fix(idf6): Fix examples for ESP-IDF 6 (#12548)

* fix(idf6): Fix examples for ESP-IDF 6

* ci(pre-commit): Apply automatic fixes

* fix(ci): Fix comments for PSA initialization in Updater classes

---------

Co-authored-by: pre-commit-ci-lite[bot] <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com>

Author: me-no-dev

cores/esp32/esp32-hal-rmt.h

@@ -18,6 +18,11 @@
 #include "soc/soc_caps.h"
 #if SOC_RMT_SUPPORTED
 
+// Definition of SOC_RMT_TX_CANDIDATES_PER_GROUP is removed in ESP-IDF 6
+#ifndef SOC_RMT_TX_CANDIDATES_PER_GROUP
+#define SOC_RMT_TX_CANDIDATES_PER_GROUP 5
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif

libraries/ESP32/examples/DeepSleep/TouchWakeUp/TouchWakeUp.ino

@@ -15,6 +15,9 @@ Pranav Cherukupalli <cherukupallip@gmail.com>
 */
 
 #include <Arduino.h>
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)
+#include "hal/touch_sensor_legacy_types.h"
+#endif
 
 #if CONFIG_IDF_TARGET_ESP32
 #define THRESHOLD 40 /* Greater the value, more the sensitivity */

libraries/ESP32/examples/HFP_HCI_Audio/HFP_HCI_Audio.ino

@@ -748,7 +748,11 @@ void setup() {
   logEspCall("esp_bt_gap_set_pin", esp_bt_gap_set_pin(ESP_BT_PIN_TYPE_VARIABLE, 0, unused_pin_code));
 
   // Set the device name shown to the user during pairing.
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)
+  logEspCall("esp_bt_gap_set_device_name", esp_bt_gap_set_device_name("ESP32_HFP_AUDIO"));
+#else
   logEspCall("esp_bt_dev_set_device_name", esp_bt_dev_set_device_name("ESP32_HFP_AUDIO"));
+#endif
 
   // Set the Class of Device so the phone identifies us as a hands-free audio device.
   esp_bt_cod_t cod = {};

libraries/ESP32/examples/HFP_HCI_Audio_I2S/HFP_HCI_Audio_I2S.ino

@@ -734,7 +734,11 @@ void setup() {
 
   // Advertise a friendly name so the phone's Bluetooth menu shows something
   // recognizable rather than a raw MAC address.
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)
+  logEspCall("esp_bt_gap_set_device_name", esp_bt_gap_set_device_name("ESP32_HFP_BRIDGE"));
+#else
   logEspCall("esp_bt_dev_set_device_name", esp_bt_dev_set_device_name("ESP32_HFP_BRIDGE"));
+#endif
 
   // Set the Class of Device (CoD) to Audio/Video + Hands-free subclass.
   // This tells the phone the device is a hands-free unit so it offers HFP

libraries/ESP32/examples/RMT/Legacy_RMT_Driver_Compatible/Legacy_RMT_Driver_Compatible.ino

@@ -15,7 +15,7 @@
 #error "ESP32_ARDUINO_NO_RGB_BUILTIN is not defined, this example is intended to demonstrate the RMT Legacy driver."
 #error "Please add the file 'build_opt.h' with '-DESP32_ARDUINO_NO_RGB_BUILTIN' to your Arduino project folder."
 
-#else
+#elif ESP_IDF_VERSION < ESP_IDF_VERSION_VAL(6, 0, 0)
 
 // add the file "build_opt.h" to your Arduino project folder with "-DESP32_ARDUINO_NO_RGB_BUILTIN" to use the RMT Legacy driver
 // rgbLedWrite() is a function that writes to the RGB LED and it won't be available here
@@ -36,4 +36,12 @@ void loop() {
   delay(5000);
 }
 
-#endif  // ESP32_ARDUINO_NO_RGB_BUILTIN
+#else
+
+// Legacy RMT driver is not available from ESP-IDF v6.0
+
+void setup() {}
+
+void loop() {}
+
+#endif  // ESP32_ARDUINO_NO_RGB_BUILTIN || pre IDF6

libraries/ESP_SR/examples/Basic/ci.yml

@@ -5,7 +5,7 @@ fqbn:
     - espressif:esp32:esp32p4:USBMode=default,ChipVariant=postv3,PartitionScheme=esp_sr_16,FlashSize=16M,FlashMode=qio
 
 requires:
-  - CONFIG_SOC_I2S_SUPPORTED=y
+  - CONFIG_MODEL_IN_FLASH=y
 
 targets:
   esp32: false

libraries/Update/examples/HTTPS_OTA_Update/HTTPS_OTA_Update.ino

@@ -50,6 +50,11 @@ void HttpEvent(HttpEvent_t *event) {
     case HTTP_EVENT_ON_FINISH:    Serial.println("Http Event On Finish"); break;
     case HTTP_EVENT_DISCONNECTED: Serial.println("Http Event Disconnected"); break;
     case HTTP_EVENT_REDIRECT:     Serial.println("Http Event Redirect"); break;
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)
+    case HTTP_EVENT_ON_HEADERS_COMPLETE: Serial.println("Http Event On Headers Complete"); break;
+    case HTTP_EVENT_ON_STATUS_CODE:      Serial.println("Http Event On Status Code"); break;
+#endif
+    default: break;
   }
 }
 

libraries/Update/src/Updater_Signing.cpp

@@ -7,17 +7,33 @@
 #ifdef UPDATE_SIGN
 
 #include "Updater_Signing.h"
+#include "mbedtls/build_info.h"
 #include "mbedtls/pk.h"
+#include "mbedtls/md.h"
+#include "mbedtls/asn1.h"
+#if MBEDTLS_VERSION_MAJOR >= 4
+#include "psa/crypto.h"
+#else
 #include "mbedtls/rsa.h"
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-#include "mbedtls/asn1.h"
+#endif
 #include "esp32-hal-log.h"
 
 // ==================== UpdaterRSAVerifier (using mbedtls) ====================
 
 UpdaterRSAVerifier::UpdaterRSAVerifier(const uint8_t *pubkey, size_t pubkeyLen, int hashType) : _hashType(hashType), _valid(false) {
+#if MBEDTLS_VERSION_MAJOR >= 4
+  // mbedtls 4.x routes PK operations through PSA; PSA must be initialized before
+  // any cryptographic operation, including parsing a public key.
+  psa_status_t psa_ret = psa_crypto_init();
+  if (psa_ret != PSA_SUCCESS) {
+    log_e("PSA crypto init failed: %d", (int)psa_ret);
+    _ctx = nullptr;
+    return;
+  }
+#endif
+
   _ctx = new mbedtls_pk_context;
   mbedtls_pk_init((mbedtls_pk_context *)_ctx);
 
@@ -29,10 +45,18 @@ UpdaterRSAVerifier::UpdaterRSAVerifier(const uint8_t *pubkey, size_t pubkeyLen,
   }
 
   // Verify it's an RSA key
+#if MBEDTLS_VERSION_MAJOR >= 4
+  // mbedtls_pk_get_type was removed in 4.x; use the PSA can_do query instead.
+  if (!mbedtls_pk_can_do_psa((mbedtls_pk_context *)_ctx, PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256), PSA_KEY_USAGE_VERIFY_HASH)) {
+    log_e("Public key is not RSA");
+    return;
+  }
+#else
   if (mbedtls_pk_get_type((mbedtls_pk_context *)_ctx) != MBEDTLS_PK_RSA) {
     log_e("Public key is not RSA");
     return;
   }
+#endif
 
   _valid = true;
   log_i("RSA public key loaded successfully");
@@ -65,21 +89,38 @@ bool UpdaterRSAVerifier::verify(SHA2Builder *hash, const void *signature, size_t
   hash->getBytes(hashBytes);
   size_t hash_size = hash->getHashSize();
 
-  // Use RSA-PSS verification to match bin_signing.py which signs with PSS padding
-  // and salt_length=PSS.MAX_LENGTH (which equals key_len - hash_size - 2)
+  // RSA signatures are always exactly key_len bytes. The buffer may be
+  // zero-padded to a larger size (e.g. 512), so use key_len as the actual
+  // signature length to avoid MBEDTLS_ERR_PK_SIG_LEN_MISMATCH.
+#if MBEDTLS_VERSION_MAJOR >= 4
+  // mbedtls 4.x removed mbedtls_rsa_get_len / direct RSA context access;
+  // derive the modulus byte length from the PK bit length instead.
+  size_t key_len = (mbedtls_pk_get_bitlen((mbedtls_pk_context *)_ctx) + 7) / 8;
+#else
   mbedtls_rsa_context *rsa_ctx = mbedtls_pk_rsa(*(mbedtls_pk_context *)_ctx);
   if (!rsa_ctx) {
     log_e("Failed to get RSA context");
     return false;
   }
+  size_t key_len = mbedtls_rsa_get_len(rsa_ctx);
+#endif
 
-  int key_len = (int)mbedtls_rsa_get_len(rsa_ctx);
-  if ((size_t)key_len > signatureLen) {
-    log_e("Signature buffer (%u bytes) smaller than RSA key length (%d bytes)", (unsigned)signatureLen, key_len);
+  if (key_len == 0 || key_len > signatureLen) {
+    log_e("Signature buffer (%u bytes) smaller than RSA key length (%u bytes)", (unsigned)signatureLen, (unsigned)key_len);
     return false;
   }
+
+  // Use RSA-PSS verification to match bin_signing.py which signs with PSS padding
+  // and salt_length=PSS.MAX_LENGTH (which equals key_len - hash_size - 2).
+#if MBEDTLS_VERSION_MAJOR >= 4
+  // In mbedtls 4.x, MBEDTLS_PK_SIGALG_RSA_PSS maps to PSA_ALG_RSA_PSS_ANY_SALT,
+  // which accepts any salt length used during signing. This matches the
+  // PSS.MAX_LENGTH salt produced by bin_signing.py.
+  int ret =
+    mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PSS, (mbedtls_pk_context *)_ctx, md_type, hashBytes, hash_size, (const unsigned char *)signature, key_len);
+#else
   // PSS.MAX_LENGTH salt = key_len - hash_size - 2
-  int expected_salt_len = key_len - (int)hash_size - 2;
+  int expected_salt_len = (int)key_len - (int)hash_size - 2;
   if (expected_salt_len < 0) {
     log_e("RSA key too small for hash algorithm");
     return false;
@@ -89,12 +130,10 @@ bool UpdaterRSAVerifier::verify(SHA2Builder *hash, const void *signature, size_t
   pss_opts.mgf1_hash_id = md_type;
   pss_opts.expected_salt_len = expected_salt_len;
 
-  // RSA signatures are always exactly key_len bytes. The buffer may be
-  // zero-padded to a larger size (e.g. 512), so use key_len as the actual
-  // signature length to avoid MBEDTLS_ERR_PK_SIG_LEN_MISMATCH.
   int ret = mbedtls_pk_verify_ext(
     MBEDTLS_PK_RSASSA_PSS, &pss_opts, (mbedtls_pk_context *)_ctx, md_type, hashBytes, hash_size, (const unsigned char *)signature, key_len
   );
+#endif
 
   if (ret == 0) {
     log_i("RSA signature verified successfully");
@@ -108,6 +147,17 @@ bool UpdaterRSAVerifier::verify(SHA2Builder *hash, const void *signature, size_t
 // ==================== UpdaterECDSAVerifier (using mbedtls) ====================
 
 UpdaterECDSAVerifier::UpdaterECDSAVerifier(const uint8_t *pubkey, size_t pubkeyLen, int hashType) : _hashType(hashType), _valid(false) {
+#if MBEDTLS_VERSION_MAJOR >= 4
+  // mbedtls 4.x routes PK operations through PSA; PSA must be initialized before
+  // any cryptographic operation, including parsing a public key.
+  psa_status_t psa_ret = psa_crypto_init();
+  if (psa_ret != PSA_SUCCESS) {
+    log_e("PSA crypto init failed: %d", (int)psa_ret);
+    _ctx = nullptr;
+    return;
+  }
+#endif
+
   _ctx = new mbedtls_pk_context;
   mbedtls_pk_init((mbedtls_pk_context *)_ctx);
 
@@ -119,11 +169,19 @@ UpdaterECDSAVerifier::UpdaterECDSAVerifier(const uint8_t *pubkey, size_t pubkeyL
   }
 
   // Verify it's an ECDSA key
+#if MBEDTLS_VERSION_MAJOR >= 4
+  // mbedtls_pk_get_type was removed in 4.x; use the PSA can_do query instead.
+  if (!mbedtls_pk_can_do_psa((mbedtls_pk_context *)_ctx, PSA_ALG_ECDSA(PSA_ALG_SHA_256), PSA_KEY_USAGE_VERIFY_HASH)) {
+    log_e("Public key is not ECDSA");
+    return;
+  }
+#else
   mbedtls_pk_type_t type = mbedtls_pk_get_type((mbedtls_pk_context *)_ctx);
   if (type != MBEDTLS_PK_ECKEY && type != MBEDTLS_PK_ECDSA) {
     log_e("Public key is not ECDSA");
     return;
   }
+#endif
 
   _valid = true;
   log_i("ECDSA public key loaded successfully");
@@ -171,6 +229,8 @@ bool UpdaterECDSAVerifier::verify(SHA2Builder *hash, const void *signature, size
     }
   }
 
+  // mbedtls_pk_verify accepts the legacy DER-encoded ECDSA signature format in
+  // both 3.x and 4.x, so the same call works across versions.
   int ret = mbedtls_pk_verify((mbedtls_pk_context *)_ctx, md_type, hashBytes, hash->getHashSize(), sig_start, actualSigLen);
 
   if (ret == 0) {

libraries/WiFi/examples/FTM/FTM_Initiator/FTM_Initiator.ino

@@ -39,7 +39,9 @@ void onFtmReport(arduino_event_t *event) {
     // The estimated distance in meters may vary depending on some factors (see README file)
     Serial.printf("FTM Estimate: Distance: %.2f m, Return Time: %" PRIu32 " ns\n", (float)report->dist_est / 100.0, report->rtt_est);
     // Pointer to FTM Report with multiple entries, should be freed after use
+#if ESP_IDF_VERSION < ESP_IDF_VERSION_VAL(6, 0, 0)
     free(report->ftm_report_data);
+#endif
   } else {
     Serial.print("FTM Error: ");
     Serial.println(status_str[report->status]);

libraries/WiFi/examples/WPS/WPS.ino

@@ -46,7 +46,11 @@ void wpsStart() {
     return;
   }
 
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)
+  err = esp_wifi_wps_start();
+#else
   err = esp_wifi_wps_start(0);
+#endif
   if (err != ESP_OK) {
     Serial.printf("WPS Start Failed: 0x%x: %s\n", err, esp_err_to_name(err));
   }