS_USE_EXTERNAL_MBED_TLS now controls whether we attempt to include mbedTLS header files at all, and after including them, we check whether SSL/TLS is enabled. If not, we provide non-secure operation only. --- source/coap_connection_handler.c | 4 +++ source/coap_security_handler.c | 14 ++++++++--- source/include/coap_security_handler.h | 34 +++++++++++++++++++++++--- 3 files changed, 44 insertions(+), 8 deletions(-) diff --git a/source/coap_connection_handler.c b/source/coap_connection_handler.c index 2d607a22c3..702e4f0398 100644 --- a/source/coap_connection_handler.c +++ b/source/coap_connection_handler.c @@ -224,7 +224,11 @@ static internal_socket_t *int_socket_create(uint16_t listen_port, bool use_ephem if( !is_secure ){ this->listen_socket = socket_open(SOCKET_UDP, listen_port, recv_sckt_msg); }else{ +#ifdef COAP_SECURITY_AVAILABLE this->listen_socket = socket_open(SOCKET_UDP, listen_port, secure_recv_sckt_msg); +#else + tr_err("Secure CoAP unavailable - SSL library not configured, possibly due to lack of entropy source"); +#endif } // Socket create failed if(this->listen_socket < 0){ diff --git a/source/coap_security_handler.c b/source/coap_security_handler.c index 6ba14ce466..5b4326a3bc 100644 --- a/source/coap_security_handler.c +++ b/source/coap_security_handler.c @@ -6,19 +6,23 @@ #include #include +#include "coap_security_handler.h" + +#ifdef COAP_SECURITY_AVAILABLE + #include "mbedtls/sha256.h" #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/ssl_cookie.h" +#include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" -#include "mbedtls/ssl.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/ssl_ciphersuites.h" + #include "ns_trace.h" #include "nsdynmemLIB.h" #include "coap_connection_handler.h" -#include "coap_security_handler.h" #include "randLIB.h" -#include "mbedtls/ssl_ciphersuites.h" -#include "socket_api.h" struct coap_security_s { mbedtls_ssl_config _conf; @@ -620,3 +624,5 @@ int entropy_poll( void *ctx, unsigned char *output, size_t len, ns_dyn_mem_free(c); return( 0 ); } + +#endif // COAP_SECURITY_AVAILABLE diff --git a/source/include/coap_security_handler.h b/source/include/coap_security_handler.h index 044f82f52c..a2c8bfcb24 100644 --- a/source/include/coap_security_handler.h +++ b/source/include/coap_security_handler.h @@ -21,11 +21,13 @@ #include #include #include -#include "mbedtls/platform.h" + +#ifdef NS_USE_EXTERNAL_MBED_TLS #include "mbedtls/ssl.h" -#include "mbedtls/sha256.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#ifdef MBEDTLS_SSL_TLS_C +#define COAP_SECURITY_AVAILABLE +#endif +#endif #define COOKIE_SIMPLE_LEN 8 typedef struct simple_cookie { @@ -68,6 +70,8 @@ typedef struct { typedef struct coap_security_s coap_security_t; +#ifdef COAP_SECURITY_AVAILABLE + coap_security_t *coap_security_create(int8_t socket_id, int8_t timer_id, void *handle, SecureConnectionMode mode, send_cb *send_cb, @@ -93,4 +97,26 @@ bool coap_security_handler_is_started(const coap_security_t *sec); const void *coap_security_handler_keyblock(const coap_security_t *sec); +#else + +/* Dummy definitions, including needed error codes */ +#define MBEDTLS_ERR_SSL_TIMEOUT (-1) +#define MBEDTLS_ERR_SSL_WANT_READ (-2) +#define MBEDTLS_ERR_SSL_WANT_WRITE (-3) +#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE (-4) + +#define coap_security_create(socket_id, timer_id, handle, \ + mode, send_cb, receive_cb, start_timer_cb, timer_status_cb) ((coap_security_t *) 0) +#define coap_security_destroy(sec) ((void) 0) +#define coap_security_handler_connect(sec, is_server, sock_mode, keys) (-1) +#define coap_security_handler_connect_non_blocking(sec, is_server, sock_mode, keys, timeout_min, timeout_max) (-1) +#define coap_security_handler_continue_connecting(sec) (-1) +#define coap_security_handler_send_message(sec, message, len) (-1) +#define coap_security_send_close_alert(sec) (-1) +#define coap_security_handler_read(sec, buffer, len) (-1) +#define coap_security_handler_is_started(sec) false +#define coap_security_handler_keyblock(sec) ((void *) 0) + +#endif /* COAP_SECURITY_AVAILABLE */ + #endif