From 14f2309b6f18086cc7adb4514eaf009a4ca843d4 Mon Sep 17 00:00:00 2001
From: Jeff Epler <jepler@gmail.com>
Date: Wed, 5 Oct 2022 14:51:13 -0500
Subject: [PATCH] Enable more key exchange methods

This is intended (but not entirely verified) to match our esp32 builds.
It does fix accessing https://circuitpython.org, which failed before with
"MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE".

It still doesn't work on a personal website of mine with valid letsencrypt
certificate but I haven't verified whether it works on esp32s2 with CP.
That site only allows TLS 1.3, while this mbedtls only supports up to
1.2.
The version of mbedtls we adopted based on micropython's use has no
TLS 1.3 support, but the one in espressif esp-idf does.
---
 ports/raspberrypi/mbedtls/mbedtls_config.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ports/raspberrypi/mbedtls/mbedtls_config.h b/ports/raspberrypi/mbedtls/mbedtls_config.h
index 4fe4f8640e..8c953c7072 100644
--- a/ports/raspberrypi/mbedtls/mbedtls_config.h
+++ b/ports/raspberrypi/mbedtls/mbedtls_config.h
@@ -50,8 +50,16 @@
 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
 #define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 #define MBEDTLS_NO_PLATFORM_ENTROPY
 #define MBEDTLS_PKCS1_V15
 #define MBEDTLS_SHA256_SMALLER
@@ -68,10 +76,12 @@
 // Enable mbedtls modules
 #define MBEDTLS_AES_C
 #define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_CIPHER_C
 #define MBEDTLS_CTR_DRBG_C
 #define MBEDTLS_ECDH_C
+#define MBEDTLS_ECDSA_C
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_ERROR_C
@@ -94,6 +104,7 @@
 #define MBEDTLS_X509_CRT_PARSE_C
 #define MBEDTLS_X509_USE_C
 #define MBEDTLS_HAVE_TIME
+#define MBEDTLS_DHM_C // needed by DHE_PSK
 #undef MBEDTLS_HAVE_TIME_DATE
 
 // Memory allocation hooks