From 0cc7af5be568d295eb54b45860ef3cf50c05af7c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 8 Feb 2019 14:39:16 +0000
Subject: [PATCH] Parse peer's CRT chain in-place from the input buffer

---
 library/ssl_tls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 46f86ddf5..283586757 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6324,7 +6324,13 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
 
         /* Parse the next certificate in the chain. */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n );
+#else
+        /* If we don't need to store the CRT chani permanently, parse
+         * it in-place from the input buffer instead of making a copy. */
+        ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
         switch( ret )
         {
             case 0: /*ok*/