Merge branch 'master' into master

Author: matthias-bs

Diff for: .github/scripts/on-release.sh

@@ -35,6 +35,12 @@ echo "Event: $GITHUB_EVENT_NAME, Repo: $GITHUB_REPOSITORY, Path: $GITHUB_WORKSPA
 echo "Action: $action, Branch: $RELEASE_BRANCH, ID: $RELEASE_ID"
 echo "Tag: $RELEASE_TAG, Draft: $draft, Pre-Release: $RELEASE_PRE"
 
+# Try extracting something like a JSON with a "boards" array/element and "vendor" fields
+BOARDS=`echo $RELEASE_BODY | grep -Pzo '(?s){.*}' | jq -r '.boards[]? // .boards? // empty' | xargs echo -n 2>/dev/null`
+VENDOR=`echo $RELEASE_BODY | grep -Pzo '(?s){.*}' | jq -r '.vendor? // empty' | xargs echo -n 2>/dev/null`
+if ! [ -z "${BOARDS}" ]; then echo "Releasing board(s): $BOARDS" ; fi
+if ! [ -z "${VENDOR}" ]; then echo "Setting packager: $VENDOR" ; fi
+
 function get_file_size(){
     local file="$1"
     if [[ "$OSTYPE" == "darwin"* ]]; then
@@ -170,12 +176,26 @@ mkdir -p "$PKG_DIR/tools"
 
 # Copy all core files to the package folder
 echo "Copying files for packaging ..."
-cp -f  "$GITHUB_WORKSPACE/boards.txt"                       "$PKG_DIR/"
+if [ -z "${BOARDS}" ]; then
+    # Copy all variants
+    cp -f  "$GITHUB_WORKSPACE/boards.txt"                   "$PKG_DIR/"
+    cp -Rf "$GITHUB_WORKSPACE/variants"                     "$PKG_DIR/"
+else
+    # Remove all entries not starting with any board code or "menu." from boards.txt
+    cat "$GITHUB_WORKSPACE/boards.txt" | grep "^menu\."         >  "$PKG_DIR/boards.txt"
+    for board in ${BOARDS} ; do
+        cat "$GITHUB_WORKSPACE/boards.txt" | grep "^${board}\." >> "$PKG_DIR/boards.txt"
+    done
+    # Copy only relevant variant files
+    mkdir "$PKG_DIR/variants/"
+    for variant in `cat ${PKG_DIR}/boards.txt | grep "\.variant=" | cut -d= -f2` ; do
+        cp -Rf "$GITHUB_WORKSPACE/variants/${variant}"      "$PKG_DIR/variants/"
+    done
+fi
 cp -f  "$GITHUB_WORKSPACE/package.json"                     "$PKG_DIR/"
 cp -f  "$GITHUB_WORKSPACE/programmers.txt"                  "$PKG_DIR/"
 cp -Rf "$GITHUB_WORKSPACE/cores"                            "$PKG_DIR/"
 cp -Rf "$GITHUB_WORKSPACE/libraries"                        "$PKG_DIR/"
-cp -Rf "$GITHUB_WORKSPACE/variants"                         "$PKG_DIR/"
 cp -f  "$GITHUB_WORKSPACE/tools/espota.exe"                 "$PKG_DIR/tools/"
 cp -f  "$GITHUB_WORKSPACE/tools/espota.py"                  "$PKG_DIR/tools/"
 cp -f  "$GITHUB_WORKSPACE/tools/gen_esp32part.py"           "$PKG_DIR/tools/"
@@ -201,19 +221,22 @@ RVTC_NEW_NAME="esp-rv32"
 echo "Generating platform.txt..."
 cat "$GITHUB_WORKSPACE/platform.txt" | \
 sed "s/version=.*/version=$RELEASE_TAG/g" | \
-sed 's/tools.esp32-arduino-libs.path={runtime.platform.path}\/tools\/esp32-arduino-libs/tools.esp32-arduino-libs.path=\{runtime.tools.esp32-arduino-libs.path\}/g' | \
-sed 's/tools.xtensa-esp32-elf-gcc.path={runtime.platform.path}\/tools\/xtensa-esp32-elf/tools.xtensa-esp32-elf-gcc.path=\{runtime.tools.xtensa-esp32-elf-gcc.path\}/g' | \
-sed 's/tools.xtensa-esp32s2-elf-gcc.path={runtime.platform.path}\/tools\/xtensa-esp32s2-elf/tools.xtensa-esp32s2-elf-gcc.path=\{runtime.tools.xtensa-esp32s2-elf-gcc.path\}/g' | \
-sed 's/tools.xtensa-esp32s3-elf-gcc.path={runtime.platform.path}\/tools\/xtensa-esp32s3-elf/tools.xtensa-esp32s3-elf-gcc.path=\{runtime.tools.xtensa-esp32s3-elf-gcc.path\}/g' | \
-sed 's/tools.xtensa-esp-elf-gdb.path={runtime.platform.path}\/tools\/xtensa-esp-elf-gdb/tools.xtensa-esp-elf-gdb.path=\{runtime.tools.xtensa-esp-elf-gdb.path\}/g' | \
-sed "s/tools.riscv32-esp-elf-gcc.path={runtime.platform.path}\\/tools\\/riscv32-esp-elf/tools.riscv32-esp-elf-gcc.path=\\{runtime.tools.$RVTC_NEW_NAME.path\\}/g" | \
-sed 's/tools.riscv32-esp-elf-gdb.path={runtime.platform.path}\/tools\/riscv32-esp-elf-gdb/tools.riscv32-esp-elf-gdb.path=\{runtime.tools.riscv32-esp-elf-gdb.path\}/g' | \
-sed 's/tools.esptool_py.path={runtime.platform.path}\/tools\/esptool/tools.esptool_py.path=\{runtime.tools.esptool_py.path\}/g' | \
-sed 's/debug.server.openocd.path={runtime.platform.path}\/tools\/openocd-esp32\/bin\/openocd/debug.server.openocd.path=\{runtime.tools.openocd-esp32.path\}\/bin\/openocd/g' | \
-sed 's/debug.server.openocd.scripts_dir={runtime.platform.path}\/tools\/openocd-esp32\/share\/openocd\/scripts\//debug.server.openocd.scripts_dir=\{runtime.tools.openocd-esp32.path\}\/share\/openocd\/scripts\//g' | \
-sed 's/debug.server.openocd.scripts_dir.windows={runtime.platform.path}\\tools\\openocd-esp32\\share\\openocd\\scripts\\/debug.server.openocd.scripts_dir.windows=\{runtime.tools.openocd-esp32.path\}\\share\\openocd\\scripts\\/g' \
+sed 's/{runtime\.platform\.path}.tools.esp32-arduino-libs/\{runtime.tools.esp32-arduino-libs.path\}/g' | \
+sed 's/{runtime\.platform\.path}.tools.xtensa-esp-elf-gdb/\{runtime.tools.xtensa-esp-elf-gdb.path\}/g' | \
+sed 's/{runtime\.platform\.path}.tools.xtensa-esp32-elf/\{runtime.tools.xtensa-esp32-elf-gcc.path\}/g' | \
+sed 's/{runtime\.platform\.path}.tools.xtensa-esp32s2-elf/\{runtime.tools.xtensa-esp32s2-elf-gcc.path\}/g' | \
+sed 's/{runtime\.platform\.path}.tools.xtensa-esp32s3-elf/\{runtime.tools.xtensa-esp32s3-elf-gcc.path\}/g' | \
+sed 's/{runtime\.platform\.path}.tools.riscv32-esp-elf-gdb/\{runtime.tools.riscv32-esp-elf-gdb.path\}/g' | \
+sed "s/{runtime\.platform\.path}.tools.riscv32-esp-elf/\\{runtime.tools.$RVTC_NEW_NAME.path\\}/g" | \
+sed 's/{runtime\.platform\.path}.tools.esptool/\{runtime.tools.esptool_py.path\}/g' | \
+sed 's/{runtime\.platform\.path}.tools.openocd-esp32/\{runtime.tools.openocd-esp32.path\}/g' \
  > "$PKG_DIR/platform.txt"
 
+if ! [ -z ${VENDOR} ]; then
+    # Append vendor name to platform.txt to create a separate section
+    sed -i  "/^name=.*/s/$/ ($VENDOR)/" "$PKG_DIR/platform.txt"
+fi
+
 # Add header with version information
 echo "Generating core_version.h ..."
 ver_define=`echo $RELEASE_TAG | tr "[:lower:].\055" "[:upper:]_"`

Diff for: boards.txt

@@ -33474,9 +33474,22 @@ nano_nora.build.psram_type=opi
 nano_nora.build.memory_type={build.boot}_{build.psram_type}
 nano_nora.build.disable_pin_remap=
 
+nano_nora.debug_config.nano_nora.cortex-debug.custom.name=Arduino on Nano ESP32
+nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideAttachCommands.0=set remote hardware-watchpoint-limit 2
+nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideAttachCommands.1=monitor reset halt
+nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideAttachCommands.2=monitor gdb_sync
+nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideAttachCommands.3=interrupt
+nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideRestartCommands.0=monitor reset halt
+nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideRestartCommands.1=monitor gdb_sync
+nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideRestartCommands.2=interrupt
+nano_nora.debug.additional_config=debug_config.nano_nora
+
 nano_nora.tools.esptool_py.program.pattern_args=--chip {build.mcu} --port "{serial.port}" --before default_reset --after hard_reset write_flash -z --flash_mode {build.flash_mode} --flash_freq {build.flash_freq} --flash_size {build.flash_size} {build.bootloader_addr} "{build.path}/{build.project_name}.bootloader.bin" 0x8000 "{build.path}/{build.project_name}.partitions.bin" 0xe000 "{runtime.platform.path}/tools/partitions/boot_app0.bin" 0xf70000 "{build.variant.path}/extra/nora_recovery/nora_recovery.ino.bin" 0x10000 "{build.path}/{build.project_name}.bin"
 nano_nora.tools.esptool_py.erase.pattern_args=--chip {build.mcu} --port "{serial.port}" --before default_reset --after hard_reset erase_flash
 
+nano_nora.programmer.default=esptool
+nano_nora.debug.executable=
+
 nano_nora.menu.PartitionScheme.default=With FAT partition (default)
 nano_nora.menu.PartitionScheme.spiffs=With SPIFFS partition (advanced)
 nano_nora.menu.PartitionScheme.spiffs.build.partitions=app3M_spiffs9M_fact512k_16MB
@@ -33488,9 +33501,7 @@ nano_nora.menu.PinNumbers.byGPIONumber.build.disable_pin_remap=-DBOARD_USES_HW_G
 nano_nora.menu.USBMode.default=Normal mode (TinyUSB)
 nano_nora.menu.USBMode.hwcdc=Debug mode (Hardware CDC)
 nano_nora.menu.USBMode.hwcdc.build.usb_mode=1
-nano_nora.menu.USBMode.hwcdc.build.copy_jtag_files=1
-nano_nora.menu.USBMode.hwcdc.build.openocdscript=esp32s3-builtin.cfg
-nano_nora.menu.USBMode.hwcdc.build.debugconfig=esp32s3-arduino.json
+nano_nora.menu.USBMode.hwcdc.debug.executable={build.path}/{build.project_name}.elf
 
 ##############################################################
 

Diff for: libraries/Update/src/Update.h

@@ -5,7 +5,6 @@
 #include <MD5Builder.h>
 #include <functional>
 #include "esp_partition.h"
-#include "aes/esp_aes.h"
 
 #define UPDATE_ERROR_OK                 (0)
 #define UPDATE_ERROR_WRITE              (1)

Diff for: libraries/Update/src/Updater.cpp

@@ -3,6 +3,7 @@
 #include "spi_flash_mmap.h"
 #include "esp_ota_ops.h"
 #include "esp_image_format.h"
+#include "mbedtls/aes.h"
 
 static const char * _err2str(uint8_t _error){
     if(_error == UPDATE_ERROR_OK){
@@ -312,17 +313,27 @@ bool UpdateClass::_decryptBuffer(){
     uint8_t tweaked_key[ENCRYPTED_KEY_SIZE]; //tweaked crypt key
     int done = 0;
 
-    esp_aes_context ctx; //initialize AES
-    esp_aes_init( &ctx );
+    /*
+        Mbedtls functions will be replaced with esp_aes functions when hardware acceleration is available
+
+        To Do:
+        Replace mbedtls for the cases where there's no hardware acceleration
+     */
+
+    mbedtls_aes_context ctx; //initialize AES
+    mbedtls_aes_init( &ctx );
     while((_bufferLen - done) >= ENCRYPTED_BLOCK_SIZE){
         for(int i=0; i < ENCRYPTED_BLOCK_SIZE; i++) _cryptBuffer[(ENCRYPTED_BLOCK_SIZE - 1) - i] = _buffer[i + done]; //reverse order 16 bytes to decrypt
         if( ((_cryptAddress + _progress + done) % ENCRYPTED_TWEAK_BLOCK_SIZE) == 0 || done == 0 ){
             _cryptKeyTweak(_cryptAddress + _progress + done, tweaked_key); //update tweaked crypt key
-            if( esp_aes_setkey( &ctx, tweaked_key, 256 ) ){
+            if( mbedtls_aes_setkey_enc( &ctx, tweaked_key, 256 ) ){
+                return false;
+            }
+            if( mbedtls_aes_setkey_dec( &ctx, tweaked_key, 256 ) ){
                 return false;
             }
         }
-        if( esp_aes_crypt_ecb( &ctx, ESP_AES_ENCRYPT, _cryptBuffer, _cryptBuffer ) ){ //use ESP_AES_ENCRYPT to decrypt flash code
+        if( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, _cryptBuffer, _cryptBuffer ) ){ //use MBEDTLS_AES_ENCRYPT to decrypt flash code
             return false;
         }
         for(int i=0; i < ENCRYPTED_BLOCK_SIZE; i++) _buffer[i + done] = _cryptBuffer[(ENCRYPTED_BLOCK_SIZE - 1) - i]; //reverse order 16 bytes from decrypt

Diff for: libraries/WebServer/examples/AdvancedWebServer/AdvancedWebServer.ino

@@ -44,8 +44,9 @@ void handleRoot() {
   digitalWrite(led, 1);
   char temp[400];
   int sec = millis() / 1000;
-  int min = sec / 60;
-  int hr = min / 60;
+  int hr = sec / 3600;
+  int min = (sec / 60) % 60;
+  sec = sec % 60;
 
   snprintf(temp, 400,
 
@@ -64,7 +65,7 @@ void handleRoot() {
   </body>\
 </html>",
 
-           hr, min % 60, sec % 60
+           hr, min, sec
           );
   server.send(200, "text/html", temp);
   digitalWrite(led, 0);

Diff for: libraries/WiFiClientSecure/examples/WiFiClientInsecure/WiFiClientInsecure.ino

@@ -1,5 +1,13 @@
 #include <WiFiClientSecure.h>
 
+/* This is a very INSECURE approach.
+ * If for some reason the secure, proper example WiFiClientSecure
+ * does not work for you; then you may want to check the 
+ * WiFiClientTrustOnFirstUse example first. It is less secure than 
+ * WiFiClientSecure, but a lot better than this totally insecure
+ * approach shown below.
+ */
+
 const char* ssid     = "your-ssid";     // your network SSID (name of wifi network)
 const char* password = "your-password"; // your network password
 

Diff for: libraries/WiFiClientSecure/examples/WiFiClientSecureProtocolUpgrade/.skip.esp32h2

@@ -0,0 +1,176 @@
+/* STARTSSL example
+
+   Inline upgrading from a clear-text connection to an SSL/TLS connection.
+
+   Some protocols such as SMTP, XMPP, Mysql, Postgress and others allow, or require,
+   that you start the connection without encryption; and then send a command to switch
+   over to encryption.
+
+   E.g. a typical SMTP submission would entail a dialogue such as this:
+
+   1. client connects to server in the clear
+   2. server says hello
+   3. client sents a EHLO
+   4. server tells the client that it supports SSL/TLS
+   5. client sends a 'STARTTLS' to make use of this faciltiy
+   6. client/server negiotiate a SSL or TLS connection.
+   7. client sends another EHLO
+   8. server now tells the client what (else) is supported; such as additional authentication options.
+   ... conversation continues encrypted.
+
+   This can be enabled in WiFiClientSecure by telling it to start in plaintext:
+
+          client.setPlainStart();
+
+   and client is than a plain, TCP, connection (just as WiFiClient would be); until the client calls
+   the method:
+
+          client.startTLS(); // returns zero on error; non zero on success.
+
+    After which things switch to TLS/SSL.
+*/
+
+#include <WiFiClientSecure.h>
+
+#ifndef WIFI_NETWORK
+#define WIFI_NETWORK "YOUR Wifi SSID"
+#endif
+
+#ifndef WIFI_PASSWD
+#define WIFI_PASSWD "your-secret-password"
+#endif
+
+#ifndef SMTP_HOST
+#define SMTP_HOST "smtp.gmail.com"
+#endif
+
+#ifndef SMTP_PORT
+#define SMTP_PORT (587) // Standard (plaintext) submission port
+#endif
+
+const char* ssid = WIFI_NETWORK;       // your network SSID (name of wifi network)
+const char* password = WIFI_PASSWD;    // your network password
+const char* server = SMTP_HOST;        // Server URL
+const int submission_port = SMTP_PORT; // submission port.
+
+WiFiClientSecure client;
+
+static bool readAllSMTPLines();
+
+void setup() {
+  int ret;
+  //Initialize serial and wait for port to open:
+  Serial.begin(115200);
+  delay(100);
+
+  Serial.print("Attempting to connect to SSID: ");
+  Serial.print(ssid);
+  WiFi.begin(ssid, password);
+
+  // attempt to connect to Wifi network:
+  while (WiFi.status() != WL_CONNECTED) {
+    Serial.print(".");
+    // wait 1 second for re-trying
+    delay(1000);
+  }
+
+  Serial.print("Connected to ");
+  Serial.println(ssid);
+
+  Serial.printf("\nStarting connection to server: %s:%d\n", server, submission_port);
+
+
+  // skip verification for this demo. In production one should at the very least
+  // enable TOFU; or ideally hardcode a (CA) certificate that is trusted.
+  client.setInsecure();
+
+  // Enable a plain-test start.
+  client.setPlainStart();
+
+  if (!client.connect(server, SMTP_PORT)) {
+    Serial.println("Connection failed!");
+    return;
+  };
+
+  Serial.println("Connected to server (in the clear, in plaintest)");
+
+  if (!readAllSMTPLines()) goto err;
+
+  Serial.println("Sending  : EHLO\t\tin the clear");
+  client.print("EHLO there\r\n");
+
+  if (!readAllSMTPLines()) goto err;
+
+  Serial.println("Sending  : STARTTLS\t\tin the clear");
+  client.print("STARTTLS\r\n");
+
+  if (!readAllSMTPLines()) goto err;
+
+  Serial.println("Upgrading connection to TLS");
+  if ((ret=client.startTLS()) <= 0) {
+    Serial.printf("Upgrade connection failed: err %d\n", ret);
+    goto err;
+  }
+
+  Serial.println("Sending  : EHLO again\t\tover the now encrypted connection");
+  client.print("EHLO again\r\n");
+
+  if (!readAllSMTPLines()) goto err;
+
+  // normally, as this point - we'd be authenticating and then be submitting
+  // an email. This has been left out of this example.
+  
+  Serial.println("Sending  : QUIT\t\t\tover the now encrypted connection");
+  client.print("QUIT\r\n");
+
+  if (!readAllSMTPLines()) goto err;
+
+  Serial.println("Completed OK\n");
+err:
+  Serial.println("Closing connection");
+  client.stop();
+}
+
+// SMTP command repsponse start with three digits and a space;
+// or, for continuation, with three digits and a '-'.
+static bool readAllSMTPLines() {
+  String s = "";
+  int i;
+
+  // blocking read; we cannot rely on a timeout
+  // of a WiFiClientSecure read; as it is non
+  // blocking.
+  const unsigned long timeout = 15 * 1000;
+  unsigned long start = millis(); // the timeout is for the entire CMD block response; not per character/line.
+  while (1) {
+    while ((i = client.available()) == 0 && millis() - start < timeout) {
+      /* .. wait */
+    };
+    if (i == 0) {
+      Serial.println("Timeout reading SMTP response");
+      return false;
+    };
+    if (i < 0)
+      break;
+
+    i = client.read();
+    if (i < 0)
+      break;
+
+    if (i > 31 && i < 128) s += (char)i;
+    if (i == 0x0A) {
+      Serial.print("Receiving: ");
+      Serial.println(s);
+      if (s.charAt(3) == ' ')
+        return true;
+      s = "";
+    }
+  }
+  Serial.printf("Error reading SMTP command response line: %d\n", i);
+  return false;
+}
+
+void loop() {
+  // do nothing
+}
+