diff --git a/include/polarssl/x509write.h b/include/polarssl/x509write.h index a8e672add..d95408395 100644 --- a/include/polarssl/x509write.h +++ b/include/polarssl/x509write.h @@ -215,6 +215,20 @@ int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size ); */ int x509write_csr_der( x509_csr *ctx, unsigned char *buf, size_t size ); +#if defined(POLARSSL_BASE64_C) +/** + * \brief Write a CSR (Certificate Signing Request) to a + * PEM string + * + * \param rsa CSR to write away + * \param buf buffer to write to + * \param size size of the buffer + * + * \return 0 successful, or a specific error code + */ +int x509write_csr_pem( x509_csr *ctx, unsigned char *buf, size_t size ); +#endif /* POLARSSL_BASE64_C */ + #ifdef __cplusplus } #endif diff --git a/library/x509write.c b/library/x509write.c index 12cc0e177..bf6483ea4 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -33,6 +33,10 @@ #include "polarssl/md.h" #include "polarssl/oid.h" +#if defined(POLARSSL_BASE64_C) +#include "polarssl/base64.h" +#endif + #if defined(POLARSSL_MEMORY_C) #include "polarssl/memory.h" #else @@ -518,4 +522,57 @@ int x509write_csr_der( x509_csr *ctx, unsigned char *buf, size_t size ) return( len ); } +#define CSR_PEM_BEGIN "-----BEGIN CERTIFICATE REQUEST-----\n" +#define CSR_PEM_END "-----END CERTIFICATE REQUEST-----\n" + +#if defined(POLARSSL_BASE64_C) +int x509write_csr_pem( x509_csr *ctx, unsigned char *buf, size_t size ) +{ + int ret; + unsigned char output_buf[4096]; + unsigned char base_buf[4096]; + unsigned char *c, *p = buf; + size_t len = 0, olen = 4096; + + memset( output_buf, 0, 4096 ); + + if( ( ret = x509write_csr_der( ctx, output_buf, 4096 ) ) < 0 ) + return( ret ); + + len = ret; + c = output_buf + 4095 - len; + + if( ( ret = base64_encode( base_buf, &olen, c, len ) ) != 0 ) + return( ret ); + + c = base_buf; + + if( olen + strlen( CSR_PEM_BEGIN ) + strlen( CSR_PEM_END ) + + olen / 64 > size ) + { + return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL ); + } + + memcpy( p, CSR_PEM_BEGIN, strlen( CSR_PEM_BEGIN ) ); + p += strlen( CSR_PEM_BEGIN ); + + while( olen ) + { + len = ( olen > 64 ) ? 64 : olen; + memcpy( p, c, len ); + olen -= len; + p += len; + c += len; + *p++ = '\n'; + } + + memcpy( p, CSR_PEM_END, strlen( CSR_PEM_END ) ); + p += strlen( CSR_PEM_END ); + + *p = '\0'; + + return( 0 ); +} +#endif /* POLARSSL_BASE64_C */ + #endif diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index b30db19b7..384ef08d6 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -62,41 +62,23 @@ struct options int write_certificate_request( x509_csr *req, char *output_file ) { + int ret; FILE *f; unsigned char output_buf[4096]; - unsigned char base_buf[4096]; - unsigned char *c; - int ret; - size_t len = 0, olen = 4096; + size_t len = 0; - memset(output_buf, 0, 4096); - ret = x509write_csr_der( req, output_buf, 4096 ); - - if( ret < 0 ) + memset( output_buf, 0, 4096 ); + if( ( ret = x509write_csr_pem( req, output_buf, 4096 ) ) < 0 ) return( ret ); - len = ret; - c = output_buf + 4095 - len; - - if( ( ret = base64_encode( base_buf, &olen, c, len ) ) != 0 ) - return( ret ); - - c = base_buf; + len = strlen( (char *) output_buf ); if( ( f = fopen( output_file, "w" ) ) == NULL ) return( -1 ); - fprintf(f, "-----BEGIN CERTIFICATE REQUEST-----\n"); - while (olen) - { - int use_len = olen; - if (use_len > 64) use_len = 64; - fwrite( c, 1, use_len, f ); - olen -= use_len; - c += use_len; - fprintf(f, "\n"); - } - fprintf(f, "-----END CERTIFICATE REQUEST-----\n"); + if( fwrite( output_buf, 1, len, f ) != len ) + return( -1 ); + fclose(f); return( 0 );