From 8cbfb18037b8ac166cb3d6a5e32b8018c319265f Mon Sep 17 00:00:00 2001
From: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Date: Mon, 21 Feb 2022 03:14:25 +0530
Subject: [PATCH] mbedtls-3.x: Update Kconfig macros

---
 components/mbedtls/Kconfig                    | 19 ++++----
 .../mbedtls/port/include/mbedtls/esp_config.h | 45 +++++++++++++++++++
 2 files changed, 56 insertions(+), 8 deletions(-)

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 5e3dc50da5..a63a62e5f9 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -114,13 +114,6 @@ menu "mbedTLS"
             "MBEDTLS_SSL_IN_CONTENT_LEN", so to save more heap, users can set
             the options to be an appropriate value.
 
-    config MBEDTLS_DYNAMIC_FREE_PEER_CERT
-        bool "Free SSL peer certificate after its usage"
-        default n
-        depends on MBEDTLS_DYNAMIC_BUFFER
-        help
-            Free peer certificate after its usage in handshake process.
-
     config MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
         bool "Free private key and DHM data after its usage"
         default n
@@ -178,7 +171,17 @@ menu "mbedTLS"
         default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG
         default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE
 
-    menu "mbedTLS v2.28.x related"
+    menu "mbedTLS v3.x related"
+
+        config MBEDTLS_SSL_PROTO_TLS1_3
+            bool "Support TLS 1.3 protocol"
+            depends on MBEDTLS_TLS_ENABLED
+            default n
+
+        config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+            bool "Enable TLS 1.3 middlebox compatibility mode"
+            depends on MBEDTLS_SSL_PROTO_TLS1_3
+            default y
 
         config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
             bool "Variable SSL buffer length"
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index 90d2d7c211..89bcd93972 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -1135,6 +1135,51 @@
 #undef MBEDTLS_SSL_PROTO_TLS1_2
 #endif
 
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_3
+ *
+ * Enable support for TLS 1.3.
+ *
+ * \note The support for TLS 1.3 is not comprehensive yet, in particular
+ *       pre-shared keys are not supported.
+ *       See docs/architecture/tls13-support.md for a description of the TLS
+ *       1.3 support that this option enables.
+ *
+ * Uncomment this macro to enable the support for TLS 1.3.
+ *
+ */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
+#define MBEDTLS_SSL_PROTO_TLS1_3
+#else
+#undef MBEDTLS_SSL_PROTO_TLS1_3
+#endif
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+ *
+ * Enable TLS 1.3 middlebox compatibility mode.
+ *
+ * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
+ * mode to make a TLS 1.3 connection more likely to pass through middle boxes
+ * expecting TLS 1.2 traffic.
+ *
+ * Turning on the compatibility mode comes at the cost of a few added bytes
+ * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
+ * that don't use it. Therefore, unless transmission bandwidth is critical and
+ * you know that middlebox compatibility issues won't occur, it is therefore
+ * recommended to set this option.
+ *
+ * Comment to disable compatibility mode for TLS 1.3. If
+ * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+#else
+#undef MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+#endif
+
 /**
  * \def MBEDTLS_SSL_PROTO_DTLS
  *