components/mbedtls: MBEDTLS Handshake result check

modify esp_config.h add some feature for support http2.0 protocol, TLS Handshake OK.
2024-10-05 20:47:46 -04:00 · 2016-08-30 20:40:58 +08:00 · 2016-08-30 20:40:58 +08:00 · 2d80fada70
commit 2d80fada70
parent 0f83831c74
11 changed files with 659 additions and 86 deletions
--- a/components/esp32/aes.c
+++ b/components/esp32/aes.c
@ -64,7 +64,7 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,
                    unsigned int keybits )
 {
 	enum AES_BITS	keybit;
-	uint16 keybyte = keybits / 8;
+	uint16_t keybyte = keybits / 8;
 	switch (keybits){
 		case 128:
 			keybit = AES128;
@ -95,7 +95,7 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,
                    unsigned int keybits )
 {
 	enum AES_BITS	keybit;
-	uint16 keybyte = keybits / 8;
+	uint16_t keybyte = keybits / 8;
 	switch (keybits){
 		case 128:
 			keybit = AES128;
--- a/components/esp32/bignum.c
+++ b/components/esp32/bignum.c
@ -1018,9 +1018,9 @@ static void esp_mpi_mul_hlp( size_t i, esp_mpi_uint *s, esp_mpi_uint *d, esp_mpi
 static int mul_pram_alloc( mpi *X, const mpi *A, const mpi *B, char **pA, char **pB, char **pX, size_t *bites)
 {
    char *sa, *sb, *sx;
-	int algn;
+//	int algn;
 	int words, bytes;
-	int abytes, bbytes, cbytes;
+	int abytes, bbytes;
 	if (A->n > B->n)
 		words = A->n;
@ -2178,6 +2178,3 @@ cleanup:
    return( ret );
 }
 #endif /* ESP_BIGNUM_ALT */
--- a/components/esp32/include/aes.h
+++ b/components/esp32/include/aes.h
@ -24,7 +24,7 @@
 #ifndef ESP_AES_H
 #define ESP_AES_H
-#include "c_types.h"
+#include "esp_types.h"
 #include "rom/ets_sys.h"
 #include "rom/aes.h"
@ -41,8 +41,8 @@ extern "C" {
 typedef struct{
 	bool  flag;
-	uint16 keybites;
+	uint16_t keybites;
-    uint8 key[32];
+    uint8_t key[32];
 }key_context, KEY_CTX;
 /**
--- a/components/esp32/include/bignum.h
+++ b/components/esp32/include/bignum.h
@ -23,7 +23,7 @@
 #ifndef _ESP_BIGNUM_H
 #define _ESP_BIGNUM_H
-#include "c_types.h"
+#include "esp_types.h"
 #include "rom/ets_sys.h"
 #include "rom/bigint.h"
--- a/components/esp32/include/esp_crypto.h
+++ b/components/esp32/include/esp_crypto.h
@ -1,7 +1,7 @@
 #ifndef _MULTI_CRYPTO_H_
 #define _MULTI_CRYPTO_H_
-#include "c_types.h"
+#include "esp_types.h"
 #include "rom/ets_sys.h"
 #ifdef __cplusplus
--- a/components/esp32/include/sha.h
+++ b/components/esp32/include/sha.h
@ -6,7 +6,7 @@
 #ifndef _ESP_SHA_H_
 #define _ESP_SHA_H_
-#include "c_types.h"
+#include "esp_types.h"
 #include "rom/ets_sys.h"
 #include "rom/sha.h"
@ -164,6 +164,8 @@ typedef sha_context SHA512_CTX;
 */
 void esp_sha512_init( SHA512_CTX *ctx );
 void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] );
 /**
 * \brief          Clear SHA-512 context
 *
--- a/components/esp32/sha.c
+++ b/components/esp32/sha.c
@ -205,6 +205,11 @@ void esp_sha512_init( SHA512_CTX *ctx )
 	SHA_UNLOCK();
 }
 void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] )
 {
 }
 void esp_sha512_free( SHA512_CTX *ctx )
 {
    if( ctx == NULL )
--- a/components/mbedtls/include/mbedtls/esp_config.h
+++ b/components/mbedtls/include/mbedtls/esp_config.h
@ -225,7 +225,7 @@
 * Uncomment a macro to enable alternate implementation of the corresponding
 * module.
 */
-#define MBEDTLS_AES_ALT
+//#define MBEDTLS_AES_ALT
 //#define MBEDTLS_ARC4_ALT
 //#define MBEDTLS_BLOWFISH_ALT
 //#define MBEDTLS_CAMELLIA_ALT
@ -235,11 +235,11 @@
 //#define MBEDTLS_MD4_ALT
 //#define MBEDTLS_MD5_ALT
 //#define MBEDTLS_RIPEMD160_ALT
-#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA1_ALT
-#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA256_ALT
-#define MBEDTLS_SHA512_ALT
+//#define MBEDTLS_SHA512_ALT
-#define MBEDTLS_BIGNUM_ALT
+//#define MBEDTLS_BIGNUM_ALT
 /**
 * \def MBEDTLS_MD2_PROCESS_ALT
 *
@ -374,10 +374,10 @@
 *
 * Enable padding modes in the cipher layer.
 */
-//#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_PKCS7
-//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-//#define MBEDTLS_CIPHER_PADDING_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS
 /**
 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
@ -415,18 +415,18 @@
 *
 * Comment macros to disable the curve and functions for it
 */
-//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
 /**
 * \def MBEDTLS_ECP_NIST_OPTIM
@ -437,7 +437,7 @@
 *
 * Comment this macro to disable NIST curves optimisation.
 */
-//#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_ECP_NIST_OPTIM
 /**
 * \def MBEDTLS_ECDSA_DETERMINISTIC
@ -451,7 +451,7 @@
 *
 * Comment this macro to disable deterministic ECDSA.
 */
-//#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_ECDSA_DETERMINISTIC
 /**
 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@ -473,7 +473,7 @@
 *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
 */
-//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 /**
 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@ -497,7 +497,7 @@
 *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
 */
-//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@ -517,7 +517,7 @@
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
 */
-//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 /**
 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@ -596,7 +596,7 @@
 *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 */
-//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@ -621,7 +621,7 @@
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
 */
-//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@ -645,7 +645,7 @@
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 */
-//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@ -669,7 +669,7 @@
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
 */
-//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@ -693,7 +693,7 @@
 *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
 */
-//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@ -946,7 +946,7 @@
 *
 * Comment this macro to disable support for Encrypt-then-MAC
 */
-//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 *
@ -964,7 +964,7 @@
 *
 * Comment this macro to disable support for Extended Master Secret.
 */
-//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 /**
 * \def MBEDTLS_SSL_FALLBACK_SCSV
@ -981,7 +981,7 @@
 *
 * Comment this macro to disable support for FALLBACK_SCSV
 */
-//#define MBEDTLS_SSL_FALLBACK_SCSV
+#define MBEDTLS_SSL_FALLBACK_SCSV
 /**
 * \def MBEDTLS_SSL_HW_RECORD_ACCEL
@ -1018,7 +1018,7 @@
 *
 * Comment this to disable support for renegotiation.
 */
-//#define MBEDTLS_SSL_RENEGOTIATION
+#define MBEDTLS_SSL_RENEGOTIATION
 /**
 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@ -1047,7 +1047,7 @@
 *
 * Comment this macro to disable support for the max_fragment_length extension
 */
-//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 /**
 * \def MBEDTLS_SSL_PROTO_SSL3
@ -1059,7 +1059,7 @@
 *
 * Comment this macro to disable support for SSL 3.0
 */
-//#define MBEDTLS_SSL_PROTO_SSL3
+#define MBEDTLS_SSL_PROTO_SSL3
 /**
 * \def MBEDTLS_SSL_PROTO_TLS1
@ -1110,7 +1110,7 @@
 *
 * Comment this macro to disable support for DTLS
 */
-//#define MBEDTLS_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_PROTO_DTLS
 /**
 * \def MBEDTLS_SSL_ALPN
@ -1119,7 +1119,7 @@
 *
 * Comment this macro to disable support for ALPN.
 */
-//#define MBEDTLS_SSL_ALPN
+#define MBEDTLS_SSL_ALPN
 /**
 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@ -1134,7 +1134,7 @@
 *
 * Comment this to disable anti-replay in DTLS.
 */
-//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
 /**
 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@ -1152,7 +1152,7 @@
 *
 * Comment this to disable support for HelloVerifyRequest.
 */
-//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
 /**
 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@ -1168,7 +1168,7 @@
 *
 * Comment this to disable support for clients reusing the source port.
 */
-//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 /**
 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@ -1179,7 +1179,7 @@
 *
 * Requires: MBEDTLS_SSL_PROTO_DTLS
 */
-//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
 /**
 * \def MBEDTLS_SSL_SESSION_TICKETS
@ -1193,7 +1193,7 @@
 *
 * Comment this macro to disable support for SSL session tickets
 */
-//#define MBEDTLS_SSL_SESSION_TICKETS
+#define MBEDTLS_SSL_SESSION_TICKETS
 /**
 * \def MBEDTLS_SSL_EXPORT_KEYS
@ -1203,7 +1203,7 @@
 *
 * Comment this macro to disable support for key export
 */
-//#define MBEDTLS_SSL_EXPORT_KEYS
+#define MBEDTLS_SSL_EXPORT_KEYS
 /**
 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
@ -1223,7 +1223,7 @@
 *
 * Comment this macro to disable support for truncated HMAC in SSL
 */
-//#define MBEDTLS_SSL_TRUNCATED_HMAC
+#define MBEDTLS_SSL_TRUNCATED_HMAC
 /**
 * \def MBEDTLS_THREADING_ALT
@ -1258,7 +1258,7 @@
 *
 * Comment this to disable run-time checking and save ROM space
 */
-//#define MBEDTLS_VERSION_FEATURES
+#define MBEDTLS_VERSION_FEATURES
 /**
 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@ -1294,7 +1294,7 @@
 *
 * Comment to skip keyUsage checking for both CA and leaf certificates.
 */
-//#define MBEDTLS_X509_CHECK_KEY_USAGE
+#define MBEDTLS_X509_CHECK_KEY_USAGE
 /**
 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@ -1307,7 +1307,7 @@
 *
 * Comment to skip extendedKeyUsage checking for certificates.
 */
-//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
 /**
 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
@ -1317,7 +1317,7 @@
 *
 * Comment this macro to disallow using RSASSA-PSS in certificates.
 */
-//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 /**
 * \def MBEDTLS_ZLIB_SUPPORT
@ -1459,7 +1459,7 @@
 *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
 */
-//#define MBEDTLS_ARC4_C
+#define MBEDTLS_ARC4_C
 /**
 * \def MBEDTLS_ASN1_PARSE_C
@ -1524,7 +1524,7 @@
 *
 * Module:  library/blowfish.c
 */
-//#define MBEDTLS_BLOWFISH_C
+#define MBEDTLS_BLOWFISH_C
 /**
 * \def MBEDTLS_CAMELLIA_C
@ -1579,7 +1579,7 @@
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
 */
-//#define MBEDTLS_CAMELLIA_C
+#define MBEDTLS_CAMELLIA_C
 /**
 * \def MBEDTLS_CCM_C
@ -1593,7 +1593,7 @@
 * This module enables the AES-CCM ciphersuites, if other requisites are
 * enabled as well.
 */
-//#define MBEDTLS_CCM_C
+#define MBEDTLS_CCM_C
 /**
 * \def MBEDTLS_CERTS_C
@ -1605,7 +1605,7 @@
 *
 * This module is used for testing (ssl_client/server).
 */
-//#define MBEDTLS_CERTS_C
+#define MBEDTLS_CERTS_C
 /**
 * \def MBEDTLS_CIPHER_C
@ -1645,7 +1645,7 @@
 *
 * This module provides debugging functions.
 */
-//#define MBEDTLS_DEBUG_C
+#define MBEDTLS_DEBUG_C
 /**
 * \def MBEDTLS_DES_C
@ -1671,7 +1671,7 @@
 *
 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
 */
-//#define MBEDTLS_DES_C
+#define MBEDTLS_DES_C
 /**
 * \def MBEDTLS_DHM_C
@ -1685,7 +1685,7 @@
 * This module is used by the following key exchanges:
 *      DHE-RSA, DHE-PSK
 */
-//#define MBEDTLS_DHM_C
+#define MBEDTLS_DHM_C
 /**
 * \def MBEDTLS_ECDH_C
@ -1701,7 +1701,7 @@
 *
 * Requires: MBEDTLS_ECP_C
 */
-//#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECDH_C
 /**
 * \def MBEDTLS_ECDSA_C
@ -1716,7 +1716,7 @@
 *
 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
 */
-//#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECDSA_C
 /**
 * \def MBEDTLS_ECJPAKE_C
@ -1749,7 +1749,7 @@
 *
 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
 */
-//#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_C
 /**
 * \def MBEDTLS_ENTROPY_C
@ -1775,7 +1775,7 @@
 *
 * This module enables mbedtls_strerror().
 */
-//#define MBEDTLS_ERROR_C
+#define MBEDTLS_ERROR_C
 /**
 * \def MBEDTLS_GCM_C
@ -1789,7 +1789,7 @@
 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
 * requisites are enabled as well.
 */
-//#define MBEDTLS_GCM_C	//764 Byte
+#define MBEDTLS_GCM_C
 /**
 * \def MBEDTLS_HAVEGE_C
@ -1826,7 +1826,7 @@
 *
 * Uncomment to enable the HMAC_DRBG random number geerator.
 */
-//#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_HMAC_DRBG_C
 /**
 * \def MBEDTLS_MD_C
@ -1941,7 +1941,7 @@
 *
 * This modules adds support for the VIA PadLock on x86.
 */
-//#define MBEDTLS_PADLOCK_C
+#define MBEDTLS_PADLOCK_C
 /**
 * \def MBEDTLS_PEM_PARSE_C
@ -2033,7 +2033,7 @@
 *
 * This module adds support for the PKCS#5 functions.
 */
-//#define MBEDTLS_PKCS5_C
+#define MBEDTLS_PKCS5_C
 /**
 * \def MBEDTLS_PKCS11_C
@ -2064,7 +2064,7 @@
 *
 * This module enables PKCS#12 functions.
 */
-//#define MBEDTLS_PKCS12_C
+#define MBEDTLS_PKCS12_C
 /**
 * \def MBEDTLS_PLATFORM_C
@ -2084,7 +2084,7 @@
 *
 * This module enables abstraction of common (libc) functions.
 */
-//#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_PLATFORM_C
 /**
 * \def MBEDTLS_RIPEMD160_C
@ -2095,7 +2095,7 @@
 * Caller:  library/mbedtls_md.c
 *
 */
-//#define MBEDTLS_RIPEMD160_C
+#define MBEDTLS_RIPEMD160_C
 /**
 * \def MBEDTLS_RSA_C
@ -2173,7 +2173,7 @@
 *
 * Requires: MBEDTLS_SSL_CACHE_C
 */
-//#define MBEDTLS_SSL_CACHE_C
+#define MBEDTLS_SSL_CACHE_C
 /**
 * \def MBEDTLS_SSL_COOKIE_C
@ -2183,7 +2183,7 @@
 * Module:  library/ssl_cookie.c
 * Caller:
 */
-//#define MBEDTLS_SSL_COOKIE_C
+#define MBEDTLS_SSL_COOKIE_C
 /**
 * \def MBEDTLS_SSL_TICKET_C
@ -2195,7 +2195,7 @@
 *
 * Requires: MBEDTLS_CIPHER_C
 */
-//#define MBEDTLS_SSL_TICKET_C
+#define MBEDTLS_SSL_TICKET_C
 /**
 * \def MBEDTLS_SSL_CLI_C
@ -2466,7 +2466,8 @@
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
 /* SSL options */
-#define MBEDTLS_SSL_MAX_CONTENT_LEN             3072 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+
 #define MBEDTLS_SSL_MAX_CONTENT_LEN             5120 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
--- a/components/mbedtls/port/esp_hardware.c
+++ b/components/mbedtls/port/esp_hardware.c
@ -0,0 +1,45 @@
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #include <sys/types.h>
 #include <stdlib.h>
 #include <stdio.h>
 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
 /**
 * \brief           Entropy poll callback for a hardware source
 *
 * \warning         This is not provided by mbed TLS!
 *                  See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
 *
 * \note            This must accept NULL as its first argument.
 */
 static int os_get_random(unsigned char *buf, size_t len)
 {
 	int i, j;
 	unsigned long tmp;
 	for (i = 0; i < ((len + 3) & ~3) / 4; i ++){
 		tmp = rand();
 		for (j = 0; j < 4; j ++){
 			if ((i * 4 + j) < len){
 				buf[i * 4 + j] = (unsigned char)(tmp >> (j * 8));
 			}else{
 				break;
 			}
 		}
 	}
 	return 0;
 }
 int mbedtls_hardware_poll( void *data,
                           unsigned char *output, size_t len, size_t *olen )
 {
 	os_get_random(output, len);
 	*olen = len;
 	return 0;
 }
 #endif
--- a/components/mbedtls/port/include/sha512_alt.h
+++ b/components/mbedtls/port/include/sha512_alt.h
@ -17,6 +17,7 @@ extern "C" {
 typedef SHA512_CTX	mbedtls_sha512_context;
 #define mbedtls_sha512_init   esp_sha512_init
 #define mbedtls_sha512_process	esp_sha512_process
 #define mbedtls_sha512_clone  esp_sha512_clone
 #define mbedtls_sha512_starts esp_sha512_starts
 #define mbedtls_sha512_update esp_sha512_update
--- a/components/mbedtls/port/net.c
+++ b/components/mbedtls/port/net.c
@ -0,0 +1,522 @@
 /*
 *  TCP/IP or UDP/IP networking functions
 *  modified for LWIP support on ESP32
 *
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  Additions Copyright (C) 2015 Angus Gratton
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #if !defined(MBEDTLS_NET_C)
 #include "mbedtls/net.h"
 #include <string.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 //#include <sys/time.h>
 #include <unistd.h>
 #include <netdb.h>
 //#include <errno.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <time.h>
 #include <stdint.h>
 /*
 * Prepare for using the sockets interface
 */
 static int net_prepare( void )
 {
 #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
    !defined(EFI32)
    WSADATA wsaData;
    if( wsa_init_done == 0 )
    {
        if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
        wsa_init_done = 1;
    }
 #else
 #endif
    return( 0 );
 }
 /*
 * Initialize a context
 */
 void mbedtls_net_init( mbedtls_net_context *ctx )
 {
    ctx->fd = -1;
 }
 /*
 * Initiate a TCP connection with host:port and the given protocol
 */
 int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto )
 {
    int ret;
    struct addrinfo hints, *addr_list, *cur;
    if( ( ret = net_prepare() ) != 0 )
        return( ret );
    /* Do name resolution with both IPv6 and IPv4 */
    memset( &hints, 0, sizeof( hints ) );
    hints.ai_family = AF_UNSPEC;
    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
    if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
    /* Try the sockaddrs until a connection succeeds */
    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
    {
        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
                            cur->ai_protocol );
        if( ctx->fd < 0 )
        {
            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
            continue;
        }
        if( connect( ctx->fd, cur->ai_addr, cur->ai_addrlen ) == 0 )
        {
            ret = 0;
            break;
        }
        close( ctx->fd );
        ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
    }
    freeaddrinfo( addr_list );
    return( ret );
 }
 /*
 * Create a listening socket on bind_ip:port
 */
 int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
 {
    int n, ret;
    struct addrinfo hints, *addr_list, *cur;
    if( ( ret = net_prepare() ) != 0 )
        return( ret );
    /* Bind to IPv6 and/or IPv4, but only in the desired protocol */
    memset( &hints, 0, sizeof( hints ) );
    hints.ai_family = AF_UNSPEC;
    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
    if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 )
        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
    /* Try the sockaddrs until a binding succeeds */
    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
    {
        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
                            cur->ai_protocol );
        if( ctx->fd < 0 )
        {
            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
            continue;
        }
 		/*SO_REUSEADDR option dafault is disable in source code(lwip)*/
 #if SO_REUSE
        n = 1;
        if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR,
                        (const char *) &n, sizeof( n ) ) != 0 )
        {
            close( ctx->fd );
            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
            continue;
        }
 #endif
 		/*bind interface dafault don't process the addr is 0xffffffff for TCP Protocol*/
 		struct sockaddr_in *serv_addr = NULL;
 		serv_addr = (struct sockaddr_in *)cur->ai_addr;		
 		serv_addr->sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
        if( bind( ctx->fd, (struct sockaddr *)serv_addr, cur->ai_addrlen ) != 0 )
        {
            close( ctx->fd );
            ret = MBEDTLS_ERR_NET_BIND_FAILED;
            continue;
        }
        /* Listen only makes sense for TCP */
        if( proto == MBEDTLS_NET_PROTO_TCP )
        {
            if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
            {
                close( ctx->fd );
                ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
                continue;
            }
        }
        /* I we ever get there, it's a success */
        ret = 0;
        break;
    }
    freeaddrinfo( addr_list );
    return( ret );
 }
 #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
    !defined(EFI32)
 /*
 * Check if the requested operation would be blocking on a non-blocking socket
 * and thus 'failed' with a negative return value.
 */
 static int net_would_block( const mbedtls_net_context *ctx )
 {
    ((void) ctx);
    return( WSAGetLastError() == WSAEWOULDBLOCK );
 }
 #else
 /*
 * Check if the requested operation would be blocking on a non-blocking socket
 * and thus 'failed' with a negative return value.
 *
 * Note: on a blocking socket this function always returns 0!
 */
 static int net_would_block( const mbedtls_net_context *ctx )
 {
    /*
     * Never return 'WOULD BLOCK' on a non-blocking socket
     */
    if( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK )
        return( 0 );
 	int error = 0;
 	get_errno(ctx->fd, &error);
    switch( error )
    {
 #if defined EAGAIN
        case EAGAIN:
 #endif
 #if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
        case EWOULDBLOCK:
 #endif
            return( 1 );
    }
    return( 0 );
 }
 #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
 /*
 * Accept a connection from a remote client
 */
 int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
                        mbedtls_net_context *client_ctx,
                        void *client_ip, size_t buf_size, size_t *ip_len )
 {
    int ret;
    int type;
    struct sockaddr_in client_addr;
    socklen_t n = (socklen_t) sizeof( client_addr );
    socklen_t type_len = (socklen_t) sizeof( type );
    /* Is this a TCP or UDP socket? */
    if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
                    (void *) &type, (socklen_t *) &type_len ) != 0 ||
        ( type != SOCK_STREAM && type != SOCK_DGRAM ) )
    {
        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
    }
    if( type == SOCK_STREAM )
    {
        /* TCP: actual accept() */
        ret = client_ctx->fd = (int) accept( bind_ctx->fd,
                                             (struct sockaddr *) &client_addr, &n );
    }
    else
    {
        /* UDP: wait for a message, but keep it in the queue */
        char buf[1] = { 0 };
        ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
                        (struct sockaddr *) &client_addr, &n );
 #if defined(_WIN32)
        if( ret == SOCKET_ERROR &&
            WSAGetLastError() == WSAEMSGSIZE )
        {
            /* We know buf is too small, thanks, just peeking here */
            ret = 0;
        }
 #endif
    }
    if( ret < 0 )
    {
        if( net_would_block( bind_ctx ) != 0 )
            return( MBEDTLS_ERR_SSL_WANT_READ );
        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
    }
    /* UDP: hijack the listening socket to communicate with the client,
     * then bind a new socket to accept new connections */
    if( type != SOCK_STREAM )
    {
        struct sockaddr_in local_addr;
        int one = 1;
        if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 )
            return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
        client_ctx->fd = bind_ctx->fd;
        bind_ctx->fd   = -1; /* In case we exit early */
        n = sizeof( struct sockaddr_in );
        if( getsockname( client_ctx->fd,
                         (struct sockaddr *) &local_addr, &n ) != 0 ||
            ( bind_ctx->fd = (int) socket( AF_INET,
                                           SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
            setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
                        (const char *) &one, sizeof( one ) ) != 0 )
        {
            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
        }
        if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
        {
            return( MBEDTLS_ERR_NET_BIND_FAILED );
        }
    }
    if( client_ip != NULL )
    {
            struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
            *ip_len = sizeof( addr4->sin_addr.s_addr );
            if( buf_size < *ip_len )
                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
            memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
    }
    return( 0 );
 }
 /*
 * Set the socket blocking or non-blocking
 */
 int mbedtls_net_set_block( mbedtls_net_context *ctx )
 {
 #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
    !defined(EFI32)
    u_long n = 0;
    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
 #else
    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) );
 #endif
 }
 int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
 {
 #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
    !defined(EFI32)
    u_long n = 1;
    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
 #else
    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) );
 #endif
 }
 /*
 * Portable usleep helper
 */
 void mbedtls_net_usleep( unsigned long usec )
 {
 #if defined(_WIN32)
    Sleep( ( usec + 999 ) / 1000 );
 #else
    struct timeval tv;
    tv.tv_sec  = usec / 1000000;
 #if defined(__unix__) || defined(__unix) || \
    ( defined(__APPLE__) && defined(__MACH__) )
    tv.tv_usec = (suseconds_t) usec % 1000000;
 #else
    tv.tv_usec = usec % 1000000;
 #endif
    select( 0, NULL, NULL, NULL, &tv );
 #endif
 }
 /*
 * Read at most 'len' characters
 */
 int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
 {
    int ret;
    int fd = ((mbedtls_net_context *) ctx)->fd;
    int error = 0;
 	get_errno(fd, &error);
    if( fd < 0 )
        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
    ret = (int) read( fd, buf, len );
    if( ret < 0 )
    {
        if( net_would_block( ctx ) != 0 )
            return( MBEDTLS_ERR_SSL_WANT_READ );
 #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
    !defined(EFI32)
        if( WSAGetLastError() == WSAECONNRESET )
            return( MBEDTLS_ERR_NET_CONN_RESET );
 #else
        if( error == EPIPE || error == ECONNRESET )
            return( MBEDTLS_ERR_NET_CONN_RESET );
        if( error == EINTR )
            return( MBEDTLS_ERR_SSL_WANT_READ );
 #endif
        return( MBEDTLS_ERR_NET_RECV_FAILED );
    }
    return( ret );
 }
 /*
 * Read at most 'len' characters, blocking for at most 'timeout' ms
 */
 int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
                      uint32_t timeout )
 {
    int ret;
    struct timeval tv;
    fd_set read_fds;
    int fd = ((mbedtls_net_context *) ctx)->fd;
    if( fd < 0 )
        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
    FD_ZERO( &read_fds );
    FD_SET( fd, &read_fds );
    tv.tv_sec  = timeout / 1000;
    tv.tv_usec = ( timeout % 1000 ) * 1000;
    ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
    /* Zero fds ready means we timed out */
    if( ret == 0 )
        return( MBEDTLS_ERR_SSL_TIMEOUT );
    if( ret < 0 )
    {
 #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
    !defined(EFI32)
        if( WSAGetLastError() == WSAEINTR )
            return( MBEDTLS_ERR_SSL_WANT_READ );
 #else
        if( errno == EINTR )
            return( MBEDTLS_ERR_SSL_WANT_READ );
 #endif
        return( MBEDTLS_ERR_NET_RECV_FAILED );
    }
    /* This call will not block */
    return( mbedtls_net_recv( ctx, buf, len ) );
 }
 /*
 * Write at most 'len' characters
 */
 int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
 {
    int ret;
    int fd = ((mbedtls_net_context *) ctx)->fd;
 	int error = 0;
 	get_errno(fd, &error);
    if( fd < 0 )
        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
    ret = (int) write( fd, buf, len );
    if( ret < 0 )
    {
        if( net_would_block( ctx ) != 0 )
            return( MBEDTLS_ERR_SSL_WANT_WRITE );
 #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
    !defined(EFI32)
        if( WSAGetLastError() == WSAECONNRESET )
            return( MBEDTLS_ERR_NET_CONN_RESET );
 #else
        if( error == EPIPE || error == ECONNRESET )
            return( MBEDTLS_ERR_NET_CONN_RESET );
        if( error == EINTR )
            return( MBEDTLS_ERR_SSL_WANT_WRITE );
 #endif
        return( MBEDTLS_ERR_NET_SEND_FAILED );
    }
    return( ret );
 }
 /*
 * Gracefully close the connection
 */
 void mbedtls_net_free( mbedtls_net_context *ctx )
 {
    if( ctx->fd == -1 )
        return;
    shutdown( ctx->fd, 2 );
    close( ctx->fd );
    ctx->fd = -1;
 }
 #endif /* MBEDTLS_NET_C */