TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d07614c529a1432c6d7ddcc6f75a0205a213fe75^! / . / include / mbedtls
commitd07614c529a1432c6d7ddcc6f75a0205a213fe75[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Tue Jun 25 10:19:58 2019 +0100
committerHanno Becker <hanno.becker@arm.com>Thu Jul 04 14:04:03 2019 +0100
tree3eb025297fb2f31cd5b4a5e3243053df6931f7db
parent843b71a1df1f826090b1c92a2f167b6d9081e0fa [diff]
Introduce MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID removing IDs

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 3ae1d0d..39b1cb1 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -1956,6 +1956,16 @@
 //#define MBEDTLS_X509_CRT_REMOVE_TIME
 
 /**
+ * \def MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID
+ *
+ * Don't store subject and issuer ID in X.509 certificate structures.
+ *
+ * Uncomment this to save some code and RAM on constrained systems which
+ * don't need to inspect issuer and subject ID fields in certificates.
+ */
+//#define MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID
+
+/**
  * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
  *
  * Enable parsing and verification of X.509 certificates, CRLs and CSRS

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 88e3e7b..c8f488c 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h

@@ -82,10 +82,12 @@
 
     mbedtls_x509_buf_raw pubkey_raw;        /**< The raw public key data (DER).                                 */
 
+#if !defined(MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID)
     mbedtls_x509_buf_raw issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier.                 */
-    mbedtls_x509_buf_raw issuer_raw;        /**< The raw issuer data (DER). Used for quick comparison.          */
-
     mbedtls_x509_buf_raw subject_id;        /**< Optional X.509 v2/v3 subject unique identifier.                */
+#endif /* !MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
+
+    mbedtls_x509_buf_raw issuer_raw;        /**< The raw issuer data (DER). Used for quick comparison.          */
     mbedtls_x509_buf_raw subject_raw;       /**< The raw subject data (DER). Used for quick comparison.         */
 
     mbedtls_x509_buf_raw sig;               /**< Signature: hash of the tbs part signed with the private key.   */
@@ -133,8 +135,10 @@
     mbedtls_x509_buf pk_raw;
     mbedtls_pk_context pk;              /**< Container for the public key context. */
 
+#if !defined(MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID)
     mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
     mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
+#endif /* !MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
     mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
     mbedtls_x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName supported). */