commit 843b71a1df1f826090b1c92a2f167b6d9081e0fa
author Hanno Becker <hanno.becker@arm.com> Tue Jun 25 09:39:21 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Thu Jul 04 14:04:03 2019 +0100
tree 1d71e4c1fd429f3ca36d910dd00b26c8f2c539dd
parent 6f61b7bb5c26b91d175edaf6e6378210bc10bb5d

Introduce MBEDTLS_X509_CRT_REMOVE_TIME removing time fields from CRT

include/mbedtls/check_config.h

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 764fba4..43f8896 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -750,6 +750,11 @@
 #error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_X509_CRT_REMOVE_TIME) && \
+    defined(MBEDTLS_HAVE_TIME_DATE)
+#error "MBEDTLS_X509_CRT_REMOVE_TIME and MBEDTLS_HAVE_TIME_DATE cannot be defined simultaneously"
+#endif
+
 #if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
 #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
 #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */

include/mbedtls/config.h

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 95dd4cd..3ae1d0d 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1943,6 +1943,19 @@
 //#define MBEDTLS_X509_REMOVE_INFO
 
 /**
+ * \def MBEDTLS_X509_CRT_REMOVE_TIME
+ *
+ * Don't store time validity fields in X.509 certificate structures.
+ *
+ * Uncomment this to save some code and RAM on constrained systems which
+ * don't have time and where there's no use of the time validity fields
+ * in a certificate.
+ *
+ * Requires: !MBEDTLS_HAVE_TIME_DATE
+ */
+//#define MBEDTLS_X509_CRT_REMOVE_TIME
+
+/**
  * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
  *
  * Enable parsing and verification of X.509 certificates, CRLs and CSRS

include/mbedtls/x509_crt.h

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 5212e67..88e3e7b 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -70,8 +70,10 @@
     uint32_t ext_types;                     /**< Bitfield indicating which extensions are present.
                                              *   See the values in x509.h.                                      */
 
+#if !defined(MBEDTLS_X509_CRT_REMOVE_TIME)
     mbedtls_x509_time valid_from;           /**< The start time of certificate validity.                        */
     mbedtls_x509_time valid_to;             /**< The end time of certificate validity.                          */
+#endif /* !MBEDTLS_X509_CRT_REMOVE_TIME */
 
     mbedtls_x509_buf_raw raw;               /**< The raw certificate data in DER.                               */
     mbedtls_x509_buf_raw tbs;               /**< The part of the CRT that is [T]o [B]e [S]igned.                */
@@ -123,8 +125,10 @@
     mbedtls_x509_name issuer;           /**< The parsed issuer data (named information object). */
     mbedtls_x509_name subject;          /**< The parsed subject data (named information object). */
 
+#if !defined(MBEDTLS_X509_CRT_REMOVE_TIME)
     mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
     mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
+#endif /* !MBEDTLS_X509_CRT_REMOVE_TIME */
 
     mbedtls_x509_buf pk_raw;
     mbedtls_pk_context pk;              /**< Container for the public key context. */