From 1685368408dc8cbb8a26e22c39fb3f2cdf1c76dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Jun 2015 11:12:02 +0200 Subject: [PATCH] Rationalize snprintf() usage in X.509 modules --- include/mbedtls/error.h | 2 +- include/mbedtls/x509.h | 10 ++++ library/x509.c | 71 ++++------------------------ library/x509_crl.c | 76 +++++------------------------- library/x509_crt.c | 100 ++++++++++------------------------------ library/x509_csr.c | 64 +++---------------------- 6 files changed, 61 insertions(+), 262 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 4f4301879..cb5a697fa 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -72,7 +72,7 @@ * Name ID Nr of Errors * PEM 1 9 * PKCS#12 1 4 (Started from top) - * X509 2 18 + * X509 2 19 * PKCS5 2 4 (Started from top) * DHM 3 9 * PK 3 14 (Started from top) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 2afe4fa78..59986d834 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -76,6 +76,7 @@ #define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 /**< Input invalid. */ #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ +#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */ /* \} name */ /** @@ -306,6 +307,15 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size ); +#define MBEDTLS_X509_SAFE_SNPRINTF \ + do { \ + if( ret < 0 || (size_t) ret >= n ) \ + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \ + \ + n -= (size_t) ret; \ + p += (size_t) ret; \ + } while( 0 ) + #ifdef __cplusplus } #endif diff --git a/library/x509.c b/library/x509.c index 0ca4b4a7b..d5f93d02c 100644 --- a/library/x509.c +++ b/library/x509.c @@ -662,58 +662,6 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, return( 0 ); } -#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \ - !defined(EFI32) -#include - -#if !defined vsnprintf -#define vsnprintf _vsnprintf -#endif // vsnprintf - -/* - * Windows _snprintf and _vsnprintf are not compatible to linux versions. - * Result value is not size of buffer needed, but -1 if no fit is possible. - * - * This fuction tries to 'fix' this by at least suggesting enlarging the - * size by 20. - */ -static int compat_snprintf( char *str, size_t size, const char *format, ... ) -{ - va_list ap; - int res = -1; - - va_start( ap, format ); - - res = vsnprintf( str, size, format, ap ); - - va_end( ap ); - - // No quick fix possible - if( res < 0 ) - return( (int) size + 20 ); - - return( res ); -} - -#define snprintf compat_snprintf -#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */ - -#define ERR_BUF_TOO_SMALL -2 - -#define SAFE_SNPRINTF() \ -{ \ - if( ret == -1 ) \ - return( -1 ); \ - \ - if( (unsigned int) ret > n ) { \ - p[n - 1] = '\0'; \ - return( ERR_BUF_TOO_SMALL ); \ - } \ - \ - n -= (unsigned int) ret; \ - p += (unsigned int) ret; \ -} - /* * Store the name in printable form into buf; no more * than size characters will be written @@ -744,7 +692,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) if( name != dn ) { ret = mbedtls_snprintf( p, n, merge ? " + " : ", " ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; } ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name ); @@ -753,7 +701,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) ret = mbedtls_snprintf( p, n, "%s=", short_name ); else ret = mbedtls_snprintf( p, n, "\?\?=" ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; for( i = 0; i < name->val.len; i++ ) { @@ -767,7 +715,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) } s[i] = '\0'; ret = mbedtls_snprintf( p, n, "%s", s ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; merge = name->next_merged; name = name->next; @@ -799,13 +747,13 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se ret = mbedtls_snprintf( p, n, "%02X%s", serial->p[i], ( i < nr - 1 ) ? ":" : "" ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; } if( nr != serial->len ) { ret = mbedtls_snprintf( p, n, "...." ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; } return( (int) ( size - n ) ); @@ -828,7 +776,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s ret = mbedtls_snprintf( p, n, "???" ); else ret = mbedtls_snprintf( p, n, "%s", desc ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( pk_alg == MBEDTLS_PK_RSASSA_PSS ) @@ -845,7 +793,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s md_info ? mbedtls_md_get_name( md_info ) : "???", mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???", pss_opts->expected_salt_len ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; } #else ((void) pk_alg); @@ -865,11 +813,8 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) size_t n = buf_size; int ret; - if( strlen( name ) + sizeof( " key size" ) > buf_size ) - return( ERR_BUF_TOO_SMALL ); - ret = mbedtls_snprintf( p, n, "%s key size", name ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; return( 0 ); } diff --git a/library/x509_crl.c b/library/x509_crl.c index 61b1becde..85de93058 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -569,58 +569,6 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) } #endif /* MBEDTLS_FS_IO */ -#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \ - !defined(EFI32) -#include - -#if !defined vsnprintf -#define vsnprintf _vsnprintf -#endif // vsnprintf - -/* - * Windows _snprintf and _vsnprintf are not compatible to linux versions. - * Result value is not size of buffer needed, but -1 if no fit is possible. - * - * This fuction tries to 'fix' this by at least suggesting enlarging the - * size by 20. - */ -static int compat_snprintf( char *str, size_t size, const char *format, ... ) -{ - va_list ap; - int res = -1; - - va_start( ap, format ); - - res = vsnprintf( str, size, format, ap ); - - va_end( ap ); - - // No quick fix possible - if( res < 0 ) - return( (int) size + 20 ); - - return( res ); -} - -#define snprintf compat_snprintf -#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */ - -#define ERR_BUF_TOO_SMALL -2 - -#define SAFE_SNPRINTF() \ -{ \ - if( ret == -1 ) \ - return( -1 ); \ - \ - if( (unsigned int) ret > n ) { \ - p[n - 1] = '\0'; \ - return( ERR_BUF_TOO_SMALL ); \ - } \ - \ - n -= (unsigned int) ret; \ - p += (unsigned int) ret; \ -} - /* * Return an informational string about the certificate. */ @@ -642,61 +590,61 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf( p, n, "%sCRL version : %d", prefix, crl->version ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_dn_gets( p, n, &crl->issuer ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%sthis update : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crl->this_update.year, crl->this_update.mon, crl->this_update.day, crl->this_update.hour, crl->this_update.min, crl->this_update.sec ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%snext update : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crl->next_update.year, crl->next_update.mon, crl->next_update.day, crl->next_update.hour, crl->next_update.min, crl->next_update.sec ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; entry = &crl->entry; ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; while( entry != NULL && entry->raw.len != 0 ) { ret = mbedtls_snprintf( p, n, "\n%sserial number: ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_serial_gets( p, n, &entry->serial ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, " revocation date: " \ "%04d-%02d-%02d %02d:%02d:%02d", entry->revocation_date.year, entry->revocation_date.mon, entry->revocation_date.day, entry->revocation_date.hour, entry->revocation_date.min, entry->revocation_date.sec ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; entry = entry->next; } ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, crl->sig_opts ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n" ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; return( (int) ( size - n ) ); } diff --git a/library/x509_crt.c b/library/x509_crt.c index 7cb5b4472..0c3450a36 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1194,58 +1194,6 @@ cleanup: } #endif /* MBEDTLS_FS_IO */ -#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \ - !defined(EFI32) -#include - -#if !defined vsnprintf -#define vsnprintf _vsnprintf -#endif // vsnprintf - -/* - * Windows _snprintf and _vsnprintf are not compatible to linux versions. - * Result value is not size of buffer needed, but -1 if no fit is possible. - * - * This fuction tries to 'fix' this by at least suggesting enlarging the - * size by 20. - */ -static int compat_snprintf( char *str, size_t size, const char *format, ... ) -{ - va_list ap; - int res = -1; - - va_start( ap, format ); - - res = vsnprintf( str, size, format, ap ); - - va_end( ap ); - - // No quick fix possible - if( res < 0 ) - return( (int) size + 20 ); - - return( res ); -} - -#define snprintf compat_snprintf -#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */ - -#define ERR_BUF_TOO_SMALL -2 - -#define SAFE_SNPRINTF() \ -{ \ - if( ret == -1 ) \ - return( -1 ); \ - \ - if( (unsigned int) ret > n ) { \ - p[n - 1] = '\0'; \ - return( ERR_BUF_TOO_SMALL ); \ - } \ - \ - n -= (unsigned int) ret; \ - p += (unsigned int) ret; \ -} - static int x509_info_subject_alt_name( char **buf, size_t *size, const mbedtls_x509_sequence *subject_alt_name ) { @@ -1261,7 +1209,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, if( cur->buf.len + sep_len >= n ) { *p = '\0'; - return( ERR_BUF_TOO_SMALL ); + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); } n -= cur->buf.len + sep_len; @@ -1287,7 +1235,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, #define PRINT_ITEM(i) \ { \ ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ - SAFE_SNPRINTF(); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ sep = ", "; \ } @@ -1360,7 +1308,7 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, desc = "???"; ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; sep = ", "; @@ -1391,44 +1339,44 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", prefix, crt->version ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "%sserial number : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_dn_gets( p, n, &crt->issuer ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%sissued on : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crt->valid_from.year, crt->valid_from.mon, crt->valid_from.day, crt->valid_from.hour, crt->valid_from.min, crt->valid_from.sec ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crt->valid_to.year, crt->valid_to.mon, crt->valid_to.day, crt->valid_to.hour, crt->valid_to.min, crt->valid_to.sec ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk, crt->sig_md, crt->sig_opts ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, @@ -1439,7 +1387,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, (int) mbedtls_pk_get_bitlen( &crt->pk ) ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; /* * Optional extensions @@ -1449,19 +1397,19 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, { ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, crt->ca_istrue ? "true" : "false" ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; if( crt->max_pathlen > 0 ) { ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; } } if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) { ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; if( ( ret = x509_info_subject_alt_name( &p, &n, &crt->subject_alt_names ) ) != 0 ) @@ -1471,7 +1419,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE ) { ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) return( ret ); @@ -1480,7 +1428,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) { ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) return( ret ); @@ -1489,7 +1437,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) { ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; if( ( ret = x509_info_ext_key_usage( &p, &n, &crt->ext_key_usage ) ) != 0 ) @@ -1497,7 +1445,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, } ret = mbedtls_snprintf( p, n, "\n" ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; return( (int) ( size - n ) ); } @@ -1545,7 +1493,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, continue; ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; flags ^= cur->code; } @@ -1553,7 +1501,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, { ret = mbedtls_snprintf( p, n, "%sUnknown reason " "(this should not happen)\n", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; } return( (int) ( size - n ) ); diff --git a/library/x509_csr.c b/library/x509_csr.c index 18ace678d..0e727b445 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -327,58 +327,6 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) } #endif /* MBEDTLS_FS_IO */ -#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \ - !defined(EFI32) -#include - -#if !defined vsnprintf -#define vsnprintf _vsnprintf -#endif // vsnprintf - -/* - * Windows _snprintf and _vsnprintf are not compatible to linux versions. - * Result value is not size of buffer needed, but -1 if no fit is possible. - * - * This fuction tries to 'fix' this by at least suggesting enlarging the - * size by 20. - */ -static int compat_snprintf( char *str, size_t size, const char *format, ... ) -{ - va_list ap; - int res = -1; - - va_start( ap, format ); - - res = vsnprintf( str, size, format, ap ); - - va_end( ap ); - - // No quick fix possible - if( res < 0 ) - return( (int) size + 20 ); - - return( res ); -} - -#define snprintf compat_snprintf -#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */ - -#define ERR_BUF_TOO_SMALL -2 - -#define SAFE_SNPRINTF() \ -{ \ - if( ret == -1 ) \ - return( -1 ); \ - \ - if( (unsigned int) ret > n ) { \ - p[n - 1] = '\0'; \ - return( ERR_BUF_TOO_SMALL ); \ - } \ - \ - n -= (unsigned int) ret; \ - p += (unsigned int) ret; \ -} - #define BEFORE_COLON 14 #define BC "14" /* @@ -397,19 +345,19 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf( p, n, "%sCSR version : %d", prefix, csr->version ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_dn_gets( p, n, &csr->subject ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, csr->sig_opts ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, mbedtls_pk_get_name( &csr->pk ) ) ) != 0 ) @@ -419,7 +367,7 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, (int) mbedtls_pk_get_bitlen( &csr->pk ) ); - SAFE_SNPRINTF(); + MBEDTLS_X509_SAFE_SNPRINTF; return( (int) ( size - n ) ); }