Add compile-time option to remove legacy CRT fields

include/mbedtls/config.h

@@ -1757,6 +1757,38 @@
  */
 #define MBEDTLS_VERSION_FEATURES
 
+/**
+ * \def MBEDTLS_X509_ON_DEMAND_PARSING
+ *
+ * Save RAM by reducing mbedtls_x509_crt to a pointer
+ * to the raw CRT data and parsing CRTs on demand only.
+ *
+ * \warning This option changes the API by removing most of
+ *          the structure fields of mbedtls_x509_crt.
+ *
+ * \warning This option and its corresponding X.509 API are currently
+ *          under development and may change at any time.
+ *
+ * Regardless of whether this option is enabled or not, direct access of
+ * structure fields of `mbedtls_x509_crt` should be replaced by calls to
+ * one of the following functions:
+ * - mbedtls_x509_crt_get_frame(), to obtain a CRT frame giving
+ *   access to several basic CRT fields (such as the CRT version),
+ *   as well as pointers to the raw ASN.1 data of more complex fields
+ *   (such as the issuer).
+ * - mbedtls_x509_crt_get_pk(), to obtain a public key context
+ *   for the public key contained in the certificate.
+ * - mbedtls_x509_crt_get_issuer(), to obtain the issuer name.
+ * - mbedtls_x509_crt_get_subject(), to obtain the subject name.
+ * - mbedtls_x509_crt_get_subject_alt_names(), to obtain the
+ *   alternative names from the subject alternative names extension.
+ * - mbedtls_x509_crt_get_ext_key_usage(), to obtain the state of
+ *   the extended key usage extension.
+ *
+ * Uncomment this to enable on-demand CRT parsing to save RAM.
+ */
+//#define MBEDTLS_X509_ON_DEMAND_PARSING
+
 /**
  * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
  *

include/mbedtls/x509_crt.h

@@ -122,8 +122,14 @@ typedef struct mbedtls_x509_crt_cache
 typedef struct mbedtls_x509_crt
 {
     int own_buffer;                     /**< Indicates if \c raw is owned
-                                         *   by the structure or not.        */
-    mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
+                                         *   by the structure or not.         */
+    mbedtls_x509_buf raw;               /**< The raw certificate data (DER).  */
+    mbedtls_x509_crt_cache *cache;      /**< Internal parsing cache.          */
+
+    struct mbedtls_x509_crt *next;     /**< Next certificate in the CA-chain. */
+
+    /* Legacy fields */
+#if !defined(MBEDTLS_X509_ON_DEMAND_PARSING)
     mbedtls_x509_buf tbs;               /**< The raw certificate body (DER). The part that is To Be Signed. */
 
     int version;                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
@@ -166,10 +172,7 @@ typedef struct mbedtls_x509_crt
     mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
     mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
     void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-
-    mbedtls_x509_crt_cache *cache;     /**< Internal parsing cache. */
-
-    struct mbedtls_x509_crt *next;     /**< Next certificate in the CA-chain. */
+#endif /* !MBEDTLS_X509_ON_DEMAND_PARSING */
 }
 mbedtls_x509_crt;
 
@@ -746,7 +749,7 @@ static inline void mbedtls_x509_crt_frame_release(
 #endif
 }
 
-static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt *crt,
+static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt,
                                                mbedtls_pk_context **pk_ptr )
 {
 #if defined(MBEDTLS_THREADING_C)
@@ -772,7 +775,7 @@ static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt *crt,
     return( 0 );
 }
 
-static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt *crt,
+static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt,
                                                 mbedtls_pk_context *pk )
 {
     ((void) pk);

library/version_features.c

@@ -534,6 +534,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_VERSION_FEATURES)
     "MBEDTLS_VERSION_FEATURES",
 #endif /* MBEDTLS_VERSION_FEATURES */
+#if defined(MBEDTLS_X509_ON_DEMAND_PARSING)
+    "MBEDTLS_X509_ON_DEMAND_PARSING",
+#endif /* MBEDTLS_X509_ON_DEMAND_PARSING */
 #if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
     "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3",
 #endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */

library/x509_crt.c

@@ -116,10 +116,19 @@ int mbedtls_x509_crt_cache_provide_pk( mbedtls_x509_crt const *crt )
     pk = mbedtls_calloc( 1, sizeof( mbedtls_pk_context ) );
     if( pk == NULL )
         return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-    *pk = crt->pk;
-
     cache->pk = pk;
+
+#if !defined(MBEDTLS_X509_ON_DEMAND_PARSING)
+    *pk = crt->pk;
     return( 0 );
+#else
+    {
+        mbedtls_x509_buf_raw pk_raw = cache->pk_raw;
+        return( mbedtls_pk_parse_subpubkey( &pk_raw.p,
+                                            pk_raw.p + pk_raw.len,
+                                            pk ) );
+    }
+#endif /* MBEDTLS_X509_ON_DEMAND_PARSING */
 }
 
 static void x509_crt_cache_init( mbedtls_x509_crt_cache *cache )
@@ -133,9 +142,15 @@ static void x509_crt_cache_init( mbedtls_x509_crt_cache *cache )
 
 static void x509_crt_cache_clear_pk( mbedtls_x509_crt_cache *cache )
 {
+#if !defined(MBEDTLS_X509_ON_DEMAND_PARSING)
     /* The cache holds a shallow copy of the PK context
      * in the legacy struct, so don't free PK context. */
     mbedtls_free( cache->pk );
+#else
+    mbedtls_pk_free( cache->pk );
+    mbedtls_free( cache->pk );
+#endif /* MBEDTLS_X509_ON_DEMAND_PARSING */
+
     cache->pk = NULL;
 }
 
@@ -1182,6 +1197,7 @@ static int x509_crt_ext_key_usage_from_frame( mbedtls_x509_crt_frame *frame,
     return( 0 );
 }
 
+#if !defined(MBEDTLS_X509_ON_DEMAND_PARSING)
 static int x509_crt_pk_from_frame( mbedtls_x509_crt_frame *frame,
                                    mbedtls_pk_context *pk )
 {
@@ -1189,6 +1205,7 @@ static int x509_crt_pk_from_frame( mbedtls_x509_crt_frame *frame,
     unsigned char *end = p + frame->pubkey_raw.len;
     return( mbedtls_pk_parse_subpubkey( &p, end, pk ) );
 }
+#endif /* !MBEDTLS_X509_ON_DEMAND_PARSING */
 
 /*
  * Parse and fill a single X.509 certificate in DER format
@@ -1248,6 +1265,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
 
     cache->pk_raw = frame->pubkey_raw;
 
+#if !defined(MBEDTLS_X509_ON_DEMAND_PARSING)
     /* Copy frame to legacy CRT structure -- that's inefficient, but if
      * memory matters, the new CRT structure should be used anyway. */
     crt->tbs.p   = frame->tbs.p;
@@ -1336,7 +1354,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
     ret = x509_crt_ext_key_usage_from_frame( frame, &crt->ext_key_usage );
     if( ret != 0 )
         goto exit;
-
+#endif /* !MBEDTLS_X509_ON_DEMAND_PARSING */
 
     /* The cache just references the PK structure from the legacy
      * implementation, so set up the latter first before setting up
@@ -3330,6 +3348,8 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
     {
         x509_crt_cache_free( cert_cur->cache );
         mbedtls_free( cert_cur->cache );
+
+#if !defined(MBEDTLS_X509_ON_DEMAND_PARSING)
         mbedtls_pk_free( &cert_cur->pk );
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -3340,6 +3360,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
         x509_free_name( cert_cur->subject.next );
         x509_free_sequence( cert_cur->ext_key_usage.next );
         x509_free_sequence( cert_cur->subject_alt_names.next );
+#endif /* !MBEDTLS_X509_ON_DEMAND_PARSING */
 
         if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
         {