Allow build without SSL

NS_USE_EXTERNAL_MBED_TLS now controls whether we attempt to include
mbedTLS header files at all, and after including them, we check whether
SSL/TLS is enabled. If not, we provide non-secure operation only.

Author: kjbracey

source/coap_connection_handler.c

@@ -224,7 +224,11 @@ static internal_socket_t *int_socket_create(uint16_t listen_port, bool use_ephem
         if( !is_secure ){
             this->listen_socket = socket_open(SOCKET_UDP, listen_port, recv_sckt_msg);
         }else{
+#ifdef COAP_SECURITY_AVAILABLE
             this->listen_socket = socket_open(SOCKET_UDP, listen_port, secure_recv_sckt_msg);
+#else
+            tr_err("Secure CoAP unavailable - SSL library not configured, possibly due to lack of entropy source");
+#endif
         }
         // Socket create failed
         if(this->listen_socket < 0){

source/coap_security_handler.c

@@ -6,19 +6,23 @@
 #include <time.h>
 #include <stdlib.h>
 
+#include "coap_security_handler.h"
+
+#ifdef COAP_SECURITY_AVAILABLE
+
 #include "mbedtls/sha256.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/ssl_cookie.h"
+#include "mbedtls/entropy.h"
 #include "mbedtls/entropy_poll.h"
-#include "mbedtls/ssl.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ssl_ciphersuites.h"
+
 #include "ns_trace.h"
 #include "nsdynmemLIB.h"
 #include "coap_connection_handler.h"
-#include "coap_security_handler.h"
 #include "randLIB.h"
-#include "mbedtls/ssl_ciphersuites.h"
-#include "socket_api.h"
 
 struct coap_security_s {
     mbedtls_ssl_config          _conf;
@@ -620,3 +624,5 @@ int entropy_poll( void *ctx, unsigned char *output, size_t len,
     ns_dyn_mem_free(c);
     return( 0 );
 }
+
+#endif // COAP_SECURITY_AVAILABLE

source/include/coap_security_handler.h

@@ -21,11 +21,13 @@
 #include <stddef.h>
 #include <inttypes.h>
 #include <stdbool.h>
-#include "mbedtls/platform.h"
+
+#ifdef NS_USE_EXTERNAL_MBED_TLS
 #include "mbedtls/ssl.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#ifdef MBEDTLS_SSL_TLS_C
+#define COAP_SECURITY_AVAILABLE
+#endif
+#endif
 
 #define COOKIE_SIMPLE_LEN 8
 typedef struct simple_cookie {
@@ -68,6 +70,8 @@ typedef struct {
 
 typedef struct coap_security_s coap_security_t;
 
+#ifdef COAP_SECURITY_AVAILABLE
+
 coap_security_t *coap_security_create(int8_t socket_id, int8_t timer_id, void *handle,
                                           SecureConnectionMode mode,
                                           send_cb *send_cb,
@@ -93,4 +97,26 @@ bool coap_security_handler_is_started(const coap_security_t *sec);
 
 const void *coap_security_handler_keyblock(const coap_security_t *sec);
 
+#else
+
+/* Dummy definitions, including needed error codes */
+#define MBEDTLS_ERR_SSL_TIMEOUT (-1)
+#define MBEDTLS_ERR_SSL_WANT_READ (-2)
+#define MBEDTLS_ERR_SSL_WANT_WRITE (-3)
+#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE (-4)
+
+#define coap_security_create(socket_id, timer_id, handle, \
+                             mode, send_cb, receive_cb, start_timer_cb, timer_status_cb) ((coap_security_t *) 0)
+#define coap_security_destroy(sec) ((void) 0)
+#define coap_security_handler_connect(sec, is_server, sock_mode, keys) (-1)
+#define coap_security_handler_connect_non_blocking(sec, is_server, sock_mode, keys, timeout_min, timeout_max) (-1)
+#define coap_security_handler_continue_connecting(sec) (-1)
+#define coap_security_handler_send_message(sec, message, len) (-1)
+#define coap_security_send_close_alert(sec) (-1)
+#define coap_security_handler_read(sec, buffer, len) (-1)
+#define coap_security_handler_is_started(sec) false
+#define coap_security_handler_keyblock(sec) ((void *) 0)
+
+#endif /* COAP_SECURITY_AVAILABLE */
+
 #endif