mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 11:11:08 +01:00
86eac795c9
Nowadays, the timing module just builds on a function that provides a timer with millisecond resolution. In terms of platform requirements, this is almost exactly equivalent to `mbedtls_ms_time()` provides (`mbedtls_ms_time()` is arguably a little stronger because it is supposed to last longer than a single timer object, but an application could start a timer when it starts, so there's no real difference.) So it's a bit silly that `timing.c` essentially reimplements this. Rely on `mbedtls_ms_time()` instead. This is an API break because in Mbed TLS 4.0, it was possible to enable `MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only provided an implementation for Windows and Unix-like platforms, and on those platforms, it is very likely that the default implementation of `MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform that has the traditional Unix function `gettimeofday()`, but not the 1990s novelty `clock_gettime()`.) So make this an official requirement, as a belated change that really should have gone into 4.0 if we'd taken the time to dig into it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This directory contains example configuration files.
The examples are generally focused on a particular use case (eg, support for
a restricted set of ciphersuites) and aim to minimize resource usage for
the target. They can be used as a basis for custom configurations.
These files come in pairs and are complete replacements for the default
mbedtls_config.h and crypto_config.h. The two files of a pair share the same or
very similar name, with the crypto file prefixed by "crypto-". Note
that some of the cryptography configuration files may be located in
tf-psa-crypto/configs.
To use one of these pairs, you can pick one of the following methods:
1. Replace the default files include/mbedtls/mbedtls_config.h and
tf-psa-crypto/include/psa/crypto_config.h with the chosen ones.
2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE CMake options. For
example, to build out-of-tree with the config-ccm-psk-tls1_2.h and
crypto-config-ccm-psk-tls1_2.h configuration pair:
cmake -DMBEDTLS_CONFIG_FILE="configs/config-ccm-psk-tls1_2.h" \
-DTF_PSA_CRYPTO_CONFIG_FILE="configs/crypto-config-ccm-psk-tls1_2.h"
-B build-psktls12 .
cmake --build build-psktls12
The second method also works if you want to keep your custom configuration
files outside the Mbed TLS tree.