TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c107850c2c7b100d34cd97e95854381ad2c307e6^2..c107850c2c7b100d34cd97e95854381ad2c307e6 / .
commitc107850c2c7b100d34cd97e95854381ad2c307e6[log] [tgz]
authorSimon Butcher <simon.butcher@arm.com>Mon Jun 17 17:48:06 2019 +0100
committerSimon Butcher <simon.butcher@arm.com>Mon Jun 17 17:48:06 2019 +0100
tree15c6bd4a1c9b8dc092d1e455fe100ed29ac665dc
parent62d03b277959c4bf186a00f8dc79d42c38352bdb [diff]
parent68b856d0ac7d7c6d58e0d0caaa989f985fd832c1 [diff]
Merge remote-tracking branch 'origin/pr/580' into baremetal

diff --git a/ChangeLog b/ChangeLog
index b78b663..985c11b 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -10,10 +10,6 @@
      an error or a meaningless output from mbedtls_ecdh_get_params. In the
      latter case, this could expose at most 5 bits of the private key.
 
-API Changes
-   * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
-     See the Features section for more information.
-
 Features
    * Add support for draft-05 of the Connection ID extension, as specified
      in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
@@ -33,6 +29,10 @@
      at the cost of additional lifetime constraints on the input
      buffer, but at the benefit of reduced RAM consumption.
 
+API Changes
+   * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
+     See the Features section for more information.
+
 Bugfix
    * Server's RSA certificate in certs.c was SHA-1 signed. In the default
      mbedTLS configuration only SHA-2 signed certificates are accepted.

diff --git a/configs/baremetal.h b/configs/baremetal.h
index 2fbc359..24cce6b 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h

@@ -34,9 +34,6 @@
 #ifndef MBEDTLS_BAREMETAL_CONFIG_H
 #define MBEDTLS_BAREMETAL_CONFIG_H
 
-#define MBEDTLS_HAVE_TIME
-#define MBEDTLS_HAVE_TIME_DATE
-
 /* Symmetric crypto: AES-CCM only */
 #define MBEDTLS_CIPHER_C
 #define MBEDTLS_AES_C

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 999c87e..979910e 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c

@@ -637,32 +637,17 @@
 static unsigned char dropped[2048] = { 0 };
 #define DROP_MAX 2
 
-/*
- * OpenSSL groups packets in a datagram the first time it sends them, but not
- * when it resends them. Count every record as seen the first time.
- */
+/* We only drop packets at the level of entire datagrams, not at the level
+ * of records. In particular, if the peer changes the way it packs multiple
+ * records into a single datagram, we don't necessarily count the number of
+ * times a record has been dropped correctly. However, the only known reason
+ * why a peer would change datagram packing is disabling the latter on
+ * retransmission, in which case we'd drop involved records at most
+ * DROP_MAX + 1 times. */
 void update_dropped( const packet *p )
 {
     size_t id = p->len % sizeof( dropped );
-    const unsigned char *end = p->buf + p->len;
-    const unsigned char *cur = p->buf;
-    size_t len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
-
     ++dropped[id];
-
-    /* Avoid counting single record twice */
-    if( len == p->len )
-        return;
-
-    while( cur < end )
-    {
-        len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
-
-        id = len % sizeof( dropped );
-        ++dropped[id];
-
-        cur += len;
-    }
 }
 
 int handle_message( const char *way,

diff --git a/scripts/baremetal.sh b/scripts/baremetal.sh
index 86fac56..4b798b9 100755
--- a/scripts/baremetal.sh
+++ b/scripts/baremetal.sh

@@ -94,6 +94,11 @@
     echo "ROM statistics written to:"
     echo "* $ROM_OUT_FILE"
     echo "* $ROM_OUT_SYMS"
+
+    # Print summary
+    cat $ROM_OUT_FILE | grep "libmbedtls.a"    | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
+    cat $ROM_OUT_FILE | grep "libmbedcrypto.a" | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
+    cat $ROM_OUT_FILE | grep "libmbedx509.a"   | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
 }
 
 baremetal_build_armc5()
@@ -122,6 +127,11 @@
     echo "ROM statistics written to:"
     echo "* $ROM_OUT_FILE"
     echo "* $ROM_OUT_SYMS"
+
+    # Print summary
+    cat $ROM_OUT_FILE | grep "libmbedtls.a"    | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
+    cat $ROM_OUT_FILE | grep "libmbedcrypto.a" | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
+    cat $ROM_OUT_FILE | grep "libmbedx509.a"   | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
 }
 
 baremetal_build_armc6()
@@ -150,6 +160,11 @@
     echo "ROM statistics written to:"
     echo "* $ROM_OUT_FILE"
     echo "* $ROM_OUT_SYMS"
+
+    # Print summary
+    cat $ROM_OUT_FILE | grep "libmbedtls.a"    | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
+    cat $ROM_OUT_FILE | grep "libmbedcrypto.a" | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
+    cat $ROM_OUT_FILE | grep "libmbedx509.a"   | awk  '{printf( "%15s: %s Bytes\n", $4, $5)}'
 }
 
 # 32-bit host-build of library, tests and example programs,