Allow enabling or disabling key decoder via config file

pennam · pennam · commit bcc67ced4397 · 2024-01-04T14:57:03.000+01:00
diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp
@@ -52,7 +52,9 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,
   _TAs(myTAs),
   _numTAs(myNumTAs),
   _noSNI(false),
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   _skeyDecoder(NULL),
+#endif
   _ecChainLen(0),
 #ifndef ARDUINO_BEARSSL_DISABLE_FULL_CLIENT_PROFILE
   _br_ssl_client_init_function(br_ssl_client_init_full)
@@ -86,10 +88,12 @@ BearSSLClient::~BearSSLClient()
     _ecCert[0].data = NULL;
   }
 
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   if (_skeyDecoder) {
     free(_skeyDecoder);
     _skeyDecoder = NULL;
   }
+#endif
 }
 
 int BearSSLClient::connect(IPAddress ip, uint16_t port)
@@ -318,6 +322,7 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])
   }
 }
 
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
 void BearSSLClient::setKey(const char key[], const char cert[])
 {
   // try to decode the key and cert
@@ -390,6 +395,7 @@ void BearSSLClient::setKey(const char key[], const char cert[])
     }
   }
 }
+#endif
 
 void BearSSLClient::setEccCertParent(const char cert[])
 {
@@ -475,6 +481,7 @@ int BearSSLClient::connectSSL(const char* host)
 
   // enable client auth
   if (_ecCert[0].data_len) {
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
     if (_skeyDecoder) {
       int skeyType = br_skey_decoder_key_type(_skeyDecoder);
 
@@ -484,8 +491,11 @@ int BearSSLClient::connectSSL(const char* host)
         br_ssl_client_set_single_rsa(&_sc, _ecCert, _ecChainLen, br_skey_decoder_get_rsa(_skeyDecoder), br_rsa_pkcs1_sign_get_default());
       }
     } else {
+#endif
       br_ssl_client_set_single_ec(&_sc, _ecCert, _ecChainLen, &_ecKey, BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, BR_KEYTYPE_EC, br_ec_get_default(), _ecSign);
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
     }
+#endif
   }
 
   // set the hostname used for SNI
@@ -588,12 +598,14 @@ void BearSSLClient::clientAppendCert(void *ctx, const void *data, size_t len)
   c->_ecCert[0].data_len += len;
 }
 
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
 void BearSSLClient::clientAppendKey(void *ctx, const void *data, size_t len)
 {
   BearSSLClient* c = (BearSSLClient*)ctx;
 
   br_skey_decoder_push(c->_skeyDecoder, data, len);
 }
+#endif
 
 void BearSSLClient::parentAppendCert(void *ctx, const void *data, size_t len)
 {
diff --git a/src/BearSSLClient.h b/src/BearSSLClient.h
@@ -96,7 +96,9 @@ class BearSSLClient : public Client {
 
   void setEccSlot(int ecc508KeySlot, const byte cert[], int certLength);
   void setEccSlot(int ecc508KeySlot, const char cert[]);
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   void setKey(const char key[], const char cert[]);
+#endif
   void setEccCertParent(const char cert[]);
 
   int errorCode();
@@ -106,7 +108,9 @@ class BearSSLClient : public Client {
   static int clientRead(void *ctx, unsigned char *buf, size_t len);
   static int clientWrite(void *ctx, const unsigned char *buf, size_t len);
   static void clientAppendCert(void *ctx, const void *data, size_t len);
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   static void clientAppendKey(void *ctx, const void *data, size_t len);
+#endif
   static void parentAppendCert(void *ctx, const void *data, size_t len);
 
 private:
@@ -120,7 +124,9 @@ class BearSSLClient : public Client {
   br_ecdsa_sign _ecSign;
 
   br_ec_private_key _ecKey;
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   br_skey_decoder_context* _skeyDecoder;
+#endif
   br_x509_certificate _ecCert[BEAR_SSL_CLIENT_CHAIN_SIZE];
   int _ecChainLen;
   bool _ecCertDynamic;

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,9 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,`
`52`	`52`	`_TAs(myTAs),`
`53`	`53`	`_numTAs(myNumTAs),`
`54`	`54`	`_noSNI(false),`
	`55`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`55`	`56`	`_skeyDecoder(NULL),`
	`57`	`+#endif`
`56`	`58`	`_ecChainLen(0),`
`57`	`59`	`#ifndef ARDUINO_BEARSSL_DISABLE_FULL_CLIENT_PROFILE`
`58`	`60`	`_br_ssl_client_init_function(br_ssl_client_init_full)`
`@@ -86,10 +88,12 @@ BearSSLClient::~BearSSLClient()`
`86`	`88`	`_ecCert[0].data = NULL;`
`87`	`89`	`}`
`88`	`90`
	`91`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`89`	`92`	`if (_skeyDecoder) {`
`90`	`93`	`free(_skeyDecoder);`
`91`	`94`	`_skeyDecoder = NULL;`
`92`	`95`	`}`
	`96`	`+#endif`
`93`	`97`	`}`
`94`	`98`
`95`	`99`	`int BearSSLClient::connect(IPAddress ip, uint16_t port)`
`@@ -318,6 +322,7 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])`
`318`	`322`	`}`
`319`	`323`	`}`
`320`	`324`
	`325`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`321`	`326`	`void BearSSLClient::setKey(const char key[], const char cert[])`
`322`	`327`	`{`
`323`	`328`	`// try to decode the key and cert`
`@@ -390,6 +395,7 @@ void BearSSLClient::setKey(const char key[], const char cert[])`
`390`	`395`	`}`
`391`	`396`	`}`
`392`	`397`	`}`
	`398`	`+#endif`
`393`	`399`
`394`	`400`	`void BearSSLClient::setEccCertParent(const char cert[])`
`395`	`401`	`{`
`@@ -475,6 +481,7 @@ int BearSSLClient::connectSSL(const char* host)`
`475`	`481`
`476`	`482`	`// enable client auth`
`477`	`483`	`if (_ecCert[0].data_len) {`
	`484`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`478`	`485`	`if (_skeyDecoder) {`
`479`	`486`	`int skeyType = br_skey_decoder_key_type(_skeyDecoder);`
`480`	`487`
`@@ -484,8 +491,11 @@ int BearSSLClient::connectSSL(const char* host)`
`484`	`491`	`br_ssl_client_set_single_rsa(&_sc, _ecCert, _ecChainLen, br_skey_decoder_get_rsa(_skeyDecoder), br_rsa_pkcs1_sign_get_default());`
`485`	`492`	`}`
`486`	`493`	`} else {`
	`494`	`+#endif`
`487`	`495`	`br_ssl_client_set_single_ec(&_sc, _ecCert, _ecChainLen, &_ecKey, BR_KEYTYPE_KEYX \| BR_KEYTYPE_SIGN, BR_KEYTYPE_EC, br_ec_get_default(), _ecSign);`
	`496`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`488`	`497`	`}`
	`498`	`+#endif`
`489`	`499`	`}`
`490`	`500`
`491`	`501`	`// set the hostname used for SNI`
`@@ -588,12 +598,14 @@ void BearSSLClient::clientAppendCert(void ctx, const void data, size_t len)`
`588`	`598`	`c->_ecCert[0].data_len += len;`
`589`	`599`	`}`
`590`	`600`
	`601`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`591`	`602`	`void BearSSLClient::clientAppendKey(void ctx, const void data, size_t len)`
`592`	`603`	`{`
`593`	`604`	`BearSSLClient* c = (BearSSLClient*)ctx;`
`594`	`605`
`595`	`606`	`br_skey_decoder_push(c->_skeyDecoder, data, len);`
`596`	`607`	`}`
	`608`	`+#endif`
`597`	`609`
`598`	`610`	`void BearSSLClient::parentAppendCert(void ctx, const void data, size_t len)`
`599`	`611`	`{`