diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h index 77712f5..33a4455 100644 --- a/ssl/crypto_misc.h +++ b/ssl/crypto_misc.h @@ -127,7 +127,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, #endif #ifdef CONFIG_SSL_FULL_MODE void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx); -const char * x509_display_error(int error); +const char * x509_display_error(int error, char *buff); #endif /************************************************************************** diff --git a/ssl/os_port.h b/ssl/os_port.h index 0737796..ded2c48 100644 --- a/ssl/os_port.h +++ b/ssl/os_port.h @@ -68,10 +68,6 @@ extern "C" { #undef putc #endif #define putc(x, f) ets_putc(x) -#ifdef printf -#undef printf -#endif -#define printf(...) ets_printf(__VA_ARGS__) #define SOCKET_READ(A,B,C) ax_port_read(A,B,C) #define SOCKET_WRITE(A,B,C) ax_port_write(A,B,C) @@ -123,6 +119,27 @@ static inline uint8_t pgm_read_byte(const void* addr) { #define ax_array_read_u8(x, y) pgm_read_byte((x)+(y)) #endif //WITH_PGM_READ_HELPER +#ifdef printf +#undef printf +#endif +//#define printf(...) ets_printf(__VA_ARGS__) +#define PSTR(s) (__extension__({static const char __c[] PROGMEM = (s); &__c[0];})) +#define PGM_VOID_P const void * +static inline void* memcpy_P(void* dest, PGM_VOID_P src, size_t count) { + const uint8_t* read = (const uint8_t*)(src); + uint8_t* write = (uint8_t*)(dest); + + while (count) + { + *write++ = pgm_read_byte(read++); + count--; + } + + return dest; +} +#define printf(fmt, ...) do { static const char fstr[] PROGMEM = fmt; char rstr[sizeof(fmt)]; memcpy_P(rstr, fstr, sizeof(rstr)); ets_printf(rstr, ##__VA_ARGS__); } while (0) +#define strcpy_P(dst, src) do { static const char fstr[] PROGMEM = src; memcpy_P(dst, fstr, sizeof(src)); } while (0) + #elif defined(WIN32) /* Windows CE stuff */ diff --git a/ssl/tls1.c b/ssl/tls1.c index c021b10..ac347d2 100644 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -2287,58 +2287,57 @@ void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok) if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES)) return; - printf(not_ok ? "Error - invalid State:\t" : "State:\t"); - printf(is_send ? "sending " : "receiving "); + if (not_ok) printf("Error - invalid State:\t"); + else printf("State:\t"); + if (is_send) printf("sending "); + else printf("receiving "); switch (state) { case HS_HELLO_REQUEST: - str = "Hello Request (0)"; + printf("Hello Request (0)\n"); break; case HS_CLIENT_HELLO: - str = "Client Hello (1)"; + printf("Client Hello (1)\n"); break; case HS_SERVER_HELLO: - str = "Server Hello (2)"; + printf("Server Hello (2)\n"); break; case HS_CERTIFICATE: - str = "Certificate (11)"; + printf("Certificate (11)\n"); break; case HS_SERVER_KEY_XCHG: - str = "Certificate Request (12)"; + printf("Certificate Request (12)\n"); break; case HS_CERT_REQ: - str = "Certificate Request (13)"; + printf("Certificate Request (13)\n"); break; case HS_SERVER_HELLO_DONE: - str = "Server Hello Done (14)"; + printf("Server Hello Done (14)\n"); break; case HS_CERT_VERIFY: - str = "Certificate Verify (15)"; + printf("Certificate Verify (15)\n"); break; case HS_CLIENT_KEY_XCHG: - str = "Client Key Exchange (16)"; + printf("Client Key Exchange (16)\n"); break; case HS_FINISHED: - str = "Finished (16)"; + printf("Finished (16)\n"); break; default: - str = "Error (Unknown)"; - + printf("Error (Unknown)\n"); break; } - - printf("%s\n", str); } /** @@ -2383,7 +2382,8 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code) /* X509 error? */ if (error_code < SSL_X509_OFFSET) { - printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET)); + char buff[64]; + printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET, buff)); return; } diff --git a/ssl/x509.c b/ssl/x509.c index c050eb8..dbb9fd3 100644 --- a/ssl/x509.c +++ b/ssl/x509.c @@ -225,8 +225,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx) if (ret) { #ifdef CONFIG_SSL_FULL_MODE + char buff[64]; printf("Error: Invalid X509 ASN.1 file (%s)\n", - x509_display_error(ret)); + x509_display_error(ret, buff)); #endif x509_free(x509_ctx); *ctx = NULL; @@ -821,9 +822,10 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) if (ca_cert_ctx) { int pathLenConstraint = 0; + char buff[64]; printf("Verify:\t\t\t\t%s\n", x509_display_error(x509_verify(ca_cert_ctx, cert, - &pathLenConstraint))); + &pathLenConstraint), buff)); } #if 0 @@ -840,45 +842,57 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) TTY_FLUSH(); } -const char * x509_display_error(int error) +const char * x509_display_error(int error, char *buff) { switch (error) { case X509_OK: - return "Certificate verify successful"; + strcpy_P(buff, "Certificate verify successful"); + return buff; case X509_NOT_OK: - return "X509 not ok"; + strcpy_P(buff, "X509 not ok"); + return buff; case X509_VFY_ERROR_NO_TRUSTED_CERT: - return "No trusted cert is available"; + strcpy_P(buff, "No trusted cert is available"); + return buff; case X509_VFY_ERROR_BAD_SIGNATURE: - return "Bad signature"; + strcpy_P(buff, "Bad signature"); + return buff; case X509_VFY_ERROR_NOT_YET_VALID: - return "Cert is not yet valid"; + strcpy_P(buff, "Cert is not yet valid"); + return buff; case X509_VFY_ERROR_EXPIRED: - return "Cert has expired"; + strcpy_P(buff, "Cert has expired"); + return buff; case X509_VFY_ERROR_SELF_SIGNED: - return "Cert is self-signed"; + strcpy_P(buff, "Cert is self-signed"); + return buff; case X509_VFY_ERROR_INVALID_CHAIN: - return "Chain is invalid (check order of certs)"; + strcpy_P(buff, "Chain is invalid (check order of certs)"); + return buff; case X509_VFY_ERROR_UNSUPPORTED_DIGEST: - return "Unsupported digest"; + strcpy_P(buff, "Unsupported digest"); + return buff; case X509_INVALID_PRIV_KEY: - return "Invalid private key"; + strcpy_P(buff, "Invalid private key"); + return buff; case X509_VFY_ERROR_BASIC_CONSTRAINT: - return "Basic constraint invalid"; + strcpy_P(buff, "Basic constraint invalid"); + return buff; default: - return "Unknown"; + strcpy_P(buff, "Unknown"); + return buff; } } #endif /* CONFIG_SSL_FULL_MODE */