1. add lock function for every function

2. modify some function for crypto
2025-09-10 17:01:07 +00:00 · 2016-08-08 13:56:36 +08:00
parent 30be5f6eb5
commit d9b660f6d4
15 changed files with 436 additions and 86 deletions
--- a/components/mbedtls/include/mbedtls/aes.h
+++ b/components/mbedtls/include/mbedtls/aes.h
@@ -276,7 +276,27 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
 #endif

 #else  /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
+#include "port/aes_alt.h"
+
+typedef AES_CTX mbedtls_aes_context;
+
+#define mbedtls_aes_init 			aes_init
+#define mbedtls_aes_free 			aes_free
+#define mbedtls_aes_setkey_enc 		aes_setkey_enc
+#define mbedtls_aes_setkey_dec 		aes_setkey_dec
+#define mbedtls_aes_crypt_ecb 		aes_crypt_ecb
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define mbedtls_aes_crypt_cbc 		aes_crypt_cbc
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+#define mbedtls_aes_crypt_cfb128 	aes_crypt_cfb128
+#define mbedtls_aes_crypt_cfb8 		aes_crypt_cfb8
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+#define mbedtls_aes_crypt_ctr		aes_crypt_ctr
+#endif
+#define mbedtls_aes_encrypt 		aes_encrypt
+#define mbedtls_aes_decrypt			aes_decrypt
 #endif /* MBEDTLS_AES_ALT */

 #ifdef __cplusplus
--- a/components/mbedtls/include/mbedtls/bignum.h
+++ b/components/mbedtls/include/mbedtls/bignum.h
@@ -100,6 +100,8 @@
 #define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
 #define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )

+#if !defined(MBEDTLS_BIGNUM_ALT)
+
 /*
 * Define the base integer type, architecture-wise.
 *
@@ -702,6 +704,54 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
 int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
                   int (*f_rng)(void *, unsigned char *, size_t),
                   void *p_rng );
+#else /* MBEDTLS_BIGNUM_ALT */
+#include "port/bignum_alt.h"
+
+typedef mpi	mbedtls_mpi;
+
+#define mbedtls_mpi_init 				mpi_init
+#define mbedtls_mpi_free				mpi_free
+#define mbedtls_mpi_grow				mpi_grow
+#define mbedtls_mpi_shrink				mpi_shrink
+#define mbedtls_mpi_copy				mpi_copy
+#define mbedtls_mpi_swap				mpi_swap
+#define mbedtls_mpi_safe_cond_assign	mpi_safe_cond_assign
+#define mbedtls_mpi_safe_cond_swap		mpi_safe_cond_swap
+#define mbedtls_mpi_lset				mpi_lset
+#define mbedtls_mpi_get_bit				mpi_get_bit
+#define mbedtls_mpi_set_bit				mpi_set_bit
+#define mbedtls_mpi_lsb					mpi_lsb
+#define mbedtls_mpi_bitlen				mpi_bitlen
+#define mbedtls_mpi_size				mpi_size
+#define mbedtls_mpi_read_string			mpi_read_string
+#define mbedtls_mpi_write_string		mpi_write_string
+#define mbedtls_mpi_read_binary			mpi_read_binary
+#define mbedtls_mpi_write_binary		mpi_write_binary
+#define mbedtls_mpi_shift_l				mpi_shift_l
+#define mbedtls_mpi_shift_r				mpi_shift_r
+#define mbedtls_mpi_cmp_abs				mpi_cmp_abs
+#define mbedtls_mpi_cmp_mpi				mpi_cmp_mpi
+#define mbedtls_mpi_cmp_int				mpi_cmp_int
+#define mbedtls_mpi_add_abs				mpi_add_abs
+#define mbedtls_mpi_sub_abs				mpi_sub_abs
+#define mbedtls_mpi_add_mpi				mpi_add_mpi
+#define mbedtls_mpi_sub_mpi				mpi_sub_mpi
+#define mbedtls_mpi_add_int				mpi_add_int
+#define mbedtls_mpi_sub_int				mpi_sub_int
+#define mbedtls_mpi_mul_mpi				mpi_mul_mpi
+#define mbedtls_mpi_mul_int				mpi_mul_int
+#define mbedtls_mpi_div_mpi				mpi_div_mpi
+#define mbedtls_mpi_div_int				mpi_div_int
+#define mbedtls_mpi_mod_mpi				mpi_mod_mpi
+#define mbedtls_mpi_mod_int				mpi_mod_int
+#define mbedtls_mpi_exp_mod				mpi_exp_mod
+#define mbedtls_mpi_fill_random			mpi_fill_random
+#define mbedtls_mpi_gcd					mpi_gcd
+#define mbedtls_mpi_inv_mod				mpi_inv_mod
+#define mbedtls_mpi_is_prime 			mpi_is_prime 
+#define mbedtls_mpi_gen_prime 			mpi_gen_prime
+
+#endif /* MBEDTLS_BIGNUM_ALT */

 /**
 * \brief          Checkup routine
--- a/components/mbedtls/include/mbedtls/esp_config.h
+++ b/components/mbedtls/include/mbedtls/esp_config.h
@@ -225,7 +225,7 @@
 * Uncomment a macro to enable alternate implementation of the corresponding
 * module.
 */
-//#define MBEDTLS_AES_ALT
+#define MBEDTLS_AES_ALT
 //#define MBEDTLS_ARC4_ALT
 //#define MBEDTLS_BLOWFISH_ALT
 //#define MBEDTLS_CAMELLIA_ALT
@@ -235,10 +235,11 @@
 //#define MBEDTLS_MD4_ALT
 //#define MBEDTLS_MD5_ALT
 //#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
+#define MBEDTLS_SHA1_ALT
+#define MBEDTLS_SHA256_ALT
+#define MBEDTLS_SHA512_ALT

+#define MBEDTLS_BIGNUM_ALT
 /**
 * \def MBEDTLS_MD2_PROCESS_ALT
 *
@@ -297,7 +298,7 @@
 *
 * Uncomment this macro to store the AES tables in ROM.
 */
-//#define MBEDTLS_AES_ROM_TABLES
+#define MBEDTLS_AES_ROM_TABLES

 /**
 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
@@ -373,10 +374,10 @@
 *
 * Enable padding modes in the cipher layer.
 */
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
+//#define MBEDTLS_CIPHER_PADDING_PKCS7
+//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+//#define MBEDTLS_CIPHER_PADDING_ZEROS

 /**
 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
@@ -414,18 +415,18 @@
 *
 * Comment macros to disable the curve and functions for it
 */
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED

 /**
 * \def MBEDTLS_ECP_NIST_OPTIM
@@ -436,7 +437,7 @@
 *
 * Comment this macro to disable NIST curves optimisation.
 */
-#define MBEDTLS_ECP_NIST_OPTIM
+//#define MBEDTLS_ECP_NIST_OPTIM

 /**
 * \def MBEDTLS_ECDSA_DETERMINISTIC
@@ -450,7 +451,7 @@
 *
 * Comment this macro to disable deterministic ECDSA.
 */
-#define MBEDTLS_ECDSA_DETERMINISTIC
+//#define MBEDTLS_ECDSA_DETERMINISTIC

 /**
 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@@ -472,7 +473,7 @@
 *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
 */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

 /**
 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@@ -496,7 +497,7 @@
 *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
 */
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED

 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -516,7 +517,7 @@
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
 */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED

 /**
 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -595,7 +596,7 @@
 *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 */
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED

 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -620,7 +621,7 @@
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
 */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED

 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -644,7 +645,7 @@
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED

 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -668,7 +669,7 @@
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
 */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED

 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -692,7 +693,7 @@
 *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
 */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED

 /**
 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -945,7 +946,7 @@
 *
 * Comment this macro to disable support for Encrypt-then-MAC
 */
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC

 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 *
@@ -963,7 +964,7 @@
 *
 * Comment this macro to disable support for Extended Master Secret.
 */
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET

 /**
 * \def MBEDTLS_SSL_FALLBACK_SCSV
@@ -980,7 +981,7 @@
 *
 * Comment this macro to disable support for FALLBACK_SCSV
 */
-#define MBEDTLS_SSL_FALLBACK_SCSV
+//#define MBEDTLS_SSL_FALLBACK_SCSV

 /**
 * \def MBEDTLS_SSL_HW_RECORD_ACCEL
@@ -1017,7 +1018,7 @@
 *
 * Comment this to disable support for renegotiation.
 */
-#define MBEDTLS_SSL_RENEGOTIATION
+//#define MBEDTLS_SSL_RENEGOTIATION

 /**
 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1046,7 +1047,7 @@
 *
 * Comment this macro to disable support for the max_fragment_length extension
 */
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH

 /**
 * \def MBEDTLS_SSL_PROTO_SSL3
@@ -1058,7 +1059,7 @@
 *
 * Comment this macro to disable support for SSL 3.0
 */
-#define MBEDTLS_SSL_PROTO_SSL3
+//#define MBEDTLS_SSL_PROTO_SSL3

 /**
 * \def MBEDTLS_SSL_PROTO_TLS1
@@ -1109,7 +1110,7 @@
 *
 * Comment this macro to disable support for DTLS
 */
-#define MBEDTLS_SSL_PROTO_DTLS
+//#define MBEDTLS_SSL_PROTO_DTLS

 /**
 * \def MBEDTLS_SSL_ALPN
@@ -1118,7 +1119,7 @@
 *
 * Comment this macro to disable support for ALPN.
 */
-#define MBEDTLS_SSL_ALPN
+//#define MBEDTLS_SSL_ALPN

 /**
 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@@ -1133,7 +1134,7 @@
 *
 * Comment this to disable anti-replay in DTLS.
 */
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY

 /**
 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@@ -1151,7 +1152,7 @@
 *
 * Comment this to disable support for HelloVerifyRequest.
 */
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY

 /**
 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@@ -1167,7 +1168,7 @@
 *
 * Comment this to disable support for clients reusing the source port.
 */
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE

 /**
 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@@ -1178,7 +1179,7 @@
 *
 * Requires: MBEDTLS_SSL_PROTO_DTLS
 */
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT

 /**
 * \def MBEDTLS_SSL_SESSION_TICKETS
@@ -1192,7 +1193,7 @@
 *
 * Comment this macro to disable support for SSL session tickets
 */
-#define MBEDTLS_SSL_SESSION_TICKETS
+//#define MBEDTLS_SSL_SESSION_TICKETS

 /**
 * \def MBEDTLS_SSL_EXPORT_KEYS
@@ -1202,7 +1203,7 @@
 *
 * Comment this macro to disable support for key export
 */
-#define MBEDTLS_SSL_EXPORT_KEYS
+//#define MBEDTLS_SSL_EXPORT_KEYS

 /**
 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
@@ -1222,7 +1223,7 @@
 *
 * Comment this macro to disable support for truncated HMAC in SSL
 */
-#define MBEDTLS_SSL_TRUNCATED_HMAC
+//#define MBEDTLS_SSL_TRUNCATED_HMAC

 /**
 * \def MBEDTLS_THREADING_ALT
@@ -1257,7 +1258,7 @@
 *
 * Comment this to disable run-time checking and save ROM space
 */
-#define MBEDTLS_VERSION_FEATURES
+//#define MBEDTLS_VERSION_FEATURES

 /**
 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@@ -1293,7 +1294,7 @@
 *
 * Comment to skip keyUsage checking for both CA and leaf certificates.
 */
-#define MBEDTLS_X509_CHECK_KEY_USAGE
+//#define MBEDTLS_X509_CHECK_KEY_USAGE

 /**
 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@@ -1306,7 +1307,7 @@
 *
 * Comment to skip extendedKeyUsage checking for certificates.
 */
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE

 /**
 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
@@ -1316,7 +1317,7 @@
 *
 * Comment this macro to disallow using RSASSA-PSS in certificates.
 */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT

 /**
 * \def MBEDTLS_ZLIB_SUPPORT
@@ -1458,7 +1459,7 @@
 *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
 */
-#define MBEDTLS_ARC4_C
+//#define MBEDTLS_ARC4_C

 /**
 * \def MBEDTLS_ASN1_PARSE_C
@@ -1523,7 +1524,7 @@
 *
 * Module:  library/blowfish.c
 */
-#define MBEDTLS_BLOWFISH_C
+//#define MBEDTLS_BLOWFISH_C

 /**
 * \def MBEDTLS_CAMELLIA_C
@@ -1578,7 +1579,7 @@
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
 */
-#define MBEDTLS_CAMELLIA_C
+//#define MBEDTLS_CAMELLIA_C

 /**
 * \def MBEDTLS_CCM_C
@@ -1592,7 +1593,7 @@
 * This module enables the AES-CCM ciphersuites, if other requisites are
 * enabled as well.
 */
-#define MBEDTLS_CCM_C
+//#define MBEDTLS_CCM_C

 /**
 * \def MBEDTLS_CERTS_C
@@ -1604,7 +1605,7 @@
 *
 * This module is used for testing (ssl_client/server).
 */
-#define MBEDTLS_CERTS_C
+//#define MBEDTLS_CERTS_C

 /**
 * \def MBEDTLS_CIPHER_C
@@ -1644,7 +1645,7 @@
 *
 * This module provides debugging functions.
 */
-#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_DEBUG_C

 /**
 * \def MBEDTLS_DES_C
@@ -1670,7 +1671,7 @@
 *
 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
 */
-#define MBEDTLS_DES_C
+//#define MBEDTLS_DES_C

 /**
 * \def MBEDTLS_DHM_C
@@ -1684,7 +1685,7 @@
 * This module is used by the following key exchanges:
 *      DHE-RSA, DHE-PSK
 */
-#define MBEDTLS_DHM_C
+//#define MBEDTLS_DHM_C

 /**
 * \def MBEDTLS_ECDH_C
@@ -1700,7 +1701,7 @@
 *
 * Requires: MBEDTLS_ECP_C
 */
-#define MBEDTLS_ECDH_C
+//#define MBEDTLS_ECDH_C

 /**
 * \def MBEDTLS_ECDSA_C
@@ -1715,7 +1716,7 @@
 *
 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
 */
-#define MBEDTLS_ECDSA_C
+//#define MBEDTLS_ECDSA_C

 /**
 * \def MBEDTLS_ECJPAKE_C
@@ -1748,7 +1749,7 @@
 *
 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
 */
-#define MBEDTLS_ECP_C
+//#define MBEDTLS_ECP_C

 /**
 * \def MBEDTLS_ENTROPY_C
@@ -1774,7 +1775,7 @@
 *
 * This module enables mbedtls_strerror().
 */
-#define MBEDTLS_ERROR_C
+//#define MBEDTLS_ERROR_C

 /**
 * \def MBEDTLS_GCM_C
@@ -1788,7 +1789,7 @@
 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
 * requisites are enabled as well.
 */
-#define MBEDTLS_GCM_C
+//#define MBEDTLS_GCM_C	//764 Byte

 /**
 * \def MBEDTLS_HAVEGE_C
@@ -1825,7 +1826,7 @@
 *
 * Uncomment to enable the HMAC_DRBG random number geerator.
 */
-#define MBEDTLS_HMAC_DRBG_C
+//#define MBEDTLS_HMAC_DRBG_C

 /**
 * \def MBEDTLS_MD_C
@@ -1940,7 +1941,7 @@
 *
 * This modules adds support for the VIA PadLock on x86.
 */
-#define MBEDTLS_PADLOCK_C
+//#define MBEDTLS_PADLOCK_C

 /**
 * \def MBEDTLS_PEM_PARSE_C
@@ -2032,7 +2033,7 @@
 *
 * This module adds support for the PKCS#5 functions.
 */
-#define MBEDTLS_PKCS5_C
+//#define MBEDTLS_PKCS5_C

 /**
 * \def MBEDTLS_PKCS11_C
@@ -2063,7 +2064,7 @@
 *
 * This module enables PKCS#12 functions.
 */
-#define MBEDTLS_PKCS12_C
+//#define MBEDTLS_PKCS12_C

 /**
 * \def MBEDTLS_PLATFORM_C
@@ -2083,7 +2084,7 @@
 *
 * This module enables abstraction of common (libc) functions.
 */
-#define MBEDTLS_PLATFORM_C
+//#define MBEDTLS_PLATFORM_C

 /**
 * \def MBEDTLS_RIPEMD160_C
@@ -2094,7 +2095,7 @@
 * Caller:  library/mbedtls_md.c
 *
 */
-#define MBEDTLS_RIPEMD160_C
+//#define MBEDTLS_RIPEMD160_C

 /**
 * \def MBEDTLS_RSA_C
@@ -2172,7 +2173,7 @@
 *
 * Requires: MBEDTLS_SSL_CACHE_C
 */
-#define MBEDTLS_SSL_CACHE_C
+//#define MBEDTLS_SSL_CACHE_C

 /**
 * \def MBEDTLS_SSL_COOKIE_C
@@ -2182,7 +2183,7 @@
 * Module:  library/ssl_cookie.c
 * Caller:
 */
-#define MBEDTLS_SSL_COOKIE_C
+//#define MBEDTLS_SSL_COOKIE_C

 /**
 * \def MBEDTLS_SSL_TICKET_C
@@ -2194,7 +2195,7 @@
 *
 * Requires: MBEDTLS_CIPHER_C
 */
-#define MBEDTLS_SSL_TICKET_C
+//#define MBEDTLS_SSL_TICKET_C

 /**
 * \def MBEDTLS_SSL_CLI_C
@@ -2465,7 +2466,8 @@
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */

 /* SSL options */
-//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+extern unsigned int max_content_len;
+#define MBEDTLS_SSL_MAX_CONTENT_LEN             max_content_len /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
--- a/components/mbedtls/include/mbedtls/sha1.h
+++ b/components/mbedtls/include/mbedtls/sha1.h
@@ -106,7 +106,17 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6
 #endif

 #else  /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
+#include "port/sha1_alt.h"
+
+typedef SHA1_CTX mbedtls_sha1_context;
+
+#define mbedtls_sha1_init   sha1_init
+#define mbedtls_sha1_starts sha1_starts
+#define mbedtls_sha1_clone  sha1_clone
+#define mbedtls_sha1_update sha1_update
+#define mbedtls_sha1_finish sha1_finish
+#define mbedtls_sha1_free   sha1_free
+#define mbedtls_sha1_process sha1_process
 #endif /* MBEDTLS_SHA1_ALT */

 #ifdef __cplusplus
--- a/components/mbedtls/include/mbedtls/sha256.h
+++ b/components/mbedtls/include/mbedtls/sha256.h
@@ -109,7 +109,17 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da
 #endif

 #else  /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
+#include "port/sha256_alt.h"
+
+typedef SHA256_CTX mbedtls_sha256_context;
+
+#define mbedtls_sha256_init   sha256_init
+#define mbedtls_sha256_clone  sha256_clone
+#define mbedtls_sha256_starts sha256_starts
+#define mbedtls_sha256_update sha256_update
+#define mbedtls_sha256_finish sha256_finish
+#define mbedtls_sha256_free   sha256_free
+#define mbedtls_sha256_process sha256_process
 #endif /* MBEDTLS_SHA256_ALT */

 #ifdef __cplusplus
--- a/components/mbedtls/include/mbedtls/sha512.h
+++ b/components/mbedtls/include/mbedtls/sha512.h
@@ -106,7 +106,17 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64
 #endif

 #else  /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
+#include "port/sha512_alt.h"
+
+typedef SHA512_CTX	mbedtls_sha512_context;
+
+#define mbedtls_sha512_init   sha512_init
+#define mbedtls_sha512_clone  sha512_clone
+#define mbedtls_sha512_starts sha512_starts
+#define mbedtls_sha512_update sha512_update
+#define mbedtls_sha512_finish sha512_finish
+#define mbedtls_sha512_free   sha512_free
+
 #endif /* MBEDTLS_SHA512_ALT */

 #ifdef __cplusplus