Security

[中文]

Mbed TLS

Starting from ESP-IDF v6.0, some already deprecated mbedtls header files like esp32/aes.h, esp32/sha.h, esp32s2/aes.h, esp32s2/sha.h and esp32s2/gcm.h have been removed, instead, you should include aes/esp_aes.h, sha/sha_core.h and aes/esp_aes_gcm.h respectively.

The SHA module headers sha/sha_dma.h and sha/sha_block.h are also deprecated and removed. You should include sha/sha_core.h instead.

PSA Crypto migration

In ESP-IDF v6.0, multiple ESP-IDF components have been migrated from using legacy Mbed TLS cryptography APIs (for example, mbedtls_sha*_*(), mbedtls_md*_*(), etc.) to using the PSA Crypto API.

This migration aligns ESP-IDF with Mbed TLS v4.x, where PSA Crypto is the primary cryptography interface, and it enables the use of ESP-IDF hardware acceleration through PSA drivers where available.

Mbed TLS v4.0 migration

ESP-IDF v6.0 updates to Mbed TLS v4.0, where PSA Crypto is the primary cryptography interface (TF-PSA-Crypto provides cryptography; Mbed TLS focuses on TLS and X.509). This can impact applications directly using Mbed TLS cryptography primitives, TLS configuration, or Mbed TLS internal/private declarations.

• Breaking change: In Mbed TLS v4.0, most legacy cryptography APIs have been removed and PSA Crypto is the primary interface. If your application directly uses legacy mbedtls_* cryptography primitives, you may need to migrate to PSA Crypto APIs.

• Breaking change: psa_crypto_init() must be called before any cryptographic operation, including indirect operations such as parsing keys/certificates or starting a TLS handshake. ESP-IDF initializes PSA during normal startup; however, code that runs earlier than the normal startup sequence must call psa_crypto_init() explicitly.

• New API: esp_ecdsa_free_pk_context(mbedtls_pk_context *key_ctx) was added (ecdsa/ecdsa_alt.h). If your application initializes a PK context with a hardware-backed ECDSA key using esp_ecdsa_set_pk_context(), use esp_ecdsa_free_pk_context() to free it. With PSA-backed Mbed TLS v4.x, mbedtls_pk_free() does not deallocate the manually created keypair structure in this case.

• Breaking change: APIs that previously required an application-provided RNG callback (f_rng, p_rng) have changed in Mbed TLS v4.0 to use the PSA RNG instead. Update application code to the new prototypes (for example X.509 write APIs, SSL cookie setup, and SSL ticket setup).

• Breaking change: TLS 1.2 / DTLS 1.2 interoperability may be affected because Mbed TLS v4.0 removes support for key exchanges based on finite-field DHE and RSA key exchange without forward secrecy (and static ECDH). If a peer requires removed suites, TLS connections may fail; update server/client cipher suite configuration accordingly.

• Breaking change: certificates/peers using elliptic curves of less than 250 bits (for example secp192r1/secp224r1) are no longer supported in certificates and in TLS.

• Note: avoid relying on Mbed TLS private declarations (for example headers under mbedtls/private/ or declarations enabled via MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS / MBEDTLS_ALLOW_PRIVATE_ACCESS). Such private interfaces may change without notice.

• Note: the PSA Crypto migration (TF-PSA-Crypto) can increase flash footprint, depending on the features enabled. As reference points:

  Example	non PSA build (bytes)	PSA migration (bytes)	Diff (bytes)	Diff (%)
  protocols/esp_http_client	609041	646293	37252	5.76
  protocols/https_server	871021	898717	27696	3.08
  protocols/http_server/simple	785825	826909	41084	4.97

References

• Mbed TLS 4.0 migration guide

• TF-PSA-Crypto 1.0 migration guide

• TF-PSA-Crypto PSA transition notes

Upstream Mbed TLS PSA notes

Some data structures and internals that applications may have accessed previously are no longer available when using PSA-backed Mbed TLS versions. If your application relied on direct access to Mbed TLS internal state (for example entropy/DRBG contexts as struct fields), migrate to supported public APIs instead.

PSA persistent storage (ITS) on ESP-IDF

ESP-IDF provides an implementation of PSA Internal Trusted Storage (ITS) backed by NVS, so PSA persistent storage can be used without a filesystem. If your application uses PSA persistent keys/storage, ensure that NVS is available and initialized before first use.

Removed deprecated APIs (Mbed TLS / crypto)

The following deprecated functions have been removed:

• esp_aes_encrypt() – Use esp_internal_aes_encrypt() instead.

• esp_aes_decrypt() – Use esp_internal_aes_decrypt() instead.

• esp_crypto_shared_gdma_start() – Use esp_crypto_shared_gdma_start_axi_ahb() instead.

Note that the new AES functions return error codes for better error handling, unlike the old void functions.

BluFi

BluFi (Wi-Fi provisioning over BLE) is affected by the Mbed TLS v4.x / PSA Crypto migration in ESP-IDF v6.0.

• Breaking change: The BluFi protocol version has been updated (BTC_BluFi_SUB_VER bumped from 0x03 to 0x04). The BluFi security negotiation implementation used by ESP-IDF has also been updated to use PSA Crypto (see the updated examples/bluetooth/blufi example).

  Impact: Existing BluFi client applications (for example, mobile apps) built against the older BluFi crypto/protocol implementation may no longer interoperate with devices built with ESP-IDF v6.0. This typically shows up as BluFi negotiation/connection failures when attempting to provision.

  Required action: Update both sides together:

  • Update the device firmware to ESP-IDF v6.0.

  • Update the BluFi client application to a version compatible with the updated BluFi protocol/security negotiation used by ESP-IDF v6.0.

Bootloader Support

Removed Deprecated APIs

The following deprecated functions have been removed:

• esp_secure_boot_verify_signature_block() – Use esp_secure_boot_verify_ecdsa_signature_block() instead.

---

Was this page helpful?

• Thank you! We received your feedback.
• If you have any comments, fill in Espressif Documentation Feedback Form.

• We value your feedback.
• Let us know how we can improve this page by filling in Espressif Documentation Feedback Form.