Have MBEDTLS_TIMING_C require MBEDTLS_HAVE_TIME

Nowadays, the timing module just builds on a function that provides a timer
with millisecond resolution. In terms of platform requirements, this is
almost exactly equivalent to `mbedtls_ms_time()`
provides (`mbedtls_ms_time()` is arguably a little stronger because it is
supposed to last longer than a single timer object, but an application could
start a timer when it starts, so there's no real difference.) So it's a bit
silly that `timing.c` essentially reimplements this. Rely on
`mbedtls_ms_time()` instead.

This is an API break because in Mbed TLS 4.0, it was possible to enable
`MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only
provided an implementation for Windows and Unix-like platforms, and on those
platforms, it is very likely that the default implementation of
`MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform
that has the traditional Unix function `gettimeofday()`, but not the 1990s
novelty `clock_gettime()`.) So make this an official requirement, as a
belated change that really should have gone into 4.0 if we'd taken the time
to dig into it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

ChangeLog.d/timing.txt

@@ -0,0 +1,5 @@
+API changes
+   * MBEDTLS_TIMING_C now requires MBEDTLS_HAVE_TIME to be enabled in the
+     TF-PSA-Crypto configuration, unless MBEDTLS_TIMING_ALT is enabled.
+     As a benefit, platforms where the default implementation is not
+     supported now only need to implement MBEDTLS_PLATFORM_MS_TIME_ALT.

configs/config-ccm-psk-dtls1_2.h

@@ -29,7 +29,7 @@
 #define MBEDTLS_SSL_COOKIE_C
 #define MBEDTLS_SSL_SRV_C
 #define MBEDTLS_SSL_TLS_C
-#define MBEDTLS_TIMING_C
+#define MBEDTLS_TIMING_C //Only used by test programs
 
 /* TLS protocol feature support */
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

configs/config-symmetric-only.h

@@ -12,5 +12,5 @@
 #define MBEDTLS_ERROR_STRERROR_DUMMY
 #define MBEDTLS_VERSION_FEATURES
 
-#define MBEDTLS_TIMING_C
+#define MBEDTLS_TIMING_C //Only for benchmarking
 #define MBEDTLS_VERSION_C

configs/crypto-config-ccm-psk-tls1_2.h

@@ -26,7 +26,8 @@
 #define MBEDTLS_PSA_CRYPTO_C
 
 /* System support */
-//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
+/* Optionally used in Hello messages. Needed for DTLS testing. */
+#define MBEDTLS_HAVE_TIME
 /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
 
 #define MBEDTLS_CTR_DRBG_C

configs/crypto-config-thread.h

@@ -48,6 +48,7 @@
 
 /* System support */
 #define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME //Only used by test programs
 
 #define MBEDTLS_AES_ROM_TABLES
 #define MBEDTLS_ECP_NIST_OPTIM

include/mbedtls/mbedtls_config.h

@@ -63,22 +63,9 @@
 /**
  * \def MBEDTLS_TIMING_C
  *
- * Enable the semi-portable timing interface.
+ * Enable a timer interface used by some sample and test programs.
  *
- * \note The provided implementation only works on POSIX/Unix (including Linux,
- * BSD and OS X) and Windows. On other platforms, you can either disable that
- * module and provide your own implementations of the callbacks needed by
- * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
- * your own implementation of the whole module by setting
- * \c MBEDTLS_TIMING_ALT in the current file.
- *
- * \note The timing module will include time.h on suitable platforms
- *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
- *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ * Requires: MBEDTLS_HAVE_TIME or MBEDTLS_TIMING_ALT
  *
  * Module:  library/timing.c
  */

library/mbedtls_check_config.h

@@ -363,5 +363,10 @@
 #error  "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_TIMING_C) && \
+    !(defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_TIMING_ALT))
+#error "MBEDTLS_TIMING_C requires either MBEDTLS_HAVE_TIME or MBEDTLS_TIMING_ALT"
+#endif
+
 /* *INDENT-ON* */
 #endif /* MBEDTLS_CHECK_CONFIG_H */