Merged refactored x509write module into development

2013-08-28 16:31:30 +02:00 · 2013-08-28 16:31:30 +02:00 · ca174fef80
commit ca174fef80
parent 9659dae046 9852d00de6
21 changed files with 1442 additions and 321 deletions
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@ -343,4 +343,32 @@ int asn1_get_alg_null( unsigned char **p,
    return( 0 );
 }

+void asn1_free_named_data( asn1_named_data *cur )
+{
+    if( cur == NULL )
+        return;
+
+    polarssl_free( cur->oid.p );
+    polarssl_free( cur->val.p );
+
+    memset( cur, 0, sizeof( asn1_named_data ) );
+}
+
+asn1_named_data *asn1_find_named_data( asn1_named_data *list,
+                                       const char *oid, size_t len )
+{
+    while( list != NULL )
+    {
+        if( list->oid.len == len &&
+            memcmp( list->oid.p, oid, len ) == 0 )
+        {
+            break;
+        }
+
+        list = list->next;
+    }
+
+    return( list );
+}
+
 #endif
--- a/library/asn1write.c
+++ b/library/asn1write.c
@ -72,6 +72,21 @@ int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
    return( 1 );
 }

+int asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+                           const unsigned char *buf, size_t size )
+{
+    size_t len = 0;
+
+    if( *p - start < (int) size )
+        return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+    len = size;
+    (*p) -= len;
+    memcpy( *p, buf, len );
+
+    return( len );
+}
+
 #if defined(POLARSSL_BIGNUM_C)
 int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
 {
@ -125,15 +140,8 @@ int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid )
    int ret;
    size_t len = 0;

-    // Write OID
-    //
-    len = strlen( oid );
-
-    if( *p - start < (int) len )
-        return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
-
-    (*p) -= len;
-    memcpy( *p, oid, len );
+    ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
+                  (const unsigned char *) oid, strlen( oid ) ) );

    ASN1_CHK_ADD( len , asn1_write_len( p, start, len ) );
    ASN1_CHK_ADD( len , asn1_write_tag( p, start, ASN1_OID ) );
@ -142,7 +150,7 @@ int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid )
 }

 int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
-                                     const char *algorithm_oid )
+                                     const char *oid )
 {
    int ret;
    size_t null_len = 0;
@ -155,7 +163,7 @@ int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,

    // Write OID
    //
-    ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, algorithm_oid ) );
+    ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, oid ) );

    len = oid_len + null_len;
    ASN1_CHK_ADD( len, asn1_write_len( p, start, oid_len + null_len ) );
@ -201,43 +209,68 @@ int asn1_write_printable_string( unsigned char **p, unsigned char *start,
    int ret;
    size_t len = 0;

-    // Write string
-    //
-    len = strlen( text );
-
-    if( *p - start < (int) len )
-        return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
-
-    (*p) -= len;
-    memcpy( *p, text, len );
+    ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
+                  (const unsigned char *) text, strlen( text ) ) );

    ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
    ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_PRINTABLE_STRING ) );

    return( len );
 }
-    
+
 int asn1_write_ia5_string( unsigned char **p, unsigned char *start,
-                          char *text )
+                           char *text )
 {
    int ret;
    size_t len = 0;

-    // Write string
-    //
-    len = strlen( text );
-
-    if( *p - start < (int) len )
-        return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
-
-    (*p) -= len;
-    memcpy( *p, text, len );
+    ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
+                  (const unsigned char *) text, strlen( text ) ) );

    ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
    ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_IA5_STRING ) );

    return( len );
 }
-    

+int asn1_write_bitstring( unsigned char **p, unsigned char *start,
+                          const unsigned char *buf, size_t bits )
+{
+    int ret;
+    size_t len = 0, size;
+
+    size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
+
+    // Calculate byte length
+    //
+    if( *p - start < (int) size + 1 )
+        return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
+    len = size + 1;
+    (*p) -= size;
+    memcpy( *p, buf, size );
+
+    // Write unused bits
+    //
+    *--(*p) = size * 8 - bits;
+
+    ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+    ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) );
+
+    return( len );
+}
+
+int asn1_write_octet_string( unsigned char **p, unsigned char *start,
+                             const unsigned char *buf, size_t size )
+{
+    int ret;
+    size_t len = 0;
+
+    ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, buf, size ) );
+
+    ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
+    ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OCTET_STRING ) );
+
+    return( len );
+}
 #endif
--- a/library/error.c
+++ b/library/error.c
@ -149,6 +149,10 @@
 #include "polarssl/x509.h"
 #endif

+#if defined(POLARSSL_X509_WRITE_C)
+#include "polarssl/x509write.h"
+#endif
+
 #if defined(POLARSSL_XTEA_C)
 #include "polarssl/xtea.h"
 #endif
@ -432,6 +436,15 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
            snprintf( buf, buflen, "X509 - Elliptic curve is unsupported (only NIST curves are supported)" );
 #endif /* POLARSSL_X509_PARSE_C */

+#if defined(POLARSSL_X509_WRITE_C)
+        if( use_ret == -(POLARSSL_ERR_X509WRITE_UNKNOWN_OID) )
+            snprintf( buf, buflen, "X509WRITE - Requested OID is unknown" );
+        if( use_ret == -(POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA) )
+            snprintf( buf, buflen, "X509WRITE - Failed to allocate memory" );
+        if( use_ret == -(POLARSSL_ERR_X509WRITE_MALLOC_FAILED) )
+            snprintf( buf, buflen, "X509WRITE - Failed to allocate memory" );
+#endif /* POLARSSL_X509_WRITE_C */
+
        if( strlen( buf ) == 0 )
            snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
    }
--- a/library/x509write.c
+++ b/library/x509write.c
@ -33,7 +33,231 @@
 #include "polarssl/md.h"
 #include "polarssl/oid.h"

-int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa )
+#if defined(POLARSSL_BASE64_C)
+#include "polarssl/base64.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_C)
+#include "polarssl/memory.h"
+#else
+#include <stdlib.h>
+#define polarssl_malloc     malloc
+#define polarssl_free       free
+#endif
+
+void x509write_csr_init( x509_csr *ctx )
+{
+    memset( ctx, 0, sizeof(x509_csr) );
+}
+
+void x509write_csr_free( x509_csr *ctx )
+{
+    x509_req_name *cur;
+    asn1_named_data *cur_ext;
+
+    while( ( cur = ctx->subject ) != NULL )
+    {
+        ctx->subject = cur->next;
+        polarssl_free( cur );
+    }
+
+    while( ( cur_ext = ctx->extensions ) != NULL )
+    {
+        ctx->extensions = cur_ext->next;
+        asn1_free_named_data( cur_ext );
+        polarssl_free( cur_ext );
+    }
+
+    memset( ctx, 0, sizeof(x509_csr) );
+}
+
+void x509write_csr_set_md_alg( x509_csr *ctx, md_type_t md_alg )
+{
+    ctx->md_alg = md_alg;
+}
+
+void x509write_csr_set_rsa_key( x509_csr *ctx, rsa_context *rsa )
+{
+    ctx->rsa = rsa;
+}
+
+int x509write_csr_set_subject_name( x509_csr *ctx, char *subject_name )
+{
+    int ret = 0;
+    char *s = subject_name, *c = s;
+    char *end = s + strlen( s );
+    char *oid = NULL;
+    int in_tag = 1;
+    x509_req_name *cur;
+
+    while( ctx->subject )
+    {
+        cur = ctx->subject;
+        ctx->subject = ctx->subject->next;
+        polarssl_free( cur );
+    }
+
+    while( c <= end )
+    {
+        if( in_tag && *c == '=' )
+        {
+            if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
+                oid = OID_AT_CN;
+            else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
+                oid = OID_AT_COUNTRY;
+            else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
+                oid = OID_AT_ORGANIZATION;
+            else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
+                oid = OID_AT_LOCALITY;
+            else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
+                oid = OID_PKCS9_EMAIL;
+            else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
+                oid = OID_AT_ORG_UNIT;
+            else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
+                oid = OID_AT_STATE;
+            else
+            {
+                ret = POLARSSL_ERR_X509WRITE_UNKNOWN_OID;
+                goto exit;
+            }
+
+            s = c + 1;
+            in_tag = 0;
+        }
+
+        if( !in_tag && ( *c == ',' || c == end ) )
+        {
+            if( c - s > 127 )
+            {
+                ret = POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA;
+                goto exit;
+            }
+
+            cur = polarssl_malloc( sizeof(x509_req_name) );
+
+            if( cur == NULL )
+            {
+                ret = POLARSSL_ERR_X509WRITE_MALLOC_FAILED;
+                goto exit;
+            }
+
+            memset( cur, 0, sizeof(x509_req_name) );
+
+            cur->next = ctx->subject;
+            ctx->subject = cur;
+
+            strncpy( cur->oid, oid, strlen( oid ) );
+            strncpy( cur->name, s, c - s );
+
+            s = c + 1;
+            in_tag = 1;
+        }
+        c++;
+    }
+
+exit:
+
+    return( ret );
+}
+
+int x509write_csr_set_extension( x509_csr *ctx,
+                                 const char *oid, size_t oid_len,
+                                 const unsigned char *val, size_t val_len )
+{
+    asn1_named_data *cur;
+
+    if( ( cur = asn1_find_named_data( ctx->extensions, oid,
+                                      oid_len ) ) == NULL )
+    {
+        cur = polarssl_malloc( sizeof(asn1_named_data) );
+        if( cur == NULL )
+            return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
+
+        memset( cur, 0, sizeof(asn1_named_data) );
+
+        cur->oid.len = oid_len;
+        cur->oid.p = polarssl_malloc( oid_len );
+        if( cur->oid.p == NULL )
+        {
+            polarssl_free( cur );
+            return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
+        }
+
+        cur->val.len = val_len;
+        cur->val.p = polarssl_malloc( val_len );
+        if( cur->val.p == NULL )
+        {
+            polarssl_free( cur->oid.p );
+            polarssl_free( cur );
+            return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
+        }
+
+        memcpy( cur->oid.p, oid, oid_len );
+
+        cur->next = ctx->extensions;
+        ctx->extensions = cur;
+    }
+
+    if( cur->val.len != val_len )
+    {
+        polarssl_free( cur->val.p );
+
+        cur->val.len = val_len;
+        cur->val.p = polarssl_malloc( val_len );
+        if( cur->val.p == NULL )
+        {
+            polarssl_free( cur->oid.p );
+            polarssl_free( cur );
+            return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
+        }
+    }
+
+    memcpy( cur->val.p, val, val_len );
+
+    return( 0 );
+}
+
+int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage )
+{
+    unsigned char buf[4];
+    unsigned char *c;
+    int ret;
+
+    c = buf + 4;
+
+    if( ( ret = asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
+        return( ret );
+
+    ret = x509write_csr_set_extension( ctx, OID_KEY_USAGE,
+                                       OID_SIZE( OID_KEY_USAGE ),
+                                       buf, 4 );
+    if( ret != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int x509write_csr_set_ns_cert_type( x509_csr *ctx, unsigned char ns_cert_type )
+{
+    unsigned char buf[4];
+    unsigned char *c;
+    int ret;
+
+    c = buf + 4;
+
+    if( ( ret = asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+        return( ret );
+
+    ret = x509write_csr_set_extension( ctx, OID_NS_CERT_TYPE,
+                                       OID_SIZE( OID_NS_CERT_TYPE ),
+                                       buf, 4 );
+    if( ret != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int x509write_pubkey_der( rsa_context *rsa, unsigned char *buf, size_t size )
 {
    int ret;
    unsigned char *c;
@ -41,6 +265,12 @@ int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa )

    c = buf + size - 1;

+    /*
+    *  RSAPublicKey ::= SEQUENCE {
+    *      modulus           INTEGER,  -- n
+    *      publicExponent    INTEGER   -- e
+    *  }
+    */
    ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
    ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );

@ -50,6 +280,11 @@ int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa )
    if( c - buf < 1 )
        return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );

+    /*
+     *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+     *       algorithm            AlgorithmIdentifier,
+     *       subjectPublicKey     BIT STRING }
+     */
    *--c = 0;
    len += 1;

@ -64,7 +299,7 @@ int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa )
    return( len );
 }

-int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa )
+int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size )
 {
    int ret;
    unsigned char *c;
@ -167,8 +402,7 @@ static int x509_write_sig( unsigned char **p, unsigned char *start,
    return( len );
 }

-int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
-                         x509_req_name *req_name, md_type_t md_alg )
+int x509write_csr_der( x509_csr *ctx, unsigned char *buf, size_t size )
 {
    int ret;
    const char *sig_oid;
@ -178,15 +412,52 @@ int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
    unsigned char tmp_buf[2048];
    size_t sub_len = 0, pub_len = 0, sig_len = 0;
    size_t len = 0;
-    x509_req_name *cur = req_name;
+    x509_req_name *cur = ctx->subject;
+    asn1_named_data *cur_ext = ctx->extensions;

    c = tmp_buf + 2048 - 1;

-    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, 0 ) );
+    while( cur_ext != NULL )
+    {
+        size_t ext_len = 0;
+
+        ASN1_CHK_ADD( ext_len, asn1_write_raw_buffer( &c, tmp_buf, cur_ext->val.p,
+                                                      cur_ext->val.len ) );
+        ASN1_CHK_ADD( ext_len, asn1_write_len( &c, tmp_buf, cur_ext->val.len ) );
+        ASN1_CHK_ADD( ext_len, asn1_write_tag( &c, tmp_buf, ASN1_OCTET_STRING ) );
+
+        ASN1_CHK_ADD( ext_len, asn1_write_raw_buffer( &c, tmp_buf, cur_ext->oid.p,
+                                                      cur_ext->oid.len ) );
+        ASN1_CHK_ADD( ext_len, asn1_write_len( &c, tmp_buf, cur_ext->oid.len ) );
+        ASN1_CHK_ADD( ext_len, asn1_write_tag( &c, tmp_buf, ASN1_OID ) );
+
+        ASN1_CHK_ADD( ext_len, asn1_write_len( &c, tmp_buf, ext_len ) );
+        ASN1_CHK_ADD( ext_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+        cur_ext = cur_ext->next;
+
+        len += ext_len;
+    }
+
+    if( len )
+    {
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SET ) );
+
+        ASN1_CHK_ADD( len, asn1_write_oid( &c, tmp_buf, OID_PKCS9_CSR_EXT_REQ ) );
+
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+    }
+
+    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) );

-    ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &rsa->E ) );
-    ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &rsa->N ) );
+    ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->E ) );
+    ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->N ) );

    ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
    ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
@ -194,6 +465,11 @@ int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
    if( c - tmp_buf < 1 )
        return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );

+    /*
+     *  AlgorithmIdentifier  ::=  SEQUENCE  {
+     *       algorithm               OBJECT IDENTIFIER,
+     *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
+     */
    *--c = 0;
    pub_len += 1;

@ -217,21 +493,24 @@ int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );

+    /*
+     *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+     */
    ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) );

    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );

-    md( md_info_from_type( md_alg ), c, len, hash );
+    md( md_info_from_type( ctx->md_alg ), c, len, hash );

-    rsa_pkcs1_sign( rsa, NULL, NULL, RSA_PRIVATE, md_alg, 0, hash, sig );
+    rsa_pkcs1_sign( ctx->rsa, NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig );

    // Generate correct OID
    //
-    ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, md_alg, &sig_oid );
+    ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, ctx->md_alg, &sig_oid );

    c2 = buf + size - 1;
-    ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, rsa->len ) );
+    ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, ctx->rsa->len ) );

    c2 -= len;
    memcpy( c2, c, len );
@ -243,4 +522,117 @@ int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
    return( len );
 }

+#define PEM_BEGIN_CSR           "-----BEGIN CERTIFICATE REQUEST-----\n"
+#define PEM_END_CSR             "-----END CERTIFICATE REQUEST-----\n"
+
+#define PEM_BEGIN_PUBLIC_KEY    "-----BEGIN PUBLIC KEY-----\n"
+#define PEM_END_PUBLIC_KEY      "-----END PUBLIC KEY-----\n"
+
+#define PEM_BEGIN_PRIVATE_KEY   "-----BEGIN RSA PRIVATE KEY-----\n"
+#define PEM_END_PRIVATE_KEY     "-----END RSA PRIVATE KEY-----\n"
+
+#if defined(POLARSSL_BASE64_C)
+static int x509write_pemify( const char *begin_str, const char *end_str,
+                             const unsigned char *der_data, size_t der_len,
+                             unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char base_buf[4096];
+    unsigned char *c = base_buf, *p = buf;
+    size_t len = 0, olen = sizeof(base_buf);
+
+    if( ( ret = base64_encode( base_buf, &olen, der_data, der_len ) ) != 0 )
+        return( ret );
+
+    if( olen + strlen( begin_str ) + strlen( end_str ) +
+        olen / 64 > size )
+    {
+        return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
+    }
+
+    memcpy( p, begin_str, strlen( begin_str ) );
+    p += strlen( begin_str );
+
+    while( olen )
+    {
+        len = ( olen > 64 ) ? 64 : olen;
+        memcpy( p, c, len );
+        olen -= len;
+        p += len;
+        c += len;
+        *p++ = '\n';
+    }
+
+    memcpy( p, end_str, strlen( end_str ) );
+    p += strlen( end_str );
+
+    *p = '\0';
+
+    return( 0 );
+}
+
+int x509write_pubkey_pem( rsa_context *rsa, unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char output_buf[4096];
+
+    if( ( ret = x509write_pubkey_der( rsa, output_buf,
+                                      sizeof(output_buf) ) ) < 0 )
+    {
+        return( ret );
+    }
+
+    if( ( ret = x509write_pemify( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
+                                  output_buf + sizeof(output_buf) - 1 - ret,
+                                  ret, buf, size ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+int x509write_key_pem( rsa_context *rsa, unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char output_buf[4096];
+
+    if( ( ret = x509write_key_der( rsa, output_buf,
+                                      sizeof(output_buf) ) ) < 0 )
+    {
+        return( ret );
+    }
+
+    if( ( ret = x509write_pemify( PEM_BEGIN_PRIVATE_KEY, PEM_END_PRIVATE_KEY,
+                                  output_buf + sizeof(output_buf) - 1 - ret,
+                                  ret, buf, size ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+int x509write_csr_pem( x509_csr *ctx, unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char output_buf[4096];
+
+    if( ( ret = x509write_csr_der( ctx, output_buf,
+                                      sizeof(output_buf) ) ) < 0 )
+    {
+        return( ret );
+    }
+
+    if( ( ret = x509write_pemify( PEM_BEGIN_CSR, PEM_END_CSR,
+                                  output_buf + sizeof(output_buf) - 1 - ret,
+                                  ret, buf, size ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* POLARSSL_BASE64_C */
+
 #endif