Commit Graph

13 Commits

Author SHA1 Message Date
Damien George b5449b0f09 extmod/mbedtls: Enable certificate time/date validation by default.
All ports using this common configuration already enable time/date
validation, so this commit is a no-op change.

Signed-off-by: Damien George <damien@micropython.org>
2023-12-01 15:08:11 +11:00
iabdalkader efe7dac0aa stm32/mbedtls: Enable mbedtls certificate time validation.
This is a reimplementation of b560b9fe71 for
the stm32 port.
2022-11-08 23:41:03 +11:00
Damien George 8874a09119 extmod/mbedtls: Enable elliptic curve DH and DSA cryptography.
This is necessary to access sites that only support these protocols.

The rp2 port already has ECDH enabled, so this just adds ECDSA there.  The
other ports now gain both ECDH and ECDSA.  The code size increase is:

- rp2 (PICO_W): +2916 bytes flash, +24 bytes BSS
- stm32 (PYBD_SF6): +20480 bytes flash, +32 bytes data, +48 bytes BSS
- mimxrt (TEENSY41): +20708 bytes flash, +32 bytes data, +48 bytes BSS
- unix (standard x86-64): +39344 executable, +1744 bytes data, +96 BSS

This is obviously a large increase in code size.  But there doesn't seem to
be any other option because without elliptic curve cryptography devices are
partially cut off from the internet.  For use cases that require small
firmware size, they'll need to build custom firmware with a custom mbedtls
config.

Signed-off-by: Damien George <damien@micropython.org>
2022-10-22 19:08:21 +11:00
Damien George 9347545f9e extmod/mbedtls: Enable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.
This was already enabled on all ports except mimxrt.  Now it's enabled on
all of them.

Signed-off-by: Damien George <damien@micropython.org>
2022-10-22 19:06:21 +11:00
Damien George b337678964 extmod/mbedtls: Add common configuration file, and use it in all ports.
This is a no-op change.

Signed-off-by: Damien George <damien@micropython.org>
2022-10-22 19:06:21 +11:00
Damien George 39c96b543f stm32/mbedtls: Use core-provided tracked alloc instead of custom funcs.
Signed-off-by: Damien George <damien@micropython.org>
2022-05-05 10:31:50 +10:00
Damien George 5c32111fa0 ports: Reformat more C and Python source code.
These files that are reformatted only now fall under the list of files to
apply uncrustify/black formatting to.

Signed-off-by: Damien George <damien@micropython.org>
2022-04-20 16:17:35 +10:00
Peter Züger 95ee29f4f4 stm32/mbedtls: Add NULL pointer check in m_free_mbedtls.
According to the C standard the free(void *ptr) function: if ptr is a null
pointer, no action occurs.

Signed-off-by: Peter Züger <zueger.peter@icloud.com>
2022-03-17 13:11:22 +11:00
Damien George 5e506567a3 stm32/mbedtls: Enable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.
This adds MBEDTLS_MD_SHA1 to the list of default hashes for TLS 1.2
handshake signatures.  Although SHA-1 is weak, this option is turned on in
the default mbedtls configuration file, and allows better compatibility
with older servers.  In particular it allows an stm32-mbedtls-based client
to connect to an axtls-based client (eg default unix port and esp8266).

Signed-off-by: Damien George <damien@micropython.org>
2022-01-17 17:35:04 +11:00
Ned Konz 42d1a1635c stm32/mbedtls: Fix compile warning about uninitialized val. 2021-08-10 23:43:25 +10:00
Thorsten von Eicken 5264478007 extmod/modussl_mbedtls: Integrate shorter error strings.
The stm32 and esp32 ports now use shorter error strings for mbedtls errors.
Also, MBEDTLS_ERROR_C is enabled on stm32 by default to get these strings.
2020-07-21 00:31:05 +10:00
Jim Mussared 90f286465b stm32/mbedtls: Resize mbedtls output buffer from 16 down to 4 kiB.
To reduce the size of the SSL context on the heap.  See issue #5303.
2019-12-21 00:02:24 +11:00
Damien George fed4c23590 stm32: Integrate optional mbedTLS component for ussl module.
To use it a board should define MICROPY_PY_USSL=1 and MICROPY_SSL_MBEDTLS=1
at the Makefile level.  With the provided configuration it adds about 64k
to the build.
2019-06-05 15:37:31 +10:00