Merge branch 'master' into new_timer1_irq

.gitignore

@@ -9,6 +9,7 @@ tools/sdk/lib/liblwip_src.a
 tools/sdk/lwip/src/build
 tools/sdk/lwip/src/liblwip_src.a
 tools/sdk/ld/backup
+tools/sdk/ld/eagle.app.v6.common.ld
 
 *.pyc
 *.gch

cores/esp8266/WString.cpp

@@ -113,10 +113,7 @@ String::String(double value, unsigned char decimalPlaces) {
 }
 
 String::~String() {
-    if(buffer) {
-        free(buffer);
-    }
-    init();
+    invalidate();
 }
 
 // /*********************************************/

doc/esp8266wifi/station-class.rst

@@ -427,7 +427,13 @@ Return the status of Wi-Fi connection.
 
     WiFi.status()
 
-Function returns one of the following connection statuses: \* ``WL_CONNECTED`` after successful connection is established \* ``WL_NO_SSID_AVAIL``\ in case configured SSID cannot be reached \* ``WL_CONNECT_FAILED`` if password is incorrect \* ``WL_IDLE_STATUS`` when Wi-Fi is in process of changing between statuses \* ``WL_DISCONNECTED`` if module is not configured in station mode
+Function returns one of the following connection statuses: 
+
+- ``WL_CONNECTED`` after successful connection is established
+- ``WL_NO_SSID_AVAIL`` in case configured SSID cannot be reached
+- ``WL_CONNECT_FAILED`` if password is incorrect
+- ``WL_IDLE_STATUS`` when Wi-Fi is in process of changing between statuses
+- ``WL_DISCONNECTED`` if module is not configured in station mode
 
 Returned value is type of ``wl_status_t`` defined in `wl\_definitions.h <https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/src/include/wl_definitions.h>`__
 

libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.cpp

@@ -60,19 +60,47 @@ class TLSTraits : public TransportTraits
 
     std::unique_ptr<WiFiClient> create() override
     {
-        return std::unique_ptr<WiFiClient>(new WiFiClientSecure());
+        return std::unique_ptr<WiFiClient>(new axTLS::WiFiClientSecure());
     }
 
     bool verify(WiFiClient& client, const char* host) override
     {
-        auto wcs = static_cast<WiFiClientSecure&>(client);
+        auto wcs = static_cast<axTLS::WiFiClientSecure&>(client);
         return wcs.verify(_fingerprint.c_str(), host);
     }
 
 protected:
     String _fingerprint;
 };
 
+class BearSSLTraits : public TransportTraits
+{
+public:
+    BearSSLTraits(const uint8_t fingerprint[20])
+    {
+        memcpy(_fingerprint, fingerprint, sizeof(_fingerprint));
+    }
+
+    std::unique_ptr<WiFiClient> create() override
+    {
+        BearSSL::WiFiClientSecure *client = new BearSSL::WiFiClientSecure();
+        client->setFingerprint(_fingerprint);
+        return std::unique_ptr<WiFiClient>(client);
+    }
+
+    bool verify(WiFiClient& client, const char* host) override
+    {
+        // No-op.  BearSSL will not connect if the fingerprint doesn't match.
+        // So if you get to here you've already connected and it matched
+        (void) client;
+        (void) host;
+        return true;
+    }
+
+protected:
+    uint8_t _fingerprint[20];
+};
+
 /**
  * constructor
  */
@@ -116,6 +144,24 @@ bool HTTPClient::begin(String url, String httpsFingerprint)
     return true;
 }
 
+
+bool HTTPClient::begin(String url, const uint8_t httpsFingerprint[20])
+{
+    _transportTraits.reset(nullptr);
+    _port = 443;
+    if (!beginInternal(url, "https")) {
+        return false;
+    }
+    _transportTraits = TransportTraitsPtr(new BearSSLTraits(httpsFingerprint));
+    DEBUG_HTTPCLIENT("[HTTP-Client][begin] BearSSL-httpsFingerprint:");
+    for (size_t i=0; i < 20; i++) {
+        DEBUG_HTTPCLIENT(" %02x", httpsFingerprint[i]);
+    }
+    DEBUG_HTTPCLIENT("\n");
+    return true;
+}
+
+
 /**
  * parsing the url for all needed parameters
  * @param url String
@@ -213,6 +259,23 @@ bool HTTPClient::begin(String host, uint16_t port, String uri, String httpsFinge
     return true;
 }
 
+bool HTTPClient::begin(String host, uint16_t port, String uri, const uint8_t httpsFingerprint[20])
+{
+    clear();
+    _host = host;
+    _port = port;
+    _uri = uri;
+
+    _transportTraits = TransportTraitsPtr(new BearSSLTraits(httpsFingerprint));
+    DEBUG_HTTPCLIENT("[HTTP-Client][begin] host: %s port: %d url: %s BearSSL-httpsFingerprint:", host.c_str(), port, uri.c_str());
+    for (size_t i=0; i < 20; i++) {
+        DEBUG_HTTPCLIENT(" %02x", httpsFingerprint[i]);
+    }
+    DEBUG_HTTPCLIENT("\n");
+    return true;
+}
+
+
 /**
  * end
  * called after the payload is handled

libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h

@@ -133,10 +133,15 @@ class HTTPClient
     HTTPClient();
     ~HTTPClient();
 
+    // Plain HTTP connection, unencrypted
     bool begin(String url);
-    bool begin(String url, String httpsFingerprint);
     bool begin(String host, uint16_t port, String uri = "/");
+    // Use axTLS for secure HTTPS connection
+    bool begin(String url, String httpsFingerprint);
     bool begin(String host, uint16_t port, String uri, String httpsFingerprint);
+    // Use BearSSL for secure HTTPS connection
+    bool begin(String url, const uint8_t httpsFingerprint[20]);
+    bool begin(String host, uint16_t port, String uri, const uint8_t httpsFingerprint[20]);
     // deprecated, use the overload above instead
     bool begin(String host, uint16_t port, String uri, bool https, String httpsFingerprint)  __attribute__ ((deprecated));
 

libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino

@@ -0,0 +1,117 @@
+/*
+  SecureBearSSLUpdater - SSL encrypted, password-protected firmware update
+
+  This example starts a HTTPS server on the ESP8266 to allow firmware updates
+  to be performed.  All communication, including the username and password,
+  is encrypted via SSL.  Be sure to update the SSID and PASSWORD before running
+  to allow connection to your WiFi network.
+
+  To upload through terminal you can use:
+  curl -u admin:admin -F "image=@firmware.bin" esp8266-webupdate.local/firmware
+
+  Adapted by Earle F. Philhower, III, from the SecureWebUpdater.ino example.
+  This example is released into the public domain.
+*/
+
+#include <ESP8266WiFi.h>
+#include <WiFiClient.h>
+#include <ESP8266WebServerSecure.h>
+#include <ESP8266mDNS.h>
+#include <ESP8266HTTPUpdateServer.h>
+
+const char* host = "esp8266-webupdate";
+const char* update_path = "/firmware";
+const char* update_username = "admin";
+const char* update_password = "admin";
+const char* ssid = "........";
+const char* password = "........";
+
+BearSSL::ESP8266WebServerSecure httpServer(443);
+ESP8266HTTPUpdateServer httpUpdater;
+
+static const char serverCert[] PROGMEM = R"EOF(
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx
+EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w
+HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX
+DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh
+dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y
+X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj
+oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI
+t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO
+S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy
++O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq
+hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM
+E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb
+fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC
+JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m
++TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA
+5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg==
+-----END CERTIFICATE-----
+)EOF";
+
+static const char serverKey[] PROGMEM =  R"EOF(
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI
+IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z
+uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf
+zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+
+ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh
+BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8
+djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T
+yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M
+q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr
+eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN
+d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn
+geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y
+84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx
+/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim
+RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu
+DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg
+rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW
+YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK
+iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X
+jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ
+zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV
+kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt
+/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO
+j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg
+gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk=
+-----END RSA PRIVATE KEY-----
+)EOF";
+
+
+void setup()
+{
+
+  Serial.begin(115200);
+  Serial.println();
+  Serial.println("Booting Sketch...");
+  WiFi.mode(WIFI_AP_STA);
+  WiFi.begin(ssid, password);
+
+  while(WiFi.waitForConnectResult() != WL_CONNECTED){
+    WiFi.begin(ssid, password);
+    Serial.println("WiFi failed, retrying.");
+  }
+
+  configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov");
+
+  MDNS.begin(host);
+
+  httpServer.setRSACert(new BearSSLX509List(serverCert), new BearSSLPrivateKey(serverKey));
+  httpUpdater.setup(&httpServer, update_path, update_username, update_password);
+  httpServer.begin();
+
+  MDNS.addService("https", "tcp", 443);
+  Serial.printf("BearSSLUpdateServer ready!\nOpen https://%s.local%s in "\
+                "your browser and login with username '%s' and password "\
+                "'%s'\n", host, update_path, update_username, update_password);
+}
+
+void loop()
+{
+  httpServer.handleClient();
+}