From b8617161e4f60e0db7f66f2d8ed95134524108d5 Mon Sep 17 00:00:00 2001
From: pennam <m.pennasilico@arduino.cc>
Date: Fri, 13 Jun 2025 11:25:01 +0200
Subject: [PATCH 1/2] BearSSL Trust Anchor: fix keySize and dnSize

---
 main/CommandHandler.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main/CommandHandler.cpp b/main/CommandHandler.cpp
index 18a67ba..9bc5b00 100644
--- a/main/CommandHandler.cpp
+++ b/main/CommandHandler.cpp
@@ -1717,7 +1717,7 @@ int brSetECTrustAnchor(const uint8_t command[], uint8_t response[])
   response[3] = 1;
   response[4] = 0;
 
-  uint8_t dnSize = command[4];
+  uint16_t dnSize =  command[3] << 8 | command[4];
   customTrustAnchor.dn.data = (unsigned char*)malloc(dnSize);
   if(customTrustAnchor.dn.data == NULL){
     return 6;
@@ -1729,7 +1729,7 @@ int brSetECTrustAnchor(const uint8_t command[], uint8_t response[])
   customTrustAnchor.pkey.key_type = BR_KEYTYPE_EC;
   customTrustAnchor.pkey.key.ec.curve = command[10 + dnSize];
 
-  uint8_t keySize = command[12 + dnSize];
+  uint16_t keySize = command[11 + dnSize] << 8 | command[12 + dnSize];
   customTrustAnchor.pkey.key.ec.q = (unsigned char*)malloc(keySize);
   if(customTrustAnchor.pkey.key.ec.q == NULL){
     free(customTrustAnchor.dn.data);

From 6add53626d6cd3ce8630e289da37bbd415428bed Mon Sep 17 00:00:00 2001
From: pennam <m.pennasilico@arduino.cc>
Date: Fri, 13 Jun 2025 11:26:32 +0200
Subject: [PATCH 2/2] BearSSL Trust Anchor: add debug log

---
 main/CommandHandler.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/main/CommandHandler.cpp b/main/CommandHandler.cpp
index 9bc5b00..d137987 100644
--- a/main/CommandHandler.cpp
+++ b/main/CommandHandler.cpp
@@ -1738,6 +1738,14 @@ int brSetECTrustAnchor(const uint8_t command[], uint8_t response[])
   memcpy(customTrustAnchor.pkey.key.ec.q, &command[13 + dnSize], keySize);
   customTrustAnchor.pkey.key.ec.qlen = keySize;
 
+  ESP_LOGI("TA_DN_LEN", "%d", customTrustAnchor.dn.len);
+  ESP_LOG_BUFFER_HEX("TA_DN", customTrustAnchor.dn.data, customTrustAnchor.dn.len);
+  ESP_LOGI("TA_FLAGS", "0x%02X", customTrustAnchor.flags);
+  ESP_LOGI("TA_CURVE_TYPE", "0x%02X", customTrustAnchor.pkey.key_type);
+  ESP_LOGI("TA_CURVE", "0x%02X", customTrustAnchor.pkey.key.ec.curve);
+  ESP_LOGI("TA_EC_LEN", "%d", customTrustAnchor.pkey.key.ec.qlen);
+  ESP_LOG_BUFFER_HEX("TA_EC", customTrustAnchor.pkey.key.ec.q, customTrustAnchor.pkey.key.ec.qlen);
+
   bearsslClient.setTrustAnchors(&customTrustAnchor, 1);
   response[4] = 1;