igrr · igrr · Jun 20, 2017 · Jun 19, 2017
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
@@ -127,7 +127,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
 #endif
 #ifdef CONFIG_SSL_FULL_MODE
 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
-const char * x509_display_error(int error);
+const char * x509_display_error(int error, char *buff);
 #endif
 
 /**************************************************************************

diff --git a/ssl/os_port.h b/ssl/os_port.h
@@ -68,10 +68,6 @@ extern "C" {
 #undef putc
 #endif
 #define putc(x, f)   ets_putc(x)
-#ifdef printf
-#undef printf
-#endif
-#define printf(...)  ets_printf(__VA_ARGS__)
 
 #define SOCKET_READ(A,B,C)      ax_port_read(A,B,C)
 #define SOCKET_WRITE(A,B,C)     ax_port_write(A,B,C)
@@ -123,6 +119,27 @@ static inline uint8_t pgm_read_byte(const void* addr) {
 #define ax_array_read_u8(x, y) pgm_read_byte((x)+(y))
 #endif //WITH_PGM_READ_HELPER
 
+#ifdef printf
+#undef printf
+#endif
+//#define printf(...)  ets_printf(__VA_ARGS__)
+#define PSTR(s) (__extension__({static const char __c[] PROGMEM = (s); &__c[0];}))
+#define PGM_VOID_P const void *
+static inline void* memcpy_P(void* dest, PGM_VOID_P src, size_t count) {
+    const uint8_t* read = (const uint8_t*)(src);
+    uint8_t* write = (uint8_t*)(dest);
+
+    while (count)
+    {
+        *write++ = pgm_read_byte(read++);
+        count--;
+    }
+
+    return dest;
+}
+#define printf(fmt, ...) do { static const char fstr[] PROGMEM = fmt; char rstr[sizeof(fmt)]; memcpy_P(rstr, fstr, sizeof(rstr)); ets_printf(rstr, ##__VA_ARGS__); } while (0)
+#define strcpy_P(dst, src) do { static const char fstr[] PROGMEM = src; memcpy_P(dst, fstr, sizeof(src)); } while (0)
+
 #elif defined(WIN32)
 
 /* Windows CE stuff */

diff --git a/ssl/tls1.c b/ssl/tls1.c
@@ -2287,58 +2287,57 @@ void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
     if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
         return;
 
-    printf(not_ok ? "Error - invalid State:\t" : "State:\t");
-    printf(is_send ? "sending " : "receiving ");
+    if (not_ok) printf("Error - invalid State:\t");
+    else printf("State:\t");
+    if (is_send) printf("sending ");
+    else printf("receiving ");
 
     switch (state)
     {
         case HS_HELLO_REQUEST:
-            str = "Hello Request (0)";
+            printf("Hello Request (0)\n");
             break;
 
         case HS_CLIENT_HELLO:
-            str = "Client Hello (1)";
+            printf("Client Hello (1)\n");
             break;
 
         case HS_SERVER_HELLO:
-            str = "Server Hello (2)";
+            printf("Server Hello (2)\n");
             break;
 
         case HS_CERTIFICATE:
-            str = "Certificate (11)";
+            printf("Certificate (11)\n");
             break;
 
         case HS_SERVER_KEY_XCHG:
-            str = "Certificate Request (12)";
+            printf("Certificate Request (12)\n");
             break;
 
         case HS_CERT_REQ:
-            str = "Certificate Request (13)";
+            printf("Certificate Request (13)\n");
             break;
 
         case HS_SERVER_HELLO_DONE:
-            str = "Server Hello Done (14)";
+            printf("Server Hello Done (14)\n");
             break;
 
         case HS_CERT_VERIFY:
-            str = "Certificate Verify (15)";
+            printf("Certificate Verify (15)\n");
             break;
 
         case HS_CLIENT_KEY_XCHG:
-            str = "Client Key Exchange (16)";
+            printf("Client Key Exchange (16)\n");
             break;
 
         case HS_FINISHED:
-            str = "Finished (16)";
+            printf("Finished (16)\n");
             break;
 
         default:
-            str = "Error (Unknown)";
-
+            printf("Error (Unknown)\n");
             break;
     }
-
-    printf("%s\n", str);
 }
 
 /**
@@ -2383,7 +2382,8 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
     /* X509 error? */
     if (error_code < SSL_X509_OFFSET)
     {
-        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET));
+        char buff[64];
+        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET, buff));
         return;
     }
 

diff --git a/ssl/x509.c b/ssl/x509.c
@@ -225,8 +225,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     if (ret)
     {
 #ifdef CONFIG_SSL_FULL_MODE
+        char buff[64];
         printf("Error: Invalid X509 ASN.1 file (%s)\n",
-                        x509_display_error(ret));
+                        x509_display_error(ret, buff));
 #endif
         x509_free(x509_ctx);
         *ctx = NULL;
@@ -821,9 +822,10 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     if (ca_cert_ctx)
     {
         int pathLenConstraint = 0;
+        char buff[64];
         printf("Verify:\t\t\t\t%s\n",
                 x509_display_error(x509_verify(ca_cert_ctx, cert,
-                        &pathLenConstraint)));
+                        &pathLenConstraint), buff));
     }
 
 #if 0
@@ -840,45 +842,57 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     TTY_FLUSH();
 }
 
-const char * x509_display_error(int error)
+const char * x509_display_error(int error, char *buff)
 {
     switch (error)
     {
         case X509_OK:
-            return "Certificate verify successful";
+            strcpy_P(buff, "Certificate verify successful");
+            return buff;
 
         case X509_NOT_OK:
-            return "X509 not ok";
+            strcpy_P(buff, "X509 not ok");
+            return buff;
 
         case X509_VFY_ERROR_NO_TRUSTED_CERT:
-            return "No trusted cert is available";
+            strcpy_P(buff, "No trusted cert is available");
+            return buff;
 
         case X509_VFY_ERROR_BAD_SIGNATURE:
-            return "Bad signature";
+            strcpy_P(buff, "Bad signature");
+            return buff;
 
         case X509_VFY_ERROR_NOT_YET_VALID:
-            return "Cert is not yet valid";
+            strcpy_P(buff, "Cert is not yet valid");
+            return buff;
 
         case X509_VFY_ERROR_EXPIRED:
-            return "Cert has expired";
+            strcpy_P(buff, "Cert has expired");
+            return buff;
 
         case X509_VFY_ERROR_SELF_SIGNED:
-            return "Cert is self-signed";
+            strcpy_P(buff, "Cert is self-signed");
+            return buff;
 
         case X509_VFY_ERROR_INVALID_CHAIN:
-            return "Chain is invalid (check order of certs)";
+            strcpy_P(buff, "Chain is invalid (check order of certs)");
+            return buff;
 
         case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
-            return "Unsupported digest";
+            strcpy_P(buff, "Unsupported digest");
+            return buff;
 
         case X509_INVALID_PRIV_KEY:
-            return "Invalid private key";
+            strcpy_P(buff, "Invalid private key");
+            return buff;
 
         case X509_VFY_ERROR_BASIC_CONSTRAINT:
-            return "Basic constraint invalid";
+            strcpy_P(buff, "Basic constraint invalid");
+            return buff;
 
         default:
-            return "Unknown";
+            strcpy_P(buff, "Unknown");
+            return buff;
     }
 }
 #endif      /* CONFIG_SSL_FULL_MODE */