diff --git a/.cyignore b/.cyignore
new file mode 100644
index 0000000..c665ecf
--- /dev/null
+++ b/.cyignore
@@ -0,0 +1,42 @@
+docs
+
+../lwip/contrib/addons
+../lwip/contrib/apps
+../lwip/contrib/Coverity
+../lwip/contrib/examples
+../lwip/contrib/ports/unix
+../lwip/contrib/ports/win32
+../lwip/test
+../lwip/doc
+../lwip/src/apps
+../lwip/src/netif/ppp
+../lwip/src/netif/slipif.c
+$(SEARCH_lwip)/contrib/addons
+$(SEARCH_lwip)/contrib/apps
+$(SEARCH_lwip)/contrib/Coverity
+$(SEARCH_lwip)/contrib/examples
+$(SEARCH_lwip)/contrib/ports/unix
+$(SEARCH_lwip)/contrib/ports/win32
+$(SEARCH_lwip)/test
+$(SEARCH_lwip)/doc
+$(SEARCH_lwip)/src/apps
+$(SEARCH_lwip)/src/netif/ppp
+$(SEARCH_lwip)/src/netif/slipif.c
+
+../mbedtls/3rdparty
+../mbedtls/configs
+../mbedtls/programs
+../mbedtls/scripts
+../mbedtls/tests
+../mbedtls/doxygen
+../mbedtls/library/net_sockets.c
+$(SEARCH_mbedtls)/3rdparty
+$(SEARCH_mbedtls)/configs
+$(SEARCH_mbedtls)/programs
+$(SEARCH_mbedtls)/scripts
+$(SEARCH_mbedtls)/tests
+$(SEARCH_mbedtls)/doxygen
+$(SEARCH_mbedtls)/library/net_sockets.c
+
+../mbedtls/library/psa_crypto_driver_wrappers.c
+$(SEARCH_mbedtls)/library/psa_crypto_driver_wrappers.c
diff --git a/EULA.txt b/EULA.txt
new file mode 100644
index 0000000..01d5e58
--- /dev/null
+++ b/EULA.txt
@@ -0,0 +1,211 @@
+CYPRESS (AN INFINEON COMPANY) END USER LICENSE AGREEMENT
+
+PLEASE READ THIS END USER LICENSE AGREEMENT ("Agreement") CAREFULLY BEFORE
+DOWNLOADING, INSTALLING, COPYING, OR USING THIS SOFTWARE AND ACCOMPANYING
+DOCUMENTATION. BY DOWNLOADING, INSTALLING, COPYING OR USING THE SOFTWARE,
+YOU ARE AGREEING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL
+OF THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN AND DO NOT USE THE SOFTWARE.
+IF YOU HAVE PURCHASED THIS LICENSE TO THE SOFTWARE, YOUR RIGHT TO RETURN THE
+SOFTWARE EXPIRES 30 DAYS AFTER YOUR PURCHASE AND APPLIES ONLY TO THE ORIGINAL
+PURCHASER.
+
+1. Definitions.
+
+ "Software" means this software and any accompanying documentation,
+ including any upgrades, updates, bug fixes or modified versions provided
+ to you by Cypress.
+
+ "Source Code" means software in human-readable form.
+
+ "Binary Code" means the software in binary code form such as object code or
+ an executable.
+
+ "Development Tools" means software that is intended to be installed on a
+ personal computer and used to create programming code for Firmware,
+ Drivers, or Host Applications. Examples of Development Tools are
+ Cypress's PSoC Creator software, Cypress's AIROC SDKs, and Cypress's
+ ModusToolbox software.
+
+ "Firmware" means software that executes on a Cypress hardware product.
+
+ "Driver" means software that enables the use of a Cypress hardware product
+ on a particular host operating system such as GNU/Linux, Windows, MacOS,
+ Android, and iOS.
+
+ "Host Application" means software that executes on a device other than a
+ Cypress hardware product in order to program, control, or communicate
+ with a Cypress hardware product.
+
+ "inf File" means a hardware setup information file (.inf file) created by
+ the Software to allow a Microsoft Windows operating system to install
+ the driver for a Cypress hardware product.
+
+2. License. Subject to the terms and conditions of this Agreement, Cypress
+Semiconductor Corporation ("Cypress") and its suppliers grant to you a
+non-exclusive, non-transferable license under their copyright rights:
+
+ a. to use the Development Tools in object code form solely for the purpose
+ of creating Firmware, Drivers, Host Applications, and inf Files for
+ Cypress hardware products; and
+
+ b. (i) if provided in Source Code form, to copy, modify, and compile the
+ Firmware Source Code to create Firmware for execution on a Cypress
+ hardware product, and
+ (ii) to distribute Firmware in binary code form only, only when
+ installed onto a Cypress hardware product; and
+
+ c. (i) if provided in Source Code form, to copy, modify, and compile the
+ Driver Source Code to create one or more Drivers to enable the use
+ of a Cypress hardware product on a particular host operating
+ system, and
+ (ii) to distribute the Driver, in binary code form only, only when
+ installed on a device that includes the Cypress hardware product
+ that the Driver is intended to enable; and
+
+ d. (i) if provided in Source Code form, to copy, modify, and compile the
+ Host Application Source Code to create one or more Host
+ Applications to program, control, or communicate with a Cypress
+ hardware product, and
+ (ii) to distribute Host Applications, in binary code form only, only
+ when installed on a device that includes a Cypress hardware product
+ that the Host Application is intended to program, control, or
+ communicate with; and
+
+ e. to freely distribute any inf File.
+
+Any distribution of Software permitted under this Agreement must be made
+pursuant to your standard end user license agreement used for your proprietary
+(closed source) software products, such end user license agreement to include,
+at a minimum, provisions limiting your licensors' liability and prohibiting
+reverse engineering of the Software, consistent with such provisions in this
+Agreement.
+
+3. Free and Open Source Software. Portions of the Software may be licensed
+under free and/or open source licenses such as the GNU General Public License
+or other licenses from third parties ("Third Party Software"). Third Party
+Software is subject to the applicable license agreement and not this
+Agreement. If you are entitled to receive the source code from Cypress for
+any Third Party Software included with the Software, either the source code
+will be included with the Software or you may obtain the source code at no
+charge from
+.
+The applicable license terms will accompany each source code package. To
+review the license terms applicable to any Third Party Software for which
+Cypress is not required to provide you with source code, please see the
+Software's installation directory on your computer.
+
+4. Proprietary Rights; Ownership. The Software, including all intellectual
+property rights therein, is and will remain the sole and exclusive property of
+Cypress or its suppliers. Cypress retains ownership of the Source Code and
+any compiled version thereof. Subject to Cypress' ownership of the underlying
+Software (including Source Code), you retain ownership of any modifications
+you make to the Source Code. You agree not to remove any Cypress copyright or
+other notices from the Source Code and any modifications thereof. You agree
+to keep the Source Code confidential. Any reproduction, modification,
+translation, compilation, or representation of the Source Code except as
+permitted in Section 2 ("License") is prohibited without the express written
+permission of Cypress. Except as otherwise expressly provided in this
+Agreement, you may not:
+ (i) modify, adapt, or create derivative works based upon the Software;
+ (ii) copy the Software;
+ (iii) except and only to the extent explicitly permitted by applicable
+ law despite this limitation, decompile, translate, reverse engineer,
+ disassemble or otherwise reduce the Software to human-readable form;
+ or
+ (iv) use the Software or any sample code other than for the Purpose.
+You hereby covenant that you will not assert any claim that the Software, or
+derivative works thereof created by or for Cypress, infringe any intellectual
+property right owned or controlled by you
+
+5. No Support. Cypress may, but is not required to, provide technical support
+for the Software.
+
+6. Term and Termination. This Agreement is effective until terminated, and
+either party may terminate this Agreement at any time with or without cause.
+This Agreement and your license rights under this Agreement will terminate
+immediately without notice from Cypress if you fail to comply with any
+provision of this Agreement. Upon termination, you must destroy all copies of
+Software in your possession or control. The following paragraphs shall
+survive any termination of this Agreement: "Free and Open Source Software,"
+"Proprietary Rights; Ownership," "Compliance With Law," "Disclaimer,"
+"Limitation of Liability," and "General."
+
+7. Compliance With Law. Each party agrees to comply with all applicable laws,
+rules and regulations in connection with its activities under this Agreement.
+Without limiting the foregoing, the Software may be subject to export control
+laws and regulations of the United States and other countries. You agree to
+comply strictly with all such laws and regulations and acknowledge that you
+have the responsibility to obtain licenses to export, re-export, or import the
+Software.
+
+8. Disclaimer. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CYPRESS
+MAKES NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THE
+SOFTWARE, INCLUDING, BUT NOT LIMITED TO, INFRINGEMENT AND THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Cypress
+reserves the right to make changes to the Software without notice. Cypress
+does not assume any liability arising out of the application or use of
+Software or any product or circuit described in the Software. It is the
+responsibility of the user of the Software to properly design, program, and
+test the functionality and safety of any application made of the Software and
+any resulting product. Cypress does not authorize its Software or products
+for use in any products where a malfunction or failure of the Software or
+Cypress product may reasonably be expected to result in significant property
+damage, injury or death ("High Risk Product"). If you include any Software or
+Cypress product in a High Risk Product, you assume all risk of such use and
+agree to indemnify Cypress and its suppliers against all liability. No
+computing device can be absolutely secure. Therefore, despite security
+measures implemented in Cypress hardware or software products, Cypress does
+not assume any liability arising out of any security breach, such as
+unauthorized access to or use of a Cypress product.
+
+9. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
+LAW, IN NO EVENT WILL CYPRESS OR ITS SUPPLIERS, RESELLERS, OR DISTRIBUTORS BE
+LIABLE FOR ANY LOST REVENUE, PROFIT, OR DATA, OR FOR SPECIAL, INDIRECT,
+CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS
+OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR
+INABILITY TO USE THE SOFTWARE EVEN IF CYPRESS OR ITS SUPPLIERS, RESELLERS, OR
+DISTRIBUTORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO
+EVENT SHALL CYPRESS' OR ITS SUPPLIERS', RESELLERS', OR DISTRIBUTORS' TOTAL
+LIABILITY TO YOU, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR
+OTHERWISE, EXCEED THE GREATER OF US$500 OR THE PRICE PAID BY YOU FOR THE
+SOFTWARE. THE FOREGOING LIMITATIONS SHALL APPLY EVEN IF THE ABOVE-STATED
+WARRANTY FAILS OF ITS ESSENTIAL PURPOSE. BECAUSE SOME STATES OR JURISDICTIONS
+DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES,
+ALL OR PORTIONS OF THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
+
+10. Restricted Rights. The Software is commercial computer software as that
+term is described in 48 C.F.R. 252.227-7014(a)(1). If the Software is being
+acquired by or on behalf of the U.S. Government or by a U.S. Government prime
+contractor or subcontractor (at any tier), then the Government's rights in
+Software shall be only those set forth in this Agreement.
+
+11. Personal Information. You agree that information you provide through your
+registration on Cypress IoT Community Forum or other Cypress websites,
+including contact information or other personal information, may be collected
+and used by Cypress consistent with its Data Privacy Policy
+(https://www.infineon.com/cms/en/about-infineon/privacy-policy/), as updated
+or revised from time to time, and may be provided to its third party sales
+representatives, distributors and other entities conducting sales activities
+for Cypress for sales-related and other business purposes.
+
+12. General. This Agreement will bind and inure to the benefit of each
+party's successors and assigns, provided that you may not assign or transfer
+this Agreement, in whole or in part, without Cypress' written consent. This
+Agreement shall be governed by and construed in accordance with the laws of
+the State of California, United States of America, as if performed wholly
+within the state and without giving effect to the principles of conflict of
+law. The parties consent to personal and exclusive jurisdiction of and venue
+in, the state and federal courts within Santa Clara County, California;
+provided however, that nothing in this Agreement will limit Cypress' right to
+bring legal action in any venue in order to protect or enforce its
+intellectual property rights. No failure of either party to exercise or
+enforce any of its rights under this Agreement will act as a waiver of such
+rights. If any portion of this Agreement is found to be void or
+unenforceable, the remaining provisions of this Agreement shall remain in full
+force and effect. This Agreement is the complete and exclusive agreement
+between the parties with respect to the subject matter hereof, superseding and
+replacing any and all prior agreements, communications, and understandings
+(both written and oral) regarding such subject matter. Any notice to Cypress
+will be deemed effective when actually received and must be sent to Cypress
+Semiconductor Corporation, ATTN: Chief Legal Officer, 198 Champion Court, San
+Jose, CA 95134 USA.
diff --git a/README.md b/README.md
index e6bc635..6cf3141 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,115 @@
-# ethernet-core-freertos-lwip-mbedtls
+# Ethernet Core FreeRTOS lwIP mbedtls library
+
+This repo comprises core components needed for ethernet connectivity support. The library bundles FreeRTOS, lwIP TCP/IP stack, mbed TLS for security, ethernet connection manager (ECM), secure sockets interface, connectivity utilities and configuration files.
+
+## Features and functionality
+
+This library provides the configuration files for lwIP network stack and mbedTLS security stack. It also includes following libraries as dependees in the ModusToolbox™ manifest system. Using ModusToolbox™ manifest system the dependees are automatically pulled when an application uses this library in ModusToolbox™ environment.
+
+- **FreeRTOS for Infineon MCUs:** FreeRTOS kernel, distributed as standard C source files with the configuration header file, for use with the Infineon MCUs. See the
+[README](https://github.com/Infineon/freertos/blob/master/README.md) for details.
+
+- **CLib FreeRTOS support library:** This library provides the necessary hooks to make C library functions such as malloc and free thread-safe. This implementation is specific to FreeRTOS; this library is required for building your application. See the [CLib FreeRTOS support library](https://github.com/Infineon/clib-support) web site for details.
+
+- **lwIP:** A lightweight open-source TCP/IP stack, version: 2.1.2. See the [lwIP](https://savannah.nongnu.org/projects/lwip/) web site for details.
+
+ **Note:** Using this library in a project will cause lwIP to be downloaded on your computer. It is your responsibility to understand and accept the lwIP license.
+
+- **lwIP FreeRTOS Integration Library:** This repo contains the FreeRTOS dependencies required by the lwIP stack. See [lwIP FreeRTOS Integration Library](https://github.com/Infineon/lwip-freertos-integration) for details.
+
+- **lwIP Network Interface Integration Library:** This library is an integration layer that links the lwIP network stack with the underlying ethernet driver. See [lwIP Network Interface Integration Library](https://github.com/Infineon/lwip-network-interface-integration) for details.
+
+- **mbed TLS:** An open-source, portable, easy-to-use, readable and flexible SSL library that has cryptographic capabilities, version: 2.25.0. See the [mbed TLS](https://tls.mbed.org/) web site for details.
+
+ **Note:** Using this library in a project will cause mbed TLS to be downloaded on your computer. It is your responsibility to understand and accept the mbed TLS license and regional use restrictions (including abiding by all applicable export control laws).
+
+- **RTOS Abstraction Layer:** The RTOS abstraction APIs allow the middleware to be written to be RTOS-aware, but without depending on any particular RTOS. See [RTOS Abstraction Layer](https://github.com/Infineon/abstraction-rtos) repository for details.
+
+- **Ethernet Connection Manager (ECM):** ECM can be used to establish and monitor ethernet connections on Infineon platforms that support Ethernet connectivity. See the [Ethernet Connection Manager](https://github.com/Infineon/ethernet-connection-manager) repository for details.
+
+- **Secure Sockets:** Network abstraction APIs for the underlying lwIP network stack and mbed TLS security library. The secure sockets library eases application development by exposing a socket-like interface for both secure and non-secure socket communication. See the [Secure Sockets](https://github.com/Infineon/secure-sockets) repository for details.
+
+- **Connectivity Utilities:** The connectivity utilities library is a collection of general purpose middleware utilities. See the [Connectivity Utilities](https://github.com/Infineon/connectivity-utilities) repository for details.
+
+- **Predefined configuration files:** For FreeRTOS, lwIP, and mbed TLS for typical embedded IoT use cases. See **Quick Start** section for details.
+
+## Supported platforms
+
+This library and its features are supported on the following platforms:
+
+- [XMC7200D-E272K8384 kit (KIT-XMC72-EVK)](https://www.infineon.com/KIT_XMC72_EVK)
+
+## Quick start
+
+A set of pre-defined configuration files have been bundled with this library for lwIP, and mbed TLS. These files are located in the configs folder.
+
+You should do the following:
+
+1. Copy *lwipopts.h*, and *mbedtls_user_config.h* files from the *configs* directory to the top-level code example directory in the project.
+
+2. Configure the `MBEDTLS_USER_CONFIG_FILE` C macro to mbedtls_user_config.h in the Makefile to provide the user configuration to the mbed TLS library. The Makefile entry should look like as follows:
+
+ ```
+ DEFINES+=MBEDTLS_USER_CONFIG_FILE='"mbedtls_user_config.h"'
+ ```
+
+3. [Ethernet Connection Manager (ECM)](https://github.com/Infineon/ethernet-connection-manager) by default does the pin configuration for ETH1 interface on KIT-XMC72-EVK kit. If user wants to use ETH0 interface on KIT-XMC72-EVK kit or use any other kit, then he needs to provide the pin configuration. To do that user needs to copy *cy_eth_user_config.h* from *ethernet-connection-manager/configs* directory to the root directory of the application and modify it with required pin configurations for the platform/interface to be used.
+
+4. Add the `CYBSP_ETHERNET_CAPABLE` build configuration to enable the ethernet functionality. The Makefile entry should look like as follows:
+
+ ```
+ DEFINES+=CYBSP_ETHERNET_CAPABLE
+ ```
+
+5. Add the `CY_RTOS_AWARE` build configuration to inform the HAL that an RTOS environment is being used. The Makefile entry should look like as follows:
+
+ ```
+ DEFINES+=CY_RTOS_AWARE
+ ```
+
+6. If your application uses automatic private IP addressing (Auto IP), enable `LWIP_AUTOIP` and `LWIP_DHCP_AUTOIP_COOP` in *lwipopts.h* like as follows:
+
+ ```
+ #define AUTOIP 1
+ #define LWIP_DHCP_AUTOIP_COOP 1
+ ```
+
+7. Add the following to `COMPONENTS` in the code example project's Makefile: `FREERTOS`, `LWIP`, and `MBEDTLS`.
+
+ For example:
+
+ ```
+ COMPONENTS=FREERTOS LWIP MBEDTLS
+ ```
+8. All the log messages are disabled by default. Do the following to enable log messages:
+
+ 1. Add the `ENABLE_CONNECTIVITY_MIDDLEWARE_LOGS` macro to the *DEFINES* in the code example's Makefile to enable logs for lwIP network interface integration library. The Makefile entry should look like as follows:
+ ```
+ DEFINES+=ENABLE_CONNECTIVITY_MIDDLEWARE_LOGS
+ ```
+
+ 2. Add the `ENABLE_ECM_LOGS` macro to the *DEFINES* in the code example's Makefile to enable logs for ethernet connection manager library. The Makefile entry should look like as follows:
+ ```
+ DEFINES+=ENABLE_ECM_LOGS
+ ```
+
+ 3. Add the `ENABLE_SECURE_SOCKETS_LOGS` macro to the *DEFINES* in the code example's Makefile to enable logs for secure sockets library. The Makefile entry should look like as follows:
+ ```
+ DEFINES+=ENABLE_SECURE_SOCKETS_LOGS
+ ```
+
+ 4. Call the `cy_log_init()` function provided by the *cy-log* module. cy-log is part of the *connectivity-utilities* library. See [connectivity-utilities library API documentation](https://cypresssemiconductorco.github.io/connectivity-utilities/api_reference_manual/html/group__logging__utils.html) for cy-log details.
+
+Secure sockets, lwIP, and mbed TLS libraries contain reference and test applications. To ensure that these applications do not conflict with the code examples, a *.cyignore* file is also included with this library.
+
+## Additional information
+
+- [Ethernet Core FreeRTOS lwIP mbedtls RELEASE.md](./RELEASE.md)
+
+- [Connectivity Utilities API documentation - for cy-log details](https://Infineon.github.io/connectivity-utilities/api_reference_manual/html/group__logging__utils.html)
+
+- [ModusToolbox™ software environment, quick start guide, documentation, and videos](https://www.cypress.com/products/modustoolbox-software-environment)
+
+- [Ethernet Core FreeRTOS lwIP mbedtls version](./version.xml)
+
+- [ModusToolbox™ cloud connectivity code examples](https://github.com/Infineon?q=mtb-example-anycloud%20NOT%20Deprecated)
diff --git a/RELEASE.md b/RELEASE.md
new file mode 100644
index 0000000..cb75026
--- /dev/null
+++ b/RELEASE.md
@@ -0,0 +1,31 @@
+# Ethernet Core FreeRTOS lwIP mbedtls library
+
+## What's included?
+
+See the [README.md](./README.md) for a complete description of the [Ethernet Core FreeRTOS lwIP mbedtls](https://github.com/Infineon/ethernet-core-freertos-lwip-mbedtls) library.
+
+## Known issues
+| Problem | Workaround |
+| ------- | ---------- |
+| IAR 9.30 toolchain throws build errors on Debug mode, if application explicitly includes iar_dlmalloc.h file | Add '--advance-heap' to LDFLAGS in application Makefile. |
+
+## Changelog
+
+### v1.0.0
+
+- Initial release for Ethernet Core FreeRTOS lwIP mbedtls library
+- Support for ethernet on connectivity middleware framework
+
+### Supported software and tools
+
+This version of the library was validated for compatibility with the following software and tools:
+
+| Software and tools | Version |
+| :--- | :----: |
+| ModusToolbox™ software environment | 3.0 |
+| ModusToolbox™ Device Configurator | 4.0 |
+| ModusToolbox™ CAPSENSE™ Configurator / Tuner tools | 5.0 |
+| Peripheral Driver Library (PDL) | 3.0.0 |
+| GCC Compiler | 10.3.1 |
+| IAR Compiler | 9.30 |
+| Arm® Compiler 6 | 6.16 |
diff --git a/configs/lwipopts.h b/configs/lwipopts.h
new file mode 100644
index 0000000..ea20bfa
--- /dev/null
+++ b/configs/lwipopts.h
@@ -0,0 +1,281 @@
+/*
+ * Copyright (c) 2001-2003 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Simon Goldschmidt
+ *
+ */
+#pragma once
+
+#define MEM_ALIGNMENT (4)
+
+#define LWIP_RAW (1)
+
+//
+// Enable IPV4 networking
+//
+#define LWIP_IPV4 (1)
+
+/**
+ * LWIP_AUTOIP==1: Enable AUTOIP module.
+ */
+// #define LWIP_AUTOIP (1)
+
+/**
+ * LWIP_DHCP_AUTOIP_COOP==1: Allow DHCP and AUTOIP to be both enabled on
+ * the same interface at the same time.
+ */
+// #define LWIP_DHCP_AUTOIP_COOP (1)
+
+//
+// Enable IPV6 networking
+//
+#define LWIP_IPV6 (1)
+
+#define LWIP_SUPPORT_CUSTOM_PBUF (1)
+
+#define ETHARP_SUPPORT_STATIC_ENTRIES (1)
+
+//
+// Enable IPV4 networking
+//
+#define LWIP_ICMP (1)
+#define LWIP_TCP (1)
+#define LWIP_UDP (1)
+#define LWIP_IGMP (1)
+
+//
+// Use malloc to allocate any memory blocks instead of the
+// malloc that is part of LWIP
+//
+#define MEM_LIBC_MALLOC (1)
+
+//
+// The standard library does not provide errno, use the one
+// from LWIP.
+//
+#define LWIP_PROVIDE_ERRNO (1)
+
+#if defined(__GNUC__) && !defined(__ARMCC_VERSION)
+//
+// Use the timeval from the GCC library, not the one
+// from LWIP
+//
+#define LWIP_TIMEVAL_PRIVATE (0)
+#endif
+
+//
+// Make sure DHCP is part of the stack
+//
+#define LWIP_DHCP (1)
+
+//
+// Enable LwIP send timeout
+//
+#define LWIP_SO_SNDTIMEO (1)
+
+//
+// Enable LwIP receive timeout
+//
+#define LWIP_SO_RCVTIMEO (1)
+
+//
+// Enable SO_REUSEADDR option
+//
+#define SO_REUSE (1)
+
+//
+// Enable TCP Keep-alive
+//
+#define LWIP_TCP_KEEPALIVE (1)
+
+//
+// The amount of space to leave before the packet when allocating a pbuf. Needs to
+// be enough for the link layer data and the ETH header
+//
+#define ETH_PAD_SIZE (0)
+#define PBUF_LINK_HLEN (14 + ETH_PAD_SIZE)
+
+//
+// TCP Maximum segment size
+//
+
+#define TCP_MSS (1460)
+
+#define LWIP_CHECKSUM_CTRL_PER_NETIF 1
+#define CHECKSUM_GEN_IP 1
+#define CHECKSUM_GEN_UDP 1
+#define CHECKSUM_GEN_TCP 1
+#define CHECKSUM_GEN_ICMP 1
+#define CHECKSUM_GEN_ICMP6 1
+#define CHECKSUM_CHECK_IP 1
+#define CHECKSUM_CHECK_UDP 1
+#define CHECKSUM_CHECK_TCP 1
+#define CHECKSUM_CHECK_ICMP 1
+#define CHECKSUM_CHECK_ICMP6 1
+#define LWIP_CHECKSUM_ON_COPY 1
+
+//
+// Enable the thread safe NETCONN interface layer
+//
+#define LWIP_NETCONN (1)
+
+/**
+ * TCP_SND_BUF: TCP sender buffer space (bytes).
+ * To achieve good performance, this should be at least 2 * TCP_MSS.
+ */
+#define TCP_SND_BUF (4 * TCP_MSS)
+
+#define TCP_WND (4 * TCP_MSS)
+
+/**
+ * TCP_SND_QUEUELEN: TCP sender buffer space (pbufs). This must be at least
+ * as much as (2 * TCP_SND_BUF/TCP_MSS) for things to work.
+ */
+#define TCP_SND_QUEUELEN ((6 * (TCP_SND_BUF) + (TCP_MSS - 1))/(TCP_MSS))
+
+
+//
+// Taken from WICED to speed things up
+//
+#define DHCP_DOES_ARP_CHECK (0)
+
+//
+// Light weight protection for things that may be clobbered by interrupts
+//
+#define SYS_LIGHTWEIGHT_PROT (1)
+#define LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT (1)
+
+#define LWIP_SO_RCVBUF (128)
+
+#define LWIP_SOCKET (1)
+#define LWIP_NETCONN (1)
+#define DEFAULT_TCP_RECVMBOX_SIZE (12)
+#define TCPIP_MBOX_SIZE (16)
+#define TCPIP_THREAD_STACKSIZE (4*1024)
+#define TCPIP_THREAD_PRIO (4)
+#define DEFAULT_RAW_RECVMBOX_SIZE (12)
+#define DEFAULT_UDP_RECVMBOX_SIZE (12)
+#define DEFAULT_ACCEPTMBOX_SIZE (8)
+
+/**
+ * MEMP_NUM_UDP_PCB: the number of UDP protocol control blocks. One
+ * per active UDP "connection".
+ * (requires the LWIP_UDP option)
+ */
+#define MEMP_NUM_UDP_PCB 8
+
+/**
+ * MEMP_NUM_TCP_PCB: the number of simultaneously active TCP connections.
+ * (requires the LWIP_TCP option)
+ */
+#define MEMP_NUM_TCP_PCB 8
+
+/**
+ * MEMP_NUM_TCP_PCB_LISTEN: the number of listening TCP connections.
+ * (requires the LWIP_TCP option)
+ */
+#define MEMP_NUM_TCP_PCB_LISTEN 1
+
+/**
+ * MEMP_NUM_TCP_SEG: the number of simultaneously queued TCP segments.
+ * (requires the LWIP_TCP option)
+ */
+#define MEMP_NUM_TCP_SEG 27
+
+/**
+ * MEMP_NUM_SYS_TIMEOUT: the number of simultaneously active timeouts.
+ */
+#define MEMP_NUM_SYS_TIMEOUT 12
+
+/**
+ * PBUF_POOL_SIZE: the number of buffers in the pbuf pool.
+ */
+#define PBUF_POOL_SIZE 10
+
+/**
+ * MEMP_NUM_NETBUF: the number of struct netbufs.
+ * (only needed if you use the sequential API, like api_lib.c)
+ */
+#define MEMP_NUM_NETBUF 8
+
+/**
+ * MEMP_NUM_NETCONN: the number of struct netconns.
+ * (only needed if you use the sequential API, like api_lib.c)
+ */
+#define MEMP_NUM_NETCONN 16
+
+
+/* Turn off LWIP_STATS in Release build */
+#ifdef DEBUG
+#define LWIP_STATS 1
+#else
+#define LWIP_STATS 0
+#endif
+
+/**
+ * LWIP_TCPIP_CORE_LOCKING
+ * Creates a global mutex that is held during TCPIP thread operations.
+ * Can be locked by client code to perform lwIP operations without changing
+ * into TCPIP thread using callbacks. See LOCK_TCPIP_CORE() and
+ * UNLOCK_TCPIP_CORE().
+ * Your system should provide mutexes supporting priority inversion to use this.
+ */
+#define LWIP_TCPIP_CORE_LOCKING 1
+
+/**
+ * LWIP_TCPIP_CORE_LOCKING_INPUT: when LWIP_TCPIP_CORE_LOCKING is enabled,
+ * this lets tcpip_input() grab the mutex for input packets as well,
+ * instead of allocating a message and passing it to tcpip_thread.
+ *
+ * ATTENTION: this does not work when tcpip_input() is called from
+ * interrupt context!
+ */
+#define LWIP_TCPIP_CORE_LOCKING_INPUT 1
+
+/**
+ * LWIP_NETIF_API==1: Support netif api (in netifapi.c)
+ */
+#define LWIP_NETIF_API 1
+
+#define LWIP_DNS (1)
+
+#define LWIP_NETIF_TX_SINGLE_PBUF (1)
+
+#define LWIP_RAND rand
+
+#define LWIP_FREERTOS_CHECK_CORE_LOCKING (1)
+
+#define LWIP_ASSERT_CORE_LOCKED() sys_check_core_locking()
+
+#define LWIP_NETIF_STATUS_CALLBACK (1)
+#define LWIP_NETIF_LINK_CALLBACK (1)
+#define LWIP_NETIF_REMOVE_CALLBACK (1)
+
+#define LWIP_CHKSUM_ALGORITHM (3)
+
+extern void sys_check_core_locking() ;
diff --git a/configs/mbedtls_user_config.h b/configs/mbedtls_user_config.h
new file mode 100644
index 0000000..36c7c32
--- /dev/null
+++ b/configs/mbedtls_user_config.h
@@ -0,0 +1,800 @@
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+/*
+ * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_USER_CONFIG_HEADER
+#define MBEDTLS_USER_CONFIG_HEADER
+
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h, time(), and an implementation for
+ * mbedtls_platform_gmtime_r() (see below).
+ * The time needs to be correct (not necessarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ *
+ * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
+ * behaves similarly to the gmtime_r() function from the C standard. Refer to
+ * the documentation for mbedtls_platform_gmtime_r() for more information.
+ *
+ * \note It is possible to configure an implementation for
+ * mbedtls_platform_gmtime_r() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_R_ALT.
+ */
+#undef MBEDTLS_HAVE_TIME_DATE
+
+
+/**
+ * \def MBEDTLS_PLATFORM_EXIT_ALT
+ *
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * function in the platform abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+#define MBEDTLS_PLATFORM_TIME_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
+//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+/**
+ * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ *
+ * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
+ * module. By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#undef MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#undef MBEDTLS_ECP_DP_SECP224R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#undef MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#undef MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#undef MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#undef MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#undef MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#undef MBEDTLS_ECP_DP_BP256R1_ENABLED
+#undef MBEDTLS_ECP_DP_BP384R1_ENABLED
+#undef MBEDTLS_ECP_DP_BP512R1_ENABLED
+//#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#undef MBEDTLS_ECP_DP_CURVE448_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#undef MBEDTLS_PK_PARSE_EC_EXTENDED
+
+
+#undef MBEDTLS_FS_IO
+
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#undef MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#undef MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Enable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ *
+ * \note Even if this option is disabled, both client and server are aware
+ * of the Renegotiation Indication Extension (RFC 5746) used to
+ * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
+ * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
+ * configuration of this extension).
+ *
+ */
+#undef MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ * MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#undef MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ * MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+#undef MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ * or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#undef MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ * MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintenance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#undef MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_EXPORT_KEYS
+ *
+ * Enable support for exporting key block and master secret.
+ * This is required for certain users of TLS, e.g. EAP-TLS.
+ *
+ * Comment this macro to disable support for key export
+ */
+#undef MBEDTLS_SSL_EXPORT_KEYS
+
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#undef MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#undef MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module: library/aesni.c
+ * Caller: library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+#undef MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module: library/net_sockets.c
+ *
+ * This module provides networking routines.
+ */
+#undef MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module: library/ssl_cookie.c
+ * Caller:
+ */
+#undef MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module: library/timing.c
+ * Caller: library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#undef MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module: library/x509_crl.c
+ * Caller: library/x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#undef MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module: library/x509_csr.c
+ * Caller: library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#undef MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module: library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#undef MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module: library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#undef MBEDTLS_X509_CSR_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module: library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#undef MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module: library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#undef MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module: library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#undef MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module: library/padlock.c
+ * Caller: library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#undef MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module: library/ripemd160.c
+ * Caller: library/md.c
+ *
+ */
+#undef MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#undef MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module: library/arc4.c
+ * Caller: library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. If possible, we recommend avoidng dependencies on
+ * it, and considering stronger ciphers instead.
+ *
+ */
+#undef MBEDTLS_ARC4_C
+
+/**
+ * \def MBEDTLS_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module: library/xtea.c
+ * Caller:
+ */
+#undef MBEDTLS_XTEA_C
+
+/**
+ * \def MBEDTLS_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module: library/blowfish.c
+ */
+#undef MBEDTLS_BLOWFISH_C
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *
+ * \warning Using DHE constitutes a security risk as it
+ * is not possible to validate custom DH parameters.
+ * If possible, it is recommended users should consider
+ * preferring other methods of key exchange.
+ * See dhm.h for more details.
+ *
+ */
+#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * \warning The PSA Crypto API is still beta status. While you're welcome to
+ * experiment using it, incompatible API changes are still possible, and some
+ * parts may not have reached the same quality as the rest of Mbed TLS yet.
+ *
+ * Module: library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
+ *
+ */
+#undef MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module: library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ * the PSA ITS interface
+ */
+#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_ITS_FILE_C
+ *
+ * Enable the emulation of the Platform Security Architecture
+ * Internal Trusted Storage (PSA ITS) over files.
+ *
+ * Module: library/psa_its_file.c
+ *
+ * Requires: MBEDTLS_FS_IO
+ */
+#undef MBEDTLS_PSA_ITS_FILE_C
+
+/**
+ * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ *
+ * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
+ * giving access to the peer's certificate after completion of the handshake.
+ *
+ * Unless you need mbedtls_ssl_peer_cert() in your application, it is
+ * recommended to disable this option for reduced RAM usage.
+ *
+ * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
+ * defined, but always returns \c NULL.
+ *
+ * \note This option has no influence on the protection against the
+ * triple handshake attack. Even if it is disabled, Mbed TLS will
+ * still ensure that certificates do not change during renegotiation,
+ * for exaple by keeping a hash of the peer's certificate.
+ *
+ * Comment this macro to disable storing the peer's certificate
+ * after the handshake.
+ */
+#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions and features so that they generate an error if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
+ *
+ * Uncomment to get errors on using deprecated functions and features.
+ */
+#define MBEDTLS_DEPRECATED_REMOVED
+
+/**
+ * \def Enable MBEDTLS debug logs
+ *
+ * MBEDTLS_VERBOSE values:
+ * 0 No debug - No logs are printed on console
+ * 1 Error - Error messages are printed on console
+ * 2 State change - State level change logs are printed on console
+ * 3 Informational - Informational logs printed on console
+ * 4 Verbose - All the logs are printed on console
+ */
+#define MBEDTLS_VERBOSE 0
+
+#endif /* MBEDTLS_USER_CONFIG_HEADER */
diff --git a/version.xml b/version.xml
new file mode 100644
index 0000000..022ed0a
--- /dev/null
+++ b/version.xml
@@ -0,0 +1 @@
+1.0.0.52