From 881dc4193aec0f3c51fcddf5bc6048e2ebe1b8d7 Mon Sep 17 00:00:00 2001
From: Ashish Sharma <ashish.sharma@espressif.com>
Date: Wed, 13 May 2026 14:25:28 +0800
Subject: [PATCH] fix(mbedtls): bring back deprecated config MBEDTLS_ECJPAKE_C

---
 components/mbedtls/Kconfig                           |  9 ++++++++-
 .../mbedtls/config/mbedtls_preset_default.conf       |  1 +
 components/mbedtls/port/include/mbedtls/esp_config.h | 12 ++++++++++++
 examples/openthread/ot_br/sdkconfig.defaults         |  1 +
 examples/openthread/ot_cli/sdkconfig.defaults        |  1 +
 .../ot_sleepy_device/deep_sleep/sdkconfig.defaults   |  1 +
 .../ot_sleepy_device/light_sleep/sdkconfig.defaults  |  1 +
 examples/openthread/ot_trel/sdkconfig.defaults       |  1 +
 8 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 76084d006df..4f97b46f67e 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -728,7 +728,7 @@ menu "mbedTLS"
 
             config MBEDTLS_KEY_EXCHANGE_ECJPAKE
                 bool "Enable ECJPAKE based ciphersuite modes"
-                depends on MBEDTLS_ECP_DP_SECP256R1_ENABLED
+                depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED
                 default n
                 help
                     Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH-
@@ -1093,6 +1093,13 @@ menu "mbedTLS"
                 help
                         Enable ECDH. Needed to use ECDHE-xxx TLS ciphersuites.
 
+            config MBEDTLS_ECJPAKE_C
+                bool "Elliptic curve J-PAKE"
+                depends on MBEDTLS_ECP_C
+                default n
+                help
+                        Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites.
+
             config MBEDTLS_ECDSA_C
                 bool "Elliptic Curve DSA"
                 depends on MBEDTLS_ECDH_C && MBEDTLS_ECP_C
diff --git a/components/mbedtls/config/mbedtls_preset_default.conf b/components/mbedtls/config/mbedtls_preset_default.conf
index 69c12156b7e..11047ec88fe 100644
--- a/components/mbedtls/config/mbedtls_preset_default.conf
+++ b/components/mbedtls/config/mbedtls_preset_default.conf
@@ -115,6 +115,7 @@ CONFIG_MBEDTLS_ECP_C=y
 CONFIG_MBEDTLS_ECP_NIST_OPTIM=y
 CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=n
 CONFIG_MBEDTLS_ECDH_C=y
+CONFIG_MBEDTLS_ECJPAKE_C=n
 CONFIG_MBEDTLS_ECDSA_C=y
 CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED=y
 CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED=y
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index c927d27a778..f877145a555 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2095,6 +2095,18 @@
 #undef PSA_WANT_ALG_ECDH
 #endif
 
+/**
+ * \def MBEDTLS_ECJPAKE_C
+ *
+ * Enable the ECJPAKE based ciphersuites.
+ */
+#ifdef CONFIG_MBEDTLS_ECJPAKE_C
+#define PSA_WANT_ALG_JPAKE 1
+#else
+#undef PSA_WANT_ALG_JPAKE
+#undef PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+#endif
+
 /**
  * \def MBEDTLS_ECDSA_C
  *
diff --git a/examples/openthread/ot_br/sdkconfig.defaults b/examples/openthread/ot_br/sdkconfig.defaults
index f0f8e7f5894..c0adf25023e 100644
--- a/examples/openthread/ot_br/sdkconfig.defaults
+++ b/examples/openthread/ot_br/sdkconfig.defaults
@@ -12,6 +12,7 @@ CONFIG_PARTITION_TABLE_MD5=y
 #
 CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
 CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE=y
+CONFIG_MBEDTLS_ECJPAKE_C=y
 # end of TLS Key Exchange Methods
 
 # end of mbedTLS
diff --git a/examples/openthread/ot_cli/sdkconfig.defaults b/examples/openthread/ot_cli/sdkconfig.defaults
index 13f8537d33e..eabd3d39628 100644
--- a/examples/openthread/ot_cli/sdkconfig.defaults
+++ b/examples/openthread/ot_cli/sdkconfig.defaults
@@ -13,6 +13,7 @@ CONFIG_PARTITION_TABLE_MD5=y
 #
 CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
 CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE=y
+CONFIG_MBEDTLS_ECJPAKE_C=y
 # end of mbedTLS
 
 #
diff --git a/examples/openthread/ot_sleepy_device/deep_sleep/sdkconfig.defaults b/examples/openthread/ot_sleepy_device/deep_sleep/sdkconfig.defaults
index 8a57ae889c4..416e9349fb2 100644
--- a/examples/openthread/ot_sleepy_device/deep_sleep/sdkconfig.defaults
+++ b/examples/openthread/ot_sleepy_device/deep_sleep/sdkconfig.defaults
@@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_FILENAME="partitions.csv"
 #
 CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
 CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE=y
+CONFIG_MBEDTLS_ECJPAKE_C=y
 # end of mbedTLS
 
 #
diff --git a/examples/openthread/ot_sleepy_device/light_sleep/sdkconfig.defaults b/examples/openthread/ot_sleepy_device/light_sleep/sdkconfig.defaults
index 2b8111f6abf..03acbcb41c0 100644
--- a/examples/openthread/ot_sleepy_device/light_sleep/sdkconfig.defaults
+++ b/examples/openthread/ot_sleepy_device/light_sleep/sdkconfig.defaults
@@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_FILENAME="partitions.csv"
 #
 CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
 CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE=y
+CONFIG_MBEDTLS_ECJPAKE_C=y
 # end of mbedTLS
 
 #
diff --git a/examples/openthread/ot_trel/sdkconfig.defaults b/examples/openthread/ot_trel/sdkconfig.defaults
index 1232a900b11..367f2d10ced 100644
--- a/examples/openthread/ot_trel/sdkconfig.defaults
+++ b/examples/openthread/ot_trel/sdkconfig.defaults
@@ -13,6 +13,7 @@ CONFIG_PARTITION_TABLE_MD5=y
 #
 CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
 CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE=y
+CONFIG_MBEDTLS_ECJPAKE_C=y
 # end of mbedTLS
 
 #