1 /*
2 * Public Key layer for writing key files and structures
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include "common.h"
21
22 #if defined(MBEDTLS_PK_WRITE_C)
23
24 #include "mbedtls/pk.h"
25 #include "mbedtls/asn1write.h"
26 #include "mbedtls/oid.h"
27 #include "mbedtls/platform_util.h"
28 #include "mbedtls/error.h"
29
30 #include <string.h>
31
32 #if defined(MBEDTLS_RSA_C)
33 #include "mbedtls/rsa.h"
34 #endif
35 #if defined(MBEDTLS_ECP_C)
36 #include "mbedtls/bignum.h"
37 #include "mbedtls/ecp.h"
38 #include "mbedtls/platform_util.h"
39 #endif
40 #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
41 #include "pkwrite.h"
42 #endif
43 #if defined(MBEDTLS_ECDSA_C)
44 #include "mbedtls/ecdsa.h"
45 #endif
46 #if defined(MBEDTLS_PEM_WRITE_C)
47 #include "mbedtls/pem.h"
48 #endif
49
50 #if defined(MBEDTLS_USE_PSA_CRYPTO)
51 #include "psa/crypto.h"
52 #include "mbedtls/psa_util.h"
53 #endif
54 #include "mbedtls/platform.h"
55
56 #if defined(MBEDTLS_RSA_C)
57 /*
58 * RSAPublicKey ::= SEQUENCE {
59 * modulus INTEGER, -- n
60 * publicExponent INTEGER -- e
61 * }
62 */
pk_write_rsa_pubkey(unsigned char ** p,unsigned char * start,mbedtls_rsa_context * rsa)63 static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
64 mbedtls_rsa_context *rsa )
65 {
66 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
67 size_t len = 0;
68 mbedtls_mpi T;
69
70 mbedtls_mpi_init( &T );
71
72 /* Export E */
73 if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
74 ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
75 goto end_of_export;
76 len += ret;
77
78 /* Export N */
79 if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
80 ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
81 goto end_of_export;
82 len += ret;
83
84 end_of_export:
85
86 mbedtls_mpi_free( &T );
87 if( ret < 0 )
88 return( ret );
89
90 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
91 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
92 MBEDTLS_ASN1_SEQUENCE ) );
93
94 return( (int) len );
95 }
96 #endif /* MBEDTLS_RSA_C */
97
98 #if defined(MBEDTLS_ECP_C)
99 /*
100 * EC public key is an EC point
101 */
pk_write_ec_pubkey(unsigned char ** p,unsigned char * start,mbedtls_ecp_keypair * ec)102 static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
103 mbedtls_ecp_keypair *ec )
104 {
105 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
106 size_t len = 0;
107 unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
108
109 if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
110 MBEDTLS_ECP_PF_UNCOMPRESSED,
111 &len, buf, sizeof( buf ) ) ) != 0 )
112 {
113 return( ret );
114 }
115
116 if( *p < start || (size_t)( *p - start ) < len )
117 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
118
119 *p -= len;
120 memcpy( *p, buf, len );
121
122 return( (int) len );
123 }
124
125 /*
126 * ECParameters ::= CHOICE {
127 * namedCurve OBJECT IDENTIFIER
128 * }
129 */
pk_write_ec_param(unsigned char ** p,unsigned char * start,mbedtls_ecp_keypair * ec)130 static int pk_write_ec_param( unsigned char **p, unsigned char *start,
131 mbedtls_ecp_keypair *ec )
132 {
133 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
134 size_t len = 0;
135 const char *oid;
136 size_t oid_len;
137
138 if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
139 return( ret );
140
141 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
142
143 return( (int) len );
144 }
145
146 /*
147 * privateKey OCTET STRING -- always of length ceil(log2(n)/8)
148 */
pk_write_ec_private(unsigned char ** p,unsigned char * start,mbedtls_ecp_keypair * ec)149 static int pk_write_ec_private( unsigned char **p, unsigned char *start,
150 mbedtls_ecp_keypair *ec )
151 {
152 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
153 size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
154 unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
155
156 ret = mbedtls_ecp_write_key( ec, tmp, byte_length );
157 if( ret != 0 )
158 goto exit;
159 ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
160
161 exit:
162 mbedtls_platform_zeroize( tmp, byte_length );
163 return( ret );
164 }
165 #endif /* MBEDTLS_ECP_C */
166
mbedtls_pk_write_pubkey(unsigned char ** p,unsigned char * start,const mbedtls_pk_context * key)167 int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
168 const mbedtls_pk_context *key )
169 {
170 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
171 size_t len = 0;
172
173 #if defined(MBEDTLS_RSA_C)
174 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
175 MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
176 else
177 #endif
178 #if defined(MBEDTLS_ECP_C)
179 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
180 MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
181 else
182 #endif
183 #if defined(MBEDTLS_USE_PSA_CRYPTO)
184 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
185 {
186 size_t buffer_size;
187 mbedtls_svc_key_id_t* key_id = (mbedtls_svc_key_id_t*) key->pk_ctx;
188
189 if ( *p < start )
190 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
191
192 buffer_size = (size_t)( *p - start );
193 if ( psa_export_public_key( *key_id, start, buffer_size, &len )
194 != PSA_SUCCESS )
195 {
196 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
197 }
198 else
199 {
200 *p -= len;
201 memmove( *p, start, len );
202 }
203 }
204 else
205 #endif /* MBEDTLS_USE_PSA_CRYPTO */
206 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
207
208 return( (int) len );
209 }
210
mbedtls_pk_write_pubkey_der(const mbedtls_pk_context * key,unsigned char * buf,size_t size)211 int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
212 {
213 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
214 unsigned char *c;
215 size_t len = 0, par_len = 0, oid_len;
216 mbedtls_pk_type_t pk_type;
217 const char *oid;
218
219 if( size == 0 )
220 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
221
222 c = buf + size;
223
224 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
225
226 if( c - buf < 1 )
227 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
228
229 /*
230 * SubjectPublicKeyInfo ::= SEQUENCE {
231 * algorithm AlgorithmIdentifier,
232 * subjectPublicKey BIT STRING }
233 */
234 *--c = 0;
235 len += 1;
236
237 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
238 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
239
240 pk_type = mbedtls_pk_get_type( key );
241 #if defined(MBEDTLS_ECP_C)
242 if( pk_type == MBEDTLS_PK_ECKEY )
243 {
244 MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
245 }
246 #endif
247 #if defined(MBEDTLS_USE_PSA_CRYPTO)
248 if( pk_type == MBEDTLS_PK_OPAQUE )
249 {
250 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
251 psa_key_type_t key_type;
252 mbedtls_svc_key_id_t key_id;
253 psa_ecc_family_t curve;
254 size_t bits;
255
256 key_id = *((mbedtls_svc_key_id_t*) key->pk_ctx );
257 if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) )
258 return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
259 key_type = psa_get_key_type( &attributes );
260 bits = psa_get_key_bits( &attributes );
261 psa_reset_key_attributes( &attributes );
262
263 if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( key_type ) )
264 {
265 curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
266 if( curve == 0 )
267 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
268
269 ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits,
270 &oid, &oid_len );
271 if( ret != 0 )
272 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
273
274 /* Write EC algorithm parameters; that's akin
275 * to pk_write_ec_param() above. */
276 MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
277 oid,
278 oid_len ) );
279
280 /* The rest of the function works as for legacy EC contexts. */
281 pk_type = MBEDTLS_PK_ECKEY;
282 }
283 else if( PSA_KEY_TYPE_IS_RSA( key_type ) )
284 {
285 /* The rest of the function works as for legacy RSA contexts. */
286 pk_type = MBEDTLS_PK_RSA;
287 }
288 else
289 {
290 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
291 }
292 }
293 #endif /* MBEDTLS_USE_PSA_CRYPTO */
294
295 if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid,
296 &oid_len ) ) != 0 )
297 {
298 return( ret );
299 }
300
301 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
302 par_len ) );
303
304 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
305 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
306 MBEDTLS_ASN1_SEQUENCE ) );
307
308 return( (int) len );
309 }
310
mbedtls_pk_write_key_der(const mbedtls_pk_context * key,unsigned char * buf,size_t size)311 int mbedtls_pk_write_key_der( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
312 {
313 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
314 unsigned char *c;
315 size_t len = 0;
316
317 if( size == 0 )
318 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
319
320 c = buf + size;
321
322 #if defined(MBEDTLS_RSA_C)
323 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
324 {
325 mbedtls_mpi T; /* Temporary holding the exported parameters */
326 mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
327
328 /*
329 * Export the parameters one after another to avoid simultaneous copies.
330 */
331
332 mbedtls_mpi_init( &T );
333
334 /* Export QP */
335 if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||
336 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
337 goto end_of_export;
338 len += ret;
339
340 /* Export DQ */
341 if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||
342 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
343 goto end_of_export;
344 len += ret;
345
346 /* Export DP */
347 if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||
348 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
349 goto end_of_export;
350 len += ret;
351
352 /* Export Q */
353 if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
354 &T, NULL, NULL ) ) != 0 ||
355 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
356 goto end_of_export;
357 len += ret;
358
359 /* Export P */
360 if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,
361 NULL, NULL, NULL ) ) != 0 ||
362 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
363 goto end_of_export;
364 len += ret;
365
366 /* Export D */
367 if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
368 NULL, &T, NULL ) ) != 0 ||
369 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
370 goto end_of_export;
371 len += ret;
372
373 /* Export E */
374 if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
375 NULL, NULL, &T ) ) != 0 ||
376 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
377 goto end_of_export;
378 len += ret;
379
380 /* Export N */
381 if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,
382 NULL, NULL, NULL ) ) != 0 ||
383 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
384 goto end_of_export;
385 len += ret;
386
387 end_of_export:
388
389 mbedtls_mpi_free( &T );
390 if( ret < 0 )
391 return( ret );
392
393 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
394 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
395 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,
396 buf, MBEDTLS_ASN1_CONSTRUCTED |
397 MBEDTLS_ASN1_SEQUENCE ) );
398 }
399 else
400 #endif /* MBEDTLS_RSA_C */
401 #if defined(MBEDTLS_ECP_C)
402 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
403 {
404 mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
405 size_t pub_len = 0, par_len = 0;
406
407 /*
408 * RFC 5915, or SEC1 Appendix C.4
409 *
410 * ECPrivateKey ::= SEQUENCE {
411 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
412 * privateKey OCTET STRING,
413 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
414 * publicKey [1] BIT STRING OPTIONAL
415 * }
416 */
417
418 /* publicKey */
419 MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
420
421 if( c - buf < 1 )
422 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
423 *--c = 0;
424 pub_len += 1;
425
426 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
427 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
428
429 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
430 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,
431 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );
432 len += pub_len;
433
434 /* parameters */
435 MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
436
437 MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
438 MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
439 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
440 len += par_len;
441
442 /* privateKey */
443 MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) );
444
445 /* version */
446 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
447
448 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
449 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
450 MBEDTLS_ASN1_SEQUENCE ) );
451 }
452 else
453 #endif /* MBEDTLS_ECP_C */
454 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
455
456 return( (int) len );
457 }
458
459 #if defined(MBEDTLS_PEM_WRITE_C)
460
461 #define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
462 #define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
463
464 #define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"
465 #define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
466 #define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
467 #define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
468
469 #define PUB_DER_MAX_BYTES \
470 ( MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \
471 MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES )
472 #define PRV_DER_MAX_BYTES \
473 ( MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES > MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES ? \
474 MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES : MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES )
475
mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context * key,unsigned char * buf,size_t size)476 int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
477 {
478 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
479 unsigned char output_buf[PUB_DER_MAX_BYTES];
480 size_t olen = 0;
481
482 if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
483 sizeof(output_buf) ) ) < 0 )
484 {
485 return( ret );
486 }
487
488 if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
489 output_buf + sizeof(output_buf) - ret,
490 ret, buf, size, &olen ) ) != 0 )
491 {
492 return( ret );
493 }
494
495 return( 0 );
496 }
497
mbedtls_pk_write_key_pem(const mbedtls_pk_context * key,unsigned char * buf,size_t size)498 int mbedtls_pk_write_key_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
499 {
500 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
501 unsigned char output_buf[PRV_DER_MAX_BYTES];
502 const char *begin, *end;
503 size_t olen = 0;
504
505 if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
506 return( ret );
507
508 #if defined(MBEDTLS_RSA_C)
509 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
510 {
511 begin = PEM_BEGIN_PRIVATE_KEY_RSA;
512 end = PEM_END_PRIVATE_KEY_RSA;
513 }
514 else
515 #endif
516 #if defined(MBEDTLS_ECP_C)
517 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
518 {
519 begin = PEM_BEGIN_PRIVATE_KEY_EC;
520 end = PEM_END_PRIVATE_KEY_EC;
521 }
522 else
523 #endif
524 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
525
526 if( ( ret = mbedtls_pem_write_buffer( begin, end,
527 output_buf + sizeof(output_buf) - ret,
528 ret, buf, size, &olen ) ) != 0 )
529 {
530 return( ret );
531 }
532
533 return( 0 );
534 }
535 #endif /* MBEDTLS_PEM_WRITE_C */
536
537 #endif /* MBEDTLS_PK_WRITE_C */
538
