nodemcu-firmware/app/include/user_mbedtls.h

325 lines
13 KiB
C
Raw Normal View History

#include <stdint.h>
#include <stddef.h>
#include "user_config.h"
#undef MBEDTLS_HAVE_ASM
#undef MBEDTLS_HAVE_SSE2
Update to sdk 2.2 Initial commit for https://github.com/nodemcu/nodemcu-firmware/issues/2225 . Replay patches from Espressif's repository at https://github.com/espressif/ESP8266_NONOS_SDK between tags v2.1.0 and v2.2.0: 0001-sync-from-ccca00f2.patch Superseded by existing changes, but lines reordered in app/driver/key.c to minimize divergences. 0002-sync-from-3f38ad5a.patch Upstream files only 0003-Update-links.patch Not meaningful to NodeMCU 0004-sync-from-01990ad0.patch 0005-sync-from-cdf6877d.patch Upstream files only 0006-sync-from-f29e744c.patch Upstream files only, user_interface.h override non-conflicting 0009-feat-lwip-Move-lwip-source-code-to-third_party-folde.patch Merged change to lwip/app/espconn_udp.c; rest is just moves or appears to not apply. 0010-feat-mbedtls-Add-mbedtls-source-code-in-third_party-.patch Does not apply; we use our own mbedtls 0011-added-C-support.patch Merged to Makefile 0012-feat-mbedtls-Rebuild-libmbedtls.patch Already applied 0013-fix-at-Fix-some-bugs-of-AT.patch Upstream files only 0014-feat-err_t-Redefine-err_t-to-s32_t.patch Merged to app/include/arch/cc.h and ./app/include/lwip/app/espconn.h; the rest is upstream files. 0015-fix-wpa-Fix-wpa-wpa2-ptk-gtk-reinstallation-vulnerab.patch 0016-fix-wifi-Remove-group-key-entry-before-connecting-to.patch 0017-feat-lib-Remove-time-function-in-libmain.patch Upstream files only 0018-feat-espconn-Modification-for-espconn.patch Merged to app/include/lwip/app/espconn.h, app/include/lwip/app/espconn_tcp.h, app/lwip/app/espconn.c, app/lwip/app/espconn_tcp.c 0019-feat-at-Use-new-espconn_recv-to-fix-tcp-server-issue.patch 0020-feat-examples-Update-mqtt-demo-and-auto-bin-generate.patch Upstream files only 0021-wifi-Add-scan-threshold-and-dwell-time.patch 0022-feat-wifi-Add-country-code-API.patch 0023-feat-wifi-Record-more-information-of-scanned-ap.patch Upstream files only, user_interface.h override non-conflicting 0024-fix-example-Fix-IoT_Demo-user-sector-error.patch Upstream files only 0025-fix-lwip-Fix-sequence-number-error-of-RST-ACK.patch Merged app/lwip/core/tcp_in.c 0026-fix-mbedtls-Fix-memory-leak.patch Merged app/mbedtls/app/lwIPSocket.c 0027-fix-mbedtls-Fix-call-send-callback-function-failed.patch Merged app/mbedtls/app/espconn_mbedtls.c 0028-feat-Add-USE_OPTIMIZE_PRINTF-in-third_party-Makefile.patch Merged app/Makefile 0029-fix-api-Fix-ets_delay_us-declaration.patch Upstream files only, osapi.h override non-conflicting 0030-fix-wifi-Remove-max_tx_power-in-wifi_country_t-in-li.patch 0031-fix-wifi-Fix-softAP-wrong-behavior-after-call-system.patch 0032-fix-wifi-bugfix-of-scan-fail-after-connected-if-max-.patch 0033-feat-at-Enable-scan-time-scan-type-and-add-scan-resu.patch 0034-feat-at-Add-command-AT-CWCOUNTRY.patch 0035-fix-at-Fix-that-AT-CIPSTART-causes-busy-if-the-serve.patch Upstream files only 0036-feat-mbedtls-Speed-up-mbedtls-handshake-process.patch Merged app/mbedtls/app/espconn_mbedtls.c 0037-fix-api-Fix-os_calloc-declaration.patch Merged app/include/lwip/mem.h; sdk-overrides/include/mem.h non-conflicting. 0038-fix-mbedtls-Fix-disconnect-callback-function-never-b.patch Merged app/mbedtls/app/espconn_mbedtls.c; minor revision to logic in 6576af959b1e704003ae5b93f6d6b89fcf86d429. Whitespace fixes. 0039-feat-at-Add-country-code-start-channel-in-AT-CWCOUNT.patch 0040-fix-net80211-Fix-Null-pointer-in-ieee80211_rfid_locp.patch Upstream files only 0041-feat-wifi-Add-new-esp_init_data_default-v08-bin.patch Upstream files only, but impacts Makefile 0042-fix-mbedtls-Fix-load-cert-fail-when-the-private-key-.patch Merged app/mbedtls/app/espconn_mbedtls.c 0043-fix-wifi-The-start-channel-can-be-any-valid-channel.patch 0044-fix-wifi-Fix-scan-do-not-start-after-connect.patch 0045-feat-wifi-Add-keep-connection-for-station-to-keep-co.patch 0046-feat-at-Update-AT-version-to-1.6.0.0.patch 0047-fix-at-Fix-GSLP-too-long-time.patch 0048-fix-at-Fix-the-message-is-incorrect-when-creating-UD.patch 0049-feat-at-Add-AT-CIPSERVERMAXCONN.patch Upstream files only 0050-feat-system-Add-softap-distributes-station-ip-event.patch Upstream files only, user_interface.h override non-conflicting 0051-feat-example-Use-libmbedtls.a-instead-of-libssl.a-in.patch Upstream files only 0052-feat-mesh-Remove-mesh-support.patch Upstream files only, but go ahead and remove comment from ld/nodemcu.ld. 0053-fix-example-Fix-forget-to-add-integer-parameter-when.patch Upstream files only 0054-fix-mbedtls-Fix-reconnect_callback-is-not-triggered-.patch Merged app/mbedtls/app/espconn_mbedtls.c 0055-feat-at-Add-AT-SYSMSG-to-enable-some-report-informat.patch 0056-fix-at-Fix-the-incorrect-link-id-when-client-connect.patch 0057-fix-at-Fix-the-bug-that-it-should-be-error-when-the-.patch 0058-fix-smartconfig-Fix-the-smartconfig-scan-time-issue.patch 0059-fix-lwip-Fix-the-bug-of-lwip-output.patch Upstream files only 0060-fix-lwip-Fix-the-length-of-TCP-data-in-one-packet-is.patch 0061-fix-lwip-Fix-send-TCP-data-with-two-or-more-pbuf.patch Merged app/lwip/core/tcp_out.c 0062-fix-wifi-Fix-assert-happen-when-smartconfig-start-th.patch Upstream files only 0063-fix-mbedtls-Fix-memory-leak-when-ESP8266-as-SSL-TLS-.patch Merged app/mbedtls/app/espconn_mbedtls.c 0064-fix-mbedtls-Fix-already-freed-and-exception-bug-when.patch Merged app/mbedtls/app/lwIPSocket.c 0065-fix-at-Fix-bug-that-there-is-no-result-when-sending-.patch 0066-feat-example-Add-AT-bin-version.patch 0067-feat-version-Update-version-to-2.2.0-and-add-version.patch 0068-feat-bin-Update-AT-bin-for-SDK-2.2.0.patch Upstream files only Apply local changes to build: app/include/lwip/app/espconn.h pulls changes (and license decl) from upstream SDK. Makefile is altered to use this file ahead of the SDK's. Remove lwip's sntp support, since it was never really wired in anyway. See https://github.com/nodemcu/nodemcu-firmware/issues/2042 for more information. Patch Makefile to strip time.o, the consumer of lwip's sntp functionality, from libmain.a, resulting in much easier-to-understand error messages. This has consequences for mbedtls. The simplest thing to do, which is, impressively, not a change in behavior, is to completely disable TLS certificate time validation; a later patch can optionally couple this to RTCTIME support. Similarly, it happens that the sqlite3 import was calling time(), but this was not going to work out well for it. Just stub it out to always return unix timestamp 0, as would have happened anyway. Changes unprocessed: 0007-sync-from-080c37e1.patch 0008-feat-lib-Compile-some-libraries-with-ffunction-secti.patch These two make changes to the linker script; perhaps they are worth porting over, but I have not done so here. This is build-tested (ADC, BIT, COLOR_UTILS, CRON, CRYPTO, DHT, ENCODER, FILE, GPIO, HTTP, I2C, MQTT, NET, NODE, OW, PCM, PERF, PWM, RTCFIFO, RTCMEM, RTCTIME, SNTP, SPI, SQLITE3, STRUCT, TLS, TMR, UART, WIFI, WS2812, WS2812_EFFECTS) and boots, but only limited run-time testing has been performed. Testing done does, however, include having made a few TLS connections through the HTTP module, so things are not hopelessly broken, at the very least.
2018-02-20 03:03:09 +01:00
// These are disabled until we have a real, working RTC-based gettimeofday
#undef MBEDTLS_HAVE_TIME
#undef MBEDTLS_HAVE_TIME_DATE
#define MBEDTLS_PLATFORM_MEMORY
#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
#undef MBEDTLS_PLATFORM_EXIT_ALT
#undef MBEDTLS_PLATFORM_TIME_ALT
#undef MBEDTLS_PLATFORM_FPRINTF_ALT
#undef MBEDTLS_PLATFORM_PRINTF_ALT
#undef MBEDTLS_PLATFORM_SNPRINTF_ALT
#undef MBEDTLS_PLATFORM_NV_SEED_ALT
#undef MBEDTLS_DEPRECATED_WARNING
#define MBEDTLS_DEPRECATED_REMOVED
#undef MBEDTLS_TIMING_ALT
#undef MBEDTLS_AES_ALT
#undef MBEDTLS_ARC4_ALT
#undef MBEDTLS_BLOWFISH_ALT
#undef MBEDTLS_CAMELLIA_ALT
#undef MBEDTLS_DES_ALT
#undef MBEDTLS_XTEA_ALT
#undef MBEDTLS_MD2_ALT
#undef MBEDTLS_MD4_ALT
#undef MBEDTLS_MD5_ALT
#undef MBEDTLS_RIPEMD160_ALT
#undef MBEDTLS_SHA1_ALT
#undef MBEDTLS_SHA256_ALT
#undef MBEDTLS_SHA512_ALT
#undef MBEDTLS_MD2_PROCESS_ALT
#undef MBEDTLS_MD4_PROCESS_ALT
#undef MBEDTLS_MD5_PROCESS_ALT
#undef MBEDTLS_RIPEMD160_PROCESS_ALT
#undef MBEDTLS_SHA1_PROCESS_ALT
#undef MBEDTLS_SHA256_PROCESS_ALT
#undef MBEDTLS_SHA512_PROCESS_ALT
#undef MBEDTLS_DES_SETKEY_ALT
#undef MBEDTLS_DES_CRYPT_ECB_ALT
#undef MBEDTLS_DES3_CRYPT_ECB_ALT
#undef MBEDTLS_AES_SETKEY_ENC_ALT
#undef MBEDTLS_AES_SETKEY_DEC_ALT
#undef MBEDTLS_AES_ENCRYPT_ALT
#undef MBEDTLS_AES_DECRYPT_ALT
#undef MBEDTLS_TEST_NULL_ENTROPY
#define MBEDTLS_ENTROPY_HARDWARE_ALT
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_CAMELLIA_SMALL_MEMORY
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB
#define MBEDTLS_CIPHER_MODE_CTR
#undef MBEDTLS_CIPHER_NULL_CIPHER
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS
#undef MBEDTLS_ENABLE_WEAK_CIPHERSUITES
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
#undef MBEDTLS_ECP_DP_SECP192R1_ENABLED
#undef MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#undef MBEDTLS_ECP_DP_SECP521R1_ENABLED
#undef MBEDTLS_ECP_DP_SECP192K1_ENABLED
#undef MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#undef MBEDTLS_ECP_DP_BP512R1_ENABLED
#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED /* Not exported on the wire yet :( */
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_ECDSA_DETERMINISTIC
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#define MBEDTLS_PK_PARSE_EC_EXTENDED
#undef MBEDTLS_ERROR_STRERROR_DUMMY
#undef MBEDTLS_GENPRIME
#undef MBEDTLS_FS_IO
#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_FORCE_SHA256
#undef MBEDTLS_ENTROPY_NV_SEED
#undef MBEDTLS_MEMORY_DEBUG
#undef MBEDTLS_MEMORY_BACKTRACE
#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_PKCS1_V21
#undef MBEDTLS_RSA_NO_CRT
#undef MBEDTLS_SELF_TEST
#define MBEDTLS_SHA256_SMALLER
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
#undef MBEDTLS_SSL_DEBUG_ALL
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#define MBEDTLS_SSL_FALLBACK_SCSV
#undef MBEDTLS_SSL_HW_RECORD_ACCEL
#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING
#undef MBEDTLS_SSL_RENEGOTIATION
#undef MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
#undef MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
#undef MBEDTLS_SSL_PROTO_SSL3
#undef MBEDTLS_SSL_PROTO_TLS1
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
#undef MBEDTLS_SSL_PROTO_TLS1_1
#define MBEDTLS_SSL_PROTO_TLS1_2
#undef MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_ALPN
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT
#define MBEDTLS_SSL_SESSION_TICKETS
#define MBEDTLS_SSL_EXPORT_KEYS
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
#define MBEDTLS_SSL_TRUNCATED_HMAC
#undef MBEDTLS_THREADING_ALT
#undef MBEDTLS_THREADING_PTHREAD
#define MBEDTLS_VERSION_FEATURES
#undef MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#define MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
#undef MBEDTLS_ZLIB_SUPPORT
#undef MBEDTLS_AESNI_C
#define MBEDTLS_AES_C
#undef MBEDTLS_ARC4_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_BIGNUM_C
#undef MBEDTLS_BLOWFISH_C
#define MBEDTLS_CAMELLIA_C
#define MBEDTLS_CCM_C
#undef MBEDTLS_CERTS_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CMAC_C
#define MBEDTLS_CTR_DRBG_C
#ifdef DEVELOP_VERSION
# define MBEDTLS_DEBUG_C
#else
# undef MBEDTLS_DEBUG_C
#endif
#undef MBEDTLS_DES_C
#define MBEDTLS_DHM_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#undef MBEDTLS_ECJPAKE_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_GCM_C
#undef MBEDTLS_HAVEGE_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
#undef MBEDTLS_MD2_C
#undef MBEDTLS_MD4_C
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
#undef MBEDTLS_MD5_C
#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C
#define MBEDTLS_NET_C
#define MBEDTLS_OID_C
#undef MBEDTLS_PADLOCK_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PKCS5_C
#undef MBEDTLS_PKCS11_C
#define MBEDTLS_PKCS12_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RIPEMD160_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CACHE_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_TICKET_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#undef MBEDTLS_THREADING_C
#undef MBEDTLS_TIMING_C
#define MBEDTLS_VERSION_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_CRL_PARSE_C
#define MBEDTLS_X509_CSR_PARSE_C
#define MBEDTLS_X509_CREATE_C
#define MBEDTLS_X509_CRT_WRITE_C
#define MBEDTLS_X509_CSR_WRITE_C
#undef MBEDTLS_XTEA_C
#define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */
#define MBEDTLS_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 1000 /**< Interval before reseed is performed by default */
//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 1000 /**< Interval before reseed is performed by default */
//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
#define MBEDTLS_ECP_MAX_BITS 384 /**< Maximum bit size of groups */
#define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */
//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
extern void *mbedtls_calloc_wrap(size_t n, size_t sz);
#define MBEDTLS_PLATFORM_STD_CALLOC mbedtls_calloc_wrap /**< Default allocator to use, can be undefined */
extern void mbedtls_free_wrap(void *p);
#define MBEDTLS_PLATFORM_STD_FREE mbedtls_free_wrap /**< Default free to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
#define MBEDTLS_PLATFORM_PRINTF_MACRO ets_printf /**< Default printf macro to use, can be undefined */
#define MBEDTLS_PLATFORM_SNPRINTF_MACRO ets_snprintf /**< Default snprintf macro to use, can be undefined */
#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO ets_vsnprintf /**< Default vsnprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
#if 0
// dynamic buffer sizing with espconn_secure_set_size()
extern unsigned int max_content_len;
#define MBEDTLS_SSL_MAX_CONTENT_LEN max_content_len;
#else
// the current mbedtls integration doesn't allow to set the buffer size dynamically:
// MBEDTLS_SSL_MAX_FRAGMENT_LENGTH feature and dynamic sizing are mutually exclusive
2019-02-17 19:26:29 +01:00
// due to non-constant initializer element in app/mbedtls/library/ssl_tls.c:150
// the buffer size is hardcoded here and value is taken from SSL_BUFFER_SIZE (user_config.h)
#define MBEDTLS_SSL_MAX_CONTENT_LEN SSL_BUFFER_SIZE /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
#endif
//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 3 /**< Maximum number of intermediate CAs in a verification chain. */
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */