Merge branch 'fix/https_request_mbedtls_config_build_failure' into 'master'

Fix https_request example build failure for mbedtls_config

Closes IDFCI-2336

See merge request espressif/esp-idf!33016

components/mbedtls/Kconfig

@@ -379,6 +379,7 @@ menu "mbedTLS"
 
     config MBEDTLS_CMAC_C
         bool "Enable CMAC mode for block ciphers"
+        default y if MBEDTLS_USE_CRYPTO_ROM_IMPL
         default n
         depends on MBEDTLS_AES_C || MBEDTLS_DES_C
         help
@@ -928,6 +929,23 @@ menu "mbedTLS"
         bool  "Elliptic Curve Ciphers"
         default y
 
+    config MBEDTLS_PK_PARSE_EC_EXTENDED
+        bool "Enhance support for reading EC keys"
+        default y
+        depends on MBEDTLS_ECP_C
+        help
+            Enhance support for reading EC keys using variants of SEC1 not allowed by
+            RFC 5915 and RFC 5480.
+
+    config MBEDTLS_PK_PARSE_EC_COMPRESSED
+        bool "Enable the support for parsing public keys of type Short Weierstrass"
+        default y
+        depends on MBEDTLS_ECP_C
+        help
+            Enable the support for parsing public keys of type Short Weierstrass
+            (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
+            compressed point format. This parsing is done through ECP module's functions.
+
     config MBEDTLS_DHM_C
         bool "Diffie-Hellman-Merkle key exchange (DHM)"
         default n

components/mbedtls/mbedtls

@@ -1 +1 @@
-Subproject commit 72aa687352a469044cbb946f3fdb261430e41ce1
+Subproject commit 5d112760293404ca0452bf244aa025079cf2e5af

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -59,7 +59,7 @@
 /**
  * \def MBEDTLS_PLATFORM_MS_TIME_ALT
  *
- * Define platform specific function to get time since bootup in milliseconds.
+ * Define platform specific function to get time since boot up in milliseconds.
  */
 #define MBEDTLS_PLATFORM_MS_TIME_ALT
 #else
@@ -412,6 +412,14 @@
  */
 #ifdef CONFIG_MBEDTLS_CMAC_C
 #define MBEDTLS_CMAC_C
+#else
+#ifdef CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL
+/* The mbedtls present in ROM is built with the MBEDTLS_CMAC_C symbol being enabled,
+ * thus when using the mbedtls from ROM, CONFIG_MBEDTLS_CMAC_C needs to be enabled.
+ */
+#error "CONFIG_MBEDTLS_CMAC_C cannot be disabled when CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL is enabled"
+#endif
+#undef MBEDTLS_CMAC_C
 #endif
 
 /**
@@ -841,7 +849,28 @@
  *
  * Disable if you only need to support RFC 5915 + 5480 key formats.
  */
+#ifdef CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED
 #define MBEDTLS_PK_PARSE_EC_EXTENDED
+#else
+#undef MBEDTLS_PK_PARSE_EC_EXTENDED
+#endif
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_COMPRESSED
+ *
+ * Enable the support for parsing public keys of type Short Weierstrass
+ * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
+ * compressed point format. This parsing is done through ECP module's functions.
+ *
+ * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h)
+ *       the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and
+ *       MBEDTLS_ECP_DP_SECP224K1.
+ */
+#ifdef CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+#else
+#undef MBEDTLS_PK_PARSE_EC_COMPRESSED
+#endif
 
 /**
  * \def MBEDTLS_ERROR_STRERROR_DUMMY

examples/protocols/.build-test-rules.yml

@@ -108,9 +108,9 @@ examples/protocols/https_mbedtls:
 examples/protocols/https_request:
   <<: *default_dependencies
   disable:
-    - if: IDF_TARGET in ["esp32h2", "esp32c61", "esp32p4"]
+    - if: IDF_TARGET in ["esp32h2", "esp32c61"]
       temporary: true
-      reason: not supported on h2 # TODO: [ESP32C61] IDF-9298, [ESP32P4] IDFCI-2336
+      reason: not supported on h2 # TODO: [ESP32C61] IDF-9298
   disable_test:
     - if: IDF_TARGET != "esp32"
       reason: only test on esp32

examples/protocols/https_request/README.md

@@ -1,5 +1,5 @@
-| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-S2 | ESP32-S3 |
-| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- |
+| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
+| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
 
 # HTTPS Request Example
 

examples/protocols/https_request/sdkconfig.ci.mbedtls_config

@@ -3,11 +3,11 @@
 # If any component using mbedtls does not select respective configurations,
 # then this should fail at build stage.
 
-# Few example dependancies need to be enabled by default for the build to succeed
+# Few example dependencies need to be enabled by default for the build to succeed
 ##############
 CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
 CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
-CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
+CONFIG_MBEDTLS_AES_C=y
 ##############
 
 CONFIG_MBEDTLS_HARDWARE_AES=n
@@ -46,7 +46,6 @@ CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
 #
 # Symmetric Ciphers
 #
-CONFIG_MBEDTLS_AES_C=n
 CONFIG_MBEDTLS_CAMELLIA_C=n
 CONFIG_MBEDTLS_DES_C=n
 CONFIG_MBEDTLS_BLOWFISH_C=n
@@ -73,6 +72,7 @@ CONFIG_MBEDTLS_ECDSA_C=n
 CONFIG_MBEDTLS_ECJPAKE_C=n
 CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=n
 CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=n
+CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=n
 CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=n
 CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=n
 CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=n