arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-12-07 17:42:43 +03:00
Code Activity
Files
14f1b1d4a74a2e65207f23aedabcc7038ffae652
esp8266/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.h
Earle F. Philhower, III 56268b166d Fix memory related issues w/BearSSL server/client (#5706) 
Because the constructors of the BSSL client and server add a reference
count to the stack_thunk, if there is no copy constructor defined then
the stack thunk reference count can get out of sync causing the stack
thunk memory to be freed while still in use.  That could cause random
crashes or hangs.

Add a very basic copy constructor to the WiFiClientSecure and
WiFiServerSecure objects, using the default operator= to duplicate
simple types and shared_ptr classes.

The _cipher_list element (used only w/custom ciphers) could be freed
while still in use if copies of the WiFiClientSecure object were made.

Use a shared_ptr which will only free when the last reference is
deleted.

The axTLS compatibility mode calls allocate and store elements needed
for SSL connections (unlike normal BearSSL calls).  These elements could
be freed mistakenly while still in use if copies of the WiFiClientSecure
were made by the app.

Convert to a separately managed shared_ptr to ensure they live as long
as any referencing objects before deletion.

Same done for the axTLS compatability for WiFiServerSecure.
2019-02-02 18:09:19 +00:00

82 lines
2.9 KiB
C++
Raw Blame History

/*
WiFiServerBearSSL.h - Library for Arduino ESP8266
Copyright (c) 2018 Earle F. Philhower, III
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef wifiserverbearssl_h
#define wifiserverbearssl_h
#include "WiFiServer.h"
#include "WiFiClientSecureBearSSL.h"
#include "BearSSLHelpers.h"
#include <bearssl/bearssl.h>
namespace BearSSL {
class WiFiClientSecure;
class WiFiServerSecure : public WiFiServer {
public:
WiFiServerSecure(IPAddress addr, uint16_t port);
WiFiServerSecure(uint16_t port);
WiFiServerSecure(const WiFiServerSecure &rhs);
virtual ~WiFiServerSecure();
// Override the default buffer sizes, if you know what you're doing...
void setBufferSizes(int recv, int xmit) {
_iobuf_in_size = recv;
_iobuf_out_size = xmit;
}
// Set the server's RSA key and x509 certificate (required, pick one).
// Caller needs to preserve the chain and key throughout the life of the server.
void setRSACert(const X509List *chain, const PrivateKey *sk);
// Set the server's EC key and x509 certificate (required, pick one)
// Caller needs to preserve the chain and key throughout the life of the server.
void setECCert(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk);
// Require client certificates validated against the passed in x509 trust anchor
// Caller needs to preserve the cert throughout the life of the server.
void setClientTrustAnchor(const X509List *client_CA_ta) {
_client_CA_ta = client_CA_ta;
}
// If awaiting connection available and authenticated (i.e. client cert), return it.
WiFiClientSecure available(uint8_t* status = NULL);
// Compatibility with axTLS interface
void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen);
void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen);
private:
const X509List *_chain = nullptr;
unsigned _cert_issuer_key_type = 0;
const PrivateKey *_sk = nullptr;
int _iobuf_in_size = BR_SSL_BUFSIZE_INPUT;
int _iobuf_out_size = 837;
const X509List *_client_CA_ta = nullptr;
// axTLS compat
std::shared_ptr<X509List> _axtls_chain;
std::shared_ptr<PrivateKey> _axtls_sk;
};
};
#endif
View Git Blame Copy Permalink