Merge branch 'espressif:release/v5.2' into release/v5.2

components/bt/host/bluedroid/Kconfig.in

@@ -273,7 +273,7 @@ config BT_GATTC_CACHE_NVS_FLASH
 config BT_GATTC_CONNECT_RETRY_COUNT
     int "The number of attempts to reconnect if the connection establishment failed"
     depends on BT_GATTC_ENABLE
-    range 0 7
+    range 0 255
     default 3
     help
         The number of attempts to reconnect if the connection establishment failed

components/bt/host/nimble/Kconfig.in

@@ -388,8 +388,7 @@ config BT_NIMBLE_RPA_TIMEOUT
     depends on BT_NIMBLE_ENABLED
     default 900
     help
-        Time interval between RPA address change. This is applicable in case of
-        Host based RPA
+        Time interval between RPA address change.
 
 menuconfig BT_NIMBLE_MESH
     bool "Enable BLE mesh functionality"
@@ -942,9 +941,35 @@ menu "Host-controller Transport"
         help
             Uart port
 
+    choice BT_NIMBLE_HCI_USE_UART_BAUDRATE
+        prompt "Uart Hci Baud Rate"
+        default UART_BAUDRATE_921600
+        depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART
+        help
+            Uart Baud Rate
+
+        config UART_BAUDRATE_115200
+            bool "115200"
+        config UART_BAUDRATE_230400
+            bool "230400"
+        config UART_BAUDRATE_460800
+            bool "460800"
+        config UART_BAUDRATE_921600
+            bool "921600"
+    endchoice
+
+    config BT_NIMBLE_HCI_UART_BAUDRATE
+        depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART
+        int
+        default 115200 if  UART_BAUDRATE_115200
+        default 230400 if  UART_BAUDRATE_230400
+        default 460800 if  UART_BAUDRATE_460800
+        default 921600 if  UART_BAUDRATE_921600
+
     choice BT_NIMBLE_USE_HCI_UART_PARITY
         prompt "Uart PARITY"
         default UART_PARITY_NONE
+        depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART
         help
             Uart Parity
 
@@ -960,16 +985,19 @@ menu "Host-controller Transport"
         int
         default 0 if !UART_PARITY_NONE
         default 1 if UART_PARITY_NONE
+        depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART
 
     config BT_NIMBLE_TRANSPORT_UART_PARITY_ODD
         int
         default 0 if !UART_PARITY_ODD
         default 1 if UART_PARITY_ODD
+        depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART
 
     config BT_NIMBLE_TRANSPORT_UART_PARITY_EVEN
         int
         default 0 if !UART_PARITY_EVEN
         default 1 if UART_PARITY_EVEN
+        depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART
 
     config BT_NIMBLE_UART_RX_PIN
         int "UART Rx pin"

components/bt/host/nimble/port/include/esp_nimble_cfg.h

@@ -610,6 +610,10 @@
 #define MYNEWT_VAL_BLE_GATT_READ_MULT (MYNEWT_VAL_BLE_ROLE_CENTRAL)
 #endif
 
+#ifndef MYNEWT_VAL_BLE_GATT_READ_MULT_VAR
+#define MYNEWT_VAL_BLE_GATT_READ_MULT_VAR (MYNEWT_VAL_BLE_ROLE_CENTRAL)
+#endif
+
 #ifndef MYNEWT_VAL_BLE_GATT_READ_UUID
 #define MYNEWT_VAL_BLE_GATT_READ_UUID (MYNEWT_VAL_BLE_ROLE_CENTRAL)
 #endif
@@ -1792,7 +1796,7 @@
 #endif
 #endif
 
-#if CONFIG_BT_CONTROLLER_DISABLED
+#if CONFIG_BT_CONTROLLER_DISABLED && CONFIG_BT_NIMBLE_TRANSPORT_UART
 #ifndef MYNEWT_VAL_BLE_TRANSPORT_UART_PORT
 #define MYNEWT_VAL_BLE_TRANSPORT_UART_PORT CONFIG_BT_NIMBLE_TRANSPORT_UART_PORT
 #endif
@@ -1814,7 +1818,7 @@
 #endif
 
 #ifndef MYNEWT_VAL_BLE_TRANSPORT_UART_BAUDRATE
-#define MYNEWT_VAL_BLE_TRANSPORT_UART_BAUDRATE (921600)
+#define MYNEWT_VAL_BLE_TRANSPORT_UART_BAUDRATE CONFIG_BT_NIMBLE_HCI_UART_BAUDRATE
 #endif
 
 #ifndef MYNEWT_VAL_BLE_TRANSPORT_UART_DATA_BITS

components/bt/porting/nimble/include/nimble/nimble_opt_auto.h

@@ -84,6 +84,10 @@ extern "C" {
 #define NIMBLE_BLE_ATT_CLT_READ_MULT            \
     (MYNEWT_VAL(BLE_GATT_READ_MULT))
 
+#undef NIMBLE_BLE_ATT_CLT_READ_MULT_VAR
+#define NIMBLE_BLE_ATT_CLT_READ_MULT_VAR        \
+    (MYNEWT_VAL(BLE_GATT_READ_MULT_VAR))
+
 #undef NIMBLE_BLE_ATT_CLT_READ_GROUP_TYPE
 #define NIMBLE_BLE_ATT_CLT_READ_GROUP_TYPE      \
     (MYNEWT_VAL(BLE_GATT_DISC_ALL_SVCS))

components/esp_gdbstub/Kconfig

@@ -1,9 +1,10 @@
 menu "GDB Stub"
 
-    # Hidden option which is selected from the "Panic handler behavior"
+    # Hidden option which adds GDBStub on panic option to the "Panic handler behavior"
     # menu in the target component.
     config ESP_GDBSTUB_ENABLED
         bool
+        default y
 
     config ESP_SYSTEM_GDBSTUB_RUNTIME
         bool "GDBStub at runtime"

components/esp_rom/include/esp32h2/rom/rtc.h

@@ -82,19 +82,18 @@ typedef enum {
     TG0WDT_SYS_RESET       =  7,    /**<7, Timer Group0 Watch dog reset digital core*/
     TG1WDT_SYS_RESET       =  8,    /**<8, Timer Group1 Watch dog reset digital core*/
     RTCWDT_SYS_RESET       =  9,    /**<9, RTC Watch dog Reset digital core*/
-    INTRUSION_RESET        = 10,    /**<10, Instrusion tested to reset CPU*/
     TG0WDT_CPU_RESET       = 11,    /**<11, Time Group0 reset CPU*/
     RTC_SW_CPU_RESET       = 12,    /**<12, Software reset CPU*/
     RTCWDT_CPU_RESET       = 13,    /**<13, RTC Watch dog Reset CPU*/
     RTCWDT_BROWN_OUT_RESET = 15,    /**<15, Reset when the vdd voltage is not stable*/
     RTCWDT_RTC_RESET       = 16,    /**<16, RTC Watch dog reset digital core and rtc module*/
     TG1WDT_CPU_RESET       = 17,    /**<17, Time Group1 reset CPU*/
     SUPER_WDT_RESET        = 18,    /**<18, super watchdog reset digital core and rtc module*/
-    GLITCH_RTC_RESET       = 19,    /**<19, glitch reset digital core and rtc module*/
     EFUSE_RESET            = 20,    /**<20, efuse reset digital core*/
     USB_UART_CHIP_RESET    = 21,    /**<21, usb uart reset digital core */
     USB_JTAG_CHIP_RESET    = 22,    /**<22, usb jtag reset digital core */
     POWER_GLITCH_RESET     = 23,    /**<23, power glitch reset digital core and rtc module*/
+    JTAG_CPU_RESET         = 24,    /**<24, jtag reset CPU*/
 } RESET_REASON;
 
 // Check if the reset reason defined in ROM is compatible with soc/reset_reasons.h
@@ -111,11 +110,11 @@ ESP_STATIC_ASSERT((soc_reset_reason_t)RTCWDT_BROWN_OUT_RESET == RESET_REASON_SYS
 ESP_STATIC_ASSERT((soc_reset_reason_t)RTCWDT_RTC_RESET == RESET_REASON_SYS_RTC_WDT, "RTCWDT_RTC_RESET != RESET_REASON_SYS_RTC_WDT");
 ESP_STATIC_ASSERT((soc_reset_reason_t)TG1WDT_CPU_RESET == RESET_REASON_CPU0_MWDT1, "TG1WDT_CPU_RESET != RESET_REASON_CPU0_MWDT1");
 ESP_STATIC_ASSERT((soc_reset_reason_t)SUPER_WDT_RESET == RESET_REASON_SYS_SUPER_WDT, "SUPER_WDT_RESET != RESET_REASON_SYS_SUPER_WDT");
-ESP_STATIC_ASSERT((soc_reset_reason_t)GLITCH_RTC_RESET == RESET_REASON_SYS_CLK_GLITCH, "GLITCH_RTC_RESET != RESET_REASON_SYS_CLK_GLITCH");
 ESP_STATIC_ASSERT((soc_reset_reason_t)EFUSE_RESET == RESET_REASON_CORE_EFUSE_CRC, "EFUSE_RESET != RESET_REASON_CORE_EFUSE_CRC");
 ESP_STATIC_ASSERT((soc_reset_reason_t)USB_UART_CHIP_RESET == RESET_REASON_CORE_USB_UART, "USB_UART_CHIP_RESET != RESET_REASON_CORE_USB_UART");
 ESP_STATIC_ASSERT((soc_reset_reason_t)USB_JTAG_CHIP_RESET == RESET_REASON_CORE_USB_JTAG, "USB_JTAG_CHIP_RESET != RESET_REASON_CORE_USB_JTAG");
 ESP_STATIC_ASSERT((soc_reset_reason_t)POWER_GLITCH_RESET == RESET_REASON_CORE_PWR_GLITCH, "POWER_GLITCH_RESET != RESET_REASON_CORE_PWR_GLITCH");
+ESP_STATIC_ASSERT((soc_reset_reason_t)JTAG_CPU_RESET == RESET_REASON_CPU0_JTAG, "JTAG_CPU_RESET != RESET_REASON_CPU0_JTAG");
 
 typedef enum {
     NO_SLEEP        = 0,

components/esp_system/Kconfig

@@ -38,7 +38,7 @@ menu "ESP System Settings"
 
         config ESP_SYSTEM_PANIC_GDBSTUB
             bool "GDBStub on panic"
-            select ESP_GDBSTUB_ENABLED
+            depends on ESP_GDBSTUB_ENABLED
             help
                 Invoke gdbstub on the serial port, allowing for gdb to attach to it to do a postmortem
                 of the crash.

components/esp_system/include/esp_system.h

@@ -35,6 +35,9 @@ typedef enum {
     ESP_RST_SDIO,       //!< Reset over SDIO
     ESP_RST_USB,        //!< Reset by USB peripheral
     ESP_RST_JTAG,       //!< Reset by JTAG
+    ESP_RST_EFUSE,      //!< Reset due to efuse error
+    ESP_RST_PWR_GLITCH, //!< Reset due to power glitch detected
+    ESP_RST_CPU_LOCKUP, //!< Reset due to CPU lock up
 } esp_reset_reason_t;
 
 /**

components/esp_system/port/soc/esp32c6/reset_reason.c

@@ -54,6 +54,15 @@ static esp_reset_reason_t get_reset_reason(soc_reset_reason_t rtc_reset_reason,
     case RESET_REASON_CORE_USB_JTAG:
         return ESP_RST_USB;
 
+    case RESET_REASON_CORE_EFUSE_CRC:
+        return ESP_RST_EFUSE;
+
+    case RESET_REASON_CPU0_JTAG:
+        return ESP_RST_JTAG;
+
+    case RESET_REASON_CORE_SDIO:
+        return ESP_RST_SDIO;
+
     default:
         return ESP_RST_UNKNOWN;
     }

components/esp_system/port/soc/esp32h2/reset_reason.c

@@ -54,6 +54,15 @@ static esp_reset_reason_t get_reset_reason(soc_reset_reason_t rtc_reset_reason,
     case RESET_REASON_CORE_USB_JTAG:
         return ESP_RST_USB;
 
+    case RESET_REASON_CORE_EFUSE_CRC:
+        return ESP_RST_EFUSE;
+
+    case RESET_REASON_CORE_PWR_GLITCH:
+        return ESP_RST_PWR_GLITCH;
+
+    case RESET_REASON_CPU0_JTAG:
+        return ESP_RST_JTAG;
+
     default:
         return ESP_RST_UNKNOWN;
     }

components/mbedtls/Kconfig

@@ -413,6 +413,29 @@ menu "mbedTLS"
             mbedTLS will still use the hardware accelerated AES block operation, but
             on a single block at a time.
 
+    config MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER
+        bool "Enable support for non-AES ciphers in GCM operation"
+        depends on MBEDTLS_HARDWARE_AES
+        default n
+        help
+            Enable this config to support fallback to software definitions for a non-AES
+            cipher GCM operation as we support hardware acceleration only for AES cipher.
+            Some of the non-AES ciphers used in a GCM operation are DES, ARIA, CAMELLIA,
+            CHACHA20, BLOWFISH.
+
+            If this config is disabled, performing a non-AES cipher GCM operation with
+            the config MBEDTLS_HARDWARE_AES enabled will result in calculation of an
+            AES-GCM operation instead for the given input values and thus could lead
+            to failure in certificate validation which would ultimately lead to a SSL
+            handshake failure.
+
+            This config being by-default enabled leads to an increase in binary size
+            footprint of ~2.5KB.
+            In case you are sure that your use case (for example, client and server
+            configurations in case of a TLS handshake) would not involve any GCM
+            operations using a non-AES cipher, you can safely disable this config,
+            leading to reduction in binary size footprint.
+
     config MBEDTLS_HARDWARE_MPI
         bool "Enable hardware MPI (bignum) acceleration"
         default y

components/mbedtls/port/aes/esp_aes_gcm.c

@@ -251,6 +251,27 @@ int esp_aes_gcm_setkey( esp_gcm_context *ctx,
                         const unsigned char *key,
                         unsigned int keybits )
 {
+    /* Fallback to software implementation of GCM operation when a non-AES
+     * cipher is selected, as we support hardware acceleration only for a
+     * GCM operation using AES cipher.
+     */
+#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
+    if (ctx->ctx_soft != NULL) {
+        mbedtls_gcm_free_soft(ctx->ctx_soft);
+        free(ctx->ctx_soft);
+        ctx->ctx_soft = NULL;
+    }
+
+    if (cipher != MBEDTLS_CIPHER_ID_AES) {
+        ctx->ctx_soft = (mbedtls_gcm_context_soft*) malloc(sizeof(mbedtls_gcm_context_soft));
+        if (ctx->ctx_soft == NULL) {
+            return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+        }
+        mbedtls_gcm_init_soft(ctx->ctx_soft);
+        return mbedtls_gcm_setkey_soft(ctx->ctx_soft, cipher, key, keybits);
+    }
+#endif
+
 #if !SOC_AES_SUPPORT_AES_192
     if (keybits == 192) {
         return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
@@ -332,6 +353,14 @@ void esp_aes_gcm_free( esp_gcm_context *ctx)
     if (ctx == NULL) {
         return;
     }
+#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
+    if (ctx->ctx_soft != NULL) {
+        mbedtls_gcm_free_soft(ctx->ctx_soft);
+        free(ctx->ctx_soft);
+        /* Note that the value of ctx->ctx_soft should be NULL'ed out
+        and here it is taken care by the bzero call below */
+    }
+#endif
     bzero(ctx, sizeof(esp_gcm_context));
 }
 
@@ -341,6 +370,11 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
                         const unsigned char *iv,
                         size_t iv_len )
 {
+#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
+    if (ctx->ctx_soft != NULL) {
+        return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len);
+    }
+#endif
     /* IV is limited to 2^32 bits, so 2^29 bytes */
     /* IV is not allowed to be zero length */
     if ( iv_len == 0 ||
@@ -407,6 +441,11 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
                            const unsigned char *aad,
                            size_t aad_len )
 {
+#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
+    if (ctx->ctx_soft != NULL) {
+        return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len);
+    }
+#endif
     /* AD are limited to 2^32 bits, so 2^29 bytes */
     if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
         return ( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -442,6 +481,11 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
                         unsigned char *output, size_t output_size,
                         size_t *output_length )
 {
+#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
+    if (ctx->ctx_soft != NULL) {
+        return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length);
+    }
+#endif
     size_t nc_off = 0;
     uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
     uint8_t stream[AES_BLOCK_BYTES] = {0};
@@ -512,6 +556,11 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx,
                         size_t *output_length,
                         unsigned char *tag, size_t tag_len )
 {
+#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
+    if (ctx->ctx_soft != NULL) {
+        return mbedtls_gcm_finish_soft(ctx->ctx_soft, output, output_size, output_length, tag, tag_len);
+    }
+#endif
     size_t nc_off = 0;
     uint8_t len_block[AES_BLOCK_BYTES] = {0};
     uint8_t stream[AES_BLOCK_BYTES] = {0};
@@ -607,6 +656,11 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
                                size_t tag_len,
                                unsigned char *tag )
 {
+#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
+    if (ctx->ctx_soft != NULL) {
+        return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
+    }
+#endif
 #if CONFIG_MBEDTLS_HARDWARE_GCM
     int ret;
     lldesc_t aad_desc[2] = {};
@@ -727,6 +781,11 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx,
                               const unsigned char *input,
                               unsigned char *output )
 {
+#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
+    if (ctx->ctx_soft != NULL) {
+        return mbedtls_gcm_auth_decrypt_soft(ctx->ctx_soft, length, iv, iv_len, aad, aad_len, tag, tag_len, input, output);
+    }
+#endif
     int ret;
     unsigned char check_tag[16];
     size_t i;

components/mbedtls/port/include/aes/esp_aes_gcm.h

@@ -42,6 +42,8 @@ typedef struct {
     const unsigned char *aad;             /*!< The additional data. */
     esp_aes_context aes_ctx;
     esp_aes_gcm_state gcm_state;
+    /* Software context needed for soft fallback for non-AES ciphers */
+    void *ctx_soft;
 } esp_gcm_context;
 
 

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -155,6 +155,12 @@
 
 #ifdef CONFIG_MBEDTLS_HARDWARE_AES
 #define MBEDTLS_GCM_ALT
+#ifdef CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER
+    /* Prefer hardware and fallback to software */
+    #define MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK
+#else
+    #undef MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK
+#endif
 #endif
 
 /* MBEDTLS_SHAxx_ALT to enable hardware SHA support