From e44bd93cc99cca7c322ca765188c3affc25bc915 Mon Sep 17 00:00:00 2001
From: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Date: Mon, 14 Jun 2021 11:16:28 +0530
Subject: [PATCH 1/2] i) wpa_supplicant: Force enable the necessary options for
 mbedtls in the wpa_supplicant to fix illegal combinations in mbedtls ii) Fix
 dependancy for one option in mbedtls menuconfig

---
 components/mbedtls/Kconfig        | 1 +
 components/wpa_supplicant/Kconfig | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 13c8a01522..9097102786 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -231,6 +231,7 @@ menu "mbedTLS"
     config MBEDTLS_CMAC_C
         bool "Enable CMAC mode for block ciphers"
         default n
+        depends on MBEDTLS_AES_C || MBEDTLS_DES_C
         help
             Enable the CMAC (Cipher-based Message Authentication Code) mode for
             block ciphers.
diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig
index 21dd7bafb3..0d2785b625 100644
--- a/components/wpa_supplicant/Kconfig
+++ b/components/wpa_supplicant/Kconfig
@@ -3,6 +3,11 @@ menu "Supplicant"
     config WPA_MBEDTLS_CRYPTO
         bool "Use MbedTLS crypto APIs"
         default y
+        select MBEDTLS_AES_C
+        select MBEDTLS_ECP_C
+        select MBEDTLS_ECDH_C
+        select MBEDTLS_ECDSA_C
+        select MBEDTLS_TLS_ENABLED
         help
             Select this option to use MbedTLS crypto APIs which utilize hardware acceleration.
 

From 02820a90f7048dd1c9fb66ab041134aa48090e1e Mon Sep 17 00:00:00 2001
From: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Date: Mon, 14 Jun 2021 12:49:47 +0530
Subject: [PATCH 2/2] Add sdkconfig which disables all menuconfig options in
 mbedtls.

---
 .../https_request/sdkconfig.ci.mbedtls_config | 98 +++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 examples/protocols/https_request/sdkconfig.ci.mbedtls_config

diff --git a/examples/protocols/https_request/sdkconfig.ci.mbedtls_config b/examples/protocols/https_request/sdkconfig.ci.mbedtls_config
new file mode 100644
index 0000000000..2a24a07e03
--- /dev/null
+++ b/examples/protocols/https_request/sdkconfig.ci.mbedtls_config
@@ -0,0 +1,98 @@
+# This is a test sdkconfig file for only build purpose. It is not intended to be used for the example.
+# This disables most of the mbedtls configurations by default.
+# If any component using mbedtls does not select respective configurations,
+# then this should fail at build stage.
+
+# Few example dependancies need to be enabled by default for the build to succeed
+##############
+CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
+CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
+##############
+
+CONFIG_MBEDTLS_HARDWARE_AES=n
+CONFIG_MBEDTLS_HARDWARE_MPI=n
+CONFIG_MBEDTLS_HARDWARE_SHA=n
+CONFIG_MBEDTLS_ROM_MD5=n
+CONFIG_MBEDTLS_HAVE_TIME=n
+CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=n
+CONFIG_MBEDTLS_SHA512_C=n
+
+CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+CONFIG_MBEDTLS_TLS_SERVER=n
+CONFIG_MBEDTLS_TLS_CLIENT=n
+CONFIG_MBEDTLS_TLS_ENABLED=n
+
+#
+# TLS Key Exchange Methods
+#
+CONFIG_MBEDTLS_PSK_MODES=n
+
+CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=n
+CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=n
+CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=n
+CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=n
+CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=n
+CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=n
+# end of TLS Key Exchange Methods
+
+CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+CONFIG_MBEDTLS_SSL_PROTO_SSL3=n
+CONFIG_MBEDTLS_SSL_PROTO_DTLS=n
+CONFIG_MBEDTLS_SSL_PROTO_TLS1=n
+CONFIG_MBEDTLS_SSL_PROTO_TLS1_1=n
+
+CONFIG_MBEDTLS_SSL_ALPN=n
+CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+#
+# Symmetric Ciphers
+#
+CONFIG_MBEDTLS_AES_C=n
+CONFIG_MBEDTLS_CAMELLIA_C=n
+CONFIG_MBEDTLS_DES_C=n
+CONFIG_MBEDTLS_RC4_DISABLED=n
+CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT=n
+CONFIG_MBEDTLS_RC4_ENABLED=n
+CONFIG_MBEDTLS_BLOWFISH_C=n
+CONFIG_MBEDTLS_XTEA_C=n
+CONFIG_MBEDTLS_CCM_C=n
+CONFIG_MBEDTLS_GCM_C=n
+CONFIG_MBEDTLS_NIST_KW_C=n
+# end of Symmetric Ciphers
+
+CONFIG_MBEDTLS_RIPEMD160_C=n
+
+#
+# Certificates
+#
+CONFIG_MBEDTLS_PEM_PARSE_C=n
+CONFIG_MBEDTLS_PEM_WRITE_C=n
+CONFIG_MBEDTLS_X509_CRL_PARSE_C=n
+CONFIG_MBEDTLS_X509_CSR_PARSE_C=n
+# end of Certificates
+
+CONFIG_MBEDTLS_ECP_C=n
+CONFIG_MBEDTLS_ECDH_C=n
+CONFIG_MBEDTLS_ECDSA_C=n
+CONFIG_MBEDTLS_ECJPAKE_C=n
+CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=n
+CONFIG_MBEDTLS_ECP_NIST_OPTIM=n
+CONFIG_MBEDTLS_POLY1305_C=n
+CONFIG_MBEDTLS_CHACHA20_C=n
+CONFIG_MBEDTLS_HKDF_C=n
+CONFIG_MBEDTLS_THREADING_C=n
+CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI=n
+CONFIG_MBEDTLS_SECURITY_RISKS=n
+# end of mbedTLS