From c94986d7934e10af56fbe9c2c20f7e8c50c40665 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Thu, 22 Aug 2024 12:06:26 +0530
Subject: [PATCH 1/2] fix(mbedtls): Fix https_request example build failure for
 mbedtls_config

- This was caused due to some mbedtls confisg being defined but their all prerequisites were not
---
 components/mbedtls/Kconfig                    | 18 +++++++++++
 components/mbedtls/mbedtls                    |  2 +-
 .../mbedtls/port/include/mbedtls/esp_config.h | 31 ++++++++++++++++++-
 .../https_request/sdkconfig.ci.mbedtls_config |  6 ++--
 4 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index afbd66368f..07a02f009a 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -379,6 +379,7 @@ menu "mbedTLS"
 
     config MBEDTLS_CMAC_C
         bool "Enable CMAC mode for block ciphers"
+        default y if MBEDTLS_USE_CRYPTO_ROM_IMPL
         default n
         depends on MBEDTLS_AES_C || MBEDTLS_DES_C
         help
@@ -928,6 +929,23 @@ menu "mbedTLS"
         bool  "Elliptic Curve Ciphers"
         default y
 
+    config MBEDTLS_PK_PARSE_EC_EXTENDED
+        bool "Enhance support for reading EC keys"
+        default y
+        depends on MBEDTLS_ECP_C
+        help
+            Enhance support for reading EC keys using variants of SEC1 not allowed by
+            RFC 5915 and RFC 5480.
+
+    config MBEDTLS_PK_PARSE_EC_COMPRESSED
+        bool "Enable the support for parsing public keys of type Short Weierstrass"
+        default y
+        depends on MBEDTLS_ECP_C
+        help
+            Enable the support for parsing public keys of type Short Weierstrass
+            (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
+            compressed point format. This parsing is done through ECP module's functions.
+
     config MBEDTLS_DHM_C
         bool "Diffie-Hellman-Merkle key exchange (DHM)"
         default n
diff --git a/components/mbedtls/mbedtls b/components/mbedtls/mbedtls
index 72aa687352..5d11276029 160000
--- a/components/mbedtls/mbedtls
+++ b/components/mbedtls/mbedtls
@@ -1 +1 @@
-Subproject commit 72aa687352a469044cbb946f3fdb261430e41ce1
+Subproject commit 5d112760293404ca0452bf244aa025079cf2e5af
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index 376b636d92..b057d09ec4 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -59,7 +59,7 @@
 /**
  * \def MBEDTLS_PLATFORM_MS_TIME_ALT
  *
- * Define platform specific function to get time since bootup in milliseconds.
+ * Define platform specific function to get time since boot up in milliseconds.
  */
 #define MBEDTLS_PLATFORM_MS_TIME_ALT
 #else
@@ -412,6 +412,14 @@
  */
 #ifdef CONFIG_MBEDTLS_CMAC_C
 #define MBEDTLS_CMAC_C
+#else
+#ifdef CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL
+/* The mbedtls present in ROM is built with the MBEDTLS_CMAC_C symbol being enabled,
+ * thus when using the mbedtls from ROM, CONFIG_MBEDTLS_CMAC_C needs to be enabled.
+ */
+#error "CONFIG_MBEDTLS_CMAC_C cannot be disabled when CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL is enabled"
+#endif
+#undef MBEDTLS_CMAC_C
 #endif
 
 /**
@@ -841,7 +849,28 @@
  *
  * Disable if you only need to support RFC 5915 + 5480 key formats.
  */
+#ifdef CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED
 #define MBEDTLS_PK_PARSE_EC_EXTENDED
+#else
+#undef MBEDTLS_PK_PARSE_EC_EXTENDED
+#endif
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_COMPRESSED
+ *
+ * Enable the support for parsing public keys of type Short Weierstrass
+ * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
+ * compressed point format. This parsing is done through ECP module's functions.
+ *
+ * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h)
+ *       the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and
+ *       MBEDTLS_ECP_DP_SECP224K1.
+ */
+#ifdef CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+#else
+#undef MBEDTLS_PK_PARSE_EC_COMPRESSED
+#endif
 
 /**
  * \def MBEDTLS_ERROR_STRERROR_DUMMY
diff --git a/examples/protocols/https_request/sdkconfig.ci.mbedtls_config b/examples/protocols/https_request/sdkconfig.ci.mbedtls_config
index 113bcf6336..47d6c14208 100644
--- a/examples/protocols/https_request/sdkconfig.ci.mbedtls_config
+++ b/examples/protocols/https_request/sdkconfig.ci.mbedtls_config
@@ -3,11 +3,11 @@
 # If any component using mbedtls does not select respective configurations,
 # then this should fail at build stage.
 
-# Few example dependancies need to be enabled by default for the build to succeed
+# Few example dependencies need to be enabled by default for the build to succeed
 ##############
 CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
 CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
-CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
+CONFIG_MBEDTLS_AES_C=y
 ##############
 
 CONFIG_MBEDTLS_HARDWARE_AES=n
@@ -46,7 +46,6 @@ CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
 #
 # Symmetric Ciphers
 #
-CONFIG_MBEDTLS_AES_C=n
 CONFIG_MBEDTLS_CAMELLIA_C=n
 CONFIG_MBEDTLS_DES_C=n
 CONFIG_MBEDTLS_BLOWFISH_C=n
@@ -73,6 +72,7 @@ CONFIG_MBEDTLS_ECDSA_C=n
 CONFIG_MBEDTLS_ECJPAKE_C=n
 CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=n
 CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=n
 CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=n
 CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=n
 CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=n

From ba49442683785a87d9339908b7cd0a83981c13d1 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Thu, 22 Aug 2024 15:17:35 +0530
Subject: [PATCH 2/2] Revert "ci(https_request): disable example for P4"

This reverts commit 4b8a2b4a6eabe6ab8d7e91bc3f5e1125fcd703d5.
---
 examples/protocols/.build-test-rules.yml   | 4 ++--
 examples/protocols/https_request/README.md | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/protocols/.build-test-rules.yml b/examples/protocols/.build-test-rules.yml
index 91bce8f911..1c17877436 100644
--- a/examples/protocols/.build-test-rules.yml
+++ b/examples/protocols/.build-test-rules.yml
@@ -108,9 +108,9 @@ examples/protocols/https_mbedtls:
 examples/protocols/https_request:
   <<: *default_dependencies
   disable:
-    - if: IDF_TARGET in ["esp32h2", "esp32c61", "esp32p4"]
+    - if: IDF_TARGET in ["esp32h2", "esp32c61"]
       temporary: true
-      reason: not supported on h2 # TODO: [ESP32C61] IDF-9298, [ESP32P4] IDFCI-2336
+      reason: not supported on h2 # TODO: [ESP32C61] IDF-9298
   disable_test:
     - if: IDF_TARGET != "esp32"
       reason: only test on esp32
diff --git a/examples/protocols/https_request/README.md b/examples/protocols/https_request/README.md
index b2c373863e..bb84b6a340 100644
--- a/examples/protocols/https_request/README.md
+++ b/examples/protocols/https_request/README.md
@@ -1,5 +1,5 @@
-| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-S2 | ESP32-S3 |
-| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- |
+| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
+| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
 
 # HTTPS Request Example