From a042d8e8ab99935b3fc20df47336dfaed54d9e25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Villac=C3=ADs=20Lasso?= Date: Wed, 13 Oct 2021 13:08:42 -0500 Subject: [PATCH] API change to reduce number of NULL parameters --- src/AsyncTCP_TLS_Context.cpp | 60 ++++++++++++++++++++++++++++++++---- src/AsyncTCP_TLS_Context.h | 24 +++++++++++++-- 2 files changed, 75 insertions(+), 9 deletions(-) diff --git a/src/AsyncTCP_TLS_Context.cpp b/src/AsyncTCP_TLS_Context.cpp index 3f7c94a..e926d6b 100644 --- a/src/AsyncTCP_TLS_Context.cpp +++ b/src/AsyncTCP_TLS_Context.cpp @@ -46,9 +46,57 @@ AsyncTCP_TLS_Context::AsyncTCP_TLS_Context(void) handshake_timeout = 120000; } -int AsyncTCP_TLS_Context::startSSLClient(int sck, const char * host_or_ip, const char *rootCABuff, - const char *cli_cert, const char *cli_key, const char *pskIdent, - const char *psKey, bool insecure) +int AsyncTCP_TLS_Context::startSSLClientInsecure(int sck, const char * host_or_ip) +{ + return _startSSLClient(sck, host_or_ip, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, NULL, + true); +} + +int AsyncTCP_TLS_Context::startSSLClient(int sck, const char * host_or_ip, + const char *pskIdent, const char *psKey) +{ + return _startSSLClient(sck, host_or_ip, + NULL, 0, + NULL, 0, + NULL, 0, + pskIdent, psKey, + false); +} + +int AsyncTCP_TLS_Context::startSSLClient(int sck, const char * host_or_ip, + const char *rootCABuff, + const char *cli_cert, + const char *cli_key) +{ + return startSSLClient(sck, host_or_ip, + (const unsigned char *)rootCABuff, (rootCABuff != NULL) ? strlen(rootCABuff) + 1 : 0, + (const unsigned char *)cli_cert, (cli_cert != NULL) ? strlen(cli_cert) + 1 : 0, + (const unsigned char *)cli_key, (cli_key != NULL) ? strlen(cli_key) + 1 : 0); +} + +int AsyncTCP_TLS_Context::startSSLClient(int sck, const char * host_or_ip, + const unsigned char *rootCABuff, const size_t rootCABuff_len, + const unsigned char *cli_cert, const size_t cli_cert_len, + const unsigned char *cli_key, const size_t cli_key_len) +{ + return _startSSLClient(sck, host_or_ip, + rootCABuff, rootCABuff_len, + cli_cert, cli_cert_len, + cli_key, cli_key_len, + NULL, NULL, + false); +} + +int AsyncTCP_TLS_Context::_startSSLClient(int sck, const char * host_or_ip, + const unsigned char *rootCABuff, const size_t rootCABuff_len, + const unsigned char *cli_cert, const size_t cli_cert_len, + const unsigned char *cli_key, const size_t cli_key_len, + const char *pskIdent, const char *psKey, + bool insecure) { int ret; int enable = 1; @@ -91,7 +139,7 @@ int AsyncTCP_TLS_Context::startSSLClient(int sck, const char * host_or_ip, const log_v("Loading CA cert"); mbedtls_x509_crt_init(&ca_cert); mbedtls_ssl_conf_authmode(&ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED); - ret = mbedtls_x509_crt_parse(&ca_cert, (const unsigned char *)rootCABuff, strlen(rootCABuff) + 1); + ret = mbedtls_x509_crt_parse(&ca_cert, rootCABuff, rootCABuff_len); _have_ca_cert = true; mbedtls_ssl_conf_ca_chain(&ssl_conf, &ca_cert, NULL); if (ret < 0) { @@ -139,7 +187,7 @@ int AsyncTCP_TLS_Context::startSSLClient(int sck, const char * host_or_ip, const log_v("Loading CRT cert"); - ret = mbedtls_x509_crt_parse(&client_cert, (const unsigned char *)cli_cert, strlen(cli_cert) + 1); + ret = mbedtls_x509_crt_parse(&client_cert, cli_cert, cli_cert_len); _have_client_cert = true; if (ret < 0) { // free the client_cert in the case parse failed, otherwise, the old client_cert still in the heap memory, that lead to "out of memory" crash. @@ -148,7 +196,7 @@ int AsyncTCP_TLS_Context::startSSLClient(int sck, const char * host_or_ip, const } log_v("Loading private key"); - ret = mbedtls_pk_parse_key(&client_key, (const unsigned char *)cli_key, strlen(cli_key) + 1, NULL, 0); + ret = mbedtls_pk_parse_key(&client_key, cli_key, cli_key_len, NULL, 0); _have_client_key = true; if (ret != 0) { diff --git a/src/AsyncTCP_TLS_Context.h b/src/AsyncTCP_TLS_Context.h index e633bae..2757212 100644 --- a/src/AsyncTCP_TLS_Context.h +++ b/src/AsyncTCP_TLS_Context.h @@ -40,15 +40,33 @@ private: int _socket; + int _startSSLClient(int sck, const char * host_or_ip, + const unsigned char *rootCABuff, const size_t rootCABuff_len, + const unsigned char *cli_cert, const size_t cli_cert_len, + const unsigned char *cli_key, const size_t cli_key_len, + const char *pskIdent, const char *psKey, + bool insecure); + // Delete certificates used in handshake void _deleteHandshakeCerts(void); public: AsyncTCP_TLS_Context(void); virtual ~AsyncTCP_TLS_Context(); - int startSSLClient(int sck, const char * host_or_ip, const char *rootCABuff, - const char *cli_cert, const char *cli_key, const char *pskIdent, - const char *psKey, bool insecure); + int startSSLClientInsecure(int sck, const char * host_or_ip); + + int startSSLClient(int sck, const char * host_or_ip, + const char *pskIdent, const char *psKey); + + int startSSLClient(int sck, const char * host_or_ip, + const char *rootCABuff, + const char *cli_cert, + const char *cli_key); + + int startSSLClient(int sck, const char * host_or_ip, + const unsigned char *rootCABuff, const size_t rootCABuff_len, + const unsigned char *cli_cert, const size_t cli_cert_len, + const unsigned char *cli_key, const size_t cli_key_len); int runSSLHandshake(void);