Commit Graph

7 Commits

Author SHA1 Message Date
Damien George
8874a09119 extmod/mbedtls: Enable elliptic curve DH and DSA cryptography.
This is necessary to access sites that only support these protocols.

The rp2 port already has ECDH enabled, so this just adds ECDSA there.  The
other ports now gain both ECDH and ECDSA.  The code size increase is:

- rp2 (PICO_W): +2916 bytes flash, +24 bytes BSS
- stm32 (PYBD_SF6): +20480 bytes flash, +32 bytes data, +48 bytes BSS
- mimxrt (TEENSY41): +20708 bytes flash, +32 bytes data, +48 bytes BSS
- unix (standard x86-64): +39344 executable, +1744 bytes data, +96 BSS

This is obviously a large increase in code size.  But there doesn't seem to
be any other option because without elliptic curve cryptography devices are
partially cut off from the internet.  For use cases that require small
firmware size, they'll need to build custom firmware with a custom mbedtls
config.

Signed-off-by: Damien George <damien@micropython.org>
2022-10-22 19:08:21 +11:00
Damien George
9347545f9e extmod/mbedtls: Enable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.
This was already enabled on all ports except mimxrt.  Now it's enabled on
all of them.

Signed-off-by: Damien George <damien@micropython.org>
2022-10-22 19:06:21 +11:00
Damien George
b337678964 extmod/mbedtls: Add common configuration file, and use it in all ports.
This is a no-op change.

Signed-off-by: Damien George <damien@micropython.org>
2022-10-22 19:06:21 +11:00
hoihu
85a25895ff rp2/mbedtls: Fix missing time.h include. 2022-08-31 00:22:34 +10:00
Ian Davies
b560b9fe71 rp2/mbedtls: Enable certificate validity time validation. 2022-08-06 00:08:01 +10:00
Damien George
11f920f8ad rp2/mbedtls: Enable some more mbedtls options.
Signed-off-by: Damien George <damien@micropython.org>
2022-06-30 16:03:21 +10:00
Andrew Leech
9bd6169b72 rp2/mbedtls: Add support for ssl module with MICROPY_SSL_MBEDTLS.
Signed-off-by: Andrew Leech <andrew@alelec.net>
2022-06-03 14:29:06 +10:00