Merge branch 'feature/update_mbedtls_version_to_3.6.1_v5.0' into 'release/v5.0'

feat(mbedtls): updated mbedtls version to 3.6.1(v5.0)

See merge request espressif/esp-idf!33916

CMakeLists.txt

@@ -183,8 +183,35 @@ endif()
 list(APPEND link_options "-fno-lto")
 
 if(CONFIG_IDF_TARGET_LINUX AND CMAKE_HOST_SYSTEM_NAME STREQUAL "Darwin")
-    list(APPEND link_options "-Wl,-dead_strip")
+    # Not all versions of the MacOS linker support the -warn_commons flag.
+    # ld version 1053.12 (and above) have been tested to support it.
+    # Hence, we extract the version string from the linker output
+    # before including the flag.
+
+    # Get the ld version, capturing both stdout and stderr
+    execute_process(
+        COMMAND ${CMAKE_LINKER} -v
+        OUTPUT_VARIABLE LD_VERSION_OUTPUT
+        ERROR_VARIABLE LD_VERSION_ERROR
+        OUTPUT_STRIP_TRAILING_WHITESPACE
+        ERROR_STRIP_TRAILING_WHITESPACE
+    )
+
+    # Combine stdout and stderr
+    set(LD_VERSION_OUTPUT "${LD_VERSION_OUTPUT}\n${LD_VERSION_ERROR}")
+
+    # Extract the version string
+    string(REGEX MATCH "PROJECT:(ld|dyld)-([0-9]+)\\.([0-9]+)" LD_VERSION_MATCH "${LD_VERSION_OUTPUT}")
+    set(LD_VERSION_MAJOR_MINOR "${CMAKE_MATCH_2}.${CMAKE_MATCH_3}")
+
+    message(STATUS "Linker Version: ${LD_VERSION_MAJOR_MINOR}")
+
+    # Compare the version with 1053.12
+    if(LD_VERSION_MAJOR_MINOR VERSION_GREATER_EQUAL "1053.12")
         list(APPEND link_options "-Wl,-warn_commons")
+    endif()
+
+    list(APPEND link_options "-Wl,-dead_strip")
 else()
     list(APPEND link_options "-Wl,--gc-sections")
     list(APPEND link_options "-Wl,--warn-common")

components/bt/common/btc/profile/esp/blufi/nimble_host/esp_blufi.c

@@ -442,8 +442,10 @@ uint8_t esp_blufi_init(void)
 void esp_blufi_deinit(void)
 {
     blufi_env.enabled = false;
-    btc_msg_t msg;
     esp_blufi_cb_param_t param;
+    btc_msg_t msg;
+    memset (&msg, 0x0, sizeof (msg));
+    msg.sig = BTC_SIG_API_CB;
     msg.pid = BTC_PID_BLUFI;
     msg.act = ESP_BLUFI_EVENT_DEINIT_FINISH;
     param.deinit_finish.state = ESP_BLUFI_DEINIT_OK;

components/bt/controller/esp32/bt.c

@@ -1690,7 +1690,10 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg)
 
     btdm_cfg_mask = btdm_config_mask_load();
 
-    if (btdm_controller_init(btdm_cfg_mask, cfg) != 0) {
+    err = btdm_controller_init(btdm_cfg_mask, cfg);
+
+    if (err != 0) {
+        ESP_LOGE(BTDM_LOG_TAG, "%s %d\n",__func__,err);
         err = ESP_ERR_NO_MEM;
         goto error;
     }

components/bt/controller/esp32c3/bt.c

@@ -1463,7 +1463,10 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg)
     periph_module_enable(PERIPH_BT_MODULE);
     periph_module_reset(PERIPH_BT_MODULE);
 
-    if (btdm_controller_init(cfg) != 0) {
+    err = btdm_controller_init(cfg);
+
+    if (err != 0) {
+        ESP_LOGE(BT_LOG_TAG, "%s %d\n",__func__,err);
         err = ESP_ERR_NO_MEM;
         goto error;
     }

components/bt/controller/lib_esp32c3_family

@@ -1 +1 @@
-Subproject commit b8ef2c474d392a88ea7e6626f89acf1fa5f30e4a
+Subproject commit 061e70c319576bf28b5695f5478dbe01ad18b18d

components/bt/host/bluedroid/Kconfig.in

@@ -59,7 +59,7 @@ config BT_A2DP_ENABLE
     depends on BT_CLASSIC_ENABLED
     default n
     help
-        Advanced Audio Distrubution Profile
+        Advanced Audio Distribution Profile
 
 config BT_SPP_ENABLED
     bool "SPP"
@@ -114,7 +114,7 @@ config BT_HFP_WBS_ENABLE
     default y
     help
         This enables Wide Band Speech. Should disable it when SCO data path is PCM.
-        Otherwise there will be no data transmited via GPIOs.
+        Otherwise there will be no data transmitted via GPIOs.
 
 
 menuconfig BT_HID_ENABLED
@@ -1065,7 +1065,7 @@ config BT_ACL_CONNECTIONS
         is used.
 
 config BT_MULTI_CONNECTION_ENBALE
-    bool "Enable BLE multi-conections"
+    bool "Enable BLE multi-connections"
     depends on BT_BLE_ENABLED
     default y
     help

components/bt/host/bluedroid/btc/core/btc_main.c

@@ -141,6 +141,12 @@ uint32_t btc_get_ble_status(void)
         status |= BIT(BTC_BLE_STATUS_CONN);
     }
 
+    // Address resolve status
+    extern uint8_t btm_get_ble_addr_resolve_disable_status(void);
+    if (btm_get_ble_addr_resolve_disable_status()) {
+        status |= BIT(BTC_BLE_STATUS_ADDR_RESOLVE_DISABLE);
+    }
+
     #if (SMP_INCLUDED == TRUE)
     // Number of recorded devices
     extern uint8_t btm_ble_sec_dev_active_count(void);

components/bt/host/bluedroid/btc/include/btc/btc_main.h

@@ -40,6 +40,7 @@ typedef enum {
     BTC_BLE_STATUS_GATTC_APP,   // GATTC application exist
     BTC_BLE_STATUS_GATTS_SRVC,  // GATTS service exist
     BTC_BLE_STATUS_PRIVACY,     // Privacy enabled
+    BTC_BLE_STATUS_ADDR_RESOLVE_DISABLE,// Address resolution disable status
 } tBTC_BLE_STATUS;
 
 future_t **btc_main_get_future_p(btc_main_future_type_t type);

components/bt/host/bluedroid/hci/packet_fragmenter.c

@@ -171,6 +171,12 @@ static void reassemble_and_dispatch(BT_HDR *packet)
                 return;
             }
             partial_packet = (BT_HDR *)osi_calloc(full_length + sizeof(BT_HDR));
+
+            if (partial_packet == NULL) {
+               HCI_TRACE_WARNING("%s full_length %d no memory.\n", __func__, full_length);
+               assert(0);
+            }
+
             partial_packet->event = packet->event;
             partial_packet->len = full_length;
             partial_packet->offset = packet->len;

components/bt/host/bluedroid/stack/btm/btm_ble_addr.c

@@ -384,6 +384,10 @@ static BOOLEAN btm_ble_match_random_bda(tBTM_SEC_DEV_REC *p_dev_rec)
 void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK *p_cback, void *p)
 {
 #if (SMP_INCLUDED == TRUE)
+    if (btm_cb.addr_res_en == FALSE) {
+        return;
+    }
+
     tBTM_LE_RANDOM_CB   *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
     list_node_t         *p_node    = NULL;
     tBTM_SEC_DEV_REC *p_dev_rec    = NULL;
@@ -458,6 +462,10 @@ tBTM_SEC_DEV_REC *btm_find_dev_by_identity_addr(BD_ADDR bd_addr, UINT8 addr_type
 BOOLEAN btm_identity_addr_to_random_pseudo(BD_ADDR bd_addr, UINT8 *p_addr_type, BOOLEAN refresh)
 {
 #if BLE_PRIVACY_SPT == TRUE
+    if (btm_cb.addr_res_en == FALSE) {
+        return TRUE;
+    }
+
     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev_by_identity_addr(bd_addr, *p_addr_type);
 
     BTM_TRACE_EVENT ("%s", __func__);
@@ -491,6 +499,10 @@ BOOLEAN btm_identity_addr_to_random_pseudo(BD_ADDR bd_addr, UINT8 *p_addr_type,
 BOOLEAN btm_random_pseudo_to_identity_addr(BD_ADDR random_pseudo, UINT8 *p_static_addr_type)
 {
 #if BLE_PRIVACY_SPT == TRUE
+    if (btm_cb.addr_res_en == FALSE) {
+        return TRUE;
+    }
+
     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev (random_pseudo);
 
     if (p_dev_rec != NULL) {

components/bt/host/bluedroid/stack/btm/btm_main.c

@@ -84,6 +84,7 @@ void btm_init (void)
 #if BLE_INCLUDED == TRUE
     btm_ble_lock_init();
     btm_ble_sem_init();
+    btm_cb.addr_res_en = TRUE;
 #endif
     btm_sec_dev_init();
 #if (BLE_50_FEATURE_SUPPORT == TRUE)
@@ -133,3 +134,16 @@ uint8_t btm_acl_active_count(void)
 
     return count;
 }
+#if (BLE_INCLUDED == TRUE)
+// Address resolution status
+uint8_t btm_get_ble_addr_resolve_disable_status(void)
+{
+    // Returns false if address resolution is enabled, true if disabled
+    return (btm_cb.addr_res_en) ? 0 : 1;
+}
+
+void btm_ble_addr_resolve_enable(bool enable)
+{
+    btm_cb.addr_res_en = enable;
+}
+#endif /*BLE_INCLUDED*/

components/bt/host/bluedroid/stack/btm/include/btm_int.h

@@ -876,6 +876,7 @@ typedef struct {
     UINT16                  ediv;       /* received ediv value from LTK request */
     UINT8                   key_size;
     tBTM_BLE_VSC_CB         cmn_ble_vsc_cb;
+    BOOLEAN                 addr_res_en;   /* internal use for test: address resolution enable/disable */
 #endif
 
     /* Packet types supported by the local device */

components/bt/host/nimble/nimble

@@ -1 +1 @@
-Subproject commit ebaa0fc73229eb89adcc816a5db13d13b4c41818
+Subproject commit e60ef0acbf2105fc8460688f619f65522c93c5ba

components/bt/porting/npl/freertos/src/npl_os_freertos.c

@@ -21,6 +21,7 @@
 #include "esp_log.h"
 #include "soc/soc_caps.h"
 #include "esp_bt.h"
+#include "bt_osi_mem.h"
 
 portMUX_TYPE ble_port_mutex = portMUX_INITIALIZER_UNLOCKED;
 
@@ -95,7 +96,7 @@ IRAM_ATTR npl_freertos_event_init(struct ble_npl_event *ev, ble_npl_event_fn *fn
     }
 #else
     if(!ev->event) {
-        ev->event = malloc(sizeof(struct ble_npl_event_freertos));
+        ev->event = bt_osi_mem_malloc_internal(sizeof(struct ble_npl_event_freertos));
     }
 #endif
     event = (struct ble_npl_event_freertos *)ev->event;
@@ -113,7 +114,7 @@ IRAM_ATTR npl_freertos_event_deinit(struct ble_npl_event *ev)
 #if OS_MEM_ALLOC
     os_memblock_put(&ble_freertos_ev_pool,ev->event);
 #else
-    free(ev->event);
+    bt_osi_mem_free(ev->event);
 #endif
     ev->event = NULL;
 }
@@ -144,7 +145,7 @@ npl_freertos_eventq_init(struct ble_npl_eventq *evq)
     }
 #else
     if(!evq->eventq) {
-        evq->eventq = malloc(sizeof(struct ble_npl_eventq_freertos));
+        evq->eventq = bt_osi_mem_malloc_internal(sizeof(struct ble_npl_eventq_freertos));
         eventq = (struct ble_npl_eventq_freertos*)evq->eventq;
         BLE_LL_ASSERT(eventq);
         memset(eventq, 0, sizeof(*eventq));
@@ -167,7 +168,7 @@ npl_freertos_eventq_deinit(struct ble_npl_eventq *evq)
 #if OS_MEM_ALLOC
     os_memblock_put(&ble_freertos_evq_pool,eventq);
 #else
-    free((void *)eventq);
+    bt_osi_mem_free((void *)eventq);
 #endif
     evq->eventq = NULL;
 }
@@ -331,7 +332,7 @@ npl_freertos_mutex_init(struct ble_npl_mutex *mu)
     }
 #else
     if(!mu->mutex) {
-        mu->mutex = malloc(sizeof(struct ble_npl_mutex_freertos));
+        mu->mutex = bt_osi_mem_malloc_internal(sizeof(struct ble_npl_mutex_freertos));
         mutex = (struct ble_npl_mutex_freertos *)mu->mutex;
 
         if (!mutex) {
@@ -362,7 +363,7 @@ npl_freertos_mutex_deinit(struct ble_npl_mutex *mu)
 #if OS_MEM_ALLOC
     os_memblock_put(&ble_freertos_mutex_pool,mutex);
 #else
-    free((void *)mutex);
+    bt_osi_mem_free((void *)mutex);
 #endif
     mu->mutex = NULL;
 
@@ -468,7 +469,7 @@ npl_freertos_sem_init(struct ble_npl_sem *sem, uint16_t tokens)
     }
 #else
     if(!sem->sem) {
-        sem->sem = malloc(sizeof(struct ble_npl_sem_freertos));
+        sem->sem = bt_osi_mem_malloc_internal(sizeof(struct ble_npl_sem_freertos));
         semaphore = (struct ble_npl_sem_freertos *)sem->sem;
 
         if (!semaphore) {
@@ -499,7 +500,7 @@ npl_freertos_sem_deinit(struct ble_npl_sem *sem)
 #if OS_MEM_ALLOC
     os_memblock_put(&ble_freertos_sem_pool,semaphore);
 #else
-    free((void *)semaphore);
+    bt_osi_mem_free((void *)semaphore);
 #endif
     sem->sem = NULL;
 
@@ -658,7 +659,7 @@ npl_freertos_callout_init(struct ble_npl_callout *co, struct ble_npl_eventq *evq
 #else
 
     if(!co->co) {
-        co->co = malloc(sizeof(struct ble_npl_callout_freertos));
+        co->co = bt_osi_mem_malloc_internal(sizeof(struct ble_npl_callout_freertos));
         callout = (struct ble_npl_callout_freertos *)co->co;
         if (!callout) {
             return -1;
@@ -678,7 +679,7 @@ npl_freertos_callout_init(struct ble_npl_callout *co, struct ble_npl_eventq *evq
 
         if (esp_timer_create(&create_args, &callout->handle) != ESP_OK) {
             ble_npl_event_deinit(&callout->ev);
-            free((void *)callout);
+            bt_osi_mem_free((void *)callout);
             co->co = NULL;
             return -1;
         }
@@ -687,7 +688,7 @@ npl_freertos_callout_init(struct ble_npl_callout *co, struct ble_npl_eventq *evq
 
         if (!callout->handle) {
             ble_npl_event_deinit(&callout->ev);
-            free((void *)callout);
+            bt_osi_mem_free((void *)callout);
             co->co = NULL;
             return -1;
         }
@@ -735,7 +736,7 @@ npl_freertos_callout_deinit(struct ble_npl_callout *co)
 #if OS_MEM_ALLOC
     os_memblock_put(&ble_freertos_co_pool,callout);
 #else
-    free((void *)callout);
+    bt_osi_mem_free((void *)callout);
 #endif // OS_MEM_ALLOC
     co->co = NULL;
     memset(co, 0, sizeof(struct ble_npl_callout));
@@ -1062,7 +1063,7 @@ struct npl_funcs_t * npl_freertos_funcs_get(void)
 
 void npl_freertos_funcs_init(void)
 {
-    npl_funcs = (struct npl_funcs_t *)malloc(sizeof(struct npl_funcs_t));
+    npl_funcs = (struct npl_funcs_t *)bt_osi_mem_malloc_internal(sizeof(struct npl_funcs_t));
     if(!npl_funcs) {
         printf("npl funcs init failed\n");
         assert(0);
@@ -1096,7 +1097,7 @@ int npl_freertos_mempool_init(void)
     ble_freertos_total_event_cnt = ble_total_evt_count;
 
     if (ble_total_evt_count) {
-        ble_freertos_ev_buf  = malloc(OS_MEMPOOL_SIZE(ble_total_evt_count,
+        ble_freertos_ev_buf  = bt_osi_mem_malloc_internal(OS_MEMPOOL_SIZE(ble_total_evt_count,
                                       sizeof (struct ble_npl_event_freertos)) *
                                       sizeof(os_membuf_t));
         if (!ble_freertos_ev_buf) {
@@ -1111,7 +1112,7 @@ int npl_freertos_mempool_init(void)
     }
 
     if (ble_total_evtq_count) {
-        ble_freertos_evq_buf  = malloc(OS_MEMPOOL_SIZE(ble_total_evtq_count,
+        ble_freertos_evq_buf  = bt_osi_mem_malloc_internal(OS_MEMPOOL_SIZE(ble_total_evtq_count,
                                        sizeof (struct ble_npl_eventq_freertos)) *
                                        sizeof(os_membuf_t));
         if (!ble_freertos_evq_buf) {
@@ -1126,7 +1127,7 @@ int npl_freertos_mempool_init(void)
     }
 
     if (ble_total_co_count) {
-        ble_freertos_co_buf  = malloc(OS_MEMPOOL_SIZE(ble_total_co_count,
+        ble_freertos_co_buf  = bt_osi_mem_malloc_internal(OS_MEMPOOL_SIZE(ble_total_co_count,
                                       sizeof (struct ble_npl_callout_freertos)) *
                                       sizeof(os_membuf_t));
         if (!ble_freertos_co_buf) {
@@ -1141,7 +1142,7 @@ int npl_freertos_mempool_init(void)
     }
 
     if (ble_total_sem_count) {
-        ble_freertos_sem_buf  = malloc(OS_MEMPOOL_SIZE(ble_total_sem_count,
+        ble_freertos_sem_buf  = bt_osi_mem_malloc_internal(OS_MEMPOOL_SIZE(ble_total_sem_count,
                                        sizeof (struct ble_npl_sem_freertos)) *
                                        sizeof(os_membuf_t));
         if (!ble_freertos_sem_buf) {
@@ -1156,7 +1157,7 @@ int npl_freertos_mempool_init(void)
     }
 
     if (ble_total_mutex_count) {
-        ble_freertos_mutex_buf  = malloc(OS_MEMPOOL_SIZE(ble_total_mutex_count,
+        ble_freertos_mutex_buf  = bt_osi_mem_malloc_internal(OS_MEMPOOL_SIZE(ble_total_mutex_count,
                                          sizeof (struct ble_npl_mutex_freertos)) *
                                          sizeof(os_membuf_t));
         if (!ble_freertos_mutex_buf) {
@@ -1173,27 +1174,27 @@ int npl_freertos_mempool_init(void)
     return 0;
 _error:
     if (ble_freertos_ev_buf) {
-        free(ble_freertos_ev_buf);
+        bt_osi_mem_free(ble_freertos_ev_buf);
         ble_freertos_ev_buf = NULL;
     }
 
     if (ble_freertos_evq_buf) {
-        free(ble_freertos_evq_buf);
+        bt_osi_mem_free(ble_freertos_evq_buf);
         ble_freertos_evq_buf = NULL;
     }
 
     if (ble_freertos_co_buf) {
-        free(ble_freertos_co_buf);
+        bt_osi_mem_free(ble_freertos_co_buf);
         ble_freertos_co_buf = NULL;
     }
 
     if (ble_freertos_sem_buf) {
-        free(ble_freertos_sem_buf);
+        bt_osi_mem_free(ble_freertos_sem_buf);
         ble_freertos_sem_buf = NULL;
     }
 
     if (ble_freertos_mutex_buf) {
-        free(ble_freertos_mutex_buf);
+        bt_osi_mem_free(ble_freertos_mutex_buf);
         ble_freertos_mutex_buf = NULL;
     }
     return -1;
@@ -1202,23 +1203,23 @@ _error:
 void npl_freertos_mempool_deinit(void)
 {
     if (ble_freertos_ev_buf) {
-        free(ble_freertos_ev_buf);
+        bt_osi_mem_free(ble_freertos_ev_buf);
         ble_freertos_ev_buf = NULL;
     }
     if (ble_freertos_evq_buf) {
-        free(ble_freertos_evq_buf);
+        bt_osi_mem_free(ble_freertos_evq_buf);
         ble_freertos_evq_buf = NULL;
     }
     if (ble_freertos_co_buf) {
-        free(ble_freertos_co_buf);
+        bt_osi_mem_free(ble_freertos_co_buf);
         ble_freertos_co_buf = NULL;
     }
     if (ble_freertos_sem_buf) {
-        free(ble_freertos_sem_buf);
+        bt_osi_mem_free(ble_freertos_sem_buf);
         ble_freertos_sem_buf = NULL;
     }
     if (ble_freertos_mutex_buf) {
-        free(ble_freertos_mutex_buf);
+        bt_osi_mem_free(ble_freertos_mutex_buf);
         ble_freertos_mutex_buf = NULL;
     }
 }
@@ -1226,7 +1227,7 @@ void npl_freertos_mempool_deinit(void)
 void npl_freertos_funcs_deinit(void)
 {
     if (npl_funcs) {
-        free(npl_funcs);
+        bt_osi_mem_free(npl_funcs);
     }
     npl_funcs = NULL;
 }

components/esp_https_ota/include/esp_https_ota.h

@@ -235,6 +235,21 @@ esp_err_t esp_https_ota_get_img_desc(esp_https_ota_handle_t https_ota_handle, es
 int esp_https_ota_get_image_len_read(esp_https_ota_handle_t https_ota_handle);
 
 
+/**
+ * @brief  This function returns the HTTP status code of the last HTTP response.
+ *
+ * @note   This API should be called only after esp_https_ota_begin() has been called.
+ *         This can be used to check the HTTP status code of the OTA download process.
+ *
+ * @param[in]   https_ota_handle   pointer to esp_https_ota_handle_t structure
+ *
+ * @return
+ *    - -1    On failure
+ *    - HTTP status code
+ */
+int esp_https_ota_get_status_code(esp_https_ota_handle_t https_ota_handle);
+
+
 /**
 * @brief  This function returns OTA image total size.
 *

components/esp_https_ota/src/esp_https_ota.c

@@ -697,6 +697,15 @@ esp_err_t esp_https_ota_abort(esp_https_ota_handle_t https_ota_handle)
     return err;
 }
 
+int esp_https_ota_get_status_code(esp_https_ota_handle_t https_ota_handle)
+{
+    esp_https_ota_t *handle = (esp_https_ota_t *) https_ota_handle;
+    if (handle == NULL || handle->http_client == NULL) {
+        return -1;
+    }
+    return esp_http_client_get_status_code(handle->http_client);
+}
+
 int esp_https_ota_get_image_len_read(esp_https_ota_handle_t https_ota_handle)
 {
     esp_https_ota_t *handle = (esp_https_ota_t *)https_ota_handle;

components/esp_hw_support/port/esp32c2/Kconfig.hw_support

@@ -13,12 +13,15 @@ choice ESP32C2_REV_MIN
         bool "Rev v1.0 (ECO1)"
     config ESP32C2_REV_MIN_1_1
         bool "Rev v1.1 (ECO2)"
+    config ESP32C2_REV_MIN_200
+        bool "Rev v2.0 (ECO4)"
 endchoice
 
 config ESP32C2_REV_MIN_FULL
     int
     default 100 if ESP32C2_REV_MIN_1
     default 101 if ESP32C2_REV_MIN_1_1
+    default 200 if ESP32C2_REV_MIN_200
 
 config ESP_REV_MIN_FULL
     int

components/esp_rom/CMakeLists.txt

@@ -219,8 +219,16 @@ else() # Regular app build
         rom_linker_script("newlib")
         rom_linker_script("version")
 
+        if(CONFIG_ESP32C2_REV_MIN_FULL GREATER_EQUAL 200)
+            rom_linker_script("eco4")
+        endif()
+
         if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL)
             rom_linker_script("mbedtls")
+            # For ESP32C2(ECO4), mbedTLS in ROM has been updated to v3.6.0-LTS
+            if(CONFIG_ESP32C2_REV_MIN_FULL GREATER_EQUAL 200)
+                rom_linker_script("mbedtls.eco4")
+            endif()
         endif()
 
         if(time_t_size EQUAL 8)

components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.eco4.ld

@@ -0,0 +1,231 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/***************************************
+ Group eco4_rom_mbedtls
+ ***************************************/
+
+/* Functions */
+mbedtls_mpi_init = 0x400026dc;
+mbedtls_mpi_free = 0x400026e0;
+mbedtls_mpi_grow = 0x400026e4;
+mbedtls_mpi_shrink = 0x400026e8;
+mbedtls_mpi_copy = 0x400026ec;
+mbedtls_mpi_safe_cond_assign = 0x400026f0;
+mbedtls_mpi_safe_cond_swap = 0x400026f4;
+mbedtls_mpi_lset = 0x400026f8;
+mbedtls_mpi_get_bit = 0x400026fc;
+mbedtls_mpi_set_bit = 0x40002700;
+mbedtls_mpi_lsb = 0x40002704;
+mbedtls_mpi_bitlen = 0x40002708;
+mbedtls_mpi_size = 0x4000270c;
+mbedtls_mpi_read_binary = 0x40002710;
+mbedtls_mpi_write_binary = 0x40002714;
+mbedtls_mpi_shift_l = 0x40002718;
+mbedtls_mpi_shift_r = 0x4000271c;
+mbedtls_mpi_cmp_abs = 0x40002720;
+mbedtls_mpi_cmp_mpi = 0x40002724;
+mbedtls_mpi_lt_mpi_ct = 0x40002728;
+mbedtls_mpi_cmp_int = 0x4000272c;
+mbedtls_mpi_add_abs = 0x40002730;
+mbedtls_mpi_sub_abs = 0x40002734;
+mbedtls_mpi_add_mpi = 0x40002738;
+mbedtls_mpi_sub_mpi = 0x4000273c;
+mbedtls_mpi_add_int = 0x40002740;
+mbedtls_mpi_sub_int = 0x40002744;
+mbedtls_mpi_mul_mpi = 0x40002748;
+mbedtls_mpi_mul_int = 0x4000274c;
+mbedtls_mpi_div_mpi = 0x40002750;
+mbedtls_mpi_div_int = 0x40002754;
+mbedtls_mpi_mod_mpi = 0x40002758;
+mbedtls_mpi_mod_int = 0x4000275c;
+mbedtls_mpi_exp_mod = 0x40002760;
+mbedtls_mpi_fill_random = 0x40002764;
+mbedtls_mpi_gcd = 0x40002768;
+mbedtls_mpi_inv_mod = 0x4000276c;
+mbedtls_mpi_is_prime_ext = 0x40002770;
+
+/* Moved from mbedtls.ld to mbedtls.eco4 ld */
+mbedtls_cipher_init = 0x4000277c;
+mbedtls_cipher_set_padding_mode = 0x40002780;
+mbedtls_cipher_reset = 0x40002784;
+mbedtls_cipher_finish = 0x40002788;
+mbedtls_cipher_crypt = 0x4000278c;
+mbedtls_cipher_cmac_starts = 0x40002790;
+mbedtls_cipher_cmac_update = 0x40002794;
+mbedtls_cipher_cmac_finish = 0x40002798;
+
+/***************************************
+ Group eco4_rom_mbedtls
+ ***************************************/
+
+/* Functions */
+rom_mbedtls_threading_set_alt = 0x40002c0c;
+mbedtls_aes_crypt_cfb8 = 0x40002c10;
+mbedtls_mpi_swap = 0x40002c14;
+mbedtls_mpi_read_string = 0x40002c18;
+mbedtls_mpi_write_string = 0x40002c1c;
+mbedtls_mpi_read_binary_le = 0x40002c20;
+mbedtls_mpi_write_binary_le = 0x40002c24;
+mbedtls_mpi_random = 0x40002c28;
+mbedtls_mpi_gen_prime = 0x40002c2c;
+mbedtls_ecp_check_budget = 0x40002c30;
+mbedtls_ecp_set_max_ops = 0x40002c34;
+mbedtls_ecp_restart_is_enabled = 0x40002c38;
+mbedtls_ecp_get_type = 0x40002c3c;
+mbedtls_ecp_curve_list = 0x40002c40;
+mbedtls_ecp_grp_id_list = 0x40002c44;
+mbedtls_ecp_curve_info_from_grp_id = 0x40002c48;
+mbedtls_ecp_curve_info_from_tls_id = 0x40002c4c;
+mbedtls_ecp_curve_info_from_name = 0x40002c50;
+mbedtls_ecp_point_init = 0x40002c54;
+mbedtls_ecp_group_init = 0x40002c58;
+mbedtls_ecp_keypair_init = 0x40002c5c;
+mbedtls_ecp_point_free = 0x40002c60;
+mbedtls_ecp_group_free = 0x40002c64;
+mbedtls_ecp_keypair_free = 0x40002c68;
+mbedtls_ecp_restart_init = 0x40002c6c;
+mbedtls_ecp_restart_free = 0x40002c70;
+mbedtls_ecp_copy = 0x40002c74;
+mbedtls_ecp_group_copy = 0x40002c78;
+mbedtls_ecp_set_zero = 0x40002c7c;
+mbedtls_ecp_is_zero = 0x40002c80;
+mbedtls_ecp_point_cmp = 0x40002c84;
+mbedtls_ecp_point_read_string = 0x40002c88;
+mbedtls_ecp_point_write_binary = 0x40002c8c;
+mbedtls_ecp_point_read_binary = 0x40002c90;
+mbedtls_ecp_tls_read_point = 0x40002c94;
+mbedtls_ecp_tls_write_point = 0x40002c98;
+mbedtls_ecp_group_load = 0x40002c9c;
+mbedtls_ecp_tls_read_group = 0x40002ca0;
+mbedtls_ecp_tls_read_group_id = 0x40002ca4;
+mbedtls_ecp_tls_write_group = 0x40002ca8;
+mbedtls_ecp_mul = 0x40002cac;
+mbedtls_ecp_mul_restartable = 0x40002cb0;
+mbedtls_ecp_muladd = 0x40002cb4;
+mbedtls_ecp_muladd_restartable = 0x40002cb8;
+mbedtls_ecp_check_pubkey = 0x40002cbc;
+mbedtls_ecp_check_privkey = 0x40002cc0;
+mbedtls_ecp_gen_privkey = 0x40002cc4;
+mbedtls_ecp_gen_keypair_base = 0x40002cc8;
+mbedtls_ecp_gen_keypair = 0x40002ccc;
+mbedtls_ecp_gen_key = 0x40002cd0;
+mbedtls_ecp_read_key = 0x40002cd4;
+mbedtls_ecp_write_key_ext = 0x40002cd8;
+mbedtls_ecp_check_pub_priv = 0x40002cdc;
+mbedtls_ecp_export = 0x40002ce0;
+mbedtls_asn1_get_enum = 0x40002ce4;
+mbedtls_asn1_sequence_free = 0x40002ce8;
+mbedtls_asn1_traverse_sequence_of = 0x40002cec;
+mbedtls_asn1_find_named_data = 0x40002cf0;
+mbedtls_asn1_free_named_data_list = 0x40002cf4;
+mbedtls_asn1_free_named_data_list_shallow = 0x40002cf8;
+mbedtls_asn1_write_raw_buffer = 0x40002cfc;
+mbedtls_asn1_write_null = 0x40002d00;
+mbedtls_asn1_write_oid = 0x40002d04;
+mbedtls_asn1_write_algorithm_identifier = 0x40002d08;
+mbedtls_asn1_write_bool = 0x40002d0c;
+mbedtls_asn1_write_int = 0x40002d10;
+mbedtls_asn1_write_enum = 0x40002d14;
+mbedtls_asn1_write_tagged_string = 0x40002d18;
+mbedtls_asn1_write_printable_string = 0x40002d1c;
+mbedtls_asn1_write_utf8_string = 0x40002d20;
+mbedtls_asn1_write_ia5_string = 0x40002d24;
+mbedtls_asn1_write_bitstring = 0x40002d28;
+mbedtls_asn1_write_named_bitstring = 0x40002d2c;
+mbedtls_asn1_write_octet_string = 0x40002d30;
+mbedtls_asn1_store_named_data = 0x40002d34;
+mbedtls_ccm_starts = 0x40002d38;
+mbedtls_ccm_set_lengths = 0x40002d3c;
+mbedtls_ccm_update_ad = 0x40002d40;
+mbedtls_ccm_update = 0x40002d44;
+mbedtls_ccm_finish = 0x40002d48;
+mbedtls_cipher_list = 0x40002d4c;
+mbedtls_cipher_info_from_string = 0x40002d50;
+mbedtls_cipher_info_from_type = 0x40002d54;
+mbedtls_cipher_info_from_values = 0x40002d58;
+mbedtls_cipher_free = 0x40002d5c;
+mbedtls_cipher_setup = 0x40002d60;
+mbedtls_cipher_setkey = 0x40002d64;
+mbedtls_cipher_set_iv = 0x40002d68;
+mbedtls_cipher_update_ad = 0x40002d6c;
+mbedtls_cipher_update = 0x40002d70;
+mbedtls_cipher_write_tag = 0x40002d74;
+mbedtls_cipher_check_tag = 0x40002d78;
+mbedtls_cipher_auth_encrypt_ext = 0x40002d7c;
+mbedtls_cipher_auth_decrypt_ext = 0x40002d80;
+mbedtls_cipher_cmac_reset = 0x40002d84;
+mbedtls_cipher_cmac = 0x40002d88;
+mbedtls_aes_cmac_prf_128 = 0x40002d8c;
+mbedtls_ctr_drbg_set_prediction_resistance = 0x40002d90;
+mbedtls_ctr_drbg_set_entropy_len = 0x40002d94;
+mbedtls_ctr_drbg_set_nonce_len = 0x40002d98;
+mbedtls_ctr_drbg_set_reseed_interval = 0x40002d9c;
+mbedtls_ctr_drbg_update = 0x40002da0;
+mbedtls_base64_encode = 0x40002da4;
+mbedtls_rsa_init = 0x40002da8;
+mbedtls_rsa_set_padding = 0x40002dac;
+mbedtls_rsa_get_padding_mode = 0x40002db0;
+mbedtls_rsa_get_md_alg = 0x40002db4;
+mbedtls_rsa_import = 0x40002db8;
+mbedtls_rsa_import_raw = 0x40002dbc;
+mbedtls_rsa_complete = 0x40002dc0;
+mbedtls_rsa_export = 0x40002dc4;
+mbedtls_rsa_export_raw = 0x40002dc8;
+mbedtls_rsa_export_crt = 0x40002dcc;
+mbedtls_rsa_get_len = 0x40002dd0;
+mbedtls_rsa_gen_key = 0x40002dd4;
+mbedtls_rsa_check_pubkey = 0x40002dd8;
+mbedtls_rsa_check_privkey = 0x40002ddc;
+mbedtls_rsa_check_pub_priv = 0x40002de0;
+mbedtls_rsa_public = 0x40002de4;
+mbedtls_rsa_private = 0x40002de8;
+mbedtls_rsa_pkcs1_encrypt = 0x40002dec;
+mbedtls_rsa_rsaes_pkcs1_v15_encrypt = 0x40002df0;
+mbedtls_rsa_rsaes_oaep_encrypt = 0x40002df4;
+mbedtls_rsa_pkcs1_decrypt = 0x40002df8;
+mbedtls_rsa_rsaes_pkcs1_v15_decrypt = 0x40002dfc;
+mbedtls_rsa_rsaes_oaep_decrypt = 0x40002e00;
+mbedtls_rsa_pkcs1_sign = 0x40002e04;
+mbedtls_rsa_rsassa_pkcs1_v15_sign = 0x40002e08;
+mbedtls_rsa_rsassa_pss_sign_ext = 0x40002e0c;
+mbedtls_rsa_rsassa_pss_sign = 0x40002e10;
+mbedtls_rsa_pkcs1_verify = 0x40002e14;
+mbedtls_rsa_rsassa_pkcs1_v15_verify = 0x40002e18;
+mbedtls_rsa_rsassa_pss_verify = 0x40002e1c;
+mbedtls_rsa_rsassa_pss_verify_ext = 0x40002e20;
+mbedtls_rsa_copy = 0x40002e24;
+mbedtls_rsa_free = 0x40002e28;
+mbedtls_ecdh_can_do = 0x40002e2c;
+mbedtls_ecdh_gen_public = 0x40002e30;
+mbedtls_ecdh_compute_shared = 0x40002e34;
+mbedtls_ecdh_init = 0x40002e38;
+mbedtls_ecdh_setup = 0x40002e3c;
+mbedtls_ecdh_free = 0x40002e40;
+mbedtls_ecdh_make_params = 0x40002e44;
+mbedtls_ecdh_read_params = 0x40002e48;
+mbedtls_ecdh_get_params = 0x40002e4c;
+mbedtls_ecdh_make_public = 0x40002e50;
+mbedtls_ecdh_read_public = 0x40002e54;
+mbedtls_ecdh_calc_secret = 0x40002e58;
+mbedtls_ecdh_enable_restart = 0x40002e5c;
+mbedtls_ecdsa_can_do = 0x40002e60;
+mbedtls_ecdsa_sign = 0x40002e64;
+mbedtls_ecdsa_sign_det_ext = 0x40002e68;
+mbedtls_ecdsa_sign_restartable = 0x40002e6c;
+mbedtls_ecdsa_sign_det_restartable = 0x40002e70;
+mbedtls_ecdsa_verify = 0x40002e74;
+mbedtls_ecdsa_verify_restartable = 0x40002e78;
+mbedtls_ecdsa_write_signature = 0x40002e7c;
+mbedtls_ecdsa_write_signature_restartable = 0x40002e80;
+mbedtls_ecdsa_read_signature = 0x40002e84;
+mbedtls_ecdsa_read_signature_restartable = 0x40002e88;
+mbedtls_ecdsa_genkey = 0x40002e8c;
+mbedtls_ecdsa_from_keypair = 0x40002e90;
+mbedtls_ecdsa_init = 0x40002e94;
+mbedtls_ecdsa_free = 0x40002e98;
+mbedtls_ecdsa_restart_init = 0x40002e9c;
+mbedtls_ecdsa_restart_free = 0x40002ea0;

components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.ld

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -43,14 +43,6 @@ mbedtls_asn1_write_mpi = 0x400026d4;
 mbedtls_base64_decode = 0x400026d8;
 mbedtls_ccm_star_encrypt_and_tag = 0x40002774;
 mbedtls_ccm_star_auth_decrypt = 0x40002778;
-mbedtls_cipher_init = 0x4000277c;
-mbedtls_cipher_set_padding_mode = 0x40002780;
-mbedtls_cipher_reset = 0x40002784;
-mbedtls_cipher_finish = 0x40002788;
-mbedtls_cipher_crypt = 0x4000278c;
-mbedtls_cipher_cmac_starts = 0x40002790;
-mbedtls_cipher_cmac_update = 0x40002794;
-mbedtls_cipher_cmac_finish = 0x40002798;
 mbedtls_ctr_drbg_init = 0x4000279c;
 mbedtls_ctr_drbg_seed = 0x400027a0;
 mbedtls_ctr_drbg_free = 0x400027a4;
@@ -74,7 +66,7 @@ mbedtls_sha512_clone = 0x40002a50;
 mbedtls_sha512_starts = 0x40002a54;
 mbedtls_sha512_update = 0x40002a58;
 mbedtls_sha512_finish = 0x40002a5c;
-mbedtls_internal_sha512_process = 0x40002a60;
+/*mbedtls_internal_sha512_process = 0x40002a60;*/
 mbedtls_sha512 = 0x40002a64;
 mbedtls_aes_xts_init = 0x40002b68;
 mbedtls_aes_xts_free = 0x40002b6c;
@@ -95,7 +87,7 @@ mbedtls_md5_clone = 0x40002be0;
 mbedtls_md5_starts = 0x40002be4;
 mbedtls_md5_update = 0x40002be8;
 mbedtls_md5_finish = 0x40002bec;
-mbedtls_internal_md5_process = 0x40002bf0;
+/*mbedtls_internal_md5_process = 0x40002bf0;*/
 mbedtls_md5 = 0x40002bf4;
 mbedtls_sha1 = 0x40002c08;
 /* Data (.data, .bss, .rodata) */

components/esp_rom/patches/esp_rom_systimer.c

@@ -11,7 +11,7 @@
 
 #if CONFIG_HAL_SYSTIMER_USE_ROM_IMPL
 
-#if CONFIG_IDF_TARGET_ESP32C2
+#if CONFIG_IDF_TARGET_ESP32C2 && (CONFIG_ESP32C2_REV_MIN_FULL < 200)
 void systimer_hal_init(systimer_hal_context_t *hal)
 {
     hal->dev = &SYSTIMER;
@@ -62,6 +62,6 @@ void systimer_hal_counter_value_advance(systimer_hal_context_t *hal, uint32_t co
     systimer_ll_set_counter_value(hal->dev, counter_id, new_count.val);
     systimer_ll_apply_counter_value(hal->dev, counter_id);
 }
-#endif // CONFIG_IDF_TARGET_ESP32C2
+#endif // CONFIG_IDF_TARGET_ESP32C2 && (CONFIG_ESP32C2_REV_MIN_FULL < 200)
 
 #endif // CONFIG_HAL_SYSTIMER_USE_ROM_IMPL

components/heap/Kconfig

@@ -86,7 +86,7 @@ menu "Heap memory debugging"
 
     config HEAP_TLSF_CHECK_PATCH
         bool "Patch the tlsf_check_pool() for ROM HEAP TLSF implementation"
-        depends on IDF_TARGET_ESP32C2 && ESP32C2_REV_MIN_FULL < 200
+        depends on IDF_TARGET_ESP32C2
         default y
         help
             ROM does not contain the patch of tlsf_check_pool() allowing perform

components/mbedtls/CMakeLists.txt

@@ -10,6 +10,10 @@ endif()
 set(mbedtls_srcs "")
 set(mbedtls_include_dirs "port/include" "mbedtls/include" "mbedtls/library")
 
+if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL)
+    list(APPEND mbedtls_include_dirs "port/mbedtls_rom")
+endif()
+
 if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
     list(APPEND mbedtls_srcs "esp_crt_bundle/esp_crt_bundle.c")
     list(APPEND mbedtls_include_dirs "esp_crt_bundle/include")
@@ -86,6 +90,11 @@ set(Python3_EXECUTABLE ${python})
 # Needed to for include_next includes to work from within mbedtls
 include_directories("${COMPONENT_DIR}/port/include")
 
+# Needed to for mbedtls_rom includes to work from within mbedtls
+if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL)
+    include_directories("${COMPONENT_DIR}/port/mbedtls_rom")
+endif()
+
 # Import mbedtls library targets
 add_subdirectory(mbedtls)
 

components/mbedtls/Kconfig

@@ -1058,17 +1058,21 @@ menu "mbedTLS"
         select MBEDTLS_SHA512_C
         select MBEDTLS_AES_C
         select MBEDTLS_CCM_C
+        select MBEDTLS_CMAC_C
         select MBEDTLS_ROM_MD5
         select MBEDTLS_HARDWARE_SHA
+        select MBEDTLS_ECP_RESTARTABLE
+        select MBEDTLS_THREADING_C
         help
             Enable this flag to use mbedtls crypto algorithm from ROM instead of ESP-IDF.
 
             This configuration option saves flash footprint in the application binary.
-            Note that the version of mbedtls crypto algorithm library in ROM is v2.16.12.
-            We have done the security analysis of the mbedtls revision in ROM (v2.16.12)
+            Note that the version of mbedtls crypto algorithm library in ROM(ECO1~ECO3) is v2.16.12,
+            and the version of mbedtls crypto algorithm library in ROM(ECO4) is v3.6.0.
+            We have done the security analysis of the mbedtls revision in ROM (ECO1~ECO4)
             and ensured that affected symbols have been patched (removed). If in the future
             mbedtls revisions there are security issues that also affects the version in
-            ROM (v2.16.12) then we shall patch the relevant symbols. This would increase
+            ROM (ECO1~ECO4) then we shall patch the relevant symbols. This would increase
             the flash footprint and hence care must be taken to keep some reserved space
             for the application binary in flash layout.
 

components/mbedtls/mbedtls

@@ -1 +1 @@
-Subproject commit 72aa687352a469044cbb946f3fdb261430e41ce1
+Subproject commit f635fed59269b1ae14d1a1c50403cd63f78ac094

components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -10,6 +10,8 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
+#include "soc/chip_revision.h"
+#include "hal/efuse_hal.h"
 #include "mbedtls/platform.h"
 #include "mbedtls_rom_osi.h"
 
@@ -17,9 +19,13 @@ void mbedtls_rom_osi_functions_init(void);
 
 static void mbedtls_rom_mutex_init( mbedtls_threading_mutex_t *mutex )
 {
-#if (!defined(CONFIG_MBEDTLS_THREADING_C))
-    ((void) mutex);
+    if (mutex == NULL) {
         return;
+    }
+
+#if defined(MBEDTLS_THREADING_ALT)
+    mutex->mutex = xSemaphoreCreateMutex();
+    assert(mutex->mutex != NULL);
 #else
     mbedtls_mutex_init(mutex);
 #endif
@@ -27,9 +33,12 @@ static void mbedtls_rom_mutex_init( mbedtls_threading_mutex_t *mutex )
 
 static void mbedtls_rom_mutex_free( mbedtls_threading_mutex_t *mutex )
 {
-#if (!defined(CONFIG_MBEDTLS_THREADING_C))
-    ((void) mutex);
+    if (mutex == NULL) {
         return;
+    }
+
+#if defined(MBEDTLS_THREADING_ALT)
+    vSemaphoreDelete(mutex->mutex);
 #else
     mbedtls_mutex_free(mutex);
 #endif
@@ -37,8 +46,14 @@ static void mbedtls_rom_mutex_free( mbedtls_threading_mutex_t *mutex )
 
 static int mbedtls_rom_mutex_lock( mbedtls_threading_mutex_t *mutex )
 {
-#if (!defined(CONFIG_MBEDTLS_THREADING_C))
-    ((void) mutex);
+    if (mutex == NULL) {
+        return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+    }
+
+#if defined(MBEDTLS_THREADING_ALT)
+    if (xSemaphoreTake(mutex->mutex, portMAX_DELAY) != pdTRUE) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
     return 0;
 #else
     return mbedtls_mutex_lock(mutex);
@@ -47,8 +62,14 @@ static int mbedtls_rom_mutex_lock( mbedtls_threading_mutex_t *mutex )
 
 static int mbedtls_rom_mutex_unlock( mbedtls_threading_mutex_t *mutex )
 {
-#if (!defined(CONFIG_MBEDTLS_THREADING_C))
-    ((void) mutex);
+    if (mutex == NULL) {
+        return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+    }
+
+#if defined(MBEDTLS_THREADING_ALT)
+    if (xSemaphoreGive(mutex->mutex) != pdTRUE) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
     return 0;
 #else
     return mbedtls_mutex_unlock(mutex);
@@ -81,7 +102,7 @@ static const mbedtls_rom_funcs_t mbedtls_rom_funcs_table = {
     ._rom_mbedtls_asn1_write_len = mbedtls_asn1_write_len,
     ._rom_mbedtls_asn1_write_tag = mbedtls_asn1_write_tag,
     ._rom_mbedtls_asn1_write_mpi = mbedtls_asn1_write_mpi,
-    /* base64 moudle */
+    /* base64 module */
     ._rom_mbedtls_base64_decode = mbedtls_base64_decode,
     /* bignum module */
     ._rom_mbedtls_mpi_init = mbedtls_mpi_init,
@@ -179,9 +200,269 @@ static const mbedtls_rom_funcs_t mbedtls_rom_funcs_table = {
     ._mbedtls_internal_sha256_process = mbedtls_internal_sha256_process,
 };
 
+/* This structure can be automatically generated by the script with rom.mbedtls.ld. */
+static const mbedtls_rom_eco4_funcs_t mbedtls_rom_eco4_funcs_table = {
+    /* Fill the ROM functions into mbedtls rom function table. */
+    /* aes module */
+    ._rom_mbedtls_aes_init = mbedtls_aes_init,
+    ._rom_mbedtls_aes_free = mbedtls_aes_free,
+    ._rom_mbedtls_aes_setkey_enc = mbedtls_aes_setkey_enc,
+    ._rom_mbedtls_aes_setkey_dec = mbedtls_aes_setkey_dec,
+    ._rom_mbedtls_aes_crypt_ecb = mbedtls_aes_crypt_ecb,
+    ._rom_mbedtls_aes_crypt_cbc = mbedtls_aes_crypt_cbc,
+    ._rom_mbedtls_internal_aes_encrypt = mbedtls_internal_aes_encrypt,
+    ._rom_mbedtls_internal_aes_decrypt = mbedtls_internal_aes_decrypt,
+    /* asn1 module */
+    ._rom_mbedtls_asn1_get_len = mbedtls_asn1_get_len,
+    ._rom_mbedtls_asn1_get_tag = mbedtls_asn1_get_tag,
+    ._rom_mbedtls_asn1_get_bool = mbedtls_asn1_get_bool,
+    ._rom_mbedtls_asn1_get_int = mbedtls_asn1_get_int,
+    ._rom_mbedtls_asn1_get_bitstring = mbedtls_asn1_get_bitstring,
+    ._rom_mbedtls_asn1_get_bitstring_null = mbedtls_asn1_get_bitstring_null,
+    ._rom_mbedtls_asn1_get_sequence_of = mbedtls_asn1_get_sequence_of,
+    ._rom_mbedtls_asn1_get_mpi = mbedtls_asn1_get_mpi,
+    ._rom_mbedtls_asn1_get_alg = mbedtls_asn1_get_alg,
+    ._rom_mbedtls_asn1_get_alg_null = mbedtls_asn1_get_alg_null,
+    ._rom_mbedtls_asn1_write_len = mbedtls_asn1_write_len,
+    ._rom_mbedtls_asn1_write_tag = mbedtls_asn1_write_tag,
+    ._rom_mbedtls_asn1_write_mpi = mbedtls_asn1_write_mpi,
+    /* base64 module */
+    ._rom_mbedtls_base64_decode = mbedtls_base64_decode,
+    /* bignum module */
+    ._rom_mbedtls_mpi_init = mbedtls_mpi_init,
+    ._rom_mbedtls_mpi_free = mbedtls_mpi_free,
+    ._rom_mbedtls_mpi_grow = mbedtls_mpi_grow,
+    ._rom_mbedtls_mpi_shrink = mbedtls_mpi_shrink,
+    ._rom_mbedtls_mpi_copy = mbedtls_mpi_copy,
+    ._rom_mbedtls_mpi_safe_cond_assign = mbedtls_mpi_safe_cond_assign,
+    ._rom_mbedtls_mpi_safe_cond_swap = mbedtls_mpi_safe_cond_swap,
+    ._rom_mbedtls_mpi_lset = mbedtls_mpi_lset,
+    ._rom_mbedtls_mpi_get_bit = mbedtls_mpi_get_bit,
+    ._rom_mbedtls_mpi_set_bit = mbedtls_mpi_set_bit,
+    ._rom_mbedtls_mpi_lsb = mbedtls_mpi_lsb,
+    ._rom_mbedtls_mpi_bitlen = mbedtls_mpi_bitlen,
+    ._rom_mbedtls_mpi_size = mbedtls_mpi_size,
+    ._rom_mbedtls_mpi_read_binary = mbedtls_mpi_read_binary,
+    ._rom_mbedtls_mpi_write_binary = mbedtls_mpi_write_binary,
+    ._rom_mbedtls_mpi_shift_l = mbedtls_mpi_shift_l,
+    ._rom_mbedtls_mpi_shift_r = mbedtls_mpi_shift_r,
+    ._rom_mbedtls_mpi_cmp_abs = mbedtls_mpi_cmp_abs,
+    ._rom_mbedtls_mpi_cmp_mpi = mbedtls_mpi_cmp_mpi,
+    ._rom_mbedtls_mpi_lt_mpi_ct = mbedtls_mpi_lt_mpi_ct,
+    ._rom_mbedtls_mpi_cmp_int = mbedtls_mpi_cmp_int,
+    ._rom_mbedtls_mpi_add_abs = mbedtls_mpi_add_abs,
+    ._rom_mbedtls_mpi_sub_abs = mbedtls_mpi_sub_abs,
+    ._rom_mbedtls_mpi_add_mpi = mbedtls_mpi_add_mpi,
+    ._rom_mbedtls_mpi_sub_mpi = mbedtls_mpi_sub_mpi,
+    ._rom_mbedtls_mpi_add_int = mbedtls_mpi_add_int,
+    ._rom_mbedtls_mpi_sub_int = mbedtls_mpi_sub_int,
+    ._rom_mbedtls_mpi_mul_mpi = mbedtls_mpi_mul_mpi,
+    ._rom_mbedtls_mpi_mul_int = mbedtls_mpi_mul_int,
+    ._rom_mbedtls_mpi_div_mpi = mbedtls_mpi_div_mpi,
+    ._rom_mbedtls_mpi_div_int = mbedtls_mpi_div_int,
+    ._rom_mbedtls_mpi_mod_mpi = mbedtls_mpi_mod_mpi,
+    ._rom_mbedtls_mpi_mod_int = mbedtls_mpi_mod_int,
+    ._rom_mbedtls_mpi_exp_mod = mbedtls_mpi_exp_mod,
+    ._rom_mbedtls_mpi_fill_random = mbedtls_mpi_fill_random,
+    ._rom_mbedtls_mpi_gcd = mbedtls_mpi_gcd,
+    ._rom_mbedtls_mpi_inv_mod = mbedtls_mpi_inv_mod,
+    ._rom_mbedtls_mpi_is_prime_ext = mbedtls_mpi_is_prime_ext,
+    /* ccm module */
+    ._rom_mbedtls_ccm_star_encrypt_and_tag = mbedtls_ccm_star_encrypt_and_tag,
+    ._rom_mbedtls_ccm_star_auth_decrypt = mbedtls_ccm_star_auth_decrypt,
+    /* cipher module */
+    ._rom_mbedtls_cipher_init = mbedtls_cipher_init,
+    ._rom_mbedtls_cipher_set_padding_mode = mbedtls_cipher_set_padding_mode,
+    ._rom_mbedtls_cipher_reset = mbedtls_cipher_reset,
+    ._rom_mbedtls_cipher_finish = mbedtls_cipher_finish,
+    ._rom_mbedtls_cipher_crypt = mbedtls_cipher_crypt,
+    ._rom_mbedtls_cipher_cmac_starts = mbedtls_cipher_cmac_starts,
+    ._rom_mbedtls_cipher_cmac_update = mbedtls_cipher_cmac_update,
+    ._rom_mbedtls_cipher_cmac_finish = mbedtls_cipher_cmac_finish,
+    /* ctr drbg module */
+    ._rom_mbedtls_ctr_drbg_init = mbedtls_ctr_drbg_init,
+    ._rom_mbedtls_ctr_drbg_seed = mbedtls_ctr_drbg_seed,
+    ._rom_mbedtls_ctr_drbg_free = mbedtls_ctr_drbg_free,
+    ._rom_mbedtls_ctr_drbg_reseed = mbedtls_ctr_drbg_reseed,
+    ._rom_mbedtls_ctr_drbg_random_with_add = mbedtls_ctr_drbg_random_with_add,
+    ._rom_mbedtls_ctr_drbg_random = mbedtls_ctr_drbg_random,
+    /* sha1 module */
+    ._rom_mbedtls_sha1_init = mbedtls_sha1_init,
+    ._rom_mbedtls_sha1_free = mbedtls_sha1_free,
+    ._rom_mbedtls_sha1_clone = mbedtls_sha1_clone,
+    ._rom_mbedtls_sha1_starts = mbedtls_sha1_starts,
+    ._rom_mbedtls_sha1_finish = mbedtls_sha1_finish,
+    /* sha256 module */
+    ._rom_mbedtls_sha256_init = mbedtls_sha256_init,
+    ._rom_mbedtls_sha256_free = mbedtls_sha256_free,
+    ._rom_mbedtls_sha256_clone = mbedtls_sha256_clone,
+    ._rom_mbedtls_sha256_starts = mbedtls_sha256_starts,
+    ._rom_mbedtls_sha256_finish = mbedtls_sha256_finish,
+    ._rom_mbedtls_sha256 = mbedtls_sha256,
+    /* sha512 module */
+    ._rom_mbedtls_sha512_init = mbedtls_sha512_init,
+    ._rom_mbedtls_sha512_free = mbedtls_sha512_free,
+    ._rom_mbedtls_sha512_clone = mbedtls_sha512_clone,
+    ._rom_mbedtls_sha512_starts = mbedtls_sha512_starts,
+    ._rom_mbedtls_sha512_update = mbedtls_sha512_update,
+    ._rom_mbedtls_sha512_finish = mbedtls_sha512_finish,
+    //._rom_mbedtls_internal_sha512_process = mbedtls_internal_sha512_process,
+    ._rom_mbedtls_sha512 = mbedtls_sha512,
+
+    ._rom_mbedtls_aes_xts_init = mbedtls_aes_xts_init,
+    ._rom_mbedtls_aes_xts_free = mbedtls_aes_xts_free,
+    ._rom_mbedtls_aes_xts_setkey_enc = mbedtls_aes_xts_setkey_enc,
+    ._rom_mbedtls_aes_xts_setkey_dec = mbedtls_aes_xts_setkey_dec,
+    ._rom_mbedtls_aes_crypt_xts = mbedtls_aes_crypt_xts,
+    ._rom_mbedtls_aes_crypt_cfb128 = mbedtls_aes_crypt_cfb128,
+    ._rom_mbedtls_aes_crypt_ofb = mbedtls_aes_crypt_ofb,
+    ._rom_mbedtls_aes_crypt_ctr = mbedtls_aes_crypt_ctr,
+    ._rom_mbedtls_ccm_init = mbedtls_ccm_init,
+    ._rom_mbedtls_ccm_setkey = mbedtls_ccm_setkey,
+    ._rom_mbedtls_ccm_free = mbedtls_ccm_free,
+    ._rom_mbedtls_ccm_encrypt_and_tag = mbedtls_ccm_encrypt_and_tag,
+    ._rom_mbedtls_ccm_auth_decrypt = mbedtls_ccm_auth_decrypt,
+    ._rom_mbedtls_md5_init = mbedtls_md5_init,
+    ._rom_mbedtls_md5_free = mbedtls_md5_free,
+    ._rom_mbedtls_md5_clone = mbedtls_md5_clone,
+    ._rom_mbedtls_md5_starts = mbedtls_md5_starts,
+    ._rom_mbedtls_md5_update = mbedtls_md5_update,
+    ._rom_mbedtls_md5_finish = mbedtls_md5_finish,
+    ._rom_mbedtls_md5 = mbedtls_md5,
+    ._rom_mbedtls_sha1 = mbedtls_sha1,
+
+    // eco4 rom mbedtls functions
+    ._rom_mbedtls_aes_crypt_cfb8 = mbedtls_aes_crypt_cfb8,
+    ._rom_mbedtls_mpi_swap = mbedtls_mpi_swap,
+    ._rom_mbedtls_mpi_read_string = mbedtls_mpi_read_string,
+    ._rom_mbedtls_mpi_write_string = mbedtls_mpi_write_string,
+    ._rom_mbedtls_mpi_read_binary_le = mbedtls_mpi_read_binary_le,
+    ._rom_mbedtls_mpi_write_binary_le = mbedtls_mpi_write_binary_le,
+    ._rom_mbedtls_mpi_random = mbedtls_mpi_random,
+    ._rom_mbedtls_mpi_gen_prime = mbedtls_mpi_gen_prime,
+    ._rom_mbedtls_ecp_check_budget = mbedtls_ecp_check_budget,
+    ._rom_mbedtls_ecp_set_max_ops = mbedtls_ecp_set_max_ops,
+    ._rom_mbedtls_ecp_restart_is_enabled = mbedtls_ecp_restart_is_enabled,
+    ._rom_mbedtls_ecp_get_type = mbedtls_ecp_get_type,
+    ._rom_mbedtls_ecp_curve_list = mbedtls_ecp_curve_list,
+    ._rom_mbedtls_ecp_grp_id_list = mbedtls_ecp_grp_id_list,
+    ._rom_mbedtls_ecp_curve_info_from_grp_id = mbedtls_ecp_curve_info_from_grp_id,
+    ._rom_mbedtls_ecp_curve_info_from_tls_id = mbedtls_ecp_curve_info_from_tls_id,
+    ._rom_mbedtls_ecp_curve_info_from_name = mbedtls_ecp_curve_info_from_name,
+    ._rom_mbedtls_ecp_point_init = mbedtls_ecp_point_init,
+    ._rom_mbedtls_ecp_group_init = mbedtls_ecp_group_init,
+    ._rom_mbedtls_ecp_keypair_init = mbedtls_ecp_keypair_init,
+    ._rom_mbedtls_ecp_point_free = mbedtls_ecp_point_free,
+    ._rom_mbedtls_ecp_group_free = mbedtls_ecp_group_free,
+    ._rom_mbedtls_ecp_keypair_free = mbedtls_ecp_keypair_free,
+    ._rom_mbedtls_ecp_restart_init = mbedtls_ecp_restart_init,
+    ._rom_mbedtls_ecp_restart_free = mbedtls_ecp_restart_free,
+    ._rom_mbedtls_ecp_copy = mbedtls_ecp_copy,
+    ._rom_mbedtls_ecp_group_copy = mbedtls_ecp_group_copy,
+    ._rom_mbedtls_ecp_set_zero = mbedtls_ecp_set_zero,
+    ._rom_mbedtls_ecp_is_zero = mbedtls_ecp_is_zero,
+    ._rom_mbedtls_ecp_point_cmp = mbedtls_ecp_point_cmp,
+    ._rom_mbedtls_ecp_point_read_string = mbedtls_ecp_point_read_string,
+    ._rom_mbedtls_ecp_point_write_binary = mbedtls_ecp_point_write_binary,
+    ._rom_mbedtls_ecp_point_read_binary = mbedtls_ecp_point_read_binary,
+    ._rom_mbedtls_ecp_tls_read_point = mbedtls_ecp_tls_read_point,
+    ._rom_mbedtls_ecp_tls_write_point = mbedtls_ecp_tls_write_point,
+    ._rom_mbedtls_ecp_group_load = mbedtls_ecp_group_load,
+    ._rom_mbedtls_ecp_tls_read_group = mbedtls_ecp_tls_read_group,
+    ._rom_mbedtls_ecp_tls_read_group_id = mbedtls_ecp_tls_read_group_id,
+    ._rom_mbedtls_ecp_tls_write_group = mbedtls_ecp_tls_write_group,
+    ._rom_mbedtls_ecp_mul = mbedtls_ecp_mul,
+    ._rom_mbedtls_ecp_mul_restartable = mbedtls_ecp_mul_restartable,
+    ._rom_mbedtls_ecp_muladd = mbedtls_ecp_muladd,
+    ._rom_mbedtls_ecp_muladd_restartable = mbedtls_ecp_muladd_restartable,
+    ._rom_mbedtls_ecp_check_pubkey = mbedtls_ecp_check_pubkey,
+    ._rom_mbedtls_ecp_check_privkey = mbedtls_ecp_check_privkey,
+    ._rom_mbedtls_ecp_gen_privkey = mbedtls_ecp_gen_privkey,
+    ._rom_mbedtls_ecp_gen_keypair_base = mbedtls_ecp_gen_keypair_base,
+    ._rom_mbedtls_ecp_gen_keypair = mbedtls_ecp_gen_keypair,
+    ._rom_mbedtls_ecp_gen_key = mbedtls_ecp_gen_key,
+    ._rom_mbedtls_ecp_read_key = mbedtls_ecp_read_key,
+    ._rom_mbedtls_ecp_write_key_ext = mbedtls_ecp_write_key_ext,
+    ._rom_mbedtls_ecp_check_pub_priv = mbedtls_ecp_check_pub_priv,
+    ._rom_mbedtls_ecp_export = mbedtls_ecp_export,
+    ._rom_mbedtls_asn1_get_enum = mbedtls_asn1_get_enum,
+    ._rom_mbedtls_asn1_sequence_free = mbedtls_asn1_sequence_free,
+    ._rom_mbedtls_asn1_traverse_sequence_of = mbedtls_asn1_traverse_sequence_of,
+    ._rom_mbedtls_asn1_find_named_data = mbedtls_asn1_find_named_data,
+    ._rom_mbedtls_asn1_free_named_data_list = mbedtls_asn1_free_named_data_list,
+    ._rom_mbedtls_asn1_free_named_data_list_shallow = mbedtls_asn1_free_named_data_list_shallow,
+    ._rom_mbedtls_asn1_write_raw_buffer = mbedtls_asn1_write_raw_buffer,
+    ._rom_mbedtls_asn1_write_null = mbedtls_asn1_write_null,
+    ._rom_mbedtls_asn1_write_oid = mbedtls_asn1_write_oid,
+    ._rom_mbedtls_asn1_write_algorithm_identifier = mbedtls_asn1_write_algorithm_identifier,
+    ._rom_mbedtls_asn1_write_bool = mbedtls_asn1_write_bool,
+    ._rom_mbedtls_asn1_write_int = mbedtls_asn1_write_int,
+    ._rom_mbedtls_asn1_write_enum = mbedtls_asn1_write_enum,
+    ._rom_mbedtls_asn1_write_tagged_string = mbedtls_asn1_write_tagged_string,
+    ._rom_mbedtls_asn1_write_printable_string = mbedtls_asn1_write_printable_string,
+    ._rom_mbedtls_asn1_write_utf8_string = mbedtls_asn1_write_utf8_string,
+    ._rom_mbedtls_asn1_write_ia5_string = mbedtls_asn1_write_ia5_string,
+    ._rom_mbedtls_asn1_write_bitstring = mbedtls_asn1_write_bitstring,
+    ._rom_mbedtls_asn1_write_named_bitstring = mbedtls_asn1_write_named_bitstring,
+    ._rom_mbedtls_asn1_write_octet_string = mbedtls_asn1_write_octet_string,
+    ._rom_mbedtls_asn1_store_named_data = mbedtls_asn1_store_named_data,
+    ._rom_mbedtls_ccm_starts = mbedtls_ccm_starts,
+    ._rom_mbedtls_ccm_set_lengths = mbedtls_ccm_set_lengths,
+    ._rom_mbedtls_ccm_update_ad = mbedtls_ccm_update_ad,
+    ._rom_mbedtls_ccm_update = mbedtls_ccm_update,
+    ._rom_mbedtls_ccm_finish = mbedtls_ccm_finish,
+    ._rom_mbedtls_cipher_list = mbedtls_cipher_list,
+    ._rom_mbedtls_cipher_info_from_string = mbedtls_cipher_info_from_string,
+    ._rom_mbedtls_cipher_info_from_type = mbedtls_cipher_info_from_type,
+    ._rom_mbedtls_cipher_info_from_values = mbedtls_cipher_info_from_values,
+    ._rom_mbedtls_cipher_free = mbedtls_cipher_free,
+    ._rom_mbedtls_cipher_setup = mbedtls_cipher_setup,
+    ._rom_mbedtls_cipher_setkey = mbedtls_cipher_setkey,
+    ._rom_mbedtls_cipher_set_iv = mbedtls_cipher_set_iv,
+    ._rom_mbedtls_cipher_update_ad = mbedtls_cipher_update_ad,
+    ._rom_mbedtls_cipher_update = mbedtls_cipher_update,
+    ._rom_mbedtls_cipher_write_tag = mbedtls_cipher_write_tag,
+    ._rom_mbedtls_cipher_check_tag = mbedtls_cipher_check_tag,
+    ._rom_mbedtls_cipher_auth_encrypt_ext = mbedtls_cipher_auth_encrypt_ext,
+    ._rom_mbedtls_cipher_auth_decrypt_ext = mbedtls_cipher_auth_decrypt_ext,
+    ._rom_mbedtls_cipher_cmac_reset = mbedtls_cipher_cmac_reset,
+    ._rom_mbedtls_cipher_cmac = mbedtls_cipher_cmac,
+    ._rom_mbedtls_aes_cmac_prf_128 = mbedtls_aes_cmac_prf_128,
+    ._rom_mbedtls_ctr_drbg_set_prediction_resistance = mbedtls_ctr_drbg_set_prediction_resistance,
+    ._rom_mbedtls_ctr_drbg_set_entropy_len = mbedtls_ctr_drbg_set_entropy_len,
+    ._rom_mbedtls_ctr_drbg_set_nonce_len = mbedtls_ctr_drbg_set_nonce_len,
+    ._rom_mbedtls_ctr_drbg_set_reseed_interval = mbedtls_ctr_drbg_set_reseed_interval,
+    ._rom_mbedtls_ctr_drbg_update = mbedtls_ctr_drbg_update,
+    ._rom_mbedtls_base64_encode = mbedtls_base64_encode,
+
+    /* Fill the SHA hardware functions into mbedtls rom function table */
+    ._rom_mbedtls_sha1_update = mbedtls_sha1_update,
+    ._rom_mbedtls_sha256_update = mbedtls_sha256_update,
+
+    //memory calloc free
+    ._rom_mbedtls_mem_calloc = MBEDTLS_PLATFORM_STD_CALLOC,
+    ._rom_mbedtls_mem_free = MBEDTLS_PLATFORM_STD_FREE,
+};
+
 __attribute__((constructor)) void mbedtls_rom_osi_functions_init(void)
 {
-    /* Initialize the pointer of mbedtls rom osi function table. */
-    extern mbedtls_rom_funcs_t *mbedtls_rom_osi_funcs_ptr;
+    /* Export the rom mbedtls functions table pointer */
+    extern void *mbedtls_rom_osi_funcs_ptr;
+
+#if defined(MBEDTLS_THREADING_ALT)
+    mbedtls_threading_set_alt(mbedtls_rom_mutex_init, mbedtls_rom_mutex_free, mbedtls_rom_mutex_lock, mbedtls_rom_mutex_unlock);
+#endif
+
+    unsigned chip_version = efuse_hal_chip_revision();
+    if ( ESP_CHIP_REV_ABOVE(chip_version, 200) ) {
+        /* Initialize the rom function mbedtls_threading_set_alt on chip rev2.0 with rom eco4 */
+        _rom_mbedtls_threading_set_alt_t rom_mbedtls_threading_set_alt = (_rom_mbedtls_threading_set_alt_t)0x40002c0c;
+        rom_mbedtls_threading_set_alt(mbedtls_rom_mutex_init, mbedtls_rom_mutex_free, mbedtls_rom_mutex_lock, mbedtls_rom_mutex_unlock);
+
+        /* Initialize the pointer of rom eco4 mbedtls functions table. */
+        mbedtls_rom_osi_funcs_ptr = (mbedtls_rom_eco4_funcs_t *)&mbedtls_rom_eco4_funcs_table;
+    } else {
+        /* Initialize the pointer of rom mbedtls functions table. */
         mbedtls_rom_osi_funcs_ptr = (mbedtls_rom_funcs_t *)&mbedtls_rom_funcs_table;
     }
+}

components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -23,6 +23,7 @@
 #include "mbedtls/entropy.h"
 #include "mbedtls/hmac_drbg.h"
 #include "mbedtls/md.h"
+#include "mbedtls/md5.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/pem.h"
 #include "mbedtls/pkcs12.h"
@@ -43,11 +44,14 @@ extern "C" {
 #endif
 
 #if (!defined(CONFIG_MBEDTLS_THREADING_C))
-typedef struct mbedtls_threading_mutex_t {
-    int dummy;
-} mbedtls_threading_mutex_t;
+#error CONFIG_MBEDTLS_THREADING_C
 #endif
 
+typedef void (*_rom_mbedtls_threading_set_alt_t)(void (*mutex_init)(mbedtls_threading_mutex_t *),
+                                          void (*mutex_free)(mbedtls_threading_mutex_t *),
+                                          int (*mutex_lock)(mbedtls_threading_mutex_t *),
+                                          int (*mutex_unlock)(mbedtls_threading_mutex_t *));
+
 typedef struct mbedtls_rom_funcs {
     void (*_rom_mbedtls_aes_init)( mbedtls_aes_context *ctx );
     int (*_rom_ssl_write_client_hello)( mbedtls_ssl_context *ssl );
@@ -404,6 +408,254 @@ typedef struct mbedtls_rom_funcs {
     int (*_mbedtls_x509_time_is_future)( const mbedtls_x509_time *from );
 } mbedtls_rom_funcs_t;
 
+typedef struct mbedtls_rom_eco4_funcs {
+    // aes module
+    void (*_rom_mbedtls_aes_init)(mbedtls_aes_context *ctx);
+    void (*_rom_mbedtls_aes_free)(mbedtls_aes_context *ctx);
+    void (*_rom_mbedtls_aes_xts_init)(mbedtls_aes_xts_context *ctx);
+    void (*_rom_mbedtls_aes_xts_free)(mbedtls_aes_xts_context *ctx);
+    int (*_rom_mbedtls_aes_setkey_enc)(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits);
+    int (*_rom_mbedtls_aes_setkey_dec)(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits);
+    int (*_rom_mbedtls_aes_xts_setkey_enc)(mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits);
+    int (*_rom_mbedtls_aes_xts_setkey_dec)(mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits);
+    int (*_rom_mbedtls_aes_crypt_ecb)(mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16]);
+    int (*_rom_mbedtls_aes_crypt_cbc)(mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output);
+    int (*_rom_mbedtls_aes_crypt_xts)(mbedtls_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output);
+    int (*_rom_mbedtls_aes_crypt_cfb128)(mbedtls_aes_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output);
+    int (*_rom_mbedtls_aes_crypt_ofb)(mbedtls_aes_context *ctx, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output);
+    int (*_rom_mbedtls_aes_crypt_ctr)(mbedtls_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output);
+    int (*_rom_mbedtls_internal_aes_encrypt)(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]);
+    int (*_rom_mbedtls_internal_aes_decrypt)(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]);
+    // md5 module
+    void (*_rom_mbedtls_md5_init)(mbedtls_md5_context *ctx);
+    void (*_rom_mbedtls_md5_free)(mbedtls_md5_context *ctx);
+    void (*_rom_mbedtls_md5_clone)(mbedtls_md5_context *dst, const mbedtls_md5_context *src);
+    int (*_rom_mbedtls_md5_starts)(mbedtls_md5_context *ctx);
+    int (*_rom_mbedtls_md5_update)(mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen);
+    int (*_rom_mbedtls_md5_finish)(mbedtls_md5_context *ctx, unsigned char output[16]);
+    int (*_rom_mbedtls_md5)(const unsigned char *input, size_t ilen, unsigned char output[16]);
+    // bignum module
+    void (*_rom_mbedtls_mpi_init)(mbedtls_mpi *X);
+    void (*_rom_mbedtls_mpi_free)(mbedtls_mpi *X);
+    int (*_rom_mbedtls_mpi_grow)(mbedtls_mpi *X, size_t nblimbs);
+    int (*_rom_mbedtls_mpi_shrink)(mbedtls_mpi *X, size_t nblimbs);
+    int (*_rom_mbedtls_mpi_copy)(mbedtls_mpi *X, const mbedtls_mpi *Y);
+    int (*_rom_mbedtls_mpi_safe_cond_assign)(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign);
+    int (*_rom_mbedtls_mpi_safe_cond_swap)(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap);
+    int (*_rom_mbedtls_mpi_lset)(mbedtls_mpi *X, mbedtls_mpi_sint z);
+    int (*_rom_mbedtls_mpi_get_bit)(const mbedtls_mpi *X, size_t pos);
+    int (*_rom_mbedtls_mpi_set_bit)(mbedtls_mpi *X, size_t pos, unsigned char val);
+    size_t (*_rom_mbedtls_mpi_lsb)(const mbedtls_mpi *X);
+    size_t (*_rom_mbedtls_mpi_bitlen)(const mbedtls_mpi *X);
+    size_t (*_rom_mbedtls_mpi_size)(const mbedtls_mpi *X);
+    int (*_rom_mbedtls_mpi_read_binary)(mbedtls_mpi *X, const unsigned char *buf, size_t buflen);
+    int (*_rom_mbedtls_mpi_write_binary)(const mbedtls_mpi *X, unsigned char *buf, size_t buflen);
+    int (*_rom_mbedtls_mpi_shift_l)(mbedtls_mpi *X, size_t count);
+    int (*_rom_mbedtls_mpi_shift_r)(mbedtls_mpi *X, size_t count);
+    int (*_rom_mbedtls_mpi_cmp_abs)(const mbedtls_mpi *X, const mbedtls_mpi *Y);
+    int (*_rom_mbedtls_mpi_cmp_mpi)(const mbedtls_mpi *X, const mbedtls_mpi *Y);
+    int (*_rom_mbedtls_mpi_lt_mpi_ct)(const mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned *ret);
+    int (*_rom_mbedtls_mpi_cmp_int)(const mbedtls_mpi *X, mbedtls_mpi_sint z);
+    int (*_rom_mbedtls_mpi_add_abs)(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B);
+    int (*_rom_mbedtls_mpi_sub_abs)(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B);
+    int (*_rom_mbedtls_mpi_add_mpi)(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B);
+    int (*_rom_mbedtls_mpi_sub_mpi)(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B);
+    int (*_rom_mbedtls_mpi_add_int)(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b);
+    int (*_rom_mbedtls_mpi_sub_int)(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b);
+    int (*_rom_mbedtls_mpi_mul_mpi)(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B);
+    int (*_rom_mbedtls_mpi_mul_int)(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b);
+    int (*_rom_mbedtls_mpi_div_mpi)(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B);
+    int (*_rom_mbedtls_mpi_div_int)(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b);
+    int (*_rom_mbedtls_mpi_mod_mpi)(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B);
+    int (*_rom_mbedtls_mpi_mod_int)(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b);
+    int (*_rom_mbedtls_mpi_exp_mod)(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *prec_RR);
+    int (*_rom_mbedtls_mpi_fill_random)(mbedtls_mpi *X, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    int (*_rom_mbedtls_mpi_gcd)(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B);
+    int (*_rom_mbedtls_mpi_inv_mod)(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N);
+    int (*_rom_mbedtls_mpi_is_prime_ext)(const mbedtls_mpi *X, int rounds, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    // sha1 sha256 sha512 module
+    void (*_rom_mbedtls_sha1_init)(mbedtls_sha1_context *ctx);
+    void (*_rom_mbedtls_sha1_free)(mbedtls_sha1_context *ctx);
+    void (*_rom_mbedtls_sha1_clone)(mbedtls_sha1_context *dst, const mbedtls_sha1_context *src);
+    int (*_rom_mbedtls_sha1_starts)(mbedtls_sha1_context *ctx);
+    int (*_rom_mbedtls_sha1_finish)(mbedtls_sha1_context *ctx, unsigned char output[20]);
+    int (*_rom_mbedtls_sha1)(const unsigned char *input, size_t ilen, unsigned char output[20]);
+    void (*_rom_mbedtls_sha256_init)(mbedtls_sha256_context *ctx);
+    void (*_rom_mbedtls_sha256_free)(mbedtls_sha256_context *ctx);
+    void (*_rom_mbedtls_sha256_clone)(mbedtls_sha256_context *dst, const mbedtls_sha256_context *src);
+    int (*_rom_mbedtls_sha256_starts)(mbedtls_sha256_context *ctx, int is224);
+    int (*_rom_mbedtls_sha256_finish)(mbedtls_sha256_context *ctx, unsigned char *output);
+    int (*_rom_mbedtls_sha256)(const unsigned char *input, size_t ilen, unsigned char *output, int is224);
+    void (*_rom_mbedtls_sha512_init)(mbedtls_sha512_context *ctx);
+    void (*_rom_mbedtls_sha512_free)(mbedtls_sha512_context *ctx);
+    void (*_rom_mbedtls_sha512_clone)(mbedtls_sha512_context *dst, const mbedtls_sha512_context *src);
+    int (*_rom_mbedtls_sha512_starts)(mbedtls_sha512_context *ctx, int is384);
+    int (*_rom_mbedtls_sha512_update)(mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen);
+    int (*_rom_mbedtls_sha512_finish)(mbedtls_sha512_context *ctx, unsigned char *output);
+    int (*_rom_mbedtls_sha512)(const unsigned char *input, size_t ilen, unsigned char *output, int is384);
+    // ecp module
+    // asn1 module
+    int (*_rom_mbedtls_asn1_get_len)(unsigned char **p, const unsigned char *end, size_t *len);
+    int (*_rom_mbedtls_asn1_get_tag)(unsigned char **p, const unsigned char *end, size_t *len, int tag);
+    int (*_rom_mbedtls_asn1_get_bool)(unsigned char **p, const unsigned char *end, int *val);
+    int (*_rom_mbedtls_asn1_get_int)(unsigned char **p, const unsigned char *end, int *val);
+    int (*_rom_mbedtls_asn1_get_bitstring)(unsigned char **p, const unsigned char *end, mbedtls_asn1_bitstring *bs);
+    int (*_rom_mbedtls_asn1_get_bitstring_null)(unsigned char **p, const unsigned char *end, size_t *len);
+    int (*_rom_mbedtls_asn1_get_sequence_of)(unsigned char **p, const unsigned char *end, mbedtls_asn1_sequence *cur, int tag);
+    int (*_rom_mbedtls_asn1_get_mpi)(unsigned char **p, const unsigned char *end, mbedtls_mpi *X);
+    int (*_rom_mbedtls_asn1_get_alg)(unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params);
+    int (*_rom_mbedtls_asn1_get_alg_null)(unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg);
+    // asn1write module
+    int (*_rom_mbedtls_asn1_write_len)(unsigned char **p, const unsigned char *start, size_t len);
+    int (*_rom_mbedtls_asn1_write_tag)(unsigned char **p, const unsigned char *start, unsigned char tag);
+    int (*_rom_mbedtls_asn1_write_mpi)(unsigned char **p, const unsigned char *start, const mbedtls_mpi *X);
+    // ccm module
+    void (*_rom_mbedtls_ccm_init)(mbedtls_ccm_context *ctx);
+    int (*_rom_mbedtls_ccm_setkey)(mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key, unsigned int keybits);
+    void (*_rom_mbedtls_ccm_free)(mbedtls_ccm_context *ctx);
+    int (*_rom_mbedtls_ccm_encrypt_and_tag)(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len);
+    int (*_rom_mbedtls_ccm_star_encrypt_and_tag)(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len);
+    int (*_rom_mbedtls_ccm_auth_decrypt)(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len);
+    int (*_rom_mbedtls_ccm_star_auth_decrypt)(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len);
+    // cipher module
+    void (*_rom_mbedtls_cipher_init)(mbedtls_cipher_context_t *ctx);
+    int (*_rom_mbedtls_cipher_set_padding_mode)(mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode);
+    int (*_rom_mbedtls_cipher_reset)(mbedtls_cipher_context_t *ctx);
+    int (*_rom_mbedtls_cipher_finish)(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen);
+    int (*_rom_mbedtls_cipher_crypt)(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen);
+    int (*_rom_mbedtls_cipher_cmac_starts)(mbedtls_cipher_context_t *ctx, const unsigned char *key, size_t keybits);
+    int (*_rom_mbedtls_cipher_cmac_update)(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen);
+    int (*_rom_mbedtls_cipher_cmac_finish)(mbedtls_cipher_context_t *ctx, unsigned char *output);
+    // ctr drbg module
+    void (*_rom_mbedtls_ctr_drbg_init)(mbedtls_ctr_drbg_context *ctx);
+    int (*_rom_mbedtls_ctr_drbg_seed)(mbedtls_ctr_drbg_context *ctx, int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len);
+    void (*_rom_mbedtls_ctr_drbg_free)(mbedtls_ctr_drbg_context *ctx);
+    int (*_rom_mbedtls_ctr_drbg_reseed)(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len);
+    int (*_rom_mbedtls_ctr_drbg_random_with_add)(void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len);
+    int (*_rom_mbedtls_ctr_drbg_random)(void *p_rng, unsigned char *output, size_t output_len);
+    // base64 module
+    int (*_rom_mbedtls_base64_decode)(unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen);
+    //*******************************************************************************************************************************************************************//
+    // aes module
+    int (*_rom_mbedtls_aes_crypt_cfb8)(mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output);
+    // md5 module
+    // bignum module
+    void (*_rom_mbedtls_mpi_swap)(mbedtls_mpi *X, mbedtls_mpi *Y);
+    int (*_rom_mbedtls_mpi_read_string)(mbedtls_mpi *X, int radix, const char *s);
+    int (*_rom_mbedtls_mpi_write_string)(const mbedtls_mpi *X, int radix, char *buf, size_t buflen, size_t *olen);
+    int (*_rom_mbedtls_mpi_read_binary_le)(mbedtls_mpi *X, const unsigned char *buf, size_t buflen);
+    int (*_rom_mbedtls_mpi_write_binary_le)(const mbedtls_mpi *X, unsigned char *buf, size_t buflen);
+    int (*_rom_mbedtls_mpi_random)(mbedtls_mpi *X, mbedtls_mpi_sint min, const mbedtls_mpi *N, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    int (*_rom_mbedtls_mpi_gen_prime)(mbedtls_mpi *X, size_t nbits, int flags, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    // ecp module
+    int (*_rom_mbedtls_ecp_check_budget)(const mbedtls_ecp_group *grp, mbedtls_ecp_restart_ctx *rs_ctx, unsigned ops);
+    void (*_rom_mbedtls_ecp_set_max_ops)(unsigned max_ops);
+    int (*_rom_mbedtls_ecp_restart_is_enabled)(void);
+    mbedtls_ecp_curve_type (*_rom_mbedtls_ecp_get_type)(const mbedtls_ecp_group *grp);
+    const mbedtls_ecp_curve_info *(*_rom_mbedtls_ecp_curve_list)(void);
+    const mbedtls_ecp_group_id *(*_rom_mbedtls_ecp_grp_id_list)(void);
+    const mbedtls_ecp_curve_info *(*_rom_mbedtls_ecp_curve_info_from_grp_id)(mbedtls_ecp_group_id grp_id);
+    const mbedtls_ecp_curve_info *(*_rom_mbedtls_ecp_curve_info_from_tls_id)(uint16_t tls_id);
+    const mbedtls_ecp_curve_info *(*_rom_mbedtls_ecp_curve_info_from_name)(const char *name);
+    void (*_rom_mbedtls_ecp_point_init)(mbedtls_ecp_point *pt);
+    void (*_rom_mbedtls_ecp_group_init)(mbedtls_ecp_group *grp);
+    void (*_rom_mbedtls_ecp_keypair_init)(mbedtls_ecp_keypair *key);
+    void (*_rom_mbedtls_ecp_point_free)(mbedtls_ecp_point *pt);
+    void (*_rom_mbedtls_ecp_group_free)(mbedtls_ecp_group *grp);
+    void (*_rom_mbedtls_ecp_keypair_free)(mbedtls_ecp_keypair *key);
+    void (*_rom_mbedtls_ecp_restart_init)(mbedtls_ecp_restart_ctx *ctx);
+    void (*_rom_mbedtls_ecp_restart_free)(mbedtls_ecp_restart_ctx *ctx);
+    int (*_rom_mbedtls_ecp_copy)(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q);
+    int (*_rom_mbedtls_ecp_group_copy)(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src);
+    int (*_rom_mbedtls_ecp_set_zero)(mbedtls_ecp_point *pt);
+    int (*_rom_mbedtls_ecp_is_zero)(mbedtls_ecp_point *pt);
+    int (*_rom_mbedtls_ecp_point_cmp)(const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q);
+    int (*_rom_mbedtls_ecp_point_read_string)(mbedtls_ecp_point *P, int radix, const char *x, const char *y);
+    int (*_rom_mbedtls_ecp_point_write_binary)(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen);
+    int (*_rom_mbedtls_ecp_point_read_binary)(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen);
+    int (*_rom_mbedtls_ecp_tls_read_point)(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len);
+    int (*_rom_mbedtls_ecp_tls_write_point)(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen);
+    int (*_rom_mbedtls_ecp_group_load)(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id);
+    int (*_rom_mbedtls_ecp_tls_read_group)(mbedtls_ecp_group *grp, const unsigned char **buf, size_t len);
+    int (*_rom_mbedtls_ecp_tls_read_group_id)(mbedtls_ecp_group_id *grp, const unsigned char **buf, size_t len);
+    int (*_rom_mbedtls_ecp_tls_write_group)(const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen);
+    int (*_rom_mbedtls_ecp_mul)(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    int (*_rom_mbedtls_ecp_mul_restartable)(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx);
+    int (*_rom_mbedtls_ecp_muladd)(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q);
+    int (*_rom_mbedtls_ecp_muladd_restartable)( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q, mbedtls_ecp_restart_ctx *rs_ctx);
+    int (*_rom_mbedtls_ecp_check_pubkey)(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt);
+    int (*_rom_mbedtls_ecp_check_privkey)(const mbedtls_ecp_group *grp, const mbedtls_mpi *d);
+    int (*_rom_mbedtls_ecp_gen_privkey)(const mbedtls_ecp_group *grp, mbedtls_mpi *d, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    int (*_rom_mbedtls_ecp_gen_keypair_base)(mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    int (*_rom_mbedtls_ecp_gen_keypair)(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    int (*_rom_mbedtls_ecp_gen_key)(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    int (*_rom_mbedtls_ecp_read_key)(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, const unsigned char *buf, size_t buflen);
+    int (*_rom_mbedtls_ecp_write_key_ext)(const mbedtls_ecp_keypair *key, size_t *olen, unsigned char *buf, size_t buflen);
+    int (*_rom_mbedtls_ecp_check_pub_priv)( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+    int (*_rom_mbedtls_ecp_export)(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q);
+    // asn1 module
+    int (*_rom_mbedtls_asn1_get_enum)(unsigned char **p, const unsigned char *end, int *val);
+    void (*_rom_mbedtls_asn1_sequence_free)(mbedtls_asn1_sequence *seq);
+    int (*_rom_mbedtls_asn1_traverse_sequence_of)( unsigned char **p, const unsigned char *end, unsigned char tag_must_mask, unsigned char tag_must_val, unsigned char tag_may_mask, unsigned char tag_may_val, int (*cb)(void *ctx, int tag, unsigned char *start, size_t len), void *ctx);
+    const mbedtls_asn1_named_data *(*_rom_mbedtls_asn1_find_named_data)(const mbedtls_asn1_named_data *list, const char *oid, size_t len);
+    void (*_rom_mbedtls_asn1_free_named_data_list)(mbedtls_asn1_named_data **head);
+    void (*_rom_mbedtls_asn1_free_named_data_list_shallow)(mbedtls_asn1_named_data *name);
+    // asn1write module
+    int (*_rom_mbedtls_asn1_write_raw_buffer)(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t size);
+    int (*_rom_mbedtls_asn1_write_null)(unsigned char **p, const unsigned char *start);
+    int (*_rom_mbedtls_asn1_write_oid)(unsigned char **p, const unsigned char *start, const char *oid, size_t oid_len);
+    int (*_rom_mbedtls_asn1_write_algorithm_identifier)(unsigned char **p, const unsigned char *start, const char *oid, size_t oid_len, size_t par_len);
+    int (*_rom_mbedtls_asn1_write_bool)(unsigned char **p, const unsigned char *start, int boolean);
+    int (*_rom_mbedtls_asn1_write_int)(unsigned char **p, const unsigned char *start, int val);
+    int (*_rom_mbedtls_asn1_write_enum)(unsigned char **p, const unsigned char *start, int val);
+    int (*_rom_mbedtls_asn1_write_tagged_string)(unsigned char **p, const unsigned char *start, int tag, const char *text, size_t text_len);
+    int (*_rom_mbedtls_asn1_write_printable_string)(unsigned char **p, const unsigned char *start, const char *text, size_t text_len);
+    int (*_rom_mbedtls_asn1_write_utf8_string)(unsigned char **p, const unsigned char *start, const char *text, size_t text_len);
+    int (*_rom_mbedtls_asn1_write_ia5_string)(unsigned char **p, const unsigned char *start, const char *text, size_t text_len);
+    int (*_rom_mbedtls_asn1_write_bitstring)(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t bits);
+    int (*_rom_mbedtls_asn1_write_named_bitstring)(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t bits);
+    int (*_rom_mbedtls_asn1_write_octet_string)(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t size);
+    mbedtls_asn1_named_data *(*_rom_mbedtls_asn1_store_named_data)(mbedtls_asn1_named_data **list, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len);
+    // ccm module
+    int (*_rom_mbedtls_ccm_starts)(mbedtls_ccm_context *ctx, int mode, const unsigned char *iv, size_t iv_len);
+    int (*_rom_mbedtls_ccm_set_lengths)(mbedtls_ccm_context *ctx, size_t total_ad_len, size_t plaintext_len, size_t tag_len);
+    int (*_rom_mbedtls_ccm_update_ad)(mbedtls_ccm_context *ctx, const unsigned char *ad, size_t ad_len);
+    int (*_rom_mbedtls_ccm_update)(mbedtls_ccm_context *ctx, const unsigned char *input, size_t input_len, unsigned char *output, size_t output_size, size_t *output_len);
+    int (*_rom_mbedtls_ccm_finish)(mbedtls_ccm_context *ctx, unsigned char *tag, size_t tag_len);
+    // cipher module
+    const int *(*_rom_mbedtls_cipher_list)(void);
+    const mbedtls_cipher_info_t *(*_rom_mbedtls_cipher_info_from_string)(const char *cipher_name);
+    const mbedtls_cipher_info_t *(*_rom_mbedtls_cipher_info_from_type)(const mbedtls_cipher_type_t cipher_type);
+    const mbedtls_cipher_info_t *(*_rom_mbedtls_cipher_info_from_values)(const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode);
+    void (*_rom_mbedtls_cipher_free)(mbedtls_cipher_context_t *ctx);
+    int (*_rom_mbedtls_cipher_setup)(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info);
+    int (*_rom_mbedtls_cipher_setkey)(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation);
+    int (*_rom_mbedtls_cipher_set_iv)(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len);
+    int (*_rom_mbedtls_cipher_update_ad)(mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len);
+    int (*_rom_mbedtls_cipher_update)(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen);
+    int (*_rom_mbedtls_cipher_write_tag)(mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len);
+    int (*_rom_mbedtls_cipher_check_tag)(mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len);
+    int (*_rom_mbedtls_cipher_auth_encrypt_ext)(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len);
+    int (*_rom_mbedtls_cipher_auth_decrypt_ext)(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len);
+    int (*_rom_mbedtls_cipher_cmac_reset)(mbedtls_cipher_context_t *ctx);
+    int (*_rom_mbedtls_cipher_cmac)(const mbedtls_cipher_info_t *cipher_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output);
+    int (*_rom_mbedtls_aes_cmac_prf_128)(const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, unsigned char output[16]);
+    // ctr drbg module
+    void (*_rom_mbedtls_ctr_drbg_set_prediction_resistance)(mbedtls_ctr_drbg_context *ctx, int resistance);
+    void (*_rom_mbedtls_ctr_drbg_set_entropy_len)(mbedtls_ctr_drbg_context *ctx, size_t len);
+    int (*_rom_mbedtls_ctr_drbg_set_nonce_len)(mbedtls_ctr_drbg_context *ctx, size_t len);
+    void (*_rom_mbedtls_ctr_drbg_set_reseed_interval)(mbedtls_ctr_drbg_context *ctx, int interval);
+    int (*_rom_mbedtls_ctr_drbg_update)(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len);
+    // base64 module
+    int (*_rom_mbedtls_base64_encode)(unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen);
+    // sha1 sha256 sha512 module
+    int (*_rom_mbedtls_sha1_update)(mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen);
+    int (*_rom_mbedtls_sha256_update)(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen);
+    // memory calloc free
+    void *(*_rom_mbedtls_mem_calloc)(size_t n, size_t size);
+    void (*_rom_mbedtls_mem_free)(void *ptr);
+} mbedtls_rom_eco4_funcs_t;
+
 #define STRUCT_OFFSET_CHECK(x, y, z) _Static_assert((offsetof(x,y)==(z)), "The variables type of "#x" before "#y" should be "#z)
 #define STRUCT_SIZE_CHECK(x, y) _Static_assert((sizeof(x)==(y)), "The sizeof "#x" should be "#y)
 
@@ -420,6 +672,10 @@ typedef struct mbedtls_rom_funcs {
 STRUCT_OFFSET_CHECK(mbedtls_sha1_context, total, 0);
 STRUCT_OFFSET_CHECK(mbedtls_sha1_context, state, 8);
 STRUCT_OFFSET_CHECK(mbedtls_sha1_context, buffer, 28);
+STRUCT_OFFSET_CHECK(mbedtls_sha1_context, first_block, 92);
+STRUCT_OFFSET_CHECK(mbedtls_sha1_context, mode, 96);
+STRUCT_OFFSET_CHECK(mbedtls_sha1_context, sha_state, 100);
+STRUCT_SIZE_CHECK(mbedtls_sha1_context, 104);
 #if (!defined(MBEDTLS_SHA1_C)) || \
     (!defined(MBEDTLS_SHA1_ALT)) || \
     (defined(MBEDTLS_SHA1_PROCESS_ALT))

components/mbedtls/port/mbedtls_rom/threading_alt.h

@@ -0,0 +1,22 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/semphr.h"
+
+typedef struct mbedtls_threading_mutex_t {
+    SemaphoreHandle_t mutex;
+    /* is_valid is 0 after a failed init or a free, and nonzero after a
+     * successful init. This field is not considered part of the public
+     * API of Mbed TLS and may change without notice. */
+    char is_valid;
+} mbedtls_threading_mutex_t;
+
+extern void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
+                                      void (*mutex_free)(mbedtls_threading_mutex_t *),
+                                      int (*mutex_lock)(mbedtls_threading_mutex_t *),
+                                      int (*mutex_unlock)(mbedtls_threading_mutex_t *));

components/mbedtls/test/test_ecp.c

@@ -27,6 +27,12 @@ which are undefined if the following flag is not defined */
 
 #include "unity.h"
 
+#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
+#define ACCESS_ECDH(S, var) S.MBEDTLS_PRIVATE(var)
+#else
+#define ACCESS_ECDH(S, var) S.MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(var)
+#endif
+
 /* Note: negative value here so that assert message prints a grep-able
    error hex value (mbedTLS uses -N for error codes) */
 #define TEST_ASSERT_MBEDTLS_OK(X) TEST_ASSERT_EQUAL_HEX32(0, -(X))
@@ -43,9 +49,9 @@ TEST_CASE("mbedtls ECDH Generate Key", "[mbedtls]")
     mbedtls_entropy_init(&entropy);
     TEST_ASSERT_MBEDTLS_OK( mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) );
 
-    TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519) );
+    TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(ACCESS_ECDH(&ctx, grp), MBEDTLS_ECP_DP_CURVE25519) );
 
-    TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.ctx.mbed_ecdh.grp, &ctx.ctx.mbed_ecdh.d, &ctx.ctx.mbed_ecdh.Q,
+    TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(ACCESS_ECDH(&ctx, grp), ACCESS_ECDH(&ctx, d), ACCESS_ECDH(&ctx, Q),
                                                     mbedtls_ctr_drbg_random, &ctr_drbg ) );
 
     mbedtls_ecdh_free(&ctx);

components/wpa_supplicant/src/common/sae.c

@@ -1594,6 +1594,7 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
 	os_memcpy(sae->tmp->kck, keys, hash_len);
 	sae->tmp->kck_len = hash_len;
 	os_memcpy(sae->pmk, keys + hash_len, SAE_PMK_LEN);
+	sae->pmk_len = SAE_PMK_LEN;
 	os_memcpy(sae->pmkid, val, SAE_PMKID_LEN);
 	forced_memzero(keys, sizeof(keys));
 	wpa_hexdump_key(MSG_DEBUG, "SAE: KCK",

examples/bluetooth/blufi/main/blufi_init.c

@@ -227,6 +227,12 @@ esp_err_t esp_blufi_host_deinit(void)
 {
     esp_err_t ret = ESP_OK;
 
+    ret = nimble_port_stop();
+
+    if (ret == 0) {
+        esp_nimble_deinit();
+    }
+
     ret = esp_blufi_profile_deinit();
     if(ret != ESP_OK) {
         return ret;
@@ -234,11 +240,6 @@ esp_err_t esp_blufi_host_deinit(void)
 
     esp_blufi_btc_deinit();
 
-    ret = nimble_port_stop();
-    if (ret == 0) {
-        esp_nimble_deinit();
-    }
-
     return ret;
 }