From 0056eab3cd6d3a84015a81d655418e59f036de60 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 8 Feb 2019 14:39:16 +0000
Subject: [PATCH] Parse peer's CRT chain in-place from the input buffer

---
 library/ssl_tls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b75101b25..03944b43d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5910,7 +5910,13 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
 
         /* Parse the next certificate in the chain. */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n );
+#else
+        /* If we don't need to store the CRT chani permanently, parse
+         * it in-place from the input buffer instead of making a copy. */
+        ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
         switch( ret )
         {
             case 0: /*ok*/