diff --git a/examples/protocols/esp_http_client/sdkconfig.ci.ssldyn b/examples/protocols/esp_http_client/sdkconfig.ci.ssldyn index 5d434c3ca2..f9075dc272 100644 --- a/examples/protocols/esp_http_client/sdkconfig.ci.ssldyn +++ b/examples/protocols/esp_http_client/sdkconfig.ci.ssldyn @@ -10,6 +10,5 @@ CONFIG_EXAMPLE_CONNECT_IPV6=y CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH=y CONFIG_MBEDTLS_DYNAMIC_BUFFER=y CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y -CONFIG_MBEDTLS_DHM_C=y CONFIG_EXAMPLE_HTTP_ENDPOINT="httpbin.espressif.cn" CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y diff --git a/examples/protocols/esp_local_ctrl/sdkconfig.ci b/examples/protocols/esp_local_ctrl/sdkconfig.ci index 543e69e76e..0e9f701a68 100644 --- a/examples/protocols/esp_local_ctrl/sdkconfig.ci +++ b/examples/protocols/esp_local_ctrl/sdkconfig.ci @@ -1 +1,2 @@ CONFIG_EXAMPLE_WIFI_SSID_PWD_FROM_STDIN=y +CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE=y diff --git a/examples/protocols/http_server/file_serving/partitions_example_c5.csv b/examples/protocols/http_server/file_serving/partitions_example_c5.csv new file mode 100644 index 0000000000..c943624078 --- /dev/null +++ b/examples/protocols/http_server/file_serving/partitions_example_c5.csv @@ -0,0 +1,6 @@ +# Name, Type, SubType, Offset, Size, Flags +# Note: if you have increased the bootloader size, make sure to update the offsets to avoid overlap +nvs, data, nvs, 0x9000, 0x6000, +phy_init, data, phy, 0xf000, 0x1000, +factory, app, factory, 0x10000, 0x110000, +storage, data, spiffs, , 0xE0000, diff --git a/examples/protocols/http_server/file_serving/sdkconfig.defaults.esp32c5 b/examples/protocols/http_server/file_serving/sdkconfig.defaults.esp32c5 new file mode 100644 index 0000000000..46b22a2b96 --- /dev/null +++ b/examples/protocols/http_server/file_serving/sdkconfig.defaults.esp32c5 @@ -0,0 +1,5 @@ +CONFIG_PARTITION_TABLE_CUSTOM=y +CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions_example_c5.csv" +CONFIG_PARTITION_TABLE_FILENAME="partitions_example_c5.csv" +CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y +CONFIG_ESPTOOLPY_FLASHSIZE="4MB" diff --git a/examples/protocols/http_server/ws_echo_server/ws_echo_server_mbedtls_config.conf b/examples/protocols/http_server/ws_echo_server/ws_echo_server_mbedtls_config.conf index b2319d6c63..e4a6cc93c0 100644 --- a/examples/protocols/http_server/ws_echo_server/ws_echo_server_mbedtls_config.conf +++ b/examples/protocols/http_server/ws_echo_server/ws_echo_server_mbedtls_config.conf @@ -1,7 +1,7 @@ CONFIG_MBEDTLS_TLS_ENABLED=n CONFIG_MBEDTLS_MD5_C=n CONFIG_MBEDTLS_SHA224_C=n -CONFIG_MBEDTLS_SHA256_C=n +CONFIG_MBEDTLS_SHA256_C=y CONFIG_MBEDTLS_SHA384_C=n CONFIG_MBEDTLS_SHA512_C=n CONFIG_MBEDTLS_SHA3_C=n diff --git a/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c b/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c index 27109aba6d..375fc50ace 100644 --- a/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c +++ b/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c @@ -9,7 +9,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2015-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2015-2025 Espressif Systems (Shanghai) CO LTD */ #include #include @@ -27,8 +27,6 @@ #include "mbedtls/net_sockets.h" #include "mbedtls/esp_debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" #ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 #include "psa/crypto.h" @@ -54,36 +52,17 @@ static void https_get_task(void *pvParameters) char buf[512]; int ret, flags, len; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_x509_crt cacert; mbedtls_ssl_config conf; mbedtls_net_context server_fd; -#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - ESP_LOGE(TAG, "Failed to initialize PSA crypto, returned %d", (int) status); - return; - } -#endif - mbedtls_ssl_init(&ssl); mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); ESP_LOGI(TAG, "Seeding the random number generator"); mbedtls_ssl_config_init(&conf); - mbedtls_entropy_init(&entropy); - if((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - NULL, 0)) != 0) - { - ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned %d", ret); - abort(); - } - ESP_LOGI(TAG, "Attaching the certificate bundle..."); ret = esp_crt_bundle_attach(&conf); @@ -116,7 +95,6 @@ static void https_get_task(void *pvParameters) mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); #ifdef CONFIG_MBEDTLS_DEBUG mbedtls_esp_enable_debug_log(&conf, CONFIG_MBEDTLS_DEBUG_LEVEL); #endif diff --git a/examples/protocols/https_request/sdkconfig.ci.mbedtls_config b/examples/protocols/https_request/dont_use_with_psa.sdkconfig.ci.mbedtls_config similarity index 100% rename from examples/protocols/https_request/sdkconfig.ci.mbedtls_config rename to examples/protocols/https_request/dont_use_with_psa.sdkconfig.ci.mbedtls_config diff --git a/examples/protocols/https_request/main/https_request_example_main.c b/examples/protocols/https_request/main/https_request_example_main.c index abbb050ac7..6985f6ea8b 100644 --- a/examples/protocols/https_request/main/https_request_example_main.c +++ b/examples/protocols/https_request/main/https_request_example_main.c @@ -44,6 +44,7 @@ #include "esp_crt_bundle.h" #endif #include "time_sync.h" +#include "esp_random.h" /* Constants that aren't configurable in menuconfig */ #ifdef CONFIG_EXAMPLE_SSL_PROTO_TLS1_3_CLIENT @@ -95,7 +96,7 @@ extern const uint8_t local_server_cert_pem_end[] asm("_binary_local_server_cer static const int server_supported_ciphersuites[] = {MBEDTLS_TLS1_3_AES_256_GCM_SHA384, MBEDTLS_TLS1_3_AES_128_CCM_SHA256, 0}; static const int server_unsupported_ciphersuites[] = {MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 0}; #else -static const int server_supported_ciphersuites[] = {MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0}; +static const int server_supported_ciphersuites[] = {MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0}; static const int server_unsupported_ciphersuites[] = {MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 0}; #endif // CONFIG_EXAMPLE_SSL_PROTO_TLS1_3_CLIENT #endif // CONFIG_EXAMPLE_USING_ESP_TLS_MBEDTLS diff --git a/examples/protocols/https_request/sdkconfig.ci.esp32c2_rom_mbedtls b/examples/protocols/https_request/sdkconfig.ci.esp32c2_rom_mbedtls index 40d3055d5f..04000befa4 100644 --- a/examples/protocols/https_request/sdkconfig.ci.esp32c2_rom_mbedtls +++ b/examples/protocols/https_request/sdkconfig.ci.esp32c2_rom_mbedtls @@ -2,4 +2,5 @@ CONFIG_IDF_TARGET="esp32c2" CONFIG_XTAL_FREQ_26=y CONFIG_EXAMPLE_CONNECT_WIFI=y CONFIG_EXAMPLE_WIFI_SSID_PWD_FROM_STDIN=y -CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL=y +# TODO: IDF-15012 +CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL=n diff --git a/examples/protocols/https_server/simple/main/main.c b/examples/protocols/https_server/simple/main/main.c index fee0f81faa..cfb5192b24 100644 --- a/examples/protocols/https_server/simple/main/main.c +++ b/examples/protocols/https_server/simple/main/main.c @@ -177,8 +177,8 @@ static httpd_handle_t start_webserver(void) #if CONFIG_EXAMPLE_ENABLE_HTTPS_SERVER_CUSTOM_CIPHERSUITES static const int ciphersuites_to_use[] = { - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0, diff --git a/examples/protocols/https_server/simple/pytest_https_server_simple.py b/examples/protocols/https_server/simple/pytest_https_server_simple.py index f7dec5f275..0c3134a1f4 100644 --- a/examples/protocols/https_server/simple/pytest_https_server_simple.py +++ b/examples/protocols/https_server/simple/pytest_https_server_simple.py @@ -362,7 +362,7 @@ def test_examples_protocol_https_server_tls1_2_only(dut: Dut) -> None: conn.close() # Now try with the matching ciphersuite - ssl_context.set_ciphers('DHE-RSA-AES128-SHA256') + ssl_context.set_ciphers('ECDHE-RSA-AES128-SHA256') conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context) logging.info('Performing SSL handshake with the server') diff --git a/examples/protocols/smtp_client/main/smtp_client_example_main.c b/examples/protocols/smtp_client/main/smtp_client_example_main.c index f271c03db0..1f65a3f96c 100644 --- a/examples/protocols/smtp_client/main/smtp_client_example_main.c +++ b/examples/protocols/smtp_client/main/smtp_client_example_main.c @@ -7,7 +7,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2015-2025 Espressif Systems (Shanghai) CO LTD */ #include #include @@ -23,8 +23,6 @@ #include "mbedtls/net_sockets.h" #include "mbedtls/esp_debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" #include #include @@ -246,8 +244,6 @@ static void smtp_client_task(void *pvParameters) int ret, len; size_t base64_len; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_x509_crt cacert; mbedtls_ssl_config conf; @@ -255,18 +251,10 @@ static void smtp_client_task(void *pvParameters) mbedtls_ssl_init(&ssl); mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); ESP_LOGI(TAG, "Seeding the random number generator"); mbedtls_ssl_config_init(&conf); - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - NULL, 0)) != 0) { - ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned -0x%x", -ret); - goto exit; - } - ESP_LOGI(TAG, "Loading the CA root certificate..."); ret = mbedtls_x509_crt_parse(&cacert, server_root_cert_pem_start, @@ -297,7 +285,6 @@ static void smtp_client_task(void *pvParameters) mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); #ifdef CONFIG_MBEDTLS_DEBUG mbedtls_esp_enable_debug_log(&conf, 4); #endif @@ -476,8 +463,6 @@ exit: mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); if (ret != 0) { mbedtls_strerror(ret, buf, 100);