I am not sure what you mean.
The buffer you give for the
mbedtls_x509write_csr_der() API, is the output buffer.
Inside this API, there is another 2KB buffer, which is used as a scratchpad
I mixed the context then. In the first reply, you mentioned about the buffer requirement as follows:
o PEM : 4KB
o DER : 2KB
I co-related it with the example code (
programs/x509/cert_req.c) where the user is also allocating 4KB for PEM. So, I thought you are suggesting me to allocate 2KB for DER before giving that buffer to
Since, you said, you are working on size optimizations, so, I thought of checking : Is the user allocated 4KB getting used for scratchpad, because, I want to allocate far less. So, the question changes to : what is recommended buffer size which should be allocated by user?
To be honest I am not sure, as it was written a long time, however I can assume it is because you know the length of the data you write only after you wrote it. THis is the way the ASN1 functionality is implemented. So, you can’t write the length of the extension, for example, until you actually wrote the extension. Does this make sense?
I am unable to co-relate to the answer, so, likely my question was not clear
I am allocating a 4KB buffer to store the CSR and after calling
mbedtls_x509write_csr_der() the buffer looks like:
Mem : 0123..................3k.......4k
mbedtls_x509write_csr_pem()) buffer looks like:
Data: pem header csr data pem footerxxxxxxxxxx........xxxxxxx
Mem : 0123........................................3k.......4k
DER data starts at
offset = size and PEM starts at
offset = 0. So, was interested to know the filling strategy, as it’s different in 2 APIs. If it’s already answered above by you, then I need to thoroughly look again.