Allocate encrypted buffer on the heap instead of the stack, courtesy of @jgstroud

dkerr64 · dkerr64 · commit 7a1d21abb21d · 2024-06-08T14:01:01.000-04:00
Attempting to use 1KB from stack is risky as the ESP8266 has very small stack to start with.
diff --git a/src/arduino_homekit_server.cpp b/src/arduino_homekit_server.cpp
@@ -561,8 +561,10 @@ int client_send_encrypted_(client_context_t *context,
 	byte nonce[12];
 	memset(nonce, 0, sizeof(nonce));
 
-	byte encrypted[1024 + 18];
-	uint payload_offset = 0;
+#define ENCRYPTED_BUFFER_SIZE 1024
+#define AAD_SIZE 2
+	byte *encrypted = (byte*)malloc(ENCRYPTED_BUFFER_SIZE + 16 + AAD_SIZE);
+	size_t payload_offset = 0;
 
 	while (payload_offset < size) {
 		size_t chunk_size = size - payload_offset;
@@ -580,19 +582,21 @@ int client_send_encrypted_(client_context_t *context,
 			x /= 256;
 		}
 
-		size_t available = sizeof(encrypted) - 2;
-		int r = crypto_chacha20poly1305_encrypt(context->read_key, nonce, aead, 2,
-				payload + payload_offset, chunk_size, encrypted + 2, &available);
+		size_t available = ENCRYPTED_BUFFER_SIZE + 16;
+		int r = crypto_chacha20poly1305_encrypt(context->read_key, nonce, aead, AAD_SIZE,
+				payload + payload_offset, chunk_size, encrypted + AAD_SIZE, &available);
 		if (r) {
 			ERROR("Failed to chacha encrypt payload (code %d)", r);
+			free(encrypted);
 			return -1;
 		}
 
 		payload_offset += chunk_size;
 
-		write(context, encrypted, available + 2);
+		write(context, encrypted, available + AAD_SIZE);
 	}
 
+	free(encrypted);
 	return 0;
 }
 
@@ -616,8 +620,8 @@ int client_decrypt_(client_context_t *context,
 	byte nonce[12];
 	memset(nonce, 0, sizeof(nonce));
 
-	int payload_offset = 0;
-	int decrypted_offset = 0;
+	size_t payload_offset = 0;
+	size_t decrypted_offset = 0;
 
 	while (payload_offset < payload_size) {
 		size_t chunk_size = payload[payload_offset] + payload[payload_offset + 1] * 256;
