Include more curves. For example, the Brainpool curves don't have
dedicated "mod p" reduction routines, so they have a much larger number
of allocs (comparable to the NIST curves with `MBEDTLS_ECP_NIST_OPTIM`
disabled).
On the other hand, to keep the script's running time reasonable, remove
a few things:
- curves smaller than 256 bits (out of favour these days)
- window sizes larger than the default: 6 was particularly useless as
it's never selected by the current code; 5 can only be selected with
curves >= 384 and is unlikely to be used in practice as it increases
heap usage quite a lot for very little performance gain.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Clearly the intention was to enable it, as ECDSA_C was defined, but the
benchmark also requires SHA-256 for ECDSA.
Also, specify "ecdh ecdsa" when invoking the benchmark program, in order
to avoid spurious output about SHA-256.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The LTS branch hasn't been updated in the contributing guidelines.
Deleting it instead of updating as the information is available at the
link above and deleting prevents similar mistakes in the future.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Encrypt-Then-Mac (ETM) is supported in Mbed TLS
server for TLS version geater than SSLv3 and only
for the CBC cipher mode thus make it
clear in the SSL context.
The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Also move the self test implementation guards
so that alternate implementations must
provide their own.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.
Signed-off-by: Daniel Axtens <dja@axtens.net>
